feed/packages.git
9 months agortpmidi: update to 23.12
Rosen Penev [Sat, 24 Feb 2024 20:24:22 +0000 (12:24 -0800)]
rtpmidi: update to 23.12

Get rid of codeload and use local tarballs.

Fixes compilation with newer fmt.

Minor cleanups.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agotmux: update to 3.4
Maxim Storchak [Sat, 24 Feb 2024 22:32:21 +0000 (00:32 +0200)]
tmux: update to 3.4

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
9 months agotravelmate: update 2.1.2-4
Dirk Brenken [Sat, 24 Feb 2024 21:39:10 +0000 (22:39 +0100)]
travelmate: update 2.1.2-4

* more re-connections tweaks
* made travelmate generated emails responsive

Signed-off-by: Dirk Brenken <dev@brenken.org>
9 months agopython-yaml: fix build with Cython 3
krant [Tue, 20 Feb 2024 11:49:43 +0000 (13:49 +0200)]
python-yaml: fix build with Cython 3

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agosnort3: update to 3.1.81.0
John Audia [Tue, 20 Feb 2024 20:36:26 +0000 (15:36 -0500)]
snort3: update to 3.1.81.0

Changelog: https://github.com/snort3/snort3/releases/tag/3.1.81.0

   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.1.81.0
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 3.0.14
           Using LuaJIT version 2.1.0-beta3
           Using OpenSSL 3.0.13 30 Jan 2024
           Using libpcap version 1.10.4 (with TPACKET_V3)
           Using PCRE version 8.45 2021-06-15
           Using ZLIB version 1.3.1
           Using Hyperscan version 5.4.2 2024-02-16
           Using LZMA version 5.4.6

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
9 months agoconserver: free correct addrinfo to prevent crash.
Darren Tucker [Thu, 15 Feb 2024 08:33:05 +0000 (19:33 +1100)]
conserver: free correct addrinfo to prevent crash.

When looping through addrinfo lists in AddrsMatch, keep a copy of the
original addrinfo pointers to free instead of ending up at the terminating
NULLs and trying to free those.

OpenWRT uses musl in which freeaddrinfo(NULL) is not safe (which is
fine, it's not required by the spec) so this fixes a segfault.

Signed-off-by: Darren Tucker <dtucker@dtucker.net>
9 months agohtpdate: update to 1.3.7
krant [Sat, 24 Feb 2024 11:02:57 +0000 (13:02 +0200)]
htpdate: update to 1.3.7

- Switch package URLs to HTTPS
- Use .gz for source archive since .xz is no longer available
- Remove upstreamed patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agofwknop: update to 2.6.11
Oldřich Jedlička [Fri, 23 Feb 2024 22:35:37 +0000 (23:35 +0100)]
fwknop: update to 2.6.11

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
9 months agodump1090: update to 9.0
krant [Sat, 24 Feb 2024 10:34:11 +0000 (12:34 +0200)]
dump1090: update to 9.0

- Fix version to be properly configured

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoc-ares: update to 1.27.0
krant [Fri, 23 Feb 2024 20:19:37 +0000 (22:19 +0200)]
c-ares: update to 1.27.0

- Update package URL
- Don't set default CMake options

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoavrdude: fix dependencies
krant [Fri, 23 Feb 2024 09:19:45 +0000 (11:19 +0200)]
avrdude: fix dependencies

- libftdi, libhidapi, libusb-0.1 was incorrectly leaking into the build.
- libgpiod was incorrectly missing out despite LINUXGPIO feature
  was explicitly requested.

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agogperftools: add new package
John Audia [Thu, 13 Jul 2023 14:20:48 +0000 (10:20 -0400)]
gperftools: add new package

Thread-caching malloc provided by this package improves snort3
performance.  I have been running with this for over seven months
without issues.  Avg CPU usage is down.  Another user reported
higher throughput achieved with snort3 compiled with this on
samba transfers on system with CPU-limited snort performance.[1]

1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22

Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64

Signed-off-by: John Audia <therealgraysky@proton.me>
9 months agotravelmate: update 2.1.2-3
Dirk Brenken [Sat, 24 Feb 2024 05:58:40 +0000 (06:58 +0100)]
travelmate: update 2.1.2-3

* various vpn optimizations
* remove obsololete trm_maxscan option
* small fixes for net status and captive portal handling
* add an additional login variant to the h-hotels login script
* fix the wifibahn login script work again with wifionice hotspots again
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
9 months agolighttpd: update to lighttpd 1.4.74 release hash
Glenn Strauss [Thu, 22 Feb 2024 18:03:24 +0000 (13:03 -0500)]
lighttpd: update to lighttpd 1.4.74 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
9 months agosysstat: add missing xz-utils dependency
krant [Fri, 23 Feb 2024 01:30:19 +0000 (03:30 +0200)]
sysstat: add missing xz-utils dependency

Depending only on 'xz' hides the package when 'xz-utils' is not selected

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoimagemagick: add missing libzip dependency
Alexander Egorenkov [Sat, 17 Feb 2024 10:02:08 +0000 (11:02 +0100)]
imagemagick: add missing libzip dependency

Package imagemagick is missing dependencies for the following libraries:
libzip.so.5.

Fixes: 7b697342e9fc ("imagemagick: update to 7.1.1-28")
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
9 months agotesseract: update to 5.3.4
krant [Wed, 21 Feb 2024 11:03:11 +0000 (13:03 +0200)]
tesseract: update to 5.3.4

- Fix NEON mis-detection which was breaking builds on some platforms

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agomicropython: disable mold
Oskari Rauta [Fri, 16 Feb 2024 08:44:11 +0000 (10:44 +0200)]
micropython: disable mold

package fails to build with mold linker due to unregocnized flag.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agoopenvpn: update to 2.6.9
Ivan Pavlov [Mon, 12 Feb 2024 19:23:24 +0000 (22:23 +0300)]
openvpn: update to 2.6.9

- license change is now complete, and all code has been re-licensed
  under the new license (still GPLv2, but with new linking exception
  for Apache2 licensed code).
  Code that could not be re-licensed has been removed or rewritten.

- add support for building with mbedTLS 3.x.x

- new option "--force-tls-key-material-export" to only accept clients
  that can do TLS keying material export to generate session keys
  (mostly an internal option to better deal with TLS 1.0 PRF failures).

- Windows: bump vcpkg-ports/pkcs11-helper to 1.30

- Log incoming SSL alerts in easier to understand form and move logging
  from "--verb 8" to "--verb 3".

- protocol_dump(): add support for printing "--tls-crypt" packets

and other fixes

For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
9 months agohyperscan: symlinks redundant ABI shared objects
John Audia [Thu, 22 Feb 2024 20:21:46 +0000 (15:21 -0500)]
hyperscan: symlinks redundant ABI shared objects

Use $(CP) macro rather than $(INSTALL_DATA) to preserve symlinks
on shared objects which saves approx 11.8 M of space.

From hyperscan-runtime_5.4.2-1:

% ls -lh /usr/lib/libhs*
-rw-r--r-- 1 root root 4.7M Feb 16 14:29 /usr/lib/libhs.so
-rw-r--r-- 1 root root 4.7M Feb 16 14:29 /usr/lib/libhs.so.5
-rw-r--r-- 1 root root 4.7M Feb 16 14:29 /usr/lib/libhs.so.5.4.2
-rw-r--r-- 1 root root 1.2M Feb 16 14:29 /usr/lib/libhs_runtime.so
-rw-r--r-- 1 root root 1.2M Feb 16 14:29 /usr/lib/libhs_runtime.so.5
-rw-r--r-- 1 root root 1.2M Feb 16 14:29 /usr/lib/libhs_runtime.so.5.4.2

% grep Installed-Size /usr/lib/opkg/info/hyperscan-runtime.control
Installed-Size: 18370560

From hyperscan-runetime_5.4.2-2 (created by this PR):

% ls -lh /usr/lib/libhs*
lrwxr-xr-x 1 root root   10 Feb 22 15:56 /usr/lib/libhs.so -> libhs.so.5
lrwxr-xr-x 1 root root   14 Feb 22 15:56 /usr/lib/libhs.so.5 -> libhs.so.5.4.2
-rwxr-xr-x 1 root root 4.6M Feb 22 15:27 /usr/lib/libhs.so.5.4.2
lrwxr-xr-x 1 root root   18 Feb 22 15:56 /usr/lib/libhs_runtime.so -> libhs_runtime.so.5
lrwxr-xr-x 1 root root   22 Feb 22 15:56 /usr/lib/libhs_runtime.so.5 -> libhs_runtime.so.5.4.2
-rwxr-xr-x 1 root root 1.2M Feb 22 15:27 /usr/lib/libhs_runtime.so.5.4.2

% grep Installed-Size /usr/lib/opkg/info/hyperscan-runtime.control
Installed-Size: 5918720

Credit to @efahl for pointing this out.

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
9 months agoscreen: update to 4.9.1
krant [Sun, 11 Feb 2024 23:23:25 +0000 (01:23 +0200)]
screen: update to 4.9.1

- Remove upstreamed patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agocoova-chilli: fix libxt-coova not loading properly from iptables ( openwrt/packages...
Pierre Parent [Wed, 14 Feb 2024 10:51:59 +0000 (11:51 +0100)]
coova-chilli: fix libxt-coova not loading properly from iptables ( openwrt/packages#23092 )

Signed-off-by: Pierre Parent <m@pierre-parent.fr>
9 months agortl_433: update to 23.11
Edmunt Pienkowsky [Sat, 17 Feb 2024 09:03:02 +0000 (10:03 +0100)]
rtl_433: update to 23.11

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
9 months agortl-sdr: update to v2.0.1
Edmunt Pienkowsky [Sat, 17 Feb 2024 08:57:08 +0000 (09:57 +0100)]
rtl-sdr: update to v2.0.1

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
9 months agoclamav: update to 1.3.0
krant [Thu, 22 Feb 2024 10:53:47 +0000 (12:53 +0200)]
clamav: update to 1.3.0

- Add build-time Rust dependency
- Don't set default and rename changed CMake options

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agocroc: update to 9.6.12
Jonas Jelonek [Thu, 22 Feb 2024 19:03:43 +0000 (20:03 +0100)]
croc: update to 9.6.12

changelogs:
9.6.10: https://github.com/schollz/croc/releases/tag/v9.6.10
9.6.11: https://github.com/schollz/croc/releases/tag/v9.6.10
9.6.12: https://github.com/schollz/croc/releases/tag/v9.6.10

Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
9 months agofswebcam: update to 20200725
krant [Thu, 22 Feb 2024 21:05:06 +0000 (23:05 +0200)]
fswebcam: update to 20200725

- Remove dead mirror

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agogit: update to 2.43.2
krant [Thu, 22 Feb 2024 20:54:29 +0000 (22:54 +0200)]
git: update to 2.43.2

- Refresh a patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoboinc: update to 7.24.3
krant [Thu, 22 Feb 2024 19:03:05 +0000 (21:03 +0200)]
boinc: update to 7.24.3

- Use local tarball
- Remove upstreamed and refresh remaining patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoavrdude: update to 7.3
krant [Thu, 22 Feb 2024 07:36:14 +0000 (09:36 +0200)]
avrdude: update to 7.3

- Use local tarball
- Use CMake
- Depend from libusb-1.0 instead of libusb-compat
- Remove obsolete patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoripgrep: update to 14.1.0
krant [Thu, 22 Feb 2024 14:29:06 +0000 (16:29 +0200)]
ripgrep: update to 14.1.0

- Link pcre2 dynamically
  - it was linked statically and libpcre2 dependency was useless
  - it magically fixes build error when global LTO is enabled
  - it reduces resulting binary size
- Use 'release-lto' cargo profile to further reduce binary size

'rg' binary sizes comparision (arm_cortex-a9+neon):
- 4293KB: unmodified
- 4018KB: dynamic libpcre2
- 3521KB: dynamic libpcre2 + release-lto

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agobluez: update to 5.72
krant [Thu, 22 Feb 2024 06:32:26 +0000 (08:32 +0200)]
bluez: update to 5.72

- Use HTTPS for URL
- Don't set default configure option
- Refresh the patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoglib2: use internal pcre2 for host
Rosen Penev [Wed, 21 Feb 2024 20:52:11 +0000 (12:52 -0800)]
glib2: use internal pcre2 for host

There's some weird issue where -lpcre2 is not being passed. Fixes
vala/host which links to static libraries.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agolibiio: fix pkgconfig paths
Rosen Penev [Wed, 21 Feb 2024 20:48:28 +0000 (12:48 -0800)]
libiio: fix pkgconfig paths

CMake build is passing host paths in pkgconfig file.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agonghttp3: fix pkgconfig file
Rosen Penev [Wed, 21 Feb 2024 20:46:46 +0000 (12:46 -0800)]
nghttp3: fix pkgconfig file

CMake build is passing host paths in pkgconfig.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agosysstat: update to 12.7.5
krant [Wed, 21 Feb 2024 15:27:04 +0000 (17:27 +0200)]
sysstat: update to 12.7.5

- Update package URLs
- Add missing xz dependency
- Fix incorrectly set sa_dir
- Refresh the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agonlbwmon: update to Git HEAD (2024-02-21)
Jo-Philipp Wich [Wed, 21 Feb 2024 20:50:42 +0000 (21:50 +0100)]
nlbwmon: update to Git HEAD (2024-02-21)

8dab2ae24c54 neigh: fix potential integer underflow in avl_cmp_neigh()
992f9078b1d5 nfnetlink: fix netlink dump receive logic
ec1a39e53d3f nfnetlink: improve message reception in event callback
0ef61c3bebcb build: convert CMakeList.txt to lowercase
c7616bcfaaef nlbwmon: utilize uloop interval timer if available

Fixes: https://github.com/jow-/nlbwmon/issues/57
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
9 months agolibffi: update to 3.4.6
krant [Wed, 21 Feb 2024 12:15:00 +0000 (14:15 +0200)]
libffi: update to 3.4.6

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agolibpng: update to 1.6.42
krant [Wed, 21 Feb 2024 10:54:53 +0000 (12:54 +0200)]
libpng: update to 1.6.42

- Don't set default and rename renamed CMake options
- Enable NEON optimizations
- Rebase the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoovn: bump to 22.03.5
Yousong Zhou [Wed, 21 Feb 2024 08:41:19 +0000 (08:41 +0000)]
ovn: bump to 22.03.5

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 months agoopenvswitch: bump to 2.17.9
Yousong Zhou [Mon, 5 Feb 2024 03:14:38 +0000 (03:14 +0000)]
openvswitch: bump to 2.17.9

Refresh and backport patches so that

 - ./python path in the source code takes precedence over the same dir in hostpkg
 - OVN LTS version 22.03.5 which depends on Open vSwitch 3.0 can compile
   with Open vSwitch 2.17

Fixes: https://github.com/openwrt/packages/issues/22744
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
9 months agolibcurl-gnutls: fix build
krant [Wed, 21 Feb 2024 07:34:19 +0000 (09:34 +0200)]
libcurl-gnutls: fix build

- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agortty: update to 8.1.1
Jianhui Zhao [Tue, 20 Feb 2024 14:13:31 +0000 (22:13 +0800)]
rtty: update to 8.1.1

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
9 months agodockerd: Update to 25.0.3
Gerard Ryan [Sun, 31 Dec 2023 06:15:27 +0000 (16:15 +1000)]
dockerd: Update to 25.0.3

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
9 months agodocker: Update to 25.0.3
Gerard Ryan [Sun, 31 Dec 2023 06:15:04 +0000 (16:15 +1000)]
docker: Update to 25.0.3

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
9 months agocontainerd: Update to 1.7.13
Gerard Ryan [Sun, 31 Dec 2023 06:13:12 +0000 (16:13 +1000)]
containerd: Update to 1.7.13

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
9 months agorunc: Update to 1.1.12
Gerard Ryan [Sun, 31 Dec 2023 06:12:55 +0000 (16:12 +1000)]
runc: Update to 1.1.12

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
9 months agomwan3: check removed route before removal
Jonas Lochmann [Mon, 1 Jan 2024 00:00:00 +0000 (01:00 +0100)]
mwan3: check removed route before removal

This makes mwan3rtmon check if mwan3_get_routes returns a route
before removing it. This helps with IPv6 routes with source address
selector removal where multiple original routes are transformed to
the same mwan3 route if one of the source routes is removed while
the others are kept.

Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
9 months agoopenvpn: fix start_path_instance function
Dirk Brenken [Mon, 19 Feb 2024 13:54:08 +0000 (14:54 +0100)]
openvpn: fix start_path_instance function

Check the conffile existance (with .conf extension), before calling the
function 'start_path_instance'. This fixes errors with non-existing and
wrong spelling instances.

Signed-off-by: Dirk Brenken <dev@brenken.org>
- Update commit description
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
9 months agoMerge pull request #23472 from mhei/php8-update-to-8.3.3
Michael Heimpold [Tue, 20 Feb 2024 16:34:15 +0000 (17:34 +0100)]
Merge pull request #23472 from mhei/php8-update-to-8.3.3

php8: update to 8.3.3

9 months agobtop: Update to 1.3.2
Tianling Shen [Tue, 20 Feb 2024 07:48:04 +0000 (15:48 +0800)]
btop: Update to 1.3.2

Synced LDFLAGS from upstream Makefile.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
9 months agov2raya: Update to 2.2.4.7
Tianling Shen [Tue, 20 Feb 2024 07:47:42 +0000 (15:47 +0800)]
v2raya: Update to 2.2.4.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
9 months agoyq: Update to 4.41.1
Tianling Shen [Tue, 20 Feb 2024 07:47:34 +0000 (15:47 +0800)]
yq: Update to 4.41.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
9 months agostrongswan: add empty config
Glen Huang [Tue, 21 Nov 2023 03:07:07 +0000 (11:07 +0800)]
strongswan: add empty config

Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.

Signed-off-by: Glen Huang <me@glenhuang.com>
9 months agosnort3: build against hyperscan
John Audia [Thu, 4 Jan 2024 20:21:50 +0000 (15:21 -0500)]
snort3: build against hyperscan

Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna).  This is most
noticeable for users of large rules sets and when doing deep flow
inspection.

For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
9 months agolibuv: fix CVE-2024-24806
Hirokazu MORIKAWA [Fri, 16 Feb 2024 09:33:14 +0000 (18:33 +0900)]
libuv: fix CVE-2024-24806

Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks

Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e73530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
9 months agoocserv: updated config
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:49:13 +0000 (15:49 +0200)]
ocserv: updated config

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
9 months agoocserv: use better separator for sed
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:48:12 +0000 (15:48 +0200)]
ocserv: use better separator for sed

This prevents clashes with network addresses that
contain '/'.

Resolves: #18589

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
9 months agoMerge pull request #23348 from nmav/bug/23185
Nikos Mavrogiannopoulos [Mon, 19 Feb 2024 12:24:20 +0000 (13:24 +0100)]
Merge pull request #23348 from nmav/bug/23185

openconnect: make host dependency more resilient

9 months agophp8: update to 8.3.3 23472/head
Michael Heimpold [Mon, 19 Feb 2024 07:07:02 +0000 (08:07 +0100)]
php8: update to 8.3.3

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
9 months agoMerge pull request #23463 from mhei/fix-apr
Michael Heimpold [Mon, 19 Feb 2024 06:31:02 +0000 (07:31 +0100)]
Merge pull request #23463 from mhei/fix-apr

apr/subversion: fix subversion build and apache-mod-php8 build regres…

9 months agomariadb: fix compilation with newer fmt
Rosen Penev [Sun, 18 Feb 2024 22:59:02 +0000 (14:59 -0800)]
mariadb: fix compilation with newer fmt

Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agolibfmt: fix compilation with mariadb
Rosen Penev [Sun, 18 Feb 2024 21:48:49 +0000 (13:48 -0800)]
libfmt: fix compilation with mariadb

Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agoh2o: remove, nothing depends on it anymore
Peter van Dijk [Fri, 16 Feb 2024 14:29:04 +0000 (15:29 +0100)]
h2o: remove, nothing depends on it anymore

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
9 months agodnsdist: update to 1.9.0
Peter van Dijk [Thu, 15 Feb 2024 15:35:28 +0000 (16:35 +0100)]
dnsdist: update to 1.9.0

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
9 months agounbound: update to latest upstream release version 1.19.1
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1

Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
9 months agoqemu: update to 8.2.0
Vladimir Ermakov [Sat, 23 Dec 2023 11:12:33 +0000 (12:12 +0100)]
qemu: update to 8.2.0

- Refresh patches.
- Disable new features like AF XDP, Rutabaga VGA, libkeyutils
- Delete removed features such as HAX hypervisor

Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
9 months agoopenblas: enable ARM-specific optimizations
krant [Fri, 16 Feb 2024 12:46:45 +0000 (14:46 +0200)]
openblas: enable ARM-specific optimizations

OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.

Automatically detected ARM families:
 - Cortex-A9 without NEON
 - Cortex-A9 with NEON
 - Cortex-A15
 - Cortex-A53
 - Cortex-A72

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoyt-dlp: bump to version 2023.12.30
Alexander Egorenkov [Sun, 31 Dec 2023 10:57:42 +0000 (11:57 +0100)]
yt-dlp: bump to version 2023.12.30

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
9 months agohaproxy: update to v2.8.6
Christian Lachner [Fri, 16 Feb 2024 07:43:35 +0000 (08:43 +0100)]
haproxy: update to v2.8.6

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>
9 months agopodman: update to 4.9.3
Oskari Rauta [Fri, 16 Feb 2024 08:17:51 +0000 (10:17 +0200)]
podman: update to 4.9.3

Changelogs: https://github.com/containers/podman/releases

Patches refreshed

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agoconmon: update to 2.1.10
Oskari Rauta [Fri, 16 Feb 2024 08:01:25 +0000 (10:01 +0200)]
conmon: update to 2.1.10

bug fixes:
 - Fix incorrect free in conn_sock
 - logging: Respect log-size-max immediately after open
 - fix some issues flagged by SAST scan
 - src: fix write after end of buffer
 - src: open all files with O_CLOEXEC
 - oom-score: restore oom score before running exit command

new features:
 - Forward more messages on the sd-notify socket
 - logging: -l passthrough accepts TTYs

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agoapr/subversion: fix subversion build and apache-mod-php8 build regression (fixes... 23463/head
Michael Heimpold [Fri, 16 Feb 2024 23:21:49 +0000 (00:21 +0100)]
apr/subversion: fix subversion build and apache-mod-php8 build regression (fixes #23460)

The recent upgrade of apr included a change with should fix the subversion build.

Unfortunately, this fix resulted in a build regression of apache-mod-php8.

The new approach is to pass the locations of the apr config helpers
to configure via parameter.

Fixes: 68dd7b7cf632 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
9 months agoMerge pull request #23406 from stangri/master-adblock-fast
Stan Grishin [Fri, 16 Feb 2024 23:12:40 +0000 (16:12 -0700)]
Merge pull request #23406 from stangri/master-adblock-fast

adblock-fast: add force_dns_interface setting

9 months agoslirp4netns: update to 1.2.3
Oskari Rauta [Fri, 16 Feb 2024 07:52:32 +0000 (09:52 +0200)]
slirp4netns: update to 1.2.3

changelog:
 - Fix some FD leaks (#334, thanks to @giuseppe)

As package belongs to network category, I moved it from utils to network folder

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agobind: bump to 9.18.24
Noah Meyerhans [Thu, 15 Feb 2024 17:36:41 +0000 (09:36 -0800)]
bind: bump to 9.18.24

Fixes CVEs:

- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
  could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
  excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
  excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
  failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
  named to crash with an assertion failure, when both of these features were
  enabled.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
9 months agoaardvark-dns: update to 1.10.0
Oskari Rauta [Fri, 16 Feb 2024 07:33:02 +0000 (09:33 +0200)]
aardvark-dns: update to 1.10.0

changelogs: https://github.com/containers/aardvark-dns/releases

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agonode: February 14 2024 Security Releases
Hirokazu MORIKAWA [Fri, 16 Feb 2024 06:14:51 +0000 (15:14 +0900)]
node: February 14 2024 Security Releases

Update to v20.11.1
This is a security release.

Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
9 months agoMerge pull request #23457 from TDT-AG/pr/20240216-procps-ng
Florian Eckert [Fri, 16 Feb 2024 14:03:03 +0000 (15:03 +0100)]
Merge pull request #23457 from TDT-AG/pr/20240216-procps-ng

procps-ng: update to version 4.0.4 and rename old version 3.3.16 to procps-ng3

9 months agoMerge pull request #23459 from TDT-AG/pr/20240216-glib2
Florian Eckert [Fri, 16 Feb 2024 14:01:26 +0000 (15:01 +0100)]
Merge pull request #23459 from TDT-AG/pr/20240216-glib2

glib2: revert latest changes to get back to working version 2.74.0

9 months agoprocps-ng: Re-add procps-ng with API version 4 23457/head
krant [Thu, 15 Feb 2024 11:16:21 +0000 (13:16 +0200)]
procps-ng: Re-add procps-ng with API version 4

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
9 months agoprocps-ng3: update to 3.3.17 and install library only
krant [Thu, 15 Feb 2024 11:11:09 +0000 (13:11 +0200)]
procps-ng3: update to 3.3.17 and install library only

- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
9 months agoprocps-ng: rename procps-ng to procps-ng3
krant [Thu, 15 Feb 2024 11:05:43 +0000 (13:05 +0200)]
procps-ng: rename procps-ng to procps-ng3

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
9 months agoRevert "procps-ng: update to 4.0.4"
krant [Thu, 1 Feb 2024 15:34:58 +0000 (17:34 +0200)]
Revert "procps-ng: update to 4.0.4"

The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 81629ba5918f48a0886e6f601d63d0b016ef8c1e.

9 months agoglib2: update to version 2.74.7 23459/head
Florian Eckert [Fri, 16 Feb 2024 09:55:47 +0000 (10:55 +0100)]
glib2: update to version 2.74.7

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
9 months agoglib2: do not set default meson options
Florian Eckert [Fri, 16 Feb 2024 09:52:05 +0000 (10:52 +0100)]
glib2: do not set default meson options

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
9 months agoRevert "glib2: update to 2.78.4"
Florian Eckert [Fri, 16 Feb 2024 09:17:59 +0000 (10:17 +0100)]
Revert "glib2: update to 2.78.4"

So that we have a working ModemManager again and can look at the problem
revert the update to version 2.78.4 for now.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 08c7b0dfcae48114176762e93aa1b4ce5d42f8ad.

9 months agoRevert "glib2: use internal pcre2"
Florian Eckert [Fri, 16 Feb 2024 09:16:10 +0000 (10:16 +0100)]
Revert "glib2: use internal pcre2"

This is must also get revert to get back to working glib2 version 2.74.0

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 9f57ef2d6e339231278f36614d9b2fdd275a9339.

9 months agocrun: update to 1.14.1
Oskari Rauta [Fri, 16 Feb 2024 06:50:40 +0000 (08:50 +0200)]
crun: update to 1.14.1

Changelogs: https://github.com/containers/crun/releases
Previous version was 1.12

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agonetavark: update to 1.10.3
Oskari Rauta [Fri, 16 Feb 2024 07:29:15 +0000 (09:29 +0200)]
netavark: update to 1.10.3

changelogs: https://github.com/containers/netavark/releases

wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agonetbird: update to 0.25.8
Oskari Rauta [Fri, 16 Feb 2024 06:39:41 +0000 (08:39 +0200)]
netbird: update to 0.25.8

changes: https://github.com/netbirdio/netbird/compare/v0.25.2...v0.25.8

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agodocker-compose: Update to version 2.24.6
Javier Marcet [Thu, 15 Feb 2024 18:32:48 +0000 (19:32 +0100)]
docker-compose: Update to version 2.24.6

Signed-off-by: Javier Marcet <javier@marcet.info>
9 months agoefivar: disable mold linker
Oskari Rauta [Fri, 16 Feb 2024 05:46:19 +0000 (07:46 +0200)]
efivar: disable mold linker

efivar fails to build with mold linker, so it should
be opted out. I also added missing maintainer.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
9 months agoopenconnect: make host dependency more resilient 23348/head
Nikos Mavrogiannopoulos [Sat, 10 Feb 2024 13:30:12 +0000 (14:30 +0100)]
openconnect: make host dependency more resilient

Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.

Resolves: #23185

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
9 months agopdns-recursor: update to 5.0.2 (fixes CVE-2023-50387, CVE-2023-50868)
Peter van Dijk [Tue, 13 Feb 2024 13:19:43 +0000 (14:19 +0100)]
pdns-recursor: update to 5.0.2 (fixes CVE-2023-50387, CVE-2023-50868)

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
9 months agoMerge pull request #23316 from dhewg/prom
Etienne Champetier [Thu, 15 Feb 2024 03:59:27 +0000 (22:59 -0500)]
Merge pull request #23316 from dhewg/prom

prometheus-node-exporter-ucode: fix sporadic wifi errors and warnings

9 months agompd: update to 0.23.15
Rosen Penev [Thu, 15 Feb 2024 00:28:48 +0000 (16:28 -0800)]
mpd: update to 0.23.15

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agozmq: update to 4.3.5
Rosen Penev [Thu, 15 Feb 2024 00:41:59 +0000 (16:41 -0800)]
zmq: update to 4.3.5

Remove GCC13 backport.

Refresh other patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agotaglib: update to 2.0
Rosen Penev [Thu, 15 Feb 2024 00:37:09 +0000 (16:37 -0800)]
taglib: update to 2.0

Switched to local tarball as the utf8cpp subproject needs to be used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agolibcap-ng: update to 0.84
Rosen Penev [Wed, 14 Feb 2024 22:20:53 +0000 (14:20 -0800)]
libcap-ng: update to 0.84

Signed-off-by: Rosen Penev <rosenp@gmail.com>