Christian Marangi [Sun, 29 Oct 2023 14:18:19 +0000 (15:18 +0100)]
postfix: move to PCRE2 library
Move to PCRE2 library as PCRE is EOL and won't receive any security
updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f585559690e4d607f5fea5eeed4517d5c157098c)
Christian Marangi [Sun, 29 Oct 2023 14:16:41 +0000 (15:16 +0100)]
postfix: bump to 3.8.2 release
Bump postfix to 3.8.2 release.
Refresh patches and drop patch 502-detect-glibc.patch as it got merged
upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
4b7d365b8644586029823f04c57a03a6f721e5ab)
Jan Hák [Thu, 26 Oct 2023 14:03:38 +0000 (16:03 +0200)]
knot: patch enabling PKCS11 related code only if PKCS11 is available
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
3efee178f23ef9bf78678369be48bcaa430456b2)
Jan Hák [Wed, 25 Oct 2023 13:20:12 +0000 (15:20 +0200)]
knot: update to version 3.3.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
fbfa63a03be5916873e3b2d1d17d21d1742de7de)
Christian Marangi [Sun, 29 Oct 2023 15:15:02 +0000 (16:15 +0100)]
fdm: update to 2.2 release and switch to PCRE2
Update to release 2.2 and switch to PCRE2. New release switched from
PCRE to PCRE2 and is now required.
Drop patch merged upstream and backport 2 additional patch that fix a
user-after-free and a PCRE2 bug.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
13982c13d09803b8979f7934c6048db9ad240338)
Christian Marangi [Sun, 29 Oct 2023 16:22:22 +0000 (17:22 +0100)]
tvheadend: drop support for PCRE
Drop support for PCRE as it's now EOL and won't receive any security
updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
9ea2ec7cd1d9902352a67d6152107e9c452d6dbb)
Marius Dinu [Fri, 16 Jun 2023 12:59:44 +0000 (15:59 +0300)]
tvheadend: add dependency on gettext (host)
Gettext is a prerequisite to build OpenWrt according to:
https://openwrt.org/docs/guide-developer/toolchain/install-buildsystem
but github automated tests fail without this explicit dependency:
2023-06-19T08:02:45.1940511Z checking for py module gzip ... ok
2023-06-19T08:02:45.1968662Z checking for /builder/staging_dir/host/bin/pkg-config ...ok
2023-06-19T08:02:45.1998491Z ERROR: no gettext binaries found
2023-06-19T08:02:45.1999746Z checking for xgettext ... fail
2023-06-19T08:02:45.2008403Z make[2]: *** [Makefile:263: /builder/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/tvheadend-2023-06-05/.configured_a17fb5ef857664f03cd0ce37cc5ea591] Error 1
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
fb68d07bfae3d38691c87179e216207e4323a52b)
Marius Dinu [Mon, 12 Jun 2023 07:47:03 +0000 (10:47 +0300)]
tvheadend: update to 2023-06-05
Update to git master 2023-06-05 and removed unneeded compatibility patch.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
dedf51702e098d042f5392de4d640b0d72825676)
Martin Strobel [Sun, 29 Oct 2023 15:16:57 +0000 (16:16 +0100)]
freeradius3: switch to pcre2
use libpcre2 as dependency for freeradius3-common
because PCRE is EOL with no further updates
Compile & run tested on mediatek mt76 ubnt-ui6-lr-v1 with musl
Signed-off-by: Martin Strobel <arctus@crza.de>
(cherry picked from commit
19ec30255f1379cb2d25f7ace22523039cc8aa67)
Jianhui Zhao [Sun, 28 May 2023 14:04:17 +0000 (22:04 +0800)]
freeradius3: Update to 3.0.26
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit
dda8ba0ca732d613238db973f00e20dc83d8fc77)
Stan Grishin [Mon, 30 Oct 2023 20:28:14 +0000 (14:28 -0600)]
Merge pull request #22543 from stangri/openwrt-23.05-ngtcp2
[23.05] ngtcp2: update to 1.0.1
Dirk Brenken [Fri, 27 Oct 2023 08:48:04 +0000 (10:48 +0200)]
travelmate: release 2.1.1-2
* more small fixes & enhancements
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
efe0cbcb7541eff4072fa5421a244ac05cab43e6)
Dirk Brenken [Tue, 24 Oct 2023 15:27:40 +0000 (17:27 +0200)]
travelmate: release 2.1.1
* various vpn/wireguard improvements & fixes
* improved compatibility with new netifd
* added open STA improvements by @brianjmurrell
* closes #22227 #22288 #22357
Signed-off-by: Dirk Brenken dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
81658c58236a050b22dbf08309b637576db1a5c9)
Stan Grishin [Sun, 29 Oct 2023 19:33:15 +0000 (19:33 +0000)]
ngtcp2: update to 1.0.1
* https://github.com/ngtcp2/ngtcp2/compare/v1.0.0...v1.0.1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9d194e834852143124df7aed12297e0f754e9ece)
Tianling Shen [Wed, 25 Oct 2023 11:40:20 +0000 (19:40 +0800)]
dnsproxy: Update to 0.56.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ad8f2b5e8e4d7a84f034bf458221e6721c0efedb)
Tianling Shen [Wed, 25 Oct 2023 11:40:11 +0000 (19:40 +0800)]
rclone: Update to 1.64.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
0d6bbc3bddeb0a0c2b9daaff9d40e3e0361ee763)
Tianling Shen [Fri, 20 Oct 2023 08:28:20 +0000 (16:28 +0800)]
rclone: Update to 1.64.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
0449b530ba1d75911abf52c30d3cbee056b8f7b4)
Stan Grishin [Thu, 26 Oct 2023 22:09:37 +0000 (16:09 -0600)]
Merge pull request #22513 from stangri/openwrt-23.05-https-dns-proxy
[23.05] https-dns-proxy: bugfix: crashes on logging from upstream
Stan Grishin [Thu, 26 Oct 2023 22:08:08 +0000 (16:08 -0600)]
Merge pull request #22510 from stangri/openwrt-23.05-curl
[23.05] curl: prepare for HTTP/3 support
Stan Grishin [Thu, 26 Oct 2023 22:08:01 +0000 (16:08 -0600)]
Merge pull request #22509 from stangri/openwrt-23.05-ngtcp2
[23.05] ngtcp2: add new package
Stan Grishin [Thu, 26 Oct 2023 22:07:53 +0000 (16:07 -0600)]
Merge pull request #22508 from stangri/openwrt-23.05-nghttp3
[23.05] nghttp3: add new package
Stan Grishin [Thu, 26 Oct 2023 14:39:06 +0000 (14:39 +0000)]
https-dns-proxy: bugfix: crashes on logging from upstream
* update to 2023-10-25 upstream version which fixes the crashes on logging on ath79
* remove no longer needed 030-src-logging.c-fix-crash.patch
* update 010-cmakelists-remove-cflags.patch to work with a new version
* update 020-src-options.c-add-version.patch to work with a new version
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
6b92b6c6d27a8ec67e63a5726dee0c9e8cc2b7ec)
Stan Grishin [Wed, 18 Oct 2023 18:58:00 +0000 (18:58 +0000)]
curl: prepare for HTTP/3 support
* these changes along with 2 PRs below and using non-standard
openssl library allow for building curl with HTTP/3 support
* https://github.com/openwrt/packages/pull/22443
* https://github.com/openwrt/packages/pull/22444
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
6bd2b89d839026c3365da7205359b1568f955e6b)
Stan Grishin [Wed, 18 Oct 2023 15:43:14 +0000 (15:43 +0000)]
ngtcp2: add new package
* add new package to allow building of curl with HTTP/3 support
* switch to using cmake
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
f6e57976402f51bd7b7bbe9dacad7153543b3002)
Stan Grishin [Wed, 18 Oct 2023 15:39:55 +0000 (15:39 +0000)]
nghttp3: add new package
* add new package to allow building of curl with HTTP/3 support
* switch to using cmake
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
b1d4241cdf27dbf2ea4f2c78de6bbb3b7e876652)
Nick Hainke [Mon, 23 Oct 2023 12:07:09 +0000 (14:07 +0200)]
snowflake: update to 2.7.0
Release Notes:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags/v2.7.0
Proxy churn is removed and because of that also distinctcounter:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/commit/
6393af6bab0f7c3c95b11352d5c582d2000062fa
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
2496d74340e90b8a50ddb312c0841d26f52c4821)
Leo Douglas [Tue, 24 Oct 2023 02:43:12 +0000 (10:43 +0800)]
sing-box: update to v1.5.4
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.5.4
Signed-off-by: Leo Douglas <douglarek@gmail.com>
(cherry picked from commit
4be4a791b5469ca9a8dae0c31e2563a2d7b751a1)
Andrew Sim [Sun, 22 Oct 2023 06:12:44 +0000 (08:12 +0200)]
transmission: update to 4.0.4
Update Transamission to 4.0.4 stable release
Changelog: https://github.com/transmission/transmission/releases/tag/4.0.4
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit
45170d9b672b6e017f51c7ac2cdae9b636f2c0b2)
Liangbin Lian [Mon, 10 Jul 2023 07:53:33 +0000 (15:53 +0800)]
transmission: fix depends on libmbedtls
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit
2311e7921893453094bd065e1a94ffa8d850c8b7)
Daniel Golle [Mon, 23 Oct 2023 10:20:20 +0000 (11:20 +0100)]
exim: update to version 4.96.2
Fixes vulnerabilities:
- Improper Neutralization of Special Elements (CVE-2023-42117)
- dnsdb Out-Of-Bounds Read (CVE-2023-42119)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
86ec7b19bc5f5935152b1423bb4f450ccefaabae)
Daniel Golle [Sat, 5 Aug 2023 01:32:24 +0000 (02:32 +0100)]
cryptsetup: update to version 2.6.1
Cryptsetup 2.6.1 Release Notes
==============================
Stable bug-fix release with minor extensions.
All users of cryptsetup 2.6.0 should upgrade to this version.
Changes since version 2.6.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* bitlk: Fixes for BitLocker-compatible on-disk metadata parser
(found by new cryptsetup OSS-Fuzz fuzzers).
- Fix a possible memory leak if the metadata contains more than
one description field.
- Harden parsing of metadata entries for key and description entries.
- Fix broken metadata parsing that can cause a crash or out of memory.
* Fix possible iteration overflow in OpenSSL2 PBKDF2 crypto backend.
OpenSSL2 uses a signed integer for PBKDF2 iteration count.
As cryptsetup uses an unsigned value, this can lead to overflow and
a decrease in the actual iteration count.
This situation can happen only if the user specifies
--pbkdf-force-iterations option.
OpenSSL3 (and other supported crypto backends) are not affected.
* Fix compilation for new ISO C standards (gcc with -std=c11 and higher).
* fvault2: Fix compilation with very old uuid.h.
* verity: Fix possible hash offset setting overflow.
* bitlk: Fix use of startup BEK key on big-endian platforms.
* Fix compilation with latest musl library.
Recent musl no longer implements lseek64() in some configurations.
Use lseek() as 64-bit offset is mandatory for cryptsetup.
* Do not initiate encryption (reencryption command) when the header and
data devices are the same.
If data device reduction is not requsted, this leads to data corruption
since LUKS metadata was written over the data device.
* Fix possible memory leak if crypt_load() fails.
* Always use passphrases with a minimal 8 chars length for benchmarking.
Some enterprise distributions decided to set an unconditional check
for PBKDF2 password length when running in FIPS mode.
This questionable change led to unexpected failures during LUKS format
and keyslot operations, where short passwords were used for
benchmarking PBKDF2 speed.
PBKDF2 benchmark calculations should not be affected by this change.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
5c21b26a939470a44c25fec7a54416d052def1a9)
Daniel Golle [Sat, 5 Aug 2023 00:47:18 +0000 (01:47 +0100)]
lvm2: update LVM2 to 2.03.22 and DM to 1.02.196
Remove downstream patch 004-missing-includes.patch which was merged
upstream in version 2.03.19
LVM2 changelog since version 2.03.17
version 2.03.22 - 02nd August 2023
==================================
Fix pv_major/pv_minor report field types so they are integers, not strings.
Add lvmdevices --delnotfound to delete entries for missing devices.
Always use cachepool name for metadata backup LV for lvconvert --repair.
Make metadata backup LVs read-only after pool's lvconvert --repair.
Improve VDO and Thin support with lvmlockd.
Handle 'lvextend --usepolicies' for pools for all activation variants.
Fix memleak in vgchange autoactivation setup.
Update py-compile building script.
Support conversion from thick to fully provisioned thin LV.
Cache/Thin-pool can use error and zero volumes for testing.
Individual thin volume can be cached, but cannot take snapshot.
Better internal support for handling error and zero target (for testing).
Resize COW above trimmed maximal size is does not return error.
Support parsing of vdo geometry format version 4.
Add lvm.conf thin_restore and cache_restore settings.
Handle multiple mounts while resizing volume with a FS.
Handle leading/trailing spaces in sys_wwid and sys_serial used by deivce_id.
Enhance lvm_import_vdo and use snapshot when converting VDO volume.
Fix parsing of VDO metadata.
Fix failing -S|--select for non-reporting cmds if using LV info/status fields.
Allow snapshots of raid+integrity LV.
Fix multisegment RAID1 allocator to prevent using single disk for more legs.
version 2.03.21 - 21st April 2023
=================================
Fix activation of vdo-pool for with 0 length headers (converted pools).
Avoid printing internal init messages when creation integration devices.
Allow (write)cache over raid+integrity LV.
version 2.03.20 - 21st March 2023
=================================
Fix segfault if using -S|--select with log/report_command_log=1 setting.
Configure now fails when requested lvmlockd dependencies are missing.
Add some configure Gentoo enhancements for static builds.
version 2.03.19 - 21st February 2023
====================================
Configure supports --with-systemd-run executed from udev rules.
Enhancement for build with MuslC systemd and non-bash system shells (dash).
Do not reset SYSTEMD_READY variable in udev for PVs on MD and loop devices.
Ensure udev is processing origin LV before its thick snapshots LVs.
Fix and improve runtime memory size detection for VDO volumes.
version 2.03.18 - 22nd December 2022
====================================
Fix issues reported by coverity scan.
Fix warning for thin pool overprovisioning on lvextend (2.03.17).
Add support for writecache metadata_only and pause_writeback settings.
Fix missing error messages in lvmdbusd.
DM changelog since version 1.02.187:
Version 1.02.196 - 02nd August 2023
===================================
Version 1.02.195 - 21st April 2023
==================================
Version 1.02.193 - 21st March 2023
==================================
Version 1.02.191 - 21st February 2023
=====================================
Improve parallel creation of /dev/mapper/control device node.
Import previous ID_FS_* udev records in 13-dm-disk.rules for suspended DM dev.
Remove NAME="mapper/control" rule from 10-dm.rules to avoid udev warnings.
Version 1.02.189 - 22nd December 2022
=====================================
Improve 'dmsetup create' without given table line with new kernels.
(Version 1.02.188 is missing)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
4db53132ba66359e25fa6fd29aba87541551adf2)
Stan Grishin [Tue, 24 Oct 2023 04:56:14 +0000 (22:56 -0600)]
Merge pull request #22491 from stangri/openwrt-23.05-https-dns-proxy
[23.05] https-dns-proxy: bugfix: prevent crashes on IPv6 systems
Stan Grishin [Tue, 24 Oct 2023 02:14:08 +0000 (02:14 +0000)]
https-dns-proxy: bugfix: prevent crashes on IPv6 systems
* update service triggers so that procd_add_raw_trigger is only
executed on boot and not on other service actions
* remove outdated iface hotplug script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
5dd08fe23f0ad376bcc3f12c7a50d7ac8c73e2bb)
ValdikSS ValdikSS [Sun, 22 Oct 2023 16:30:04 +0000 (19:30 +0300)]
tor: fix daemon reloading
procd requires init script name, not the path to executable
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
(cherry picked from commit
af58942738c13c431f531e78f368d18a0d2dd84d)
Rui Salvaterra [Wed, 26 Jul 2023 22:32:34 +0000 (23:32 +0100)]
tor: update to 0.4.8.4 stable
First release of the 0.4.8.x series, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.4/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
1b2c1ddbb2a693aca87fae96beff3b1741951c90)
Alexandru Ardelean [Sat, 14 Oct 2023 06:03:52 +0000 (09:03 +0300)]
stress-ng: backport immintrin.h header detection for GCC 13
Backport patch from:
https://github.com/ColinIanKing/stress-ng/commit/
cd84c46ce780242879e8aaa7d698b9cd87996dbd
With GCC 12 there is no issue.
With GCC 13, there is a compilation issue on x86_64.
Fixes https://github.com/openwrt/packages/issues/22373
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
98bcb56eb3de7ae1ffc1ed66287168750a72a059)
Alexandru Ardelean [Mon, 2 Oct 2023 12:39:30 +0000 (15:39 +0300)]
stress-ng: bump to version 0.17.00
Refreshed 001-disable-extra-stressors.patch
Dropped 002-disable-compiler-test.patch
- no longer needed since commit https://github.com/ColinIanKing/stress-ng/commit/
a24c7f2048548e6e9ded652b0d16a7da37e4edf0
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
f4df9c1786354698a108b415799a61ac1af4e389)
Alexandru Ardelean [Fri, 26 May 2023 11:21:19 +0000 (14:21 +0300)]
stress-ng: bump to version 0.15.10
Merged patches into a single one.
Disabling libmpfr (which got added recently).
To avoid potentially new build failures.
And disabling test-compiler check.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
8168fc84df6521a33ef220f63dc65e7d01a196a5)
Christian Marangi [Mon, 9 Oct 2023 16:30:58 +0000 (18:30 +0200)]
shadowsocks-libev: convert to PCRE2
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
db305165c9a0b9b69a83f6379d0994c3708d58e8)
Josef Schlehofer [Fri, 13 Oct 2023 06:57:18 +0000 (08:57 +0200)]
ooniprobe: remove unused package
This package is not maintained anymore in the OpenWrt packages feed
and since we updated Go to 1.21 version, it is not compiled either.
Let's hope that with removing this package from our feed,
someone will step it and become a maintainer to take care of this package.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
5a917a2a1cd068081d6f30e6ffc282ae977423bb)
Christian Marangi [Thu, 28 Sep 2023 21:51:28 +0000 (23:51 +0200)]
micropython-lib: move to PCRE2
Add pending patch converting the package to PCRE2.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
d191c3d0c409e150d7234a52715718dbe05c1bce)
Nick Hainke [Thu, 19 Oct 2023 13:31:27 +0000 (15:31 +0200)]
conntrack-tools: update to 1.4.8
Release Notes:
https://marc.info/?l=netfilter&m=
169598613909790&w=2
Furthermore, switch to "tar.xz".
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
af666be21fac7ba06bd8bbd7d70c15cb60c1bd7c)
Stan Grishin [Sat, 21 Oct 2023 13:35:50 +0000 (07:35 -0600)]
Merge pull request #22465 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: bugfix: allow command
Stan Grishin [Sat, 21 Oct 2023 02:26:02 +0000 (02:26 +0000)]
adblock-fast: bugfix: allow command
* fix sed to properly purge allowed domains from block-lists
* ensure resolver is restarted on allow command
* reduce pause default/max in attempt to make it work with luci
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
42cc50eec890b2f86c5f9573938051149a62321d)
Drew Young [Mon, 9 Oct 2023 21:19:50 +0000 (17:19 -0400)]
rust: fix build with glibc, ARM and hard floats
Patch the target triple for Rust with glibc to include hard floating
point support.
The GNU target triple used elsewhere does not include hard float support,
instead `-mfloat-abi=hard` is passed separately. For Rust it must be
included in the target triple. This was already being done for musl,
this commit adds the same patching for glibc.
Without this patch Rust compilation fails with an error like this
(abbreviated to fit the line length):
ld: error: libstd.so uses VFP register arguments, ... does not
ld: failed to merge target specific data of file ...
Signed-off-by: Drew Young <dyoung@viridiparente.com>
(cherry picked from commit
3d799c3eeedfe8813ca3fb2debadffb231f621c1)
Liangbin Lian [Tue, 11 Jul 2023 07:59:54 +0000 (15:59 +0800)]
shairport-sync: fix init script
'name' may contains '%h' or '%v', printf will fail on that
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit
97ec5d2a6855180295c024782aad50da8081504f)
Christian Marangi [Wed, 18 Oct 2023 11:25:49 +0000 (13:25 +0200)]
net-snmp: backport patch fixing memory leak for PCRE2
Backport patch fixing memory leak for PCRE2 present upstream.
Fixes: #22428
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
9f5036169175d853e2e0c76663f0bc98a8645f85)
Hirokazu MORIKAWA [Tue, 17 Oct 2023 00:26:24 +0000 (09:26 +0900)]
node: Friday October 13 2023 Security Releases
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release (High) (Depends on shared library provided by OpenWrt)
* CVE-2023-45143: undici Security Release (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
9101a21e535d2247b3fb85e0660f7bb0dd4a4290)
Julian Grinblat [Wed, 4 Oct 2023 18:02:50 +0000 (03:02 +0900)]
ddns-scripts: add ddns-scripts-utils package
The samples in the repo are useful for configuring cenrtain aspects of
ddns, and their inclusion is hinted at within their source code
Signed-off-by: Julian Grinblat <julian@dotcore.co.il>
(cherry picked from commit
565fda4105017a08b7c818c60a930ebb8252eeb9)
danielpinto8zz6 [Fri, 1 Sep 2023 12:19:42 +0000 (13:19 +0100)]
ddns-scripts: desec.io - update url to https
Signed-off-by: Daniel Pinto <danielpinto8zz6@gmail.com>
desec.io ddns update is not working, after testing the endpoint I got a 301, after a bit of search I found out we are
supposed to use https instead of http
more info here: https://talk.desec.io/t/301-from-update-dedyn-io/644/2
bump PKG_RELEASE
(cherry picked from commit
f425e37fb04cd5d0d83e713dbb994a859cf9663d)
Baptiste Fouques [Tue, 25 Apr 2023 10:01:47 +0000 (12:01 +0200)]
ddns: Prevent clearing of desec.io entries
When using both ipv4 and ipv6 entries on the same host, ddns is clearing A
(or AAAA) record depending on the connection (ipv4 or ipv6).
see https://desec.readthedocs.io/en/latest/dyndns/update-api.html#determine-ip-addresses
Signed-off-by: Baptiste Fouques <bateast@duck.com>
Update comment and bump PKG_RELEASE number.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
1ea13ed8a168459568e1ce831db3c1ddf63b8905)
Stan Grishin [Wed, 18 Oct 2023 00:30:43 +0000 (18:30 -0600)]
Merge pull request #22424 from stangri/openwrt-23.05-https-dns-proxy
Stan Grishin [Tue, 17 Oct 2023 09:43:34 +0000 (09:43 +0000)]
https-dns-proxy: bugfix: logging crashing instances on ath79
* finally fixes https://github.com/openwrt/packages/issues/19366
* simplify service_triggers
* improve output for dnsmasq restart
* improve grep/sed dependencies
* remove interface hotplug
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
38c026250f2bdae36fbd5bba6a9d529fb7082ed1)
Peter van Dijk [Wed, 11 Oct 2023 10:38:05 +0000 (12:38 +0200)]
dnsdist: update to 1.8.2
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
b19f8a822b948c75bb40dfec03ab0a9344e25963)
Peter van Dijk [Fri, 8 Sep 2023 11:16:21 +0000 (13:16 +0200)]
dnsdist: update to 1.8.1
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
e25bb510de90671f4c8c9df42b850cc7c34d31be)
Remi Gacogne [Mon, 19 Jun 2023 07:48:08 +0000 (09:48 +0200)]
dnsdist: Move the configuration to Config.in
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
2b19da613f135181ed620128afa46bf74d212d4f)
Remi Gacogne [Tue, 13 Jun 2023 15:48:27 +0000 (17:48 +0200)]
dnsdist: Split in two packages `dnsdist` and `dnsdist-full`
`dnsdist-full` has all optional features enabled, but is a big package
in term of both flash and memory footprint.
`dnsdist` only keeps the features that make the most sense
on embeded devices, but can also be customised to match the
user's needs, up to the point where it matches `dnsdist-full`.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
ca01c1bf59140e7bee13a4da8c91c759f9eec069)
Peter van Dijk [Wed, 11 Oct 2023 09:09:16 +0000 (11:09 +0200)]
h2o: ABI-breaking patch for CVE-2023-44487
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
bump soname
refreh
(cherry picked from commit
5b9239a95b8cbbeec61e8508538d4aa0da5f469f)
Remi Gacogne [Wed, 14 Jun 2023 13:18:29 +0000 (15:18 +0200)]
h2o: Build libh2o-evloop without yaml support
The only package using this library, dnsdist, does not require it
so let's save space and PSS memory.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit
23a9cd519ca6f5a0e0a23518d4cb1470720f3438)
Hirokazu MORIKAWA [Sat, 14 Oct 2023 03:31:16 +0000 (12:31 +0900)]
nghttp2: fix CVE-2023-44487
update to v1.57.0
CVE-2023-44487 : HTTP/2 Rapid Reset
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
afecaa71c22503affa53246d029b4e0eb4677d2b)
Glenn Strauss [Sat, 7 Oct 2023 06:24:55 +0000 (02:24 -0400)]
lighttpd: update to lighttpd 1.4.72 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
3e9b2d85f04c770a5f3e8bdc3065467ef976dea4)
Oskari Rauta [Wed, 4 Oct 2023 21:46:57 +0000 (23:46 +0200)]
zsh: use autoreconf PKG_FIXUP to configure
In preparation to PCRE2 fixup, use autoreconf PKG_FIXUP as a better
configure system instead of configure script. This is needed to reduce
upcoming patch to migrate to PCRE2 library.
To correctly use autoreconf it's needed to declare empty
PKG_REMOVE_FILES.
zsh include custom macro in the default aclocal.m4
When autoreconf PKG_FIXUP is used, if PKG_REMOVE_FILES is not defined,
it's set to remove the file aclocal.m4 by default resulting in problem
with the custom macro AC_PROG_LN.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
[ split to 2 commit, add PKG_REMOVE_FILES, reword commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
a7f837c98b0ab3fde1b19283e13a21fdaf1b1ee2)
Christian Marangi [Tue, 10 Oct 2023 10:29:49 +0000 (12:29 +0200)]
zsh: backport PCRE2 patches and move to it
Backport PCRE2 patches from upstream and move package to PCRE2 library
as PCRE is EOL and won't receive any security update anymore.
Patch are backported with minimal change, only the Changelog change is
commented out as it would conflict and makes no sense to adapt for the
purpose of backport patches.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
5b929fde5f9b8bc2b6e85999c9eb08b5a4295c7f)
Jeffery To [Sun, 15 Oct 2023 13:09:52 +0000 (21:09 +0800)]
golang: Update to 1.21.3
Includes fix for CVE-2023-39325 (net/http, x/net/http2: rapid stream
resets can cause excessive work).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
f151ab8c0e6becdabc146e3c2fd1aa2d02708bd4)
Tianling Shen [Mon, 16 Oct 2023 08:46:25 +0000 (16:46 +0800)]
Merge pull request #22350 from miska/samba4-23.05
[23.05] samba4: Update to version 4.18.7
Michal Hrusecky [Mon, 16 Oct 2023 05:15:46 +0000 (07:15 +0200)]
samba4: Update to version 4.18.8
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. For more details see:
https://www.samba.org/samba/history/samba-4.18.8.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit
c9c5f62e30a7d6cdc07f20accd8dfc95910e213e)
Tianling Shen [Mon, 16 Oct 2023 01:01:32 +0000 (09:01 +0800)]
Merge pull request #22375 from jefferyto/python-zope-interface-6.1-openwrt-23.05
[openwrt-23.05] python-zope-interface: Update to 6.1, refresh patch
Tianling Shen [Wed, 11 Oct 2023 14:48:22 +0000 (22:48 +0800)]
dnsproxy: Update to 0.56.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
da5ac5da830eaca8a36f280734b8c79fd097a4b6)
Oskari Rauta [Thu, 12 Oct 2023 13:24:31 +0000 (16:24 +0300)]
rust: update to 1.73.0
patches refreshed.
changelog at https://github.com/rust-lang/rust/releases/tag/1.73.0
Also added a configuration ardument and patch
from https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-lang/rust/files/1.72.0-bump-libc-deps-to-0.2.146.patch?id=
515b5920046117355d88b3494c74da269ce9b30a
to provide support for building rust on musl hosts.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
rust: add support for musl build hosts
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
d3b1b0d34e24c16b6c285874113313221a69e675)
Tianling Shen [Sun, 15 Oct 2023 03:48:46 +0000 (11:48 +0800)]
Merge pull request #22376 from jefferyto/rust-build-performance-openwrt-23.05
[openwrt-23.05] rust: Improve build performance
Nick Hainke [Mon, 2 Oct 2023 07:45:19 +0000 (09:45 +0200)]
kmod: update to 31
Release Notes:
https://github.com/kmod-project/kmod/blob/
aff617ea871d0568cc491bd116c0be1e857463bb/NEWS#L1
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
ca057f3e4e997aa8cd27ab03f97429309b18cbc1)
Nick Hainke [Fri, 22 Sep 2023 08:21:53 +0000 (10:21 +0200)]
snowflake: update to 2.6.1
Release Notes:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/tags/v2.6.1
Remove upstreamed patches:
- 0001-Bump-minimum-required-version-of-go.patch
- 0002-Update-dependencies.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
9bd39a33b1c343b33a12dfe84b7e6078125405dc)
Hirokazu MORIKAWA [Thu, 12 Oct 2023 04:05:38 +0000 (13:05 +0900)]
node: bump to v18.18.1
Notable Changes
This release addresses some regressions that appeared in Node.js 18.18.0:
(Windows) FS can not handle certain characters in file name #48673
18 and 20 node images give error - Text file busy (after re-build images) nodejs/docker-node#1968
libuv update in 18.18.0 breaks webpack's thread-loader #49911
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
b2079b87d1425f69feb89b8fa9f48f0a913e8fb2)
Oskari Rauta [Sun, 8 Oct 2023 14:51:50 +0000 (17:51 +0300)]
cni-protocol: update protocol
Changes to protocol file and it's description.
Works better now and restarts firewall automaticly
when tunnel comes available. More informative/guiding
description.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
ff93e4a19d9e9957b61f4a214399cfc87f9c7648)
Oskari Rauta [Fri, 13 Oct 2023 13:10:13 +0000 (16:10 +0300)]
podman: update to 4.7.1
Bugfixes
- Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209).
- Fixed a regression in --env-file handling (#19565).
- Fixed a bug where podman inspect would fail when stat'ing a device failed.
API
- The network list compat API endpoint is now much faster (#20035).
Openwrt updates: added patch to allow building with musl-1.2.4
Patch source is from gentoo https://github.com/vimproved/gentoo/blob/
c4c349f11a4352be1965726eadfe3a8bd8a6fa9c/app-containers/podman/files/podman-4.5.0-fix-build-with-musl-1.2.4.patch
Issue was discussed by @jefferyto at mattn/go-sqlite3#1177
remarks:
removed musl-1.2.4 patch from commit, since that version of musl
is not available with openwrt-23.05
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
e25d417f1a3162bb2ecaad06a6b79ab6afb74659)
Oskari Rauta [Sun, 1 Oct 2023 16:31:33 +0000 (19:31 +0300)]
aardvark-dns: update to 1.8.0
changes:
- dependency updates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
4371aa8f9300116fdfe007840e5e48c174772340)
Oskari Rauta [Sun, 1 Oct 2023 16:27:49 +0000 (19:27 +0300)]
netavark: update to 1.8.0
changelog:
- iptables: improve error when ip6?tables commands are missing
- docs: Convert markdown with go-md2man instead of mandown
- iptables: drop invalid packages
- bump rust edition to 2021
- Add ACCEPT rules in firewall for bridge network with internal dns
- Add vrf support for bridges
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
b788f77db48d6d20f925daa762a70fe5c40dc54a)
Oskari Rauta [Tue, 19 Sep 2023 14:03:05 +0000 (17:03 +0300)]
slirp4netns: update to 1.2.2
v1.2.2 changes:
- Enabled reproducible builds
v1.2.1 changes:
- sandbox: Add support for escaping resolv.conf symlinks. This fixes usage in WSL environments which symlinks /etc/resolv.conf under a shared location under /mnt.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
8b3bf5bb88ce00a78312ed2da7dea7efa54de197)
Oskari Rauta [Sun, 1 Oct 2023 16:18:02 +0000 (19:18 +0300)]
crun: update to 1.9.2
changelog 1.9.2:
- cgroup: reset the inherited cpu affinity after moving to cgroup. Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move, so we need to reset it in order to honor the cpuset configuration.
changelog 1.9.1:
- utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink.
- build: fix build on CentOS 7
- linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed.
- utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
bb3af8acb92e396f181d3f435dd2ca8ac1c9ec30)
Oskari Rauta [Sat, 16 Sep 2023 07:36:37 +0000 (10:36 +0300)]
conmon: update to 2.1.8
Bug fixes:
- stdio: ignore EIO for terminals
- ensure console socket buffers are properly sized
- conmon: drop return after pexit()
- ctrl: make accept4 failures fatal
- logging: avoid opening /dev/null for each write
- oom: restore old OOM score
- Use default umask 0022
Misc changes:
- cli: log parsing errors to stderr
- Changes to build conmon for riscv64
- Changes to build conmon for ppc64le
- Fix close_other_fds on FreeBSD
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
3d88d18ee2918840b9b05fb27e50587fc9f62b64)
Jeffery To [Sun, 8 Oct 2023 12:24:38 +0000 (20:24 +0800)]
python-setuptools-rust: Set cargo profile from environment variable
This adds a patch (submitted upstream in
https://github.com/PyO3/setuptools-rust/pull/364), to read the profile
to pass to cargo from an environment variable.
This also updates the Python include files to set the environment
variable based on values from rust-values.mk.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
29ca9797a66f7e4d2ae40d26b91f3d1c2982a744)
Jeffery To [Sat, 30 Sep 2023 05:57:43 +0000 (13:57 +0800)]
rust: Set release profile settings
* codegen-units, lto, opt-level - Set to values to optimize binary
size[1].
* overflow-checks - Enabled because in release mode, integer overflows
are defined as two's complement wrap[2]. It is highly unlikely that
any program is intentionally relying on this behaviour; it would be
better to panic instead of continue execution in this case.
* debug, debug-assertions, panic, rpath - Set to their default (release)
values, to override any settings made by packages, e.g. ripgrep sets
debug = 1[3].
[1]: https://github.com/johnthagen/min-sized-rust
[2]: https://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/
[3]: https://github.com/BurntSushi/ripgrep/blob/13.0.0/Cargo.toml#L79-L80
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
8bf2725f9be82eec0849cc5efe77bedeb0a693a0)
Jeffery To [Mon, 25 Sep 2023 02:00:58 +0000 (10:00 +0800)]
rust: Add option to use sccache
Using sccache makes recompilation of rustc and Rust packages faster.
This also makes the rust package visible in menuconfig, in order for the
sccache options to be accessible.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
b4ec01739865770e3d0432683406844f7fd8e707)
Jeffery To [Sat, 23 Sep 2023 12:24:37 +0000 (20:24 +0800)]
rust: Use make's jobserver when building packages
This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.
This also:
* Give cargo/x.py the build directory instead of having to change the
current directory (and opening subshells)
* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
the use of make's jobserver
[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
0dfc1b508d5e5b361978ef9783cb63775176c305)
[omit changes to arp-whisper and procs]
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Mon, 25 Sep 2023 03:58:12 +0000 (11:58 +0800)]
rust: Consolidate cargo environment variables
This consolidates all environment variables for cargo into:
* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS
These contain all cargo-specific environment variables, i.e. without
"common" variables like CC.
* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)
These contain all environment variables to be passed to cargo.
This also:
* Set the CARGO_BUILD_TARGET environment variable instead of using the
--target command-line option
* Update Python include files to use CARGO_HOST_CONFIG_VARS /
CARGO_PKG_CONFIG_VARS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
9db7284d589dc8490f8c7dbe56af731fce953eda)
Jeffery To [Fri, 22 Sep 2023 16:26:20 +0000 (00:26 +0800)]
rust: Move CARGO_HOME to $(DL_DIR)/cargo
As CARGO_HOME mainly functions as a download and source cache[1], moving
it into $(DL_DIR) allows it to persist and be reused between different
buildroots/sdks (when DL_DIR is set to a custom/external location).
[1]: https://doc.rust-lang.org/cargo/guide/cargo-home.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
853c9c9e8625c54a2c3214b2ef770ffc76bd3495)
Jeffery To [Sun, 1 Oct 2023 18:16:22 +0000 (02:16 +0800)]
rust: Move cargo config options into environment variables
This also:
* Modify the "release" profile in place of adding the "stripped" profile
Only the profile for target is modified; there are no file size
constraints for host.
* For host, build with the "release" profile
* For target, build with either the "dev" or "release" profile based on
CONFIG_DEBUG
There is no environment variable to specify the "strip" option, but
enabling this option is not necessary as the build system will already
strip binaries based on CONFIG_NO_STRIP / CONFIG_USE_STRIP /
CONFIG_USE_SSTRIP.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
5c5123f0f63cfda1d4f17a5d315356883fd82923)
Jeffery To [Fri, 22 Sep 2023 16:02:01 +0000 (00:02 +0800)]
rust: Install to $(STAGING_DIR)/host
This allows rustc/cargo/etc to be called without having to set PATH, as
$(STAGING_DIR)/host/bin is already in PATH.
This also fixes CARGO_HOME not being set during Host/Configure and
Host/Compile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
49aaf19c65a35c37725ead7a438684411b512d6f)
Jeffery To [Wed, 11 Oct 2023 04:56:20 +0000 (12:56 +0800)]
rust: Improve Host/Install speed
* Compress dist archives with gzip instead of xz; gzip is faster to
compress and decompress
* Use a for loop instead of calling find to extract archives
* Use libdeflate's gzip to decompress instead of gzip
* Limit search for install scripts to top level of extracted archives
This also runs the install scripts with bash instead of sh, in
accordance with the shebang lines inside the scripts.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
855623d8cce4db8655af58bed5d52c64d38608c5)
Jeffery To [Sun, 1 Oct 2023 20:52:32 +0000 (04:52 +0800)]
rust: Cache bootstrap downloads to $(DL_DIR)/rustc
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
35768bf31e5867046874dc6fd0374ff8fe575da2)
Jeffery To [Mon, 25 Sep 2023 03:28:45 +0000 (11:28 +0800)]
rust: Add RUST_HOST_FEATURES for host builds
Features to be enabled for host may not be the same as those for target.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
d24095b8fc5b8d4e509d59f73d6901842b50c4bd)
Jeffery To [Sat, 30 Sep 2023 08:49:11 +0000 (16:49 +0800)]
rust: Use build host Python
The build system already requires Python to be installed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
a00dae9ed071030426a9e2c624aec58bb62538f0)
Jeffery To [Mon, 9 Oct 2023 01:21:58 +0000 (09:21 +0800)]
python-zope-interface: Update to 6.1, refresh patch
This also updates the list of dependencies and adds a test.sh script for
the packages feed CI.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
7e8f7b28d74ca2044309dff9c789dec055ee43c5)
Kaveh Dadgar [Sat, 7 Oct 2023 19:44:02 +0000 (21:44 +0200)]
v2ray-geodata: add package v2ray-geosite-ir
"Iran Hosted Domains" is a comprehensive list of Iranian domains and services that are hosted within the country.
Signed-off-by: Kaveh Dadgar <Kavehdadgar666@protonmail.com>
(cherry picked from commit
b1fc3754b3969edc9dca2f1fd5129edbd0a76517)
Tianling Shen [Mon, 9 Oct 2023 03:48:10 +0000 (11:48 +0800)]
cloudreve: Update to 3.8.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
503825ef41d67af8b2cb35fe8dfe683f1c1ca766)
Tianling Shen [Sat, 7 Oct 2023 04:59:43 +0000 (12:59 +0800)]
dnsproxy: Update to 0.56.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
303f0ad5ed690a22de5bfe959975d0d19511043a)
Tianling Shen [Sat, 23 Sep 2023 14:48:16 +0000 (22:48 +0800)]
dnsproxy: Update to 0.55.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
830552b624a5be6ebc6dcdb39096d18d31cadf5d)
Tianling Shen [Sat, 7 Oct 2023 04:51:06 +0000 (12:51 +0800)]
v2ray-core: Update to 5.8.0
Removed upstreamed patches.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
02b723bec3c17567edf60e6bf8012834c49a7270)
Michal Hrusecky [Wed, 11 Oct 2023 06:18:45 +0000 (08:18 +0200)]
curl: Update to version 8.4.0
For detailed changes, see https://curl.se/changes.html#8_4_0
Switching to tar.bz2 for the time being as tar.xz is not yet available.
Fixes CVE-2023-38546 and CVE-2023-38545.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from
d353218c320073bf6c2b48f4b9eeab5d4aeeed1c)