feed/packages.git
6 months agoMerge pull request #24064 from G-M0N3Y-2503/docker-update 24070/head
Tianling Shen [Fri, 3 May 2024 05:45:10 +0000 (13:45 +0800)]
Merge pull request #24064 from G-M0N3Y-2503/docker-update

Docker: Update to 26.1.0

6 months agov2ray-geodata: Update to latest version
Tianling Shen [Fri, 3 May 2024 05:42:40 +0000 (13:42 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 months agoxray-core: Update to 1.8.11
Tianling Shen [Fri, 3 May 2024 05:42:35 +0000 (13:42 +0800)]
xray-core: Update to 1.8.11

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 months agodocker: Update to 26.1.0 24064/head
Gerard Ryan [Wed, 1 May 2024 11:51:07 +0000 (21:51 +1000)]
docker: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agodockerd: Update to 26.1.0
Gerard Ryan [Wed, 1 May 2024 11:50:47 +0000 (21:50 +1000)]
dockerd: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agocontainerd: Update to 1.7.15
Gerard Ryan [Wed, 1 May 2024 11:50:08 +0000 (21:50 +1000)]
containerd: Update to 1.7.15
* Explicitly list GO_PKG_INSTALL_EXTRA
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agognutls: Update to version 3.8.5
Pascal Ernster [Wed, 1 May 2024 17:49:31 +0000 (19:49 +0200)]
gnutls: Update to version 3.8.5

All patches automatically refreshed.

The most important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:

- CVE-2024-28834 / GNUTLS-SA-2023-12-04
  A vulnerability was found that the deterministic ECDSA code leaks
  bit-length of random nonce which allows for full recovery of the
  private key used after observing a few hundreds to a few thousands of
  signatures on known messages, due to the application of lattice
  techniques.
  The issue was reported in the issue tracker as [#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516).
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
  When validating a certificate chain with more then 16 certificates
  GnuTLS applications crash with an assertion failure.
  The issue was reported in the issue tracker as [#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527) and [#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525).

Augmented copy/extract from upstream's NEWS file since GnuTLS 3.8.3:

- Version 3.8.5 (released 2024-04-04)
  - libgnutls: Due to majority of usages and implementations of
    RSA decryption with PKCS#1 v1.5 padding being incorrect,
    leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
    is being deprecated (encryption and decryption) and will be
    disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
    has been added into the system-wide library configuration which
    allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
    RSAES-PKCS1-v1_5 is enabled by default.
  - libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
    backward compatibility with GCR.
  - libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
    v1.5 decryption error handling and deterministic ECDSA with earlier
    versions of GMP.  These were a regression introduced in the 3.8.4
    release. See [#1535](https://gitlab.com/gnutls/gnutls/-/issues/1535) and [!1827](https://gitlab.com/gnutls/gnutls/-/merge_requests/1827).
  - build: Fixed a bug where building gnutls statically failed due
    to a duplicate definition of `nettle_rsa_compute_root_tr()`.
  - API and ABI modifications:
    - `GNUTLS_PKCS_PBES1_DES_SHA1`: New enum member of `gnutls_pkcs_encrypt_flags_t`.
- Version 3.8.4 (released 2024-03-18)
  - libgnutls: RSA-OAEP encryption scheme is now supported
    To use it with an unrestricted RSA private key, one would need to
    initialize a `gnutls_x509_spki_t` object with necessary parameters
    for RSA-OAEP and attach it to the private key. It is also possible
    to import restricted private keys if they are stored in PKCS#8
    format.
  - libgnutls: Fix side-channel in the deterministic ECDSA.
    Reported by George Pantelakis ([#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516)).
    [GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
  - libgnutls: Fixed a bug where certtool crashed when verifying a certificate
    chain with more than 16 certificates. Reported by William Woodruff ([#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525))
    and yixiangzhike ([#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527)).
    [GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
  - libgnutls: Compression libraries are now loaded dynamically as needed
    instead of all being loaded during gnutls library initialization.
    As a result, the library initialization should be faster.
  - build: The gnutls library can now be linked with the static library
    of GMP.  Note that in order for this to work libgmp.a needs to be
    compiled with -fPIC and libhogweed in Nettle also has to be linked
    to the static library of GMP.  This can be used to prevent custom
    memory allocators from being overriden by other applications.
  - API and ABI modifications:
    - `gnutls_x509_spki_get_rsa_oaep_params`: New function.
    - `gnutls_x509_spki_set_rsa_oaep_params`: New function.
    - `GNUTLS_PK_RSA_OAEP`: New enum member of `gnutls_pk_algorithm_t`.

Signed-off-by: Pascal Ernster <git@hardfalcon.net>
6 months agonextdns: Update to version 1.43.3
Olivier Poitrey [Mon, 29 Apr 2024 21:54:20 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agobanip: update 0.9.5-4
Dirk Brenken [Wed, 1 May 2024 13:02:44 +0000 (15:02 +0200)]
banip: update 0.9.5-4

* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
7 months agohyperscan: fix broken build w/ external toolchain
John Audia [Sat, 20 Apr 2024 17:39:33 +0000 (13:39 -0400)]
hyperscan: fix broken build w/ external toolchain

If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass.  This patch hacks
the file to set to the correct value.

Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216
https://github.com/intel/hyperscan/issues/431

Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
7 months agofrr: fix host build error on macOS
Georgi Valkov [Tue, 30 Apr 2024 14:37:11 +0000 (17:37 +0300)]
frr: fix host build error on macOS

Fixes:
lib/command_graph.c:16:1: error: argument to 'section' attribute is not valid for this target: mach-o section specifier requires a segment and section separated by a comma DEFINE_MTYPE_STATIC(LIB, CMD_TOKENS, "Command Tokens"); ^
./lib/memory.h:139:2: note: expanded from macro 'DEFINE_MTYPE_STATIC'
        DEFINE_MTYPE_ATTR(group, name, static, desc)                           \
        ^
./lib/memory.h:109:26: note: expanded from macro 'DEFINE_MTYPE_ATTR'
                __attribute__((section(".data.mtypes"))) = { {                 \

[1] https://github.com/FRRouting/frr/pull/6032
[2] https://github.com/FRRouting/frr/pull/15890

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agolibideviceactivation: add package from git
Georgi Valkov [Tue, 23 Apr 2024 23:38:31 +0000 (02:38 +0300)]
libideviceactivation: add package from git

Manage the activation of Apple iOS devices

There have been no releases since 2020-06-16.
Use the latest git 6925d58ef7994168fb9585aa6f48421149982329

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agoideviceinstaller: add package from git
Georgi Valkov [Tue, 23 Apr 2024 22:24:11 +0000 (01:24 +0300)]
ideviceinstaller: add package from git

Manage apps and app archives on iOS devices

There have been no releases since 2020-06-16.
Use the latest git 22872c3571b8d2646a9fbb74ec1d7e186941053d

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agoifuse: add package from git
Georgi Valkov [Tue, 23 Apr 2024 21:25:30 +0000 (00:25 +0300)]
ifuse: add package from git

Fuse filesystem access to iOS devices

There have been no releases since 2020-06-16.
Use the latest git 814a0e38050850937debd697fcfe6eca3de1b66f

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agoidevicerestore: update to the latest git version
Georgi Valkov [Tue, 23 Apr 2024 19:00:49 +0000 (22:00 +0300)]
idevicerestore: update to the latest git version

There have been no releases since 2020-06-16.
Update to the latest git 6d40d0ab626eb0ffee4f005b7fdc915bc561deb9

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agolibirecovery: update to 1.2.0
Georgi Valkov [Tue, 23 Apr 2024 17:34:29 +0000 (20:34 +0300)]
libirecovery: update to 1.2.0

Switched to GitHub tarballs as they are now available.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agousbmuxd: update to the latest git version
Georgi Valkov [Mon, 22 Apr 2024 12:07:12 +0000 (15:07 +0300)]
usbmuxd: update to the latest git version

There have been no releases since 2020-06-16.
Update to the latest git 360619c5f721f93f0b9d8af1a2df0b926fbcf281
Fix: --version did not print the version.

[1] changes to mode 3 CDC NCM by default. Revert back to mode 1:
Originally mode 1 was used, where a tethered iPhone appears as an
Ethernet interface, handled by the ipheth driver. This has been the
default for many years and is known to work on iPhone 3G, 4S, 7 Plus,
11 and newer. Since [2] ipheth supports CDC NCM in mode 1, and
configures the iPhone to use it.

In mode 3, the Ethernet interface is handled by kmod-usb-net-cdc-ncm.
This driver has better performance, but now the iPhone does not
provide DHCP or Internet connectivity, so we should revert to mode 1.

Analysing the network traffic, shows that both the iPhone and OpenWRT
are DHCP clients. The iPhone does not act as a DHCP server. I can set
a static IP on OpenWRT and lease 172.20.10.1 to the iPhone. Then I can
ping the iPhone and I have IPv4 connectivity. However the iPhone does
not provide Internet connectivity to OpenWRT. Maybe in mode 3, the
iPhone is a client meant to receive Internet over USB and therefore
it is not a gateway?

Attempts to switch old iPhones, such as 3G and 4S to mode 3 fail.
They remain in mode 1 and work correctly using the ipheth driver.

Comparison, tested on iPhone 7 Plus and 11
- mode 1 eth0 kmod-usb-net-ipheth  264 Mbit/s DHCP server, Internet
- mode 3 usb0 kmod-usb-net-cdc-ncm 304 Mbit/s DHCP client, no Internet

[1] https://github.com/libimobiledevice/usbmuxd/commit/c7a0dd9b82633ea347497626282e3051a469ef50
[2] https://github.com/openwrt/openwrt/commit/680f8738d02a1876ae4cd11aacf9cd56e520fadf

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agolibimobiledevice: update to the latest git version
Georgi Valkov [Mon, 22 Apr 2024 11:52:22 +0000 (14:52 +0300)]
libimobiledevice: update to the latest git version

There have been no releases since 2020-06-16.
Update to the latest git 5f083426b4ede24b2576f3a56eaf8ac3632c02f7

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agolibusbmuxd: update to 2.1.0
Georgi Valkov [Mon, 22 Apr 2024 11:34:05 +0000 (14:34 +0300)]
libusbmuxd: update to 2.1.0

Switched to GitHub tarballs as they are now available.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agolibimobiledevice-glue: add package 1.2.0
Georgi Valkov [Mon, 22 Apr 2024 11:29:10 +0000 (14:29 +0300)]
libimobiledevice-glue: add package 1.2.0

A library with common code used by the libimobiledevice project.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agolibplist: update to 2.4.0
Georgi Valkov [Mon, 22 Apr 2024 11:10:56 +0000 (14:10 +0300)]
libplist: update to 2.4.0

Switched to GitHub tarballs as they are now available.

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agoqemu: update to 9.0.0
Vladimir Ermakov [Wed, 24 Apr 2024 10:57:36 +0000 (12:57 +0200)]
qemu: update to 9.0.0

- update version: 9.0.0
- refresh patches

Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
7 months agoser2net: update to 4.6.2
Yegor Yefremov [Tue, 30 Apr 2024 07:02:36 +0000 (09:02 +0200)]
ser2net: update to 4.6.2

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
7 months agogensio: update to 2.8.4
Yegor Yefremov [Tue, 30 Apr 2024 07:01:47 +0000 (09:01 +0200)]
gensio: update to 2.8.4

Remove the upstreamed patches.

Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
7 months agoncdu: update to 1.20
John Audia [Tue, 30 Apr 2024 18:27:05 +0000 (14:27 -0400)]
ncdu: update to 1.20

Upstream bump

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
7 months agopdns-recursor: update to 5.0.4, fixes CVE-2024-25583
Peter van Dijk [Wed, 24 Apr 2024 13:53:04 +0000 (15:53 +0200)]
pdns-recursor: update to 5.0.4, fixes CVE-2024-25583

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
7 months agodnsproxy: add three new features
Emily H. [Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)]
dnsproxy: add three new features

This commit adds the following features:
1. UCI support for local DNS over HTTPS/TLS/QUIC server.
2. UCI support for using private reverse DNS.
3. procd jail with CAP_NET_BIND_SERVICE, allowing
   dnsproxy to serve on standard ports directly.

Signed-off-by: Emily H. <battery_tag708@simplelogin.com>
7 months agomsmtp: update to version 1.8.25
Josef Schlehofer [Fri, 26 Apr 2024 13:35:52 +0000 (15:35 +0200)]
msmtp: update to version 1.8.25

Release notes:
https://marlam.de/msmtp/news/msmtp-1-8-25/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
7 months agotransmission: update to version 4.0.5
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5

Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
7 months agosing-box: update to 1.8.12
brvphoenix [Mon, 29 Apr 2024 09:08:50 +0000 (17:08 +0800)]
sing-box: update to 1.8.12

Signed-off-by: brvphoenix <brvphoenix@gmail.com>
7 months agoapk: move package to core
Paul Spooren [Wed, 20 Mar 2024 23:03:43 +0000 (00:03 +0100)]
apk: move package to core

This will become part of openwrt.git and used within the build system.

Signed-off-by: Paul Spooren <mail@aparcar.org>
7 months agoMerge pull request #23901 from M95D/m95d-audit2
Florian Eckert [Mon, 29 Apr 2024 05:59:47 +0000 (07:59 +0200)]
Merge pull request #23901 from M95D/m95d-audit2

audit: move from packages to openwrt

7 months agoMerge pull request #24034 from rs/nextdns-1.43.1-master
Stan Grishin [Mon, 29 Apr 2024 00:35:30 +0000 (17:35 -0700)]
Merge pull request #24034 from rs/nextdns-1.43.1-master

nextdns: Update to version 1.43.1

7 months agonmap: add patch fixing compilation error with no OpenSSL DTLS
Christian Marangi [Sun, 28 Apr 2024 10:33:19 +0000 (12:33 +0200)]
nmap: add patch fixing compilation error with no OpenSSL DTLS

Add patch fixing compilation error with no OpenSSL DTLS support.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agonmap: update to version 7.95
Josef Schlehofer [Sat, 27 Apr 2024 10:19:45 +0000 (12:19 +0200)]
nmap: update to version 7.95

- Remove patch 010-Build-based-on-OpenSSL-version.patch
since it was backported and now it is included in 7.95 release
- Patch 030-ncat-drop-ca-bundle.patch was refreshed

Release notes:
https://nmap.org/changelog.html#7.95

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
7 months agonmap: use git as source and bump to PCRE2 support commit
Christian Marangi [Wed, 25 Oct 2023 03:51:57 +0000 (05:51 +0200)]
nmap: use git as source and bump to PCRE2 support commit

Use git as source and bump version to PCRE2 support commit.

Move nmap to PCRE2 library as PCRE is EOL and won't receive any security
update in the future.

Patch 001-Use-correct-HAVE_-macros-for-Lua-5.4.-Fixes-2648.patch has
been merged upstream and can be dropped.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agonmap: bump to version 7.94
Christian Marangi [Wed, 25 Oct 2023 03:41:55 +0000 (05:41 +0200)]
nmap: bump to version 7.94

Bump to version 7.94.
Nmap now require lua 5.4.

Patch 020-Python3-port-of-ndiff.patch has been merged upstream and can
be dropped.
Patch 001-Use-correct-HAVE_-macros-for-Lua-5.4.-Fixes-2648.patch is now
required to fix a problem with header inclusion for lua 5.4.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agonextdns: Update to version 1.43.1 24034/head
Olivier Poitrey [Sun, 28 Apr 2024 13:06:30 +0000 (13:06 +0000)]
nextdns: Update to version 1.43.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
7 months agolua: add new package with version 5.4
Christian Marangi [Wed, 25 Oct 2023 03:36:53 +0000 (05:36 +0200)]
lua: add new package with version 5.4

Add new lua version 5.4 required by new version of nmap.

Patches are copied from lua 5.3.
- Readline patch has to be reworked as lua 5.4 now supports
no readline for Linux but still needs some tweaks for macOS
and bsd systems.
- Patch shared lib required some rework.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agonextdns: Update to version 1.43.0
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
7 months agohev-socks5-server: add new package
Ray Wang [Thu, 25 Apr 2024 13:36:14 +0000 (21:36 +0800)]
hev-socks5-server: add new package

HevSocks5Server is a high-performance socks5 server for Unix.

More details: https://github.com/heiher/hev-socks5-server

Signed-off-by: Ray Wang <r@hev.cc>
7 months agosnort3: fix bug with unset variable
Eric Fahlgren [Tue, 9 Apr 2024 14:23:46 +0000 (07:23 -0700)]
snort3: fix bug with unset variable

  - Parameter not set in two places:
    /usr/bin/snort-mgr: eval: line 125: options: parameter not set

Reported-by: @klingon888
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
7 months agosnort3: add patch and move to PCRE2
Christian Marangi [Tue, 7 Nov 2023 00:17:25 +0000 (01:17 +0100)]
snort3: add patch and move to PCRE2

Add experimental patch and move package to PCRE2 as PCRE is EOL and
won't receive any security updates anymore.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agocloudflared: Update to 2024.4.1
Tianling Shen [Sat, 27 Apr 2024 05:18:55 +0000 (13:18 +0800)]
cloudflared: Update to 2024.4.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
7 months agolibrespeed-go: improve the description
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description

This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.

Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
7 months agop910nd: set bidi only if not already set
Paul Donald [Sun, 31 Mar 2024 18:25:17 +0000 (20:25 +0200)]
p910nd: set bidi only if not already set

Closes #23774

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
7 months agobanip: update 0.9.5-3
Dirk Brenken [Fri, 26 Apr 2024 15:03:14 +0000 (17:03 +0200)]
banip: update 0.9.5-3

* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
7 months agosyslog-ng: update to version 4.7.1
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1

Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1

Also bump version in the config file to avoid warning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
7 months agoMerge pull request #13619 from aparcar/no-circle
Josef Schlehofer [Fri, 26 Apr 2024 08:47:43 +0000 (10:47 +0200)]
Merge pull request #13619 from aparcar/no-circle

CI: remove CircleCI for now

7 months agoCI: remove CircleCI for now 13619/head
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now

The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.

Signed-off-by: Paul Spooren <mail@aparcar.org>
7 months agojool: update documentation
Goetz Goerisch [Fri, 19 Apr 2024 16:34:19 +0000 (18:34 +0200)]
jool: update documentation

* corrected the documentation links for upstream
* fixed style to be correctly rendered
* add reference to OpenWrt tutorial

Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
7 months agoMerge pull request #23984 from stangri/master-adblock-fast
Stan Grishin [Thu, 25 Apr 2024 21:33:57 +0000 (14:33 -0700)]
Merge pull request #23984 from stangri/master-adblock-fast

adblock-fast: bugfix: unbound-related fixes

7 months agodocker-compose: Update to version 2.27.0
Javier Marcet [Thu, 25 Apr 2024 17:25:35 +0000 (19:25 +0200)]
docker-compose: Update to version 2.27.0

Release notes:
https://github.com/docker/compose/releases/tag/v2.27.0

Signed-off-by: Javier Marcet <javier@marcet.info>
7 months agoMerge pull request #23991 from friendly-bits/master-geoip-shell
Dirk Brenken [Thu, 25 Apr 2024 17:20:47 +0000 (19:20 +0200)]
Merge pull request #23991 from friendly-bits/master-geoip-shell

geoip-shell: update to v0.5.2

7 months agolibqmi: add missing PKG_VERSION for APK
Florian Eckert [Thu, 25 Apr 2024 14:35:33 +0000 (16:35 +0200)]
libqmi: add missing PKG_VERSION for APK

The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
7 months agolibmbim: add missing PKG_VERSION for APK
Florian Eckert [Thu, 25 Apr 2024 14:35:01 +0000 (16:35 +0200)]
libmbim: add missing PKG_VERSION for APK

The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
7 months agolua-eco: update to 3.4.1
Jianhui Zhao [Wed, 24 Apr 2024 09:55:40 +0000 (17:55 +0800)]
lua-eco: update to 3.4.1

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
7 months agoMerge pull request #23911 from qosmio/nebula-fix-release-number
Stan Grishin [Thu, 25 Apr 2024 00:04:42 +0000 (17:04 -0700)]
Merge pull request #23911 from qosmio/nebula-fix-release-number

nebula: Use APK style release number

7 months agoMerge pull request #23907 from qosmio/nghttp3-fix-release-number
Stan Grishin [Thu, 25 Apr 2024 00:01:09 +0000 (17:01 -0700)]
Merge pull request #23907 from qosmio/nghttp3-fix-release-number

nghttp3: Use APK style release number

7 months agoMerge pull request #23908 from qosmio/ngtcp2-fix-release-number
Stan Grishin [Thu, 25 Apr 2024 00:00:56 +0000 (17:00 -0700)]
Merge pull request #23908 from qosmio/ngtcp2-fix-release-number

ngtcp2: Use APK style release number

7 months agoshairport-sync: support mqtt based remote control
David Andreoletti [Sat, 9 Mar 2024 15:08:04 +0000 (23:08 +0800)]
shairport-sync: support mqtt based remote control

Enable MQTT support to control shairport-sync remotely

Signed-off-by: David Andreoletti <david@andreoletti.net>
7 months agonatmap: add log_std{out,err} options
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options

Introduce `log_stdout` and `log_stderr` options for managing logging output.

Signed-off-by: Ray Wang <r@hev.cc>
7 months agonode: bump to v20.12.2
Hirokazu MORIKAWA [Wed, 24 Apr 2024 01:38:27 +0000 (10:38 +0900)]
node: bump to v20.12.2

This is a security release.

Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
7 months agoperl: fix not a Mach-O file on macOS
Georgi Valkov [Sat, 20 Apr 2024 15:46:18 +0000 (18:46 +0300)]
perl: fix not a Mach-O file on macOS

Reverts [1] to resolve the following build error on macOS:

/Volumes/wrt3200/openwrt/staging_dir/hostpkg/usr/bin/perl installperl --destdir=/Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install
WARNING: You've never run 'make test' or some tests failed! (Installing anyway.)
  /usr/bin/perl5.38.2
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: input file: /Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install/usr/bin/perl5.38.2 is not a Mach-O file

[1] https://github.com/Perl/perl5/commit/88efce38149481334db7ddb932f9b74eaaa9765b

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agocni-plugins-nft: use local tarballs
Rosen Penev [Fri, 19 Apr 2024 23:13:45 +0000 (16:13 -0700)]
cni-plugins-nft: use local tarballs

Avoids having to override PKG_UNPACK.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agocni-plugins: use local tarballs
Rosen Penev [Fri, 19 Apr 2024 23:17:56 +0000 (16:17 -0700)]
cni-plugins: use local tarballs

Avoids having to override PKG_UNPACK.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agosnort3: use local tarballs
Rosen Penev [Sun, 21 Apr 2024 20:54:45 +0000 (13:54 -0700)]
snort3: use local tarballs

Avoids having a bad tarball name with just the version.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agotreewide: exclude mips64
Rosen Penev [Tue, 23 Apr 2024 22:21:23 +0000 (15:21 -0700)]
treewide: exclude mips64

These packages exclude mips but forget to exclude mips64.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agoluasocket: switch to local tarballs
Rosen Penev [Sun, 21 Apr 2024 20:48:53 +0000 (13:48 -0700)]
luasocket: switch to local tarballs

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agoluaexpat: use local tarballs
Rosen Penev [Sun, 21 Apr 2024 20:42:56 +0000 (13:42 -0700)]
luaexpat: use local tarballs

Smaller and avoids badly named tarball with just the version.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agomodemmanager: add missing PKG_VERSION for APK
Florian Eckert [Mon, 22 Apr 2024 08:26:15 +0000 (10:26 +0200)]
modemmanager: add missing PKG_VERSION for APK

The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
7 months agogeoip-shell: update to v0.5.2 23991/head
Anton Khazan [Tue, 23 Apr 2024 06:19:24 +0000 (09:19 +0300)]
geoip-shell: update to v0.5.2

Changes since v0.5:

Bugfixes:
- bugfix: 'geoip-shell on' command errors out on iptables-based systems
- bugfix: when changing the update cron schedule, old cron job does not get removed
- bugfix: in some edge cases, the update cron job may not be created
- bugfix: incorrect mask bits used when creating a rule allowing ipv6 link-local connections (/8 instead of /10)
- bugfix: geoip-shell-fetch.sh: fix running without root permissions

Improvements:
- nftables variant: attach the base chain to the prerouting netfilter hook with priority -141 (rather than -150) to make rules processing deterministic when other rules exist which have priority 'mangle' (-150), making it easier to create custom rules which will be processed before geoip-shell rules
- include information on currently used firewall backend utility (nftables or iptables) in the status report
- avoid unnecessary re-fetching of ip lists when running 'geoip-shell configure'
- randomize the default update schedule's minute between 10 and 20 (previously was always 15)
- randomize the automatic update second between 0 and 59
- improve console messages and the status report
- update and improve the general documentation
- improve OpenWrt-specific documentation

Signed-off-by: Anton Khazan <antonk.d3v@gmail.com>
7 months agoxtables-addons: fix broken compile with external Toolchain
Christian Marangi [Thu, 19 Oct 2023 13:29:05 +0000 (15:29 +0200)]
xtables-addons: fix broken compile with external Toolchain

Fix broken compile with external Toolchain.

Commit 32aaaaa7d379 ("xtables-addons: pass correct flags to
compile and install") simplified and dropped the custom Compile/Install
in favor of the default one. Problem is that it dropped DESTDIR
resulting in the package having problem on finishing install.

The commit then was reworked with c83b8787a5f8 ("xtables-addons: adapt
build to EXTERNAL_TOOLCHAIN" that reintroduced DESTDIR and also
introduced a useless custom flag to fix wrong ARCH.

ARCH is fixed by kernel.mk and doesn't depend on external Toolchain or
not. For ARCH that require fixing, kernel.mk should be fixed instead of
adding custom function to packages Makefile.

Drop the custom ARCH handling and use Compile/Install everytime.

Fixes: 32aaaaa7d379 ("xtables-addons: pass correct flags to compile and install")
Fixes: c83b8787a5f8 ("xtables-addons: adapt build to EXTERNAL_TOOLCHAIN")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agoimagemagick: update to 7.1.1.31
krant [Mon, 22 Apr 2024 06:01:34 +0000 (09:01 +0300)]
imagemagick: update to 7.1.1.31

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
7 months agoshairport-sync: support before/after entering active state, unfixable error detected...
David Andreoletti [Sat, 9 Mar 2024 07:19:59 +0000 (15:19 +0800)]
shairport-sync: support before/after entering active state, unfixable error detected, volume set events in UCI config

- Add before/after active state event callbacks in UCI config.
- Add volume change event callbacks in UCI config.
- Add unfixable error event callbacks in UCI config.

As of the current shairport-sync release, all event callbacks have been
mapped to UCI config.

Signed-off-by: David Andreoletti <david@andreoletti.net>
7 months agolua-eco: update to 3.4.0
Jianhui Zhao [Mon, 22 Apr 2024 01:18:26 +0000 (09:18 +0800)]
lua-eco: update to 3.4.0

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
7 months agodnsproxy: Update to 0.70.0
Tianling Shen [Mon, 22 Apr 2024 07:26:30 +0000 (15:26 +0800)]
dnsproxy: Update to 0.70.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
7 months agov2ray-core: Update to 5.15.3
Tianling Shen [Mon, 22 Apr 2024 07:26:22 +0000 (15:26 +0800)]
v2ray-core: Update to 5.15.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
7 months agoMerge pull request #23975 from krant/libwebp
Alexandru Ardelean [Mon, 22 Apr 2024 07:11:45 +0000 (10:11 +0300)]
Merge pull request #23975 from krant/libwebp

libwebp: update to 1.4.0

7 months agotailscale: Update to 1.64.2
Zephyr Lykos [Sun, 21 Apr 2024 14:06:12 +0000 (22:06 +0800)]
tailscale: Update to 1.64.2

<https://github.com/tailscale/tailscale/releases/v1.64.2>

Signed-off-by: Zephyr Lykos <git@mochaa.ws>
7 months agoMerge pull request #23978 from neheb/o
Eneas U de Queiroz [Mon, 22 Apr 2024 01:44:20 +0000 (22:44 -0300)]
Merge pull request #23978 from neheb/o

gost_engine: switch to local tarballs

7 months agopython-lxml: bump to version 5.2.1
Alexandru Ardelean [Mon, 15 Apr 2024 16:42:43 +0000 (19:42 +0300)]
python-lxml: bump to version 5.2.1

Also added python-cython/host as a build dependency.

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
7 months agousbmuxd: fix tethering not working after iPhone restart
Georgi Valkov [Sat, 20 Apr 2024 23:12:49 +0000 (02:12 +0300)]
usbmuxd: fix tethering not working after iPhone restart

If the iPhone restarts while the USB cable is still connected,
tethering does not work. This can be fixed by reconnecting.

Fix: if the hotplug.d script detects that carrier is disabled
(no communication), the USB link is reset, and then the
usbmuxd service is restarted. Tethering starts even before
the iPhone is unlocked. As a side effect, if tethering is not
enabled, the iPhone will ding a second time after 5 seconds.

Add dependency on usbutils for usbreset, remove dependency on librt.

[1] https://github.com/libimobiledevice/usbmuxd/issues/218
[2] https://github.com/openwrt/openwrt/issues/12566#issuecomment-2066305622

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
7 months agomtd-rw: update version to latest master
Rosen Penev [Sun, 21 Apr 2024 02:32:43 +0000 (19:32 -0700)]
mtd-rw: update version to latest master

Remove local patch as upstream has a different solution applied.

Use PKG_SOURCE_DATE to get rid of weird apk version.

Remove various variables that are default anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agobanip: update 0.9.5-2
Dirk Brenken [Sun, 21 Apr 2024 19:57:17 +0000 (21:57 +0200)]
banip: update 0.9.5-2

* fixed possible Set search race condition (initiated from LuCI frontend)
* fixed the "no result" Set search problem in LuCI
* removed abandoned feeds: spamhaus edrop (was merged with spamhaus drop)

Signed-off-by: Dirk Brenken <dev@brenken.org>
7 months agonginx: bump to 1.25.5 release
Christian Marangi [Sun, 21 Apr 2024 15:47:59 +0000 (17:47 +0200)]
nginx: bump to 1.25.5 release

Bump nginx to 1.25.5 release.

Patch automatically refreshed with make package/nginx/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agouwsgi: update Maintainer name
Christian Marangi [Sun, 21 Apr 2024 15:39:49 +0000 (17:39 +0200)]
uwsgi: update Maintainer name

Update maintainer name with real name for Christian Marangi.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agouwsgi: bump to latest 2.0.25.1 release
Christian Marangi [Sun, 21 Apr 2024 15:38:24 +0000 (17:38 +0200)]
uwsgi: bump to latest 2.0.25.1 release

Bump to latest 2.0.25.1 release

Drop upstream PCRE2 patch and alarm memory leak fix.
Rework and refresh patch due to release bump.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
7 months agoadblock-fast: bugfix: unbound-related fixes 23984/head
Stan Grishin [Sun, 21 Apr 2024 14:06:52 +0000 (14:06 +0000)]
adblock-fast: bugfix: unbound-related fixes

* include `server:` directive at the top of unbound file
* update unbound-related outputGzip variable to include full path
* return always_nxdomain for blocked domains
* also update copyright stamp/license

Signed-off-by: Stan Grishin <stangri@melmac.ca>
7 months agogost_engine: switch to local tarballs 23978/head
Rosen Penev [Fri, 19 Apr 2024 21:36:01 +0000 (14:36 -0700)]
gost_engine: switch to local tarballs

Avoids PKG_UNPACK hacks.

Added PKG_LICENSE_FILES.

Reordered variables for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agoeza: update to 0.18.11
Jonas Jelonek [Sat, 20 Apr 2024 16:10:46 +0000 (18:10 +0200)]
eza: update to 0.18.11

changelogs:
0.18.10: https://github.com/eza-community/eza/releases/tag/v0.18.10
0.18.11: https://github.com/eza-community/eza/releases/tag/v0.18.11

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
7 months agolibmraa: Fix compilation with musl libc 1.2.5
Hauke Mehrtens [Sun, 14 Apr 2024 13:43:23 +0000 (15:43 +0200)]
libmraa: Fix compilation with musl libc 1.2.5

Support POSIX basename used in musl libc 1.2.5.

This backports a patch from upstream git.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 months agoxxhash: build with cmake
Rosen Penev [Sat, 13 Apr 2024 21:35:46 +0000 (14:35 -0700)]
xxhash: build with cmake

Faster.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agoxxhash: switch to local git tarballs
Rosen Penev [Sat, 13 Apr 2024 21:33:22 +0000 (14:33 -0700)]
xxhash: switch to local git tarballs

Smaller and avoids having to use PKG_UNPACK.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 months agotini: Fix compilation with musl libc 1.2.5
Hauke Mehrtens [Sun, 14 Apr 2024 13:43:23 +0000 (15:43 +0200)]
tini: Fix compilation with musl libc 1.2.5

Support POSIX basename used in musl libc 1.2.5.

This fixes compilation with musl libc 1.2.5.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 months agolibwebp: update to 1.4.0 23975/head
krant [Sat, 20 Apr 2024 21:17:23 +0000 (00:17 +0300)]
libwebp: update to 1.4.0

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
7 months agoMerge pull request #23969 from dibdot/curl
Josef Schlehofer [Sat, 20 Apr 2024 17:03:20 +0000 (19:03 +0200)]
Merge pull request #23969 from dibdot/curl

curl: fix/bump PKG_RELEASE, remove maintainer

7 months agoMerge pull request #23963 from dibdot/banIP
Dirk Brenken [Sat, 20 Apr 2024 11:05:05 +0000 (13:05 +0200)]
Merge pull request #23963 from dibdot/banIP

banip: release 0.9.5-1

7 months agobanip: release 0.9.5-1 23963/head
Dirk Brenken [Fri, 19 Apr 2024 20:09:29 +0000 (22:09 +0200)]
banip: release 0.9.5-1

* added a DDoS protection rules in a new pre-routing chain to prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets, flood tresholds are configured via 'ban_icmplimit' (default 10/s), 'ban_synlimit' (default 10/s) and 'ban_udplimit' (default 100/s)
* the new pre-routing rules are tracked via named nft counters and are part of the standard reporting, set 'ban_logprerouting' accordingly
* block countries dynamically by Regional Internet Registry (RIR)/regions, e.g. all countries related to ARIN. Supported service regions are: AFRINIC, ARIN, APNIC, LACNIC and RIPE, set 'ban_region' accordingly
* it's now possible to always allow certain protocols/destination ports in wan-input and wan-forward chains, set 'ban_allowflag' accordingly - e.g. ' tcp 80 443-445'
* filter/convert possible windows line endings of external feeds during processing
* the cpu core autodetection is now limited to max. 16 cores in parallel, set 'ban_cores' manually to overrule this limitation
* set the default nft priority to -100 for banIP input/forward chains (pre-routing is set to -150)
* update readme
* a couple of bugfixes & performance improvements
* removed abandoned feeds: darklist, ipblackhole
* added new feeds: becyber, ipsum, pallebone, debl (changed URL)
* requires a LuCI frontend update as well (separate PR/commit)

Signed-off-by: Dirk Brenken <dev@brenken.org>
7 months agogeoip-shell: remove extra r from PKG_RELEASE
Hannu Nyman [Sat, 20 Apr 2024 06:21:07 +0000 (09:21 +0300)]
geoip-shell: remove extra r from PKG_RELEASE

Remove the unnecessary 'r' from PKG_RELEASE as it is
added automatically by the build system to the final versioning.

(Current version leads into  'geoip-shell_0.5-rr2_all.ipk')

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>