Daniel Golle [Sun, 25 Sep 2022 00:28:43 +0000 (01:28 +0100)]
snowflake: run snowflake-proxy with procd-ujail
snowflake-proxy doesn't write any files
=> run in read-only rootfs environment
the process needs to read SSL certs but no other files
=> only exposed path is /etc/ssl/certificates (read-only)
running as unpriviledged user with no additional capabilities
=> set no-new-privs bit
By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
0f3d48a3784fb495ffdfe4a83f540ad42fab89df)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Daniel Golle [Sat, 24 Sep 2022 02:03:22 +0000 (03:03 +0100)]
snowflake: add package
Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cf120a7effd5d13a7f705b5eb9d22410b73d71f3)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Noah Meyerhans [Wed, 21 Sep 2022 18:57:50 +0000 (11:57 -0700)]
bind: bump to 9.18.7
Fixes multiple security issues:
CVE-2022-38178 - Fix memory leak in EdDSA verify processing
CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query
CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected
CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer
CVE-2022-2795 - Prevent excessive resource use while processing large
delegations
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
58bcd3fad37eaf56d4dbeecc0c73abe464e7e987)
Tianling Shen [Mon, 19 Sep 2022 02:33:32 +0000 (10:33 +0800)]
yq: Update to 4.27.5
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
fca4f1b8301917cb4eb64d0f5e9bfb4836d3d8e8)
Glenn Strauss [Sun, 18 Sep 2022 07:02:40 +0000 (03:02 -0400)]
lighttpd: update to lighttpd 1.4.67 release hash
* update to lighttpd 1.4.67 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
f750089d26422557280ddfda1788f2491d15f701)
Glenn Strauss [Mon, 8 Aug 2022 06:04:22 +0000 (02:04 -0400)]
lighttpd: update to lighttpd 1.4.66 release hash
* update to lighttpd 1.4.66 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
5eaf000c837612df72c9207e225a2911a190f86f)
Michal Vasilek [Thu, 22 Sep 2022 17:47:41 +0000 (19:47 +0200)]
knot-resolver: update to 5.5.3
* fixes CVE-2022-40188
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
5d2fd886930a95d14df02ca8fbaf6f3814df3c01)
Tianling Shen [Sat, 3 Sep 2022 09:34:58 +0000 (17:34 +0800)]
libtorrent-rasterbar: Update to 2.0.7
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c741bf64cdac2ac1059c0e545e1afd842820c8c1)
Josef Schlehofer [Wed, 21 Sep 2022 07:38:56 +0000 (09:38 +0200)]
Merge pull request #19408 from paper42/knot-3.2.1-21
[21.02] knot: update to version 3.2.1
Jan Hák [Tue, 13 Sep 2022 12:46:11 +0000 (14:46 +0200)]
knot: update to version 3.2.1
Signed-off-by: Jan Hák <jan.hak@nic.cz>
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
023df0992a8b3fff97eb9dd8c36708114ac0f1a7)
Michal Vasilek [Fri, 16 Sep 2022 10:48:19 +0000 (12:48 +0200)]
python-flask-socketio: update to 5.3.1
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
7fd9d010a29173705241e2ade2172a28429234ca)
Rafał Miłecki [Wed, 10 Aug 2022 12:23:44 +0000 (14:23 +0200)]
ksmbd-tools: add package with hotplug.d script for auto sharing
One of common use cases for SMB3 server in routers is sharing hotplugged
drives. Users make many attempts setting that up which often are not
optimal.
This script handles it in the cleanest way by using:
1. hotplug.d mount subsystem
2. runtime config in the /var/run/config/
It provides a working basic solution that can be later adjusted by
modifying provided hotplug script.
A pretty much idential solution was part of the samba36 package. It was
added in the OpenWrt commit
ef1efa756e0d0 ("samba36: add package with
hotplug.d script for auto sharing") as an answer for feature required by
the Rosinson company.
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
d0406d4c956e92f979802640832180eedd1a6efe)
Rafał Miłecki [Wed, 10 Aug 2022 12:23:40 +0000 (14:23 +0200)]
ksmbd-tools: append config from /var/run/config/ for runtime shares
Dynamically created shares shouldn't be stored in the /etc/config/
because of:
1. Flash wearing
2. Risk of inconsistent state on reboots
With this change all automation/hotplug.d scripts can store runtime in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.
Also: automated scripts should never call "uci [foo] commit" as that
could flush incomplete config. This problem also gets solved.
Identical feature was added to samba36 in the OpenWrt commit
5a59e2c059866 ("samba36: append config from /var/run/config/ for runtime
shares") but wasn't ported to ksmbd until now.
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
c9cba619898d7bf87fc8277e57b473923d912c32)
Josef Schlehofer [Wed, 7 Sep 2022 10:00:59 +0000 (12:00 +0200)]
syslog-ng: update to version 3.38.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1
- Update the configuration file to use version 4.0 as mentioned in the
release notes to try the latest changes
Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
34b7af9e0859418bb85e7d3ca131101dd912ae53)
Tianling Shen [Tue, 30 Aug 2022 06:48:07 +0000 (14:48 +0800)]
yq: Update to 4.27.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
90a76f6467c85157fabf1b614958f873b2169690)
Josef Schlehofer [Tue, 30 Aug 2022 14:17:20 +0000 (16:17 +0200)]
Merge pull request #19219 from ErwanMAS/backport_modifications_master
tinc: backport from master modifications
Erwan MAS [Sat, 5 Mar 2022 21:00:21 +0000 (16:00 -0500)]
tinc: add creation of hosts directory for each network configuration
Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
(cherry picked from commit
fb99d50c1edd4be765bef6d55bee26bfb90576b6)
Etienne Champetier [Thu, 12 Aug 2021 20:41:05 +0000 (16:41 -0400)]
tinc: use 'uci_get_state' instead of 'uci -P /var/state get'
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit
440d3c04505719df09e39706e6af7c470a49d458)
Petr Štetiar [Tue, 9 Aug 2022 08:28:43 +0000 (10:28 +0200)]
syslog-ng: fix OOM issues by adding support for logrotate
With heavy system logging which goes by default into `/var/log/messages`
log file which is usually placed in tmpfs/RAM one can trigger OOM killer
fairly easily, thus killing random processes and in some cases making
system unusable.
This is likely happening due to the fact, that Linux by default uses 1/2
of available RAM for tmpfs, which might be for example an issue on low
RAM devices with ath10k wireless.
So let's fix it by adding logrotate functionality which should limit the
size of `/var/log/messages` log file to 1M by default, but could be
tweaked by config knob if needed be.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
660fa63faf2881d69f903a589568b72fbd4d61f5)
Josef Schlehofer [Thu, 25 Aug 2022 14:45:53 +0000 (16:45 +0200)]
python-uci: update to version 0.9.0
- Release notes:
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.9.0
- Update copyright while at it.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e340fe8a124d1dcda2768ce3dfbcbaaf30fac44e)
Alexandru Ardelean [Wed, 24 Aug 2022 09:27:40 +0000 (12:27 +0300)]
Merge pull request #19223 from commodo/django-21.02
[21.02] django: bump to version 3.2.15
Josef Schlehofer [Mon, 22 Aug 2022 12:58:19 +0000 (14:58 +0200)]
libgd: add conflicts to each other
The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
42b36b7180a1859502d72a42dcd6e9ef80519c55)
Karel Kočí [Mon, 22 Aug 2022 12:31:21 +0000 (14:31 +0200)]
vim: variants conflict with each other
This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.
Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit
46c058468aeaf7747c2e94e579020aa7f595c649)
Josef Schlehofer [Sun, 21 Aug 2022 08:44:33 +0000 (10:44 +0200)]
pciutils: backport patch to fix compilation with older binutils
While building pciutils 3.8.0 for OpenWrt 21.02 includes target
mvebu/cortex-a9, mvebu/cortex-a53 and powerpc/8540, it fails because of
this error:
-I<turris1x/ws/build/staging_dir/toolchain-powerpc_8548_gcc-8.4.0_musl/include> -c -o filter.o filter.c
{standard input}: Assembler messages:
{standard input}:6: Error: multiple versions [`pci_filter_init@@LIBPCI_3.8'|`pci_filter_init@LIBPCI_3.3'] for symbol `pci_filter_init_v38'
{standard input}:8: Error: multiple versions [`pci_filter_parse_slot@@LIBPCI_3.8'|`pci_filter_parse_slot@LIBPCI_3.3'] for symbol `pci_filter_parse_slot_v38'
{standard input}:10: Error: multiple versions [`pci_filter_parse_id@@LIBPCI_3.8'|`pci_filter_parse_id@LIBPCI_3.3'] for symbol `pci_filter_parse_id_v38'
{standard input}:12: Error: multiple versions [`pci_filter_match@@LIBPCI_3.8'|`pci_filter_match@LIBPCI_3.3'] for symbol `pci_filter_match_v38'
make[4]: *** [<builtin>: filter.o] Error 1
make[4]: Leaving directory '<turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0/lib'>
make[3]: *** [Makefile:70: lib/libpci.so.3.8.0] Error 2
make[3]: Leaving directory '<turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0'>
make[2]: *** [Makefile:88: <turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0/.built]> Error 2
make[2]: Leaving directory '<turris1x/ws/build/feeds/packages/utils/pciutils'>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f08dadd517e4ecd5c15d4016dd6261d9fee3d41b)
Jan Hák [Mon, 22 Aug 2022 08:51:40 +0000 (10:51 +0200)]
liburcu: update to version 0.13.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
754ba8920b1d5a61250897e146d1ad50778a7567)
Jan Hák [Mon, 22 Aug 2022 08:56:18 +0000 (10:56 +0200)]
knot: update to version 3.2.0
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
74e2bfdd27bbf3625498ede40e357c8d409fbe91)
Alexandru Ardelean [Mon, 22 Aug 2022 06:27:39 +0000 (09:27 +0300)]
django: bump to version 3.2.15
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2022-36359
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Paul Spooren [Fri, 5 Mar 2021 09:16:00 +0000 (23:16 -1000)]
CI: checkout HEAD commit rather than merge commit
GitHub CI actions/checkout uses a merge commit which isn't compatible
with our formality checks. Instead checkout the pull request HEAD.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
13c1f2bcda33ab8fc17ede1f43f60e0aac8b7cab)
Paul Spooren [Fri, 5 Mar 2021 02:52:35 +0000 (16:52 -1000)]
CI: migrate formal checks from CircleCI to GitHub
Run the formal checks like SoB message via the GitHub CI.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
1b46af0e594858c7df17f00ee8c3a42e32a76215)
Marko Ratkaj [Wed, 30 Mar 2022 13:29:13 +0000 (15:29 +0200)]
squid: bump to 4.17
Signed-off-by: Marko Ratkaj <markoratkaj@gmail.com>
(cherry picked from commit
15132b85b76409108c441470998c79d1b8d37814)
Rosen Penev [Wed, 7 Jul 2021 03:37:25 +0000 (20:37 -0700)]
squid: update to 4.16
Fixes compilation with GCC11.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
ad4c04283ec55f307db5fa5931157385315cafb7)
Fabian Lipken [Tue, 16 Aug 2022 07:34:23 +0000 (09:34 +0200)]
dnscrypt-proxy2: update to version 2.1.2
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
(cherry picked from commit
2c617bbe224ab2e6878e86c5cd61dbfa59440500)
Lucian Cristian [Wed, 1 Jun 2022 14:55:00 +0000 (14:55 +0000)]
pciutils: update to 3.8.0
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
c5ec5c70b3bcb053fea8441f028dfac0c3a18d56)
Tianling Shen [Wed, 10 Aug 2022 09:03:25 +0000 (17:03 +0800)]
rclone: Update to 1.59.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
5c4b54de567847f05d25260d4991bfa4ebe97c6e)
Jonathan Pagel [Thu, 18 Aug 2022 05:14:35 +0000 (07:14 +0200)]
telegraf: Update to version 1.23.4
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit
e4555e03ee86ef62cf09ce1436c865d5eb472960)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Jonathan Pagel [Tue, 9 Aug 2022 05:27:45 +0000 (07:27 +0200)]
telegraf: Add influxdb2 output plugin to package version small
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit
a5e96189c3dadabb3e20d8139638bbb6da6773bf)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Jan Hák [Mon, 15 Aug 2022 12:50:23 +0000 (14:50 +0200)]
knot: update to 3.1.9
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
39a08a7aaf18a7b4a4a12f46006238336bd5dba3)
Alexandru Ardelean [Mon, 29 Mar 2021 06:51:56 +0000 (09:51 +0300)]
numpy: bump to version 1.20.2
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
731bb0265da381b49e23fff9b1879a0a1d40f47e)
Liangbin Lian [Fri, 5 Aug 2022 08:20:32 +0000 (16:20 +0800)]
rclone: fix init script on CIDR format ipaddr
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit
7af716f12d7aeaef48ccc3f025927808af0bf461)
Josef Schlehofer [Sat, 13 Aug 2022 08:08:32 +0000 (10:08 +0200)]
Merge pull request #19140 from BKPepe/gcc-21.02
gcc: update to allow compiling different versions
Josef Schlehofer [Fri, 12 Aug 2022 19:35:25 +0000 (21:35 +0200)]
python-websockets: update to version 10.3
- Update copyright
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ce1679a07fab643b85217b35f8c7857a9e3199c1)
Lucian Cristian [Tue, 18 Jan 2022 03:20:34 +0000 (05:20 +0200)]
libreswan: update to 4.6
this update also fixes a CVE
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
ec252c20cc635fb65f972facfcdc8756099a21dd)
Lucian Cristian [Sun, 12 Sep 2021 10:00:42 +0000 (13:00 +0300)]
libreswan: update to 4.5
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
b2efa063d2c244fcf4f1defb635ece6e6460a8b3)
Rosen Penev [Wed, 7 Jul 2021 03:02:49 +0000 (20:02 -0700)]
nss: update to 3.67
Switch to AUTORELEASE for simplicity.
Disable parallel compilation as there's something wrong with NSS' build
system. Reliably fails with make -j 12 on a ryzen 3600.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
1b9e2047007b675d8f40565f3586589f3bedc29c)
Lucian Cristian [Thu, 20 May 2021 21:06:23 +0000 (00:06 +0300)]
nss: update to 3.65
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
0f5eadf362ab3cbd3c89a5aa6828265bcc3bc1cd)
Jo-Philipp Wich [Wed, 10 Aug 2022 21:52:19 +0000 (23:52 +0200)]
cgi-io: update to latest Git HEAD
901b0f0 main: fix two one-byte overreads in header_value()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
443c6c1c17e29466cc81f44504602d66d993bf86)
W. Michael Petullo [Wed, 18 May 2022 22:06:25 +0000 (17:06 -0500)]
gcc: update to allow compiling different versions
This is based on the toolchain GCC, and aims to share as much of its
Makefile and patches with that definition. The package requires one
additional patch:
(1) 003-dont-choke-when-building-32bit-on-64bit.patch, which fixes the
`error: size of array 'test_real_width' is negative` error that occurs
when building a 32-bit GCC on a 64-bit host. (Search the Internet for
examples of this error appearing.)
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
ceaa6e840e0b57c1b47c784997187044e3311d23)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added gcc version 9.3.0, downgraded gcc to 10.2.0, removed gcc version
11.3.0 as it is now in sync with OpenWrt 21.02]
Tianling Shen [Sat, 6 Aug 2022 16:29:35 +0000 (00:29 +0800)]
yq: Update to 4.27.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
82a45b28b736642d263038e0b596c620fa5102e7)
Eneas U de Queiroz [Thu, 23 Sep 2021 20:40:08 +0000 (17:40 -0300)]
gcc: enable parallel building
Even though PKG_BUILD_PARALLEL is set for the package, the package calls
$(MAKE) without $(PKG_JOBS), so it was always built with only one job.
Fix this by adding $(PKG_JOBS) to the $(MAKE) call, and calling make
install only after make all is finished.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
1f91016ac35ee4ef007578b0d4bbe78eaeb9db67)
Dirk Neukirchen [Thu, 4 Mar 2021 17:50:02 +0000 (18:50 +0100)]
gcc: add cc symlink
fixes #14755
Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
(cherry picked from commit
55cb4d1aee0055e26f19b968beaed83a2668ee51)
Johnny Vogels [Tue, 2 Mar 2021 18:11:45 +0000 (19:11 +0100)]
Pulseaudio: update to 14.2; avahi-variant: Restore Bluez functionality
Signed-off-by: Johnny Vogels <35307256+jmv2009@users.noreply.github.com>
Pulseaudio: update to 14.2; avahi-variant: Restore Bluez functionality
Signed-off-by: Johnny Vogels <35307256+jmv2009@users.noreply.github.com>
Josef Schlehofer [Sat, 6 Aug 2022 18:03:49 +0000 (20:03 +0200)]
Merge pull request #19121 from autobakterie/libgpg-error_1-45
libgpg-error: update to 1.45
Šimon Bořek [Sat, 16 Jul 2022 16:56:32 +0000 (18:56 +0200)]
luajit: patch: PPC/e500 SPE: use soft float instead of failing
makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible
Quoting inner commit message:
This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.
While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.
Therefore I see no need to prevent them from running LuaJit
explicitly.
[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf
Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
a4a484fbca5c185456cf5ac26e6f47c03ca426e9)
W. Michael Petullo [Tue, 10 May 2022 19:49:18 +0000 (14:49 -0500)]
libgpg-error: update to 1.45
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
c4842bdd2081748dbb8d12dd8856e870f73a3108)
W. Michael Petullo [Sun, 12 Dec 2021 20:15:20 +0000 (14:15 -0600)]
libgpg-error: update to 1.43
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
d6000af907b9f517f27deef8b303e3474ee63f37)
ZiMing Mo [Thu, 28 Jul 2022 07:54:34 +0000 (15:54 +0800)]
rclone: update to 1.59.0
Release note: https://rclone.org/changelog/#v1-59-0-2022-07-09
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
(cherry picked from commit
05df1fe4f170342ffb0e8cbd5e1414ecf737469f)
Hannu Nyman [Tue, 2 Aug 2022 12:32:10 +0000 (15:32 +0300)]
nano: update to 6.4
Update nano editor to version 6.4.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
0aed2021800de9f567f2301716287f225220e1ba)
Rosen Penev [Mon, 6 Jun 2022 02:54:57 +0000 (19:54 -0700)]
ksmbd: update to 3.4.5
Major changes are:
Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Fri, 3 Jun 2022 23:48:12 +0000 (16:48 -0700)]
ksmbd-tools: update to 3.4.5
Major changes are:
Add support for Heimdal as the Kerberos 5 implementation.
Add smbd max io size parameter.
Accept global share options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Tue, 15 Feb 2022 02:31:34 +0000 (18:31 -0800)]
ksmbd-tools: update to 3.4.4
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fritz D. Ansel [Thu, 12 Aug 2021 05:01:30 +0000 (07:01 +0200)]
ksmbd: set stoplevel
to allow graceful stop of the daemon
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
(cherry picked from commit
28ed2b82c5f6f73f2e41357b39a89714959d2a82)
Jonathan Pagel [Mon, 25 Jul 2022 18:11:36 +0000 (20:11 +0200)]
telegraf: Update to version 1.23.3
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit
281d156a35830003e3844af6f195958715731dfb)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Jan Hák [Fri, 29 Apr 2022 12:27:07 +0000 (14:27 +0200)]
knot: update to 3.1.8
- Release notes:
https://www.knot-dns.cz/2022-04-28-version-318.html
- Refreshed patch to avoid offset
Signed-off-by: Jan Hák <jan.hak@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added commit message, refresh patch]
(cherry picked from commit
db12181940e0136adaa20edb8923e90166847e3a)
Gerard Ryan [Sun, 24 Jul 2022 05:31:43 +0000 (15:31 +1000)]
dockerd: Update to v20.10.17
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 24 Jul 2022 05:29:28 +0000 (15:29 +1000)]
docker: Update to v20.10.17
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 24 Jul 2022 05:25:00 +0000 (15:25 +1000)]
libnetwork: Update to
f6ccccb for Docker v20.10.17
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 24 Jul 2022 05:17:03 +0000 (15:17 +1000)]
containerd: Update to v1.6.6 for Docker v20.10.17
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 24 Jul 2022 05:10:50 +0000 (15:10 +1000)]
runc: Update to v1.1.2 for Docker v20.10.17
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Nick Hainke [Sun, 24 Jul 2022 10:52:26 +0000 (12:52 +0200)]
dawn: update to 2022-07-24
edca4d2 network: rework network status callbacks
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
28ca76d29bc0703474fd44815ceca6bd7b28efe6)
Nick Hainke [Fri, 22 Jul 2022 19:21:32 +0000 (21:21 +0200)]
dawn: update to 2022-07-22
10fb043 network: dump detail on ping pong received
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
1f60c232966b12b2f6e35a2705dc63883eec61c2)
Alexandru Ardelean [Fri, 22 Jul 2022 11:44:32 +0000 (14:44 +0300)]
Merge pull request #18965 from commodo/django-update-21-02
[21.02] django: bump to version 3.2.14
Nick Hainke [Thu, 21 Jul 2022 15:02:49 +0000 (17:02 +0200)]
dawn: update to 2022-07-21
bb362db datastorage: fix ap_array_unlink_entry always returns NULL
47e98ef network: ping pong keepalive for tcp connections
eba0354 network: add timeout for client connections
In the dawn config the con_timeout needs to be added:
option con_timeout '60'
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
204fd77bbc810e64602bbd758af4bef6c76844b1)
Jeffery To [Mon, 18 Jul 2022 12:16:34 +0000 (20:16 +0800)]
golang: Update to 1.17.12
Includes fixes for:
* CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
header
* CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630: io/fs: stack exhaustion in Glob
* CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632: path/filepath: stack exhaustion in Glob
* CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit
X-Forwarded-For not working
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Tianling Shen [Mon, 18 Jul 2022 03:42:39 +0000 (11:42 +0800)]
yq: Update to 4.26.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4df4b8eae7f65960ca18c364b37f089b018a8dce)
Tianling Shen [Mon, 18 Jul 2022 03:46:10 +0000 (11:46 +0800)]
xray-core: Update to 1.5.9
Updated geodata to latest version while at it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
25922c6afdc344e2e402e482d3318219006451c5)
Nick Hainke [Mon, 18 Jul 2022 15:54:27 +0000 (17:54 +0200)]
dawn: update to 2022-07-18
e596ff1 ubus.c: only add nr entries matching our own SSID
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
bb0d45ed355264ca606d01699ca59edaf6848eab)
Alexandru Ardelean [Mon, 18 Jul 2022 14:42:44 +0000 (17:42 +0300)]
django: bump to version 3.2.14
Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-34265
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Michal Vasilek [Sat, 16 Jul 2022 20:43:08 +0000 (22:43 +0200)]
postfix: fix download failure
cdn.postfix.johnriley.me serves a certificate for a different domain
name.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit
d4feef97e6ee7b6477d53c28c9b151ae0c8974d8)
Nick Hainke [Sat, 16 Jul 2022 17:36:32 +0000 (19:36 +0200)]
dawn: update to 2022-07-16
0689b5e ubus: add missing lock for ubus hearing_map
4b7db09 CONFIGURE.md: fix typo
b3f61d4 CONFIGURE.md: adjust documentation about log levels
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
eef9ee0b83afe45bdf83f966e9532f83acf08ef0)
Eneas U de Queiroz [Fri, 15 Jul 2022 18:00:20 +0000 (15:00 -0300)]
libuwsc: fix compiltation with wolfSSL
wolfssl/options.h needs to be included before the other wolfssl headers
to enable OpenSSL API required to build the package.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
8fb3fd3dac586ccb38a3a30aa4d0e1656aea2dc3)
Jonathan Pagel [Wed, 13 Jul 2022 10:37:18 +0000 (12:37 +0200)]
telegraf: Update to version 1.23.2
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit
591f8cad333b36962aefbeccc6b0fa77e5826429)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Jonathan Pagel [Mon, 11 Jul 2022 06:56:51 +0000 (08:56 +0200)]
telegraf: Update to version 1.23.1
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit
9b1cdb7b52a29d8923a68234dd6ca068e245c6d0)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Eneas U de Queiroz [Thu, 5 May 2022 13:25:10 +0000 (10:25 -0300)]
xr_usb_serial_common: bump to 2022-03-30
This is the latest commit that touches the xr_usb_serial_common-1a dir.
The changes are restricted to whitespace fixes and kernel version
adaptations:
ecc6ebe xr_usb: Use tty_driver_kref_put for kernel 5.15 and above
caf6d25 xr_usb: Use tty_alloc_driver for kernel 5.15 and above
a42b7e6 xr_usb: Compilation fixes for kernel 5.14
497adb7 #39 fix compilation for newer linux kernels
9103471 xr_usb: fix some whitespace errors
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
eadab32450857dcb98ceb55fbddc8b2a30660a7c)
Rosen Penev [Mon, 28 Mar 2022 21:25:29 +0000 (14:25 -0700)]
fio: update to 3.29
Fixes compilation with kernel 5.15
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d1edd7677a8af4c286cc47ca6ffc37e573ef15fc)
Petr Štetiar [Thu, 16 Jun 2022 11:38:11 +0000 (13:38 +0200)]
libarchive: fix ext2fs build race error condition
libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:
libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory
As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.
Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=
f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
797945dfaa0e7de8d6b0ada472bda63bb27f0cdc)
Hirokazu MORIKAWA [Sat, 9 Jul 2022 07:15:56 +0000 (16:15 +0900)]
node: July 7th 2022 Security Releases
Update to v14.20.0
Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Jeffery To [Thu, 7 Jul 2022 09:35:41 +0000 (17:35 +0800)]
python-cryptography: Fix failing build
Fixes https://github.com/openwrt/packages/issues/18876.
Fixes https://github.com/openwrt/packages/issues/18879.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
9e3b7d78837b7181b859472894aa243a2eae595b)
Etienne Champetier [Thu, 12 Aug 2021 21:35:44 +0000 (17:35 -0400)]
nft-qos: simplify ifname retrieval
network_get_device should be enough, and since https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=
4b9a67362d70c544b85078b8d5c661f43f7472d9
uci network config interface sections use 'device' instead of 'ifname',
rendering the fallback useless
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit
76b750d7201e953b99b5f2600d2f616acf226405)
Stijn Segers [Mon, 6 Jun 2022 07:51:47 +0000 (09:51 +0200)]
unbound: update to 1.16.0
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit
695e0dbaa43aac589f4c2044fa77ced1055c89b7)
Florian Eckert [Mon, 4 Jul 2022 07:21:50 +0000 (09:21 +0200)]
Merge pull request #18828 from nemesisdesign/openwrt-21.02
[21.02] openwisp-config: update to 1.0.1
Florian Eckert [Mon, 4 Jul 2022 07:21:03 +0000 (09:21 +0200)]
Merge pull request #18847 from nemesisdesign/monitoring-openwrt-21
[21.02] openwisp-monitoring: added 0.1.1
Federico Capoano [Tue, 10 May 2022 20:06:34 +0000 (16:06 -0400)]
openwisp-monitoring: added 0.1.1
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit
0419a797ae7442dff8a1536de404a2fc38337f2f)
Federico Capoano [Tue, 21 Jun 2022 23:16:54 +0000 (19:16 -0400)]
openwisp-config: update to 1.0.1
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
(cherry picked from commit
abb75e3a7ba54e75407970341c6070695928e40d)
Florian Eckert [Thu, 30 Jun 2022 14:42:42 +0000 (16:42 +0200)]
Merge pull request #18839 from TDT-AG/pr/collectd-fix-smart
collectd: fix smart plugin segfault
Florian Eckert [Tue, 15 Mar 2022 14:03:46 +0000 (15:03 +0100)]
collectd: smart: add patch to check udev_enumerate_scan_devices return value
The function udev_enumarte_scan_devices returns a value less than 0 on
failure. If this is the case then we terminate the read for this smart
information.
This change was already send upstream. And could be delete in feature
collectd versions.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
896a0f0db66950b984f89b7f41bfdf60a47bc499)
Florian Eckert [Tue, 15 Mar 2022 13:52:05 +0000 (14:52 +0100)]
collectd: remove not needed fix
This was not a real fix but a workaround. It is no longer clear to me
why this was necessary. Deleting the patch restores the upstream
behaviour of the collected for the smart plugin. I have tested it and on
my system the hard disk to be monitored is recognised.
root@system ~ # cat /sys/class/block/sda/uevent
MAJOR=8
MINOR=0
DEVNAME=sda
DEVTYPE=disk
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
a9ea1cf6ed08940be08c6d0170514665ac41d6c1)
Florian Eckert [Thu, 30 Jun 2022 09:45:57 +0000 (11:45 +0200)]
Merge pull request #18838 from
1715173329/y2
[openwrt-21.02] yq: Update to 4.25.3
Tianling Shen [Mon, 27 Jun 2022 08:18:05 +0000 (16:18 +0800)]
yq: Update to 4.25.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
15aff102319f1405ace9f50aed42f6c3ce2cbbe9)
Sebastian Kemper [Sun, 26 Jun 2022 09:26:10 +0000 (11:26 +0200)]
protobuf: fix
022aef6
The cherry-pick done in
022aef6 includes changing the build setup from
cmake to ninja, but it was overlooked that this was actually reverted in
2e654b1.
The ninja build results in headers not being installed for the host pkg,
so protobuf-c/host can't be build.
This commit reverts the package back to cmake.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Josef Schlehofer [Fri, 24 Jun 2022 12:25:57 +0000 (14:25 +0200)]
syslog-ng: update to version 3.37.1
- Changelog:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.37.1
- Bump config version
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ae7aefe111382630c7046cfb4539b3f1a72ff402)