W. Michael Petullo [Tue, 20 Dec 2022 02:14:46 +0000 (20:14 -0600)]
pigeonhole: update to 0.5.19
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
7316c741777b3c468bef80840facaf42912ed9c8)
Daniel Golle [Mon, 8 May 2023 11:21:36 +0000 (13:21 +0200)]
dovecot: update to version 2.3.20
v2.3.20 2022-12-22 Aki Tuomi <aki.tuomi@open-xchange.com>
+ Add dsync_features=no-header-hashes. When this setting is enabled and
one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
fallback to using header hashes. Instead, dsync assumes that all mails
with identical IMAP UIDs contains the same mail contents. This can
significantly improve dsync performance with some IMAP servers that
don't support caching Date/Message-ID headers.
+ lua: HTTP client has more settings now, see
https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
+ replicator: "doveadm replicator status" command now outputs when the
next sync is expected for the user.
- LAYOUT=index: duplicate GUIDs were not cleaned out. Also the list
recovery was not optimal.
- auth: Assert crash would occur when iterating multiple userdb
backends.
- director: Logging into director using master user with
auth_master_user_separator character redirected user to a wrong
backend, unless master_user_separator setting was also set to the same
value. Merged these into auth_master_user_separator.
- dsync: Couldn't always fix folder GUID conflicts automatically with
Maildir format. This resulted in replication repeatedly failing
with "Remote lost mailbox GUID".
- dsync: Failed to migrate INBOX when using namespace prefix=INBOX/,
resulting in "Remote lost mailbox GUID" errors.
- dsync: INBOX was created too early with namespace prefix=INBOX/,
resulting a GUID conflict. This may have been resolved automatically,
but not always.
- dsync: v2.3.18 regression: Wrong imapc password with dsync caused
Panic: file lib-event.c: line 506 (event_pop_global):
assertion failed: (event == current_global_event)
- imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT
configured did not return correct (private) unseen counts.
- lib-dict: Process would crash when committing data to redis without
dict proxy.
- lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH.
Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment):
assertion failed: (data != NULL). v2.3.13 regression.
- lib-storage: mail_attribute_dict with dict-sql failed when it tried to
lookup empty dict keys.
- lib: ioloop-kqueue was missing include breaking some BSD builds.
- lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail
processes, because it expected "dns-client" socket to exist in the
current directory.
- oauth2: Using %{oauth2:name} variables could cause useless
introspections.
- pop3: Sending POP3 command with ':' character caused an assert-crash.
v2.3.18 regression.
- replicator: Replication queue had various issues, potentially causing
replication requests to become stuck.
- stats: Invalid Prometheus label names were created with specific
histogram group_by configurations. Prometheus rejected these labels.
v2.3.19.1 2022-06-14 Aki Tuomi <aki.tuomi@open-xchange.com>
- doveadm deduplicate: Non-duplicate mails were deleted.
v2.3.19 regression.
- auth: Crash would occur when iterating multiple backends.
Fixes: Panic: file userdb-blocking.c:
line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)
v2.3.19 2022-05-10 Aki Tuomi <aki.tuomi@open-xchange.com>
+ Added mail_user_session_finished event, which is emitted when the mail
user session is finished (e.g. imap, pop3, lmtp). It also includes
fields with some process statistics information.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ Added process_shutdown_filter setting. When an event matches the filter,
the process will be shutdown after the current connection(s) have
finished. This is intended to reduce memory usage of long-running imap
processes that keep a lot of memory allocated instead of freeing it to
the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ doveadm deduplicate: Performance is improved significantly.
+ imapc: COPY commands were sent one mail at a time to the remote IMAP
server. Now the copying is buffered, so multiple mails can be copied
with a single COPY command.
+ lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
https://doc.dovecot.org/admin_manual/lua/ for more information.
- auth: Cache lookup would use incorrect cache key after username change.
- auth: Improve handling unexpected LDAP connection errors/hangs.
Try to fix up these cases by reconnecting to the LDAP server and
aborting LDAP requests earlier.
- auth: Process crashed if userdb iteration was attempted while auth-workers
were already full handling auth requests.
- auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
introspection requests.
- dict: Timeouts may have been leaked at deinit.
- director: Ring may have become unstable if a backend's tag was changed.
It could also have caused director process to crash.
- doveadm kick: Numeric parameter was treated as IP address.
- doveadm: Proxying can panic when flushing print output. Fixes
Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
(ioloop == current_ioloop).
- doveadm sync: BROKENCHAR was wrongly changed to '_' character when
migrating mailboxes. This was set by default to %, so any mailbox
names containing % characters were modified to "_25".
- imapc: Copying or moving mails with doveadm to an imapc mailbox could
have produced "Error: Syncing mailbox '[...]' failed" Errors. The
operation itself succeeded but attempting to sync the destination
mailbox failed.
- imapc: Prevent index log synchronization errors when two or more imapc
sessions are adding messages to the same mailbox index files, i.e.
INDEX=MEMORY is not used.
- indexer: Process was slowly leaking memory for each indexing request.
- lib-fts: fts header filters caused binary content to be sent to the
indexer with non-default configuration.
- doveadm-server: Process could hang in some situations when printing
output to TCP client, e.g. when printing doveadm sync state.
- lib-index: dovecot.index.log files were often read and parsed entirely,
rather than only the parts that were actually necessary. This mainly
increased CPU usage.
- lmtp-proxy: Session ID forwarding would cause same session IDs being
used when delivering same mail to multiple backends.
- log: Log prefix update may have been lost if log process was busy.
This could have caused log prefixes to be empty or in some cases
reused between sessions, i.e. log lines could have been logged for the
wrong user/session.
- mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
Panic: Module context mail_crypt_user_module missing.
- mail_crypt: When LMTP was delivering mails to both recipients with mail
encryption enabled and not enabled, the non-encrypted recipients may
have gotten mails encrypted anyway. This happened when the first
recipient was encrypted (mail_crypt_save_version=2) and the 2nd
recipient was not encrypted (mail_crypt_save_version=0).
- pop3: Session would crash if empty line was sent.
- stats: HTTP server leaked memory.
- submission-login: Long credentials, such as OAUTH2 tokens, were refused
during SASL interactive due to submission server applying line length
limits.
- submission-login: When proxying to remote host, authentication was not
using interactive SASL when logging in using long credentials such as
OAUTH2 tokens. This caused authentication to fail due to line length
constraints in SMTP protocol.
- submission: Terminating the client connection with QUIT command after
mail transaction is started with MAIL command and before it is
finished with DATA/BDAT can cause a segfault crash.
- virtual: doveadm search queries with mailbox-guid as the only parameter
crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
assertion failed: (result != 0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a1648fbd1cbecd2e1b60af05049d2769e9210d0e)
Juan del Bosque [Fri, 14 Apr 2023 07:48:22 +0000 (09:48 +0200)]
dovecot: Fix iconv macro is missing compile error
Fix a Dovecot compile error when building with no other packages than
the default in master build, because iconv macro is missing.
Fixes: #20677
Signed-off-by: Juan del Bosque <juan@web64.pro>
(cherry picked from commit
96145db78af6afa27d8fa857d2af384b1c623259)
Stan Grishin [Sun, 14 May 2023 14:55:50 +0000 (08:55 -0600)]
Merge pull request #20992 from stangri/openwrt-22.03-pbr
[22.03] pbr: bugfix: create IPv6 routes
Stepan Henek [Thu, 27 Apr 2023 13:02:18 +0000 (15:02 +0200)]
python-eventlet: bump to version 0.33.3
old eventlet is not working well with python3.10
```
root@turris:~# python3
Python 3.10.9 (main, Feb 9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```
see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
(cherry picked from commit
eb7275402e6559514e2322a1ef2dabaf7147153b)
Michael Heimpold [Sun, 14 May 2023 07:41:19 +0000 (09:41 +0200)]
Merge pull request #21004 from mhei/libxml2-update-to-2.10.4
[22.03] libxml2: update to 2.10.4
Michael Heimpold [Sat, 13 May 2023 07:40:02 +0000 (09:40 +0200)]
libxml2: update to 2.10.4
This fixes:
- CVE-2023-29469
- CVE-2023-28484
Full changelog:
https://download.gnome.org/sources/libxml2/2.10/libxml2-2.10.4.news
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Dirk Brenken [Fri, 12 May 2023 20:30:29 +0000 (22:30 +0200)]
banip: release 0.8.6-1
* made the fetch utility function/autodetection more bullet proof
* no longer add suspicious IPs to the local blocklist when the nft set timeout has been set
* restructure internal functions & small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
4920d96df0271bd77af5409e54dd93708535ff92)
Stan Grishin [Thu, 11 May 2023 23:06:20 +0000 (23:06 +0000)]
pbr: bugfix: create IPv6 routes
* add missing space in str_contains
* unquote variable to make sure IPv6 rotues are added
* add IPv6 routes display to status output in nft mode
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
643e501c8d0209dbbc683447b4df0c4b2b9aed08)
Nick Hainke [Tue, 25 Apr 2023 21:37:11 +0000 (23:37 +0200)]
libreswan: update to 4.10
Release Notes:
https://github.com/libreswan/libreswan/releases/tag/v4.10
Fixes: CVE-2023-23009
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
130e63931fe99b1e47989bb708543c5ebc12152a)
Lucian Cristian [Thu, 20 Oct 2022 12:13:55 +0000 (12:13 +0000)]
libreswan: update to 4.9
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
a707fcc88da8ee5adcb4619aab4180e18eac5645)
S. Brusch [Fri, 5 May 2023 09:43:55 +0000 (11:43 +0200)]
crowdsec-firewall-bouncer: new upstream release version 0.0.26
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma GĂ©rald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.26
(cherry picked from commit
05bc30fbb2636e8ef12326847f07cc3d788dbf4a)
Stan Grishin [Tue, 9 May 2023 01:45:04 +0000 (19:45 -0600)]
Merge pull request #20945 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: fixes/improvements
Stan Grishin [Tue, 9 May 2023 01:44:53 +0000 (19:44 -0600)]
Merge pull request #20943 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: add family to firewall json objects
Stan Grishin [Tue, 9 May 2023 01:41:36 +0000 (19:41 -0600)]
Merge pull request #20931 from stangri/openwrt-22.03-pbr
[22.03] pbr: ipv6 & migration bugfixes
Jeffery To [Mon, 8 May 2023 04:47:55 +0000 (12:47 +0800)]
golang: Update to 1.19.9
Includes fixes for:
* CVE-2023-24539: html/template: improper sanitization of CSS values
* CVE-2023-24540: html/template: improper handling of JavaScript
whitespace
* CVE-2023-29400: html/template: improper handling of empty HTML
attributes
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Anna Tikhomirova [Wed, 3 May 2023 07:32:22 +0000 (10:32 +0300)]
mwan3: bump PKG_VERSION to 2.11.7
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
(cherry picked from commit
bc2c6e63ee9f999afe6d507288840d1779cf8a17)
Florian Eckert [Thu, 4 May 2023 11:10:38 +0000 (13:10 +0200)]
mwan3: reset score to up+down on connected
Set the score value to the maximum value when the connected function is
called. The same happens with a disconnected event, the score value is
there set to zero.
Suggested-by: Anna Tikhomirova <vamp@vampik.ru>
Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
5f0461be8b149aeb5732481d38c9d69650996f8c)
Florian Eckert [Mon, 28 Nov 2022 09:13:25 +0000 (10:13 +0100)]
mwan3: refactoring mwan3track action handling
Refactoring the score handling, so that only one action could take place
during run. The behaviour should be more comprehensible, since several
score actions are not processed at the same time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
1f6bd672fecd1ffc9f6b1fea152edc62bcdca026)
Dirk Brenken [Mon, 8 May 2023 07:17:07 +0000 (09:17 +0200)]
banip: release 0.8.5-2
* fixed a log parser regression introduced in latest 0.8.4 update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
f3054a90ea75dbe94c68716d1e316daa70c184b1)
Dirk Brenken [Sat, 6 May 2023 20:41:56 +0000 (22:41 +0200)]
banip: release 0.8.5-1
* add support for external allowlist URLs to reference additional IPv4/IPv6 feeds, set 'ban_allowurl' accordingly
* make download retries in case of an error configurable, set 'ban_fetchretry' accordingly (default 5)
* small fixes
* readme update
* LuCI update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
7ac5f0a3d9505ee11393c6673d9ece663d8c1b60)
Tianling Shen [Sun, 7 May 2023 09:33:16 +0000 (17:33 +0800)]
cloudflared: Update to 2023.5.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4bd7befa6aaa812701ed4e66bb0fd6cd847f5401)
Stan Grishin [Sun, 7 May 2023 02:55:34 +0000 (02:55 +0000)]
https-dns-proxy: fixes/improvements
* use shared memory to store output data
* add family option to firewall json objects, due to reports that IPv6 hijacking
doesn't work without explicit family declaration
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
25801ddf7435e535fc0684911abdf6022549409f)
Stan Grishin [Sun, 7 May 2023 02:29:53 +0000 (02:29 +0000)]
simple-adblock: add family to firewall json objects
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
0b84504670465876c8469da7dfb42f27d34db501)
Stan Grishin [Fri, 5 May 2023 01:48:27 +0000 (01:48 +0000)]
pbr: ipv6 & migration bugfixes
* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
c2739705b98ebe37bb43f1650745c5e2336f163a)
Stan Grishin [Fri, 5 May 2023 01:41:18 +0000 (19:41 -0600)]
Merge pull request #20913 from stangri/openwrt-22.03-pbr
[22.03] pbr: update to 1.1.1-1
Dirk Brenken [Thu, 4 May 2023 20:40:48 +0000 (22:40 +0200)]
banip: update 0.8.4-5
* fix remaining small issues
* standardize log wording
* polished up for branch 23.x
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
7e70de77d089e94e80a3ae71b60ec87ec31be1ac)
Hannu Nyman [Thu, 4 May 2023 14:21:48 +0000 (17:21 +0300)]
zoneinfo: adjust to current timezone data file structure
Tweak the package to better match the current file structure in the
upstream time zone database. Add missing aliases. Make some clarifications
* Combine -northmerica and -southamerica into -america, as all
current official America/xxx definitions were already in -northamerica
and only the unofficial/deprecated Brazil/xxx, Chile and Argentina were
in -southamerica. (Confusingly America/Sao_Paulo was in northamerica,
while Brazil was in southamerica.)
* Add PROVIDES for the old package names
* Add missing top-level dir country/nation alias links.
* Define Eire in -europe instead of -core.
* Rename -india to -indian, as it contains the Indian ocean islands
instead of the actual Asia/Kolkata zone for the mainland India.
* Add PROVIDES for the old package name
* Add 'Ocean' to all ocean zone titles.
* Make all zoneinfo-packages depend on zoneinfo-core, so that zone.tab,
the UTC based definitions and the still existing short zone codes are
always available.
* Clarify menuconfig menu as "Time Zone info"
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
b7b1fe6cb326136d6ab373359fa9cbf307fbaaa9)
Tianling Shen [Tue, 2 May 2023 13:40:18 +0000 (21:40 +0800)]
sqlite3: Update to 3.41.2
Fixes: CVE-2021-20227
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
f1e33826fb4e096758580c258acb43a052e1e328)
Dirk Brenken [Thu, 4 May 2023 10:07:09 +0000 (12:07 +0200)]
banip: update 0.8.4-4
* add housekeeping to the autoallow function, only the current uplink will be held
* fix small issues
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
97d6c8bf77a3fdb3e252fefaff7ad8584d2e2b1c)
Dirk Brenken [Tue, 2 May 2023 19:41:37 +0000 (21:41 +0200)]
banip: update 0.8.4-3
* add the option 'ban_autoallowuplink' to limit the uplink autoallow function: 'subnet' (default), 'ip' or 'disable'
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
829a9a61c26421032a4184c1dabc460bad4aea33)
Anna Tikhomirova [Wed, 3 May 2023 07:32:22 +0000 (10:32 +0300)]
mwan3: bump PKG_VERSION to 2.11.6
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
(cherry picked from commit
d079652396b465bde3b5e2315a18085bf5001f29)
Anna Tikhomirova [Fri, 28 Apr 2023 20:12:37 +0000 (23:12 +0300)]
mwan3: fix addition of routes to mwan3_connected ipset
Addition of routes to mwan3_connected ipset is broken. The ipset name was
changed from mwan3_connected_v4/6 to mwan3_connected_ipv4/6, but this
change was not reflected in mwan3rtmon.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
84b3de9eda29666bb96b656cdadaffd1c69897e7)
Li Xin [Thu, 10 Nov 2022 04:10:05 +0000 (12:10 +0800)]
shadowsocks-libev: ss-rules: Add 'auto-merge' flag to avoid conflicts
Link: https://github.com/openwrt/packages/pull/19872
Signed-off-by: Li Xin <i@crzidea.com>
(squash commits)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
8966f49f9a715e07527580c50ac29ae560447670)
Anna Tikhomirova [Wed, 3 May 2023 06:40:34 +0000 (09:40 +0300)]
mwan3: bump PKG_VERSION to 2.11.5
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
(cherry picked from commit
fd2e20f66be8568355ac3d6a13e54ed117cacb5b)
Anna Tikhomirova [Fri, 28 Apr 2023 20:33:39 +0000 (23:33 +0300)]
mwan3: fix addition of iptables rules for mwan3 sticky rules
Addition of iptables rules for mwan3 sticky rules is broken, resulting
in non-working sticky rules. The required parameters for the function
'mwan3_set_sticky_iptables' were passed in the wrong order.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
* Quoting function arguments
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
66257510d9613478a9fd99c41d745329476f7574)
Stan Grishin [Tue, 2 May 2023 01:36:05 +0000 (19:36 -0600)]
Merge pull request #20769 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: implement curl_additional_param compressed_cache_dir
Jeffery To [Mon, 17 Apr 2023 14:24:32 +0000 (22:24 +0800)]
slang2: Update to 2.3.3, refresh patches
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
47d67e43bf7447fdba3f30d88b217118d8846b41)
Stan Grishin [Mon, 1 May 2023 00:44:34 +0000 (00:44 +0000)]
pbr: update to 1.1.1-1
*** MAKEFILE ***
* remove libubus dependency as it was causing issues
https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318
* move firewall hotplug directory/file creation out of default section into
pbr and pbr-iptables packages sections in preparation for dropping it from pbr
* fix no new line after output when uninstalling packages
*** UCI-DEFAULTS ***
* only add firewall include to firewall config if the include file exists
* add shellcheck exception to netifd uci-defaults file
*** SCRIPTS ***
* more informative logging for firewall and iface hotplug scripts
* more informative logging for firewall include script
*** SERVICE ***
* introduce lock-file to prevent package starting on external events if it hasn't
been auto- or manually started before
* use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02
* parse firewall WAN zone to append list of interfaces
* append error and warning "arrays" with new messages
* used shared memory to store the service output/logging messages
* improve is_ovpn function to filter out false positives when interface names started
with `tun`
* introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config
matches the device name in network config
* introduce opkg_get_version to compare versions of principal and luci packages
* better code to obtain AdGuardHome version with betas installed
* optimize code and add better logging for errors when inserting policies with iptables
* optimize code and add better logging for errors when inserting policies with nft
* bugfix: insert policies in all specified protocols
* bugfix: support using physical devices in policies in nft mode
* bugfix: use iptPrefix, not nftPrefix in iptables commands
* implement Tor support in nft mode
* bugfix: fix spelling for User File Syntax error
* restart service fully (instead of quick reload) for OpenVPN interface events, as
the order/number of supported interfaces
* more verbose output (showing handles) of status in nft mode
* improve `icmp_interface`, `ignored_interface`, `supported_interface` validation
regexes
* improve `interface`, validation regex
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
cdfff4a69327a3ed5f4f455090b4908c3df17dd1)
Tianling Shen [Wed, 26 Apr 2023 03:35:19 +0000 (11:35 +0800)]
librespeed-go: update file permissions for ujail
This fixes "permission denied" error when access files as a normal user.
Reported-by: Anya Lin <hukk1996@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
42d340bce0106538888f9e942dc3dd6f7f9e62ff)
Dirk Brenken [Fri, 28 Apr 2023 10:07:06 +0000 (12:07 +0200)]
banip: update 0.8.4-2
* fix domain lookup function (parse banIP config vars)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
16acda226255748c0501d64dd317ef0a844660f3)
Dirk Brenken [Sun, 23 Apr 2023 20:03:09 +0000 (22:03 +0200)]
banip: release 0.8.4-1
* add support for a custom feeds file (/etc/banip/banip.custom.feeds). Add new or edit existing banIP feeds on your own with the integrated custom feed editor (LuCI-component
* add a new option 'ban_blockpolicy' to overrule the default bblock policy (block all chains), see readme for details
* change the feed file format and add a new ipthreat feed, see readme
* refine (debug) logging
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
c5d9b3ded28e13d34ae522179da609b2406f5cd8)
Josef Schlehofer [Mon, 24 Apr 2023 17:25:31 +0000 (19:25 +0200)]
Merge pull request #20866 from jefferyto/newt-0.52.23-openwrt-22.03
[openwrt-22.03] newt: Update to 0.52.23
Jeffery To [Mon, 17 Apr 2023 11:59:42 +0000 (19:59 +0800)]
newt: Update to 0.52.23
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
ce086321a0d39c19f8ac62c9293225663be8cb5e)
Josef Schlehofer [Sun, 23 Apr 2023 18:57:18 +0000 (20:57 +0200)]
Merge pull request #20843 from jefferyto/obfs4proxy-0.0.14-openwrt-22.03
[openwrt-22.03] obfs4proxy: Update to 0.0.14
Tianling Shen [Tue, 18 Apr 2023 20:11:52 +0000 (04:11 +0800)]
dnsproxy: Update to 0.49.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
9ff57568f5ddd586eecf7861a62181f7014b916c)
Tianling Shen [Thu, 13 Apr 2023 16:24:48 +0000 (00:24 +0800)]
dnsproxy: Update to 0.49.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
e43676a92f20301f613b22f04968589a280cf9be)
Tianling Shen [Tue, 18 Apr 2023 20:12:30 +0000 (04:12 +0800)]
xray-core: Update to 1.8.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c1019c64ea8642b72137f23154aa5e80cb2c3b03)
Tianling Shen [Mon, 17 Apr 2023 15:27:11 +0000 (23:27 +0800)]
v2ray-core: Update to 5.4.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
8674af1b0aee3f623566aadf0099a6c5fbca6cfd)
Jeffery To [Mon, 17 Apr 2023 14:05:51 +0000 (22:05 +0800)]
obfs4proxy: Update to 0.0.14
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
0759341cd8bbc28a499a1098889be108ef91612f)
Stan Grishin [Tue, 18 Apr 2023 03:58:45 +0000 (21:58 -0600)]
Merge pull request #20741 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.0.1
Michael Heimpold [Mon, 17 Apr 2023 04:46:39 +0000 (06:46 +0200)]
Merge pull request #20816 from mhei/php8-update-to-8.1.18
[22.03] php8: update to 8.1.18
Luiz Angelo Daros de Luca [Mon, 10 Apr 2023 20:30:27 +0000 (17:30 -0300)]
ruby: update to 3.0.6
This release includes security fixes. Please check the topics below for
details.
- CVE-2023-28755: ReDoS vulnerability in URI
- CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the
https://github.com/ruby/ruby/releases/tag/v3_0_6 for further details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
John Audia [Sat, 15 Apr 2023 16:34:04 +0000 (19:34 +0300)]
htop: update to 3.2.2
Build-tested: x86/64
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
3482ea24e43aafc23b8d26a6de90c13d2244f67e)
Michael Heimpold [Sat, 15 Apr 2023 13:57:32 +0000 (15:57 +0200)]
php8: update to 8.1.18
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Jeffery To [Fri, 14 Apr 2023 07:45:00 +0000 (15:45 +0800)]
Merge pull request #20805 from
1715173329/g1198
[openwrt-22.03] golang: Update to 1.19.8
Josef Schlehofer [Thu, 13 Apr 2023 22:50:02 +0000 (00:50 +0200)]
Merge pull request #20798 from gstrauss/lighttpd-1.4.69-1-openwrt-22.03
lighttpd: update to lighttpd 1.4.69 release hash - backport to openwrt 22.03
Tianling Shen [Thu, 13 Apr 2023 16:33:25 +0000 (00:33 +0800)]
golang: Update to 1.19.8
Included fixes for:
- CVE-2023-24534
- CVE-2023-24536
- CVE-2023-24537
- CVE-2023-24538
Refreshed patches.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Glenn Strauss [Sun, 12 Feb 2023 05:29:06 +0000 (00:29 -0500)]
lighttpd: update to lighttpd 1.4.69 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
8f2fbf093a42040dcc226dee4fcd493a215645ed)
Glenn Strauss [Sat, 21 Jan 2023 01:13:39 +0000 (20:13 -0500)]
lighttpd: remove patch included upstream
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
c5297aca299524a0a2e44a40eebc85f06133784d)
Glenn Strauss [Sat, 21 Jan 2023 01:07:36 +0000 (20:07 -0500)]
lighttpd: add lighttpd-mod-webdav_min package
add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav
lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
ed6fe528c1efc549891144967eefe51a73999511)
Glenn Strauss [Wed, 4 Jan 2023 02:19:46 +0000 (21:19 -0500)]
lighttpd: collect mods now built into lighttpd exe
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
85279b49ceeb411f98623e6febef48b83f04813b)
Glenn Strauss [Tue, 3 Jan 2023 22:54:07 +0000 (17:54 -0500)]
lighttpd: fix meson build
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
74d26813f744ebdc195fb3fbe9b2cd5e8169b2a3)
Glenn Strauss [Tue, 3 Jan 2023 18:09:52 +0000 (13:09 -0500)]
lighttpd: remove patch included upstream
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
66001d5a91087dec6ff9e620b995beaff60506d7)
Glenn Strauss [Tue, 3 Jan 2023 17:52:02 +0000 (12:52 -0500)]
lighttpd: update to lighttpd 1.4.68 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
6383ae9407280df7f2ac29065bfe22d7bca73ed7)
Glenn Strauss [Thu, 24 Nov 2022 07:18:09 +0000 (02:18 -0500)]
lighttpd: modify build cmd for type: feature opts
modify build command for meson type: feature options
remove -Dwith_libev=disabled (option no longer has any effect)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
4a3b62a92ab21bb6ae373dbbbfc1c5eb16ebc3f5)
Glenn Strauss [Wed, 30 Nov 2022 05:21:49 +0000 (00:21 -0500)]
lighttpd: add lighttpd-mod-rrdtool dep on rrdtool1
add lighttpd-mod-rrdtool dependency on rrdtool1
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
9f299e881ba7ae665d5251d1e4c8a9585b039911)
Glenn Strauss [Wed, 30 Nov 2022 04:32:44 +0000 (23:32 -0500)]
lighttpd: lighttpd-1.4.67-4
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a09dbfcf976f8d0c0247f068945dbd321e314bf8)
Glenn Strauss [Thu, 6 Oct 2022 08:32:04 +0000 (04:32 -0400)]
lighttpd: document crypto lib options in Makefile
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
43741e748f8569be4aaf3ba3a99867eef32c74e4)
Tianling Shen [Wed, 12 Apr 2023 19:15:49 +0000 (03:15 +0800)]
cloudflared: Update to 2023.4.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
62fdfb827893a221975379a66ae30fa37396a4d8)
Julien Malik [Sun, 26 Mar 2023 20:55:00 +0000 (22:55 +0200)]
borgbackup: bump to 1.2.4
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
(cherry picked from commit
45a3afbfb771f43c39051916c6e920482d25fd09)
Julien Malik [Tue, 7 Feb 2023 22:34:10 +0000 (23:34 +0100)]
borgbackup: add missing dependencies
The initial package submission was missing
some required and optional dependencies
due to lack of testing on a system without any python
related packages pre-installed.
Some optional but highly recommended dependencies
were discovered with the stdlib module as described in:
https://github.com/openwrt/packages/blob/
392a68e24774294590abf9c08ea1832f2cee190d/lang/python/README.md
Fixes #20441
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
(cherry picked from commit
1f25be97b6c73691ec5a00a9deb9a7456e59be8c)
Dirk Brenken [Wed, 12 Apr 2023 13:31:31 +0000 (15:31 +0200)]
banip: update 0.8.3-2
* more init fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
d178bf5d35417141a201e9ada7d04e912e4d2d7d)
Dirk Brenken [Thu, 6 Apr 2023 17:37:28 +0000 (19:37 +0200)]
banip: release 0.8.3-1
* add the new init command 'lookup', to lookup the IPs of domain names in the local lists and update them
* significant acceleration of the domain lookup function
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
c07fae25e70a159b48154fadcb3fcb3fd4f73ef1)
Hannu Nyman [Wed, 12 Apr 2023 14:23:48 +0000 (17:23 +0300)]
Merge pull request #20791 from hnyman/apinger2203
Apinger: backport apinger-rrd and the procd conversion to 22.03
Tianling Shen [Sun, 9 Apr 2023 19:48:23 +0000 (03:48 +0800)]
v2raya: Update to 2.0.5
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
23e134816688793d42cc52ad78a9fc65f4e6d3bc)
Jaymin Patel [Mon, 10 Apr 2023 18:26:43 +0000 (21:26 +0300)]
apinger: add rrd graph support
- add package apinger-rrd for RRD graphs
- add RPC to get an overview and update graphs
- fix interface hotplug to restart apinger instance
- add patch to split alarms list in the status
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
(cherry picked from commit
4281b7639c79ece68b50031f37ee8c693f32b4ef)
Jaymin Patel [Mon, 10 Apr 2023 18:23:25 +0000 (21:23 +0300)]
apinger: improve uci and procd support
- convert apinger into procd instances
- generate instance specific apinger.conf from uci
- hotplug handling for apinger alarms
- restart apinger interface instance on ifup action of interface
- don't exit on packet count mismatch, allows to use apinger as monitor
for multiple targets handling
- add srcip option to target configuration, allows specifying source ip
used to monitor target
- allow creating status file in script parseable format
Patches are ported against latest version of apinger and referenced from
https://git.pld-linux.org/?p=packages/apinger.git;a=summary
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
(cherry picked from commit
e4e3206f3283e673bfac717e00332deb8dd2c079)
Ryan Shi [Mon, 10 Apr 2023 18:13:13 +0000 (21:13 +0300)]
rrdtool: update PKG_SOURCE_URL
Signed-off-by: Ryan Shi <qweaszxcdf@users.noreply.github.com>
(cherry picked from commit
164e0257e7c079b06e5d862cbc31e1f11ac651cb)
Tianling Shen [Thu, 6 Apr 2023 10:49:30 +0000 (18:49 +0800)]
dnsproxy: Update to 0.48.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
04d5fa8dfc92047e2875db39ff10256d4b0aed12)
Tianling Shen [Mon, 3 Apr 2023 10:29:41 +0000 (18:29 +0800)]
yq: Update to 4.33.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
0b255830e9b33c4848c4ee65419ca3755baf883f)
Hannu Nyman [Wed, 5 Apr 2023 17:41:25 +0000 (20:41 +0300)]
nano: make nanorc world readable
If file /etc/nanorc is readable by everyone, "default" settings
are available for users as well without necessarily requiring
their own customized .nanorc in their home directory. Or if
they want one, but want it to be based on system's default
nanorc, they can copy it from /etc - without chmodding
file, it is in-accessible for users.
Suggested-by: Oskari Rauta <oskari.rauta@gmail.com>
[switched approach to use INSTALL_DATA]
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
76d02f933f006fb854c03fa1738ed795acc32e50)
Vladimir Ulrich [Thu, 8 Dec 2022 14:28:30 +0000 (17:28 +0300)]
zoneinfo: updated to the latest release
Signed-off-by: Vladimir Ulrich <admin@evl.su>
(cherry picked from commit
23e6200e4d0a435915ab4ef9700a7297e89b68b3)
(cherry picked from commit
0ff1a8666be7cc3ebde5838c4b166a2438f87567)
Stan Grishin [Mon, 3 Apr 2023 21:20:31 +0000 (21:20 +0000)]
simple-adblock: implement curl_additional_param compressed_cache_dir
* curl_additional_param: to pass additional parameters (like proxy) to curl
* compressed_cache_dir: where to store compressed cache in non-volitile memory
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
549a66bbfab309af9564200877f6f478a86f06ad)
Hirokazu MORIKAWA [Sat, 1 Apr 2023 00:22:22 +0000 (09:22 +0900)]
node: bump to v16.20.0
Description:
Update to v16.20.0
Fixed a bug with system-icu.
Fixed a bug when selecting arm-fpu for vfpv3-d16.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Dirk Brenken [Thu, 30 Mar 2023 18:13:21 +0000 (20:13 +0200)]
banip: update to 0.8.2-6
* restored some accidently removed init stuff in last commit
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
692fe359a9afab6a388907491f0169e155b9e0cd)
Dirk Brenken [Thu, 30 Mar 2023 16:00:15 +0000 (18:00 +0200)]
banip: update to 0.8.2-5
* fixed missing version number when installed as separate package (not in build)
* fixed cornercase init and mailing issues
* sorted Country list by country names ascending
* fixed some shellcheck findings
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
c9bf92c88d771cf4e3bbe851c271f641ff1a0957)
Tianling Shen [Mon, 27 Mar 2023 11:43:11 +0000 (19:43 +0800)]
yq: Update to 4.33.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
e2cf4fa9a119076d23f26e3803247b5d83c71547)
Tianling Shen [Sun, 26 Mar 2023 19:34:06 +0000 (03:34 +0800)]
dnsproxy: Update to 0.48.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1ac880fb12264144aedcb756ba0763626598a25a)
Tianling Shen [Mon, 20 Mar 2023 17:33:22 +0000 (01:33 +0800)]
dnsproxy: Update to 0.48.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
e5395396bd34c8eba0e01529fe01637e4468e401)
Tianling Shen [Tue, 21 Feb 2023 07:57:38 +0000 (15:57 +0800)]
dnsproxy: Update to 0.48.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
dbf66a3ae51a3b657ebf4c8be79780109ee4d694)
Ray Wang [Wed, 22 Mar 2023 13:51:35 +0000 (21:51 +0800)]
natmap: update to
20230322
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
feccbf86124724d30e2e95773c4defb01b6b5732)
Stan Grishin [Sun, 26 Mar 2023 20:23:19 +0000 (20:23 +0000)]
curl: update to 8.0.1
* https://curl.se/changes.html#8_0_1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
5640b7c94a6b90a2563c072b6080793f5fd86a1c)
Dirk Brenken [Sun, 26 Mar 2023 20:52:05 +0000 (22:52 +0200)]
banip: update to 0.8.2-4
* fixed a race condition if the service is in a disabled state
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
6b1df72e64628dbeb68a2b5fd2cfb68db87a2d2f)
Dirk Brenken [Wed, 22 Mar 2023 18:15:01 +0000 (19:15 +0100)]
banip: update to 0.8.2-3
* raise max. timeouts from 10 to 30 seconds to stabilize the autodetection on slow hardware
* made interface trigger action configurable, set 'ban_triggeraction' accordingly (default: 'start')
* made E-Mail notifications configurable to receive status E-Mais with every banIP run,
set 'ban_mailnotification' accordingly (default: disabled)
* small fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
1f5bc3f0f143536892302da6a1436e235e860a54)
Tianling Shen [Sun, 12 Mar 2023 09:19:14 +0000 (17:19 +0800)]
sqlite3: Update to 3.41.1
Removed `SQLITE3_JSON1` option as it was dropped by upstream.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a7dfb006fe7478841e9a0f81ea594ab1a2fb04bf)
Dirk Brenken [Mon, 20 Mar 2023 19:27:19 +0000 (20:27 +0100)]
adblock: update to 4.1.5-7
* fix cornercase issue with duplicate entries in black- and whitelist
* change cpbl source URL
* firewall redirects now blocks IPv4 and IPv6 (set family to "any")
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
a4b9697684ad13e9c60e22a830c5d5c28bd5e9ad)
Tianling Shen [Mon, 20 Mar 2023 07:25:35 +0000 (15:25 +0800)]
yq: Update to 4.32.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
65dc683efe329a13afdc632150f886b88d7f5edf)
Tianling Shen [Mon, 20 Mar 2023 07:25:04 +0000 (15:25 +0800)]
cloudflared: Update to 2023.3.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
67c26190089c99367140de63f1b1ba188567569d)
Tianling Shen [Sat, 18 Mar 2023 15:13:26 +0000 (23:13 +0800)]
v2raya: Update to 2.0.4
- Added TproxyNotSkipBr flag for OpenWrt.
- Removed all upstreamed patches.
- Removed deprecated option.
- Re-enable ipv6/nftables auto-detect.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
5062779dc79091d63929d44b6354e1cbefa2e8f5)