R4SAS I2P [Sat, 5 Aug 2023 20:13:21 +0000 (20:13 +0000)]
i2pd: update to version 2.48.0
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
(cherry picked from commit
d7b0d3f83d61ce117db0a3e5899624e77a4f5555)
Tianling Shen [Mon, 7 Aug 2023 00:40:23 +0000 (08:40 +0800)]
Merge pull request #21740 from jefferyto/golang-1.19.12-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.12
Jeffery To [Sun, 6 Aug 2023 18:43:20 +0000 (02:43 +0800)]
golang: Update to 1.19.12
Includes fix for CVE-2023-29409 (crypto/tls: verifying certificate
chains containing large RSA keys is slow).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Stan Grishin [Tue, 1 Aug 2023 05:28:17 +0000 (22:28 -0700)]
Merge pull request #21639 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.2.0
Hirokazu MORIKAWA [Thu, 27 Jul 2023 01:39:44 +0000 (10:39 +0900)]
mg: bump to 7.3
Description:
Sync to OpenBSD 7.3
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
e25f57b60273a6fa4515367e82b379c09c483e55)
Stan Grishin [Sun, 23 Jul 2023 15:52:57 +0000 (08:52 -0700)]
Merge pull request #21632 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: improve CLI messaging
Stan Grishin [Sun, 23 Jul 2023 15:48:18 +0000 (15:48 +0000)]
curl: update to 8.2.0
* https://curl.se/changes.html#8_2_0
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
a276cebd9ee8bd5f63b9693fb885529f951375b8)
Stan Grishin [Sun, 23 Jul 2023 15:14:15 +0000 (08:14 -0700)]
Merge pull request #21629 from stangri/openwrt-22.03-simple-adblock
[22.03] simple-adblock: dnsmasq access bugfix & misc improvements
Stan Grishin [Sun, 23 Jul 2023 05:22:04 +0000 (05:22 +0000)]
https-dns-proxy: improve CLI messaging
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
649fbcf9fcab34df3d39b0642cd5b566eefb569e)
Stan Grishin [Sun, 23 Jul 2023 05:06:40 +0000 (05:06 +0000)]
simple-adblock: dnsmasq access bugfix & misc improvements
* fix permission to dnsmasq files for ad-blocking
* add pause function to pause the ad-blocking temporarily
* introduce pause_timeout option to control default pause time
* update default config and config-update file
* use $param instead of $1 in adb_start()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
dea274cc333ab99e42b569bf412c23e0dfd8a87a)
Tianling Shen [Fri, 21 Jul 2023 19:01:19 +0000 (03:01 +0800)]
rclone: Update to 1.63.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
34d1c310b36ce0473a457ee1f82414ff994cd92c)
Tianling Shen [Wed, 19 Jul 2023 07:46:15 +0000 (15:46 +0800)]
dnsproxy: Update to 0.52.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
dc3af571d7c7328d3013b52812bc9e22d14676df)
Tianling Shen [Wed, 19 Jul 2023 07:46:07 +0000 (15:46 +0800)]
cloudflared: Update to 2023.7.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
498343e2c0b21383c9ebb77fbfd1b6a0dbe1acf6)
Nick Hainke [Tue, 27 Jun 2023 07:58:08 +0000 (09:58 +0200)]
snowflake: update to 2.6.0
Tor projects tries to migrate away from git.torproject.org [0,1]. We
need to adjust PKG_SOURCE and GO_PKG name. Further, we need to backport
patches to fix compiling on riscv64, so add:
- 0001-Bump-minimum-required-version-of-go.patch
- 0002-Update-dependencies.patch
Changelog:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/commit/
2fa8fd9188078eaa169f1edd16815deae4004c6c
[0] - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86
[1] - https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/commit/
82cc0f38f73c4ca4e12d22173562a092ebd4dea0
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
0281f7594b31a5a947c26b895343daedc8a808e8)
Tianling Shen [Mon, 17 Jul 2023 13:18:42 +0000 (21:18 +0800)]
Merge pull request #21591 from jefferyto/golang-1.19.11-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.11
Jeffery To [Mon, 17 Jul 2023 07:32:40 +0000 (15:32 +0800)]
golang: Update to 1.19.11
Includes fix for CVE-2023-29406 (net/http: insufficient sanitization of
Host header).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Dirk Brenken [Sun, 16 Jul 2023 05:32:24 +0000 (07:32 +0200)]
banip: release 0.9.0-1
* supports allowing / blocking of certain VLAN forwards in segregated network environments,
set 'ban_vlanallow', ''ban_vlanblock' accordingly
* simplified the code/JSON to generate/parse the banIP status
* enclose nft related devices in quotation marks , e.g. to handle devices which starts with a number '10g-1'
* made the new vlan options available to LuCI (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
1c14eb6d8ced8bc49825bc109984a8b6715c1a08)
Tianling Shen [Fri, 14 Jul 2023 06:13:46 +0000 (14:13 +0800)]
yq: Update to 4.34.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1cb2590c1743eeb4c357b1f0d7e3fb47b3640ae6)
Tianling Shen [Fri, 14 Jul 2023 06:13:35 +0000 (14:13 +0800)]
cloudflared: Update to 2023.7.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
5e0c715a51cd146867d0ca9efd5158307410f042)
Michael Heimpold [Fri, 14 Jul 2023 05:57:36 +0000 (07:57 +0200)]
Merge pull request #21559 from mhei/22.03-php8-update-to-8.1.21
[22.03] php8: update to 8.1.21
Michael Heimpold [Wed, 12 Jul 2023 20:53:59 +0000 (22:53 +0200)]
php8: update to 8.1.21
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Tue, 4 Jul 2023 08:04:54 +0000 (16:04 +0800)]
rclone: Update to 1.63.0
While at it fixed a typo error of license files variable.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
952844c976bae289c603f9c93662a08f6ff49290)
Tianling Shen [Fri, 17 Mar 2023 05:17:38 +0000 (13:17 +0800)]
rclone: Update to 1.62.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
392a68e24774294590abf9c08ea1832f2cee190d)
Tianling Shen [Mon, 3 Jul 2023 14:05:28 +0000 (22:05 +0800)]
dnsproxy: Update to 0.51.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
9cf533dffe8363349530e808a2dedf5d7ee4685f)
Dirk Brenken [Sun, 9 Jul 2023 05:01:17 +0000 (07:01 +0200)]
banip: update 0.8.9-4
* made the etag id parsing more bulletproof (to catch unverified etags as well)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
5e2a9f082aa271dd2b7c2bd7f884bc2aef0b9be6)
Dirk Brenken [Sat, 8 Jul 2023 17:51:52 +0000 (19:51 +0200)]
banip: update 0.8.9-3
* prevent superflous etag function calls during start action (on start backups will be used anyway)
* changed the ipthreat feed download URL (load a compressed file variant to save bandwidth)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
88e64a2ae488e1cd8d4d539c6d976c9ccc728d2f)
Dirk Brenken [Fri, 7 Jul 2023 18:03:08 +0000 (20:03 +0200)]
banip: update 0.8.9-2
* fix a corner case backup issue with empty feed downloads
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
137045faa904fd826be9e82b22aa2ee1d65229b7)
Dirk Brenken [Fri, 7 Jul 2023 16:28:21 +0000 (18:28 +0200)]
banip: release 0.8.9-1
* added HTTP ETag or entity tag support to download only ressources that have been updated on the server side,
to save bandwith and speed up banIP reloads
* added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme)
* updated the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
68cdc3952dd7adf6fb1ed4b8138ec5478ac18b9a)
Tianling Shen [Wed, 22 Mar 2023 07:19:24 +0000 (15:19 +0800)]
dnslookup: Update to 1.9.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
65c9414e166c0bf97a47a388ecbd18e93df29fd2)
Dirk Brenken [Fri, 30 Jun 2023 05:28:16 +0000 (07:28 +0200)]
adblock: update to 4.1.5-8
* adapt adguard_tracking source changes
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
e1fa285f325543cc96dcfe2beb17fe83cc1a76e3)
Noah Meyerhans [Mon, 26 Jun 2023 03:02:35 +0000 (20:02 -0700)]
bind: bump to 9.18.16
Fixes CVEs:
- CVE-2023-2828: The overmem cleaning process has been improved, to
prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for named
to enter an infinite callback loop and crash due to stack overflow.
The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
9ac79ad46966908d2ceb64c0e0d8a0bff435767a)
Dirk Brenken [Sat, 24 Jun 2023 11:09:40 +0000 (13:09 +0200)]
banip: update 0.8.8-2
* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
c3084be415f5c701a319342c85ca626996b5b463)
Dirk Brenken [Wed, 21 Jun 2023 08:53:19 +0000 (10:53 +0200)]
banip: release 0.8.8-1
* Support MAC-/IPv4/IPv6 ranges in CIDR notation
* Support concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme)
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
b9bd6cdb0dcd85b30999b162a06a10c5229908e7)
Dirk Brenken [Mon, 5 Jun 2023 15:20:12 +0000 (17:20 +0200)]
banip: release 0.8.7-1
* Optionally auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the
monitored suspicious IP, set 'ban_autoblocksubnet' accordingly (disabled by default).
For more information regarding RDAP see
https://www.ripe.net/manage-ips-and-asns/db/registration-data-access-protocol-rdap for reference.
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
767d1ec663b980f86f31354ceaee07c6184656eb)
Hirokazu MORIKAWA [Thu, 15 Jun 2023 06:49:25 +0000 (15:49 +0900)]
c-ares: bump to 1.19.1
This is a security and bugfix release.
Security
o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
query IDs
o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton()
o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
compilation
Fixing libcares.pc
The pkg-config file libcares.pc in version 1.19.1 has been changed to be unsuitable for OpenWrt
and causes build errors with Openwrt packages that use libcares.
For this reason, libcares.pc was replaced.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
4c4d3b900197785292ef92055effcccd7f3b805b)
Tianling Shen [Wed, 21 Jun 2023 12:47:19 +0000 (20:47 +0800)]
cloudflared: Update to 2023.6.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1aa41e92ac8733be9a25b77eddea7cdac3bedc34)
Tianling Shen [Tue, 20 Jun 2023 05:11:16 +0000 (13:11 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
e4a22284cb5ddbcaccdea1ad850a573f9d783026)
Tianling Shen [Tue, 20 Jun 2023 05:11:04 +0000 (13:11 +0800)]
xray-core: update to 1.8.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c912e2bcedfcfb50c1ee02d0fa120f0b0025ac2c)
Tianling Shen [Mon, 19 Jun 2023 06:44:12 +0000 (14:44 +0800)]
cloudflared: Update to 2023.6.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
194cf52a82df2bdf98d52687762287ae689b6fc6)
Scott McKenzie [Fri, 19 May 2023 17:38:27 +0000 (03:38 +1000)]
cloudflared: support setting tunnel token
Allows user to provide a token for Cloudflare tunnel.
When provided along with credentials, this will take precedence.
Signed-off-by: Scott McKenzie <scott@noizyland.net>
(cherry picked from commit
61106a8df299de5297e816d1f75fbb602382b60c)
Hirokazu MORIKAWA [Wed, 21 Jun 2023 02:41:11 +0000 (11:41 +0900)]
node: June 20 2023 Security Releases
Update to v16.20.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
ValdikSS ValdikSS [Fri, 16 Jun 2023 14:53:08 +0000 (17:53 +0300)]
nmap: fix ncat proxy mode with upstream patches
ncat utility from nmap package has a bug in 7.90 and 7.91 version which
prevent it from working via proxy.
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
Stan Grishin [Tue, 20 Jun 2023 15:58:09 +0000 (09:58 -0600)]
Merge pull request #21412 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: update to 2023-05-25-2
Stan Grishin [Tue, 20 Jun 2023 02:59:57 +0000 (20:59 -0600)]
Merge pull request #21283 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.1.2
Stan Grishin [Tue, 20 Jun 2023 02:02:45 +0000 (02:02 +0000)]
https-dns-proxy: update to 2023-05-25-2
bugfix: proper mdns object creation
bugfix: prevent fw errors by allowing custom interfaces in config
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
a31640ac7cfab78c75808e22fc7fc2da48bd8e7f)
Robert Marko [Sat, 17 Jun 2023 06:47:39 +0000 (08:47 +0200)]
mhz: add new package
mhz is a tool for mathematically calculating the current CPU frequency, it
has proven to be a really good help while developing CPU frequency scaling
solutions as it allows to independently prove that scaling actually works.
Now that the author has added a license we can package it for the all to
use.
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit
89123b308f98de6e6e77a1bf21586c8fafc83413)
Michael Heimpold [Fri, 16 Jun 2023 06:07:26 +0000 (08:07 +0200)]
Merge pull request #21382 from mhei/22.03-php8-update-to-8.1.20
[22.03] php8: update to 8.1.20
Michael Heimpold [Thu, 15 Jun 2023 19:24:26 +0000 (21:24 +0200)]
php8: update to 8.1.20
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Mon, 12 Jun 2023 19:36:41 +0000 (03:36 +0800)]
cloudreve: Update to 3.8.0
- Fixed packing web frontend assets
- Enabled build for riscv64
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
27e6796a832e76ac4eee30de2347ad47c085c7ed)
[removed unavailable riscv64 from supported arches]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Sun, 11 Jun 2023 16:55:32 +0000 (00:55 +0800)]
dnsproxy: Update to 0.50.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
eda669c819fcd6ea2cf1f50ad3a21ea5b52fdeba)
Tianling Shen [Tue, 13 Jun 2023 03:00:35 +0000 (11:00 +0800)]
Merge pull request #21346 from jefferyto/python-3.10.12-openwrt-22.03
[openwrt-22.03] python3: Update to 3.10.12
Nick Hainke [Thu, 8 Jun 2023 12:34:09 +0000 (14:34 +0200)]
tunneldigger: add package for establishing L2TPv3 tunnels over UDP
In the previous commit we already added tunneldigger-broker. Add the
corresponding client.
This PR is just a refactoring of the already existing opkg package from
wlanslovenija [0].
[0] - https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
bd2b4f311a95b64e019ef29f7c01326a3dfee7d1)
Nick Hainke [Thu, 8 Jun 2023 10:36:33 +0000 (12:36 +0200)]
tunneldigger-broker: add broker for tunneldigger
In mesh communities, tunneldigger is widely used to create L2TPv3 tunnels
and mesh via them. Since the broker is typically installed on other
distributions, the openwrt broker package has not received any
maintenance in recent years [0]. I take now care of the further maintaince
of this package. Furthermore, I consulted with the maintainers to ensure
that they were comfortable with the change [1].
This PR is just a refactoring of the already existing opkg package from
wlanslovenija. It fixes config parsing and in general the config, adapts
to the new python syntax and fixes dependency handling.
- [0] https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger-broker
- [1] https://github.com/wlanslovenija/firmware-packages-opkg/issues/24
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
8298ce82346817c09cfb6ace2f991bacf79a6071)
Tianling Shen [Mon, 12 Jun 2023 10:21:13 +0000 (18:21 +0800)]
Merge pull request #21343 from jefferyto/golang-1.19.10-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.10
Jeffery To [Mon, 12 Jun 2023 07:17:41 +0000 (15:17 +0800)]
python3: Update to 3.10.12
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Mon, 12 Jun 2023 04:25:43 +0000 (12:25 +0800)]
golang: Update to 1.19.10
Includes fixes for:
* CVE-2023-29402: cmd/go: cgo code injection
* CVE-2023-29403: runtime: unexpected behavior of setuid/setgid binaries
* CVE-2023-29404: cmd/go: improper sanitization of LDFLAGS
* CVE-2023-29405: cmd/go: improper sanitization of LDFLAGS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Hirokazu MORIKAWA [Thu, 8 Jun 2023 05:37:38 +0000 (14:37 +0900)]
avahi: Import patches for security fixes
Imported patches included in debian and other package.
* 200-Fix-NULL-pointer-crashes-from-175.patch
CVE-2021-3502
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
* 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
CVE-2021-3468
A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.
* 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly".
Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit.
* 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time.
* 204-Emit-error-if-requested-service-is-not-found.patch
It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.
* 205-conf-file-line-lengths.patch
Allow avahi-daemon.conf file to have lines longer than 256 characters (new limit 1024).
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
779af4d40ccdc0f2a798ee6b6849abb37d202f1b)
Toke Høiland-Jørgensen [Fri, 9 Jun 2023 13:23:45 +0000 (15:23 +0200)]
net/acme: Bump acme.sh to v3.0.6
Important security fix.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
S. Brusch [Wed, 7 Jun 2023 19:10:03 +0000 (21:10 +0200)]
crowdsec: new upstream release version 1.5.2
Update crowdsec to latest upstream release version 1.5.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Description: update to latest version of upstream
(cherry picked from commit
1813bf2c6e2f4cbf17af582d1626698fe8da5821)
Stan Grishin [Mon, 5 Jun 2023 19:35:08 +0000 (19:35 +0000)]
curl: update to 8.1.2
* https://curl.se/changes.html#8_1_2
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
5afd8e088a1ad0b9b1074ac61460101a48e7e551)
Dengfeng Liu [Sat, 3 Jun 2023 02:07:44 +0000 (10:07 +0800)]
xfrpc: update to 2.6.633
support socks5
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Maxim Storchak [Fri, 2 Jun 2023 14:53:18 +0000 (17:53 +0300)]
collectd: enable AllPortsSummary for tcpconns plugin
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit
8270bd173ed9e4aa8877bfaa4e23c59223dca9f1)
[remove AUTORELEASE at the same time]
Tianling Shen [Fri, 2 Jun 2023 13:15:04 +0000 (21:15 +0800)]
dnsproxy: Update to 0.49.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d717bace8d2c2040547bbda284fe302af9ccd695)
Tianling Shen [Thu, 1 Jun 2023 08:18:25 +0000 (16:18 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
56de9f91fd1d14be3b3f5497ff21040005fcf12d)
Tianling Shen [Thu, 13 Apr 2023 16:24:35 +0000 (00:24 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b8d737641103452d33047629c0ff2df8851a58aa)
Tianling Shen [Thu, 1 Jun 2023 07:59:28 +0000 (15:59 +0800)]
yq: Update to 4.34.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
2ecf76e27dbcc0a5d64db6d9b30269de56b2bd1e)
Tianling Shen [Thu, 1 Jun 2023 07:59:02 +0000 (15:59 +0800)]
v2ray-core: Update to 5.7.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b95ec1db568f776722147b85ee1724b747a6d7d6)
Tianling Shen [Thu, 1 Jun 2023 07:58:36 +0000 (15:58 +0800)]
cloudflared: Update to 2023.5.1
Fixed build issue with Go 1.20.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
0625f038b3141666821270232eee032620380668)
Dengfeng Liu [Sun, 28 May 2023 03:31:37 +0000 (11:31 +0800)]
apfree-wifidog: Update to 6.02.1939
1. support fw4
2. support openssl3.0
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Stan Grishin [Wed, 31 May 2023 17:38:23 +0000 (11:38 -0600)]
Merge pull request #21204 from stangri/openwrt-22.03-curl-8.1.1
[22.03] curl: update to 8.1.1
Glenn Strauss [Sat, 27 May 2023 22:03:56 +0000 (18:03 -0400)]
lighttpd: update to lighttpd 1.4.71 release hash
remove patches included upstream
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
19291ee1951a79776c1b67c10fd67af5d346abc5)
Stan Grishin [Tue, 23 May 2023 22:26:26 +0000 (22:26 +0000)]
curl: update to 8.1.1
* https://curl.se/changes.html#8_1_1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
b126e765cc8bc100336ea42fab5f655c0d4c6325)
Alexandru Ardelean [Sat, 27 May 2023 18:16:35 +0000 (21:16 +0300)]
Merge pull request #21156 from jefferyto/python-3.10.11-openwrt-22.03
[openwrt-22.03] python3: Update to 3.10.11, refresh/restore patches; cherry pick fixes
Stan Grishin [Sat, 27 May 2023 06:46:07 +0000 (00:46 -0600)]
Merge pull request #21146 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.1.0
Alexandru Ardelean [Sat, 27 May 2023 06:26:54 +0000 (09:26 +0300)]
Merge pull request #21178 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: update to 2023-05-25-1
Stan Grishin [Fri, 26 May 2023 08:24:00 +0000 (08:24 +0000)]
https-dns-proxy: update to 2023-05-25-1
* update to a new upstream commit, fixes #19366
* update patches/010-cmakelists-remove-cflags.patch as upstream file was update
* remove patches/020-cmakelists-add-version.patch as version is now set elsewhere
* add patches/020-src-options.c-add-version.patch to set the version information
* adjust PROCD START time to 95
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
eb40aa1b5dc6b5945b8b53cd5a2cc06303a3d9eb)
Jeffery To [Thu, 16 Mar 2023 09:46:48 +0000 (17:46 +0800)]
python3: Update to 3.10.11, refresh/restore patches
This also restores (and updates) a patch for pip that was removed
earlier but is still necessary.
Fixes: 7a756db00249 ("python3: bump to version 3.10.9")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Wed, 24 May 2023 07:56:32 +0000 (15:56 +0800)]
python3: Fix hashlib module not compiled for host Python
This updates 026-openssl-feature-flags.patch with a newer version from
OpenBSD[1].
This also adds 029-no-FIPS_mode.patch to patch out a call to
FIPS_mode(). LibreSSL 3.4 does not have a function definition for
FIPS_mode.
[1]: https://github.com/openbsd/ports/blob/
26a04435bf2a09dcbe22b718bfee08997617a906/lang/python/3.10/patches/patch-Modules__hashopenssl_c
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Tue, 23 May 2023 11:12:27 +0000 (19:12 +0800)]
python3: Fix uuid module not compiled for host Python
This adds $(STAGING_DIR_HOST)/include/e2fsprogs to HOST_CFLAGS and
HOST_CPPFLAGS so that configure can find uuid/uuid.h.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
44fb4927f11add18baa11617e67c8a697a3f528d,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Tue, 23 May 2023 09:49:43 +0000 (17:49 +0800)]
python3: Fix multiarch/local paths added when building host Python
By default, the Python build process will add /usr/local/{lib,include},
and multiarch paths (e.g. /usr/{lib,include}/x86_64-linux-gnu) if
building on Debian/Ubuntu, to its library and includes paths.
006-remove-multi-arch-and-local-paths.patch was added in
84202f17e1aac6faf66b8d186f7c5c62b6f72ffb to stop the Python build
process from adding these paths.
006-remove-multi-arch-and-local-paths.patch was removed in
48277ec9158151763239461c6f60808e38a99c2f.
006-do-not-add-multiarch-paths-when-cross-compiling.patch was added in
0c8b0b0bf727a57b0138a1425d2f32786dddd146 to stop the Python build
process from adding these paths for target Python.
These paths are still added by the Python build process when building
host Python.
This replaces the cross-compiling-only patch with the original patch,
renamed slightly and adapted for Python 3.10.
Fixes: 48277ec91581 ("python3: bump to version 3.8")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
f006d0ea23f76a1846c93d0ec3b1ea60ba36d093,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Sat, 20 May 2023 11:07:22 +0000 (19:07 +0800)]
python3: Fix race condition when doing parallel builds
When doing parallel builds, host Python can install the python3 symlink
before the Python standard library is installed completely.
When this occurs, it is possible for other packages to detect the
python3 symlink and try to use host Python before it is fully installed.
This adds a patch to make commoninstall (where the standard library is
installed) a prerequisite of bininstall (where the python3 symlink is
installed), so that commoninstall is fully completed before bininstall
begins.
Patch has been submitted upstream:
https://github.com/python/cpython/pull/104693
Fixes: https://github.com/openwrt/packages/issues/19241
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
67e47f11962c4ea0b1b734913f64c32fbba9edf2)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Thu, 18 May 2023 09:42:12 +0000 (17:42 +0800)]
python3: Fix readelf program name not replaced in _sysconfigdata.py
The Makefile lines to add READELF to TARGET_CONFIGURE_OPTS was removed
in
4e05541782edeb06b51d691dadf52648df24c940.
Without setting READELF, configure finds the symlink to
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-readelf) instead of
$(TARGET_CROSS)readelf (e.g. arm-openwrt-linux-muslgnueabi-readelf).
This leads to the symlink name being saved to _sysconfigdata.py, and so
the readelf name is not replaced correctly (in
Py3Package/python3-base/install).
This restores the removed Makefile lines.
Fixes: 4e05541782ed ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
e1a95786358c64483fc16d52eac6746267f0abec,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Fri, 12 May 2023 11:40:11 +0000 (19:40 +0800)]
python3: Fix __pycache__ files included in python3-light
003-do-not-run-distutils-tests.patch was removed in
4e05541782edeb06b51d691dadf52648df24c940. This patch stopped "make
install" from, among other things, running compileall.
When this patch was removed, "make install" ran compileall as normal and
created bytecode files in __pycache__ directories. These files were then
packaged in python3-light.
This adds a patch to stop compileall from being run during "make
install".
Fixes: 4e05541782ed ("python3: bump to version 3.10.0")
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
8a4da017902d21ac6cada21a3bb23caa5b39af0b,
adjusted PKG_RELEASE, refreshed patches)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Mon, 8 May 2023 15:42:37 +0000 (23:42 +0800)]
python3: Remove --without-pymalloc
--without-pymalloc was added in
7bf1ae65a89e380ce20ef5ab13b1a7276d6f7047
because leaving it enabled added an "m" flag/suffix to file names.
This flag/suffix was removed in Python 3.8[1], so disabling pymalloc is
no longer necessary.
[1]: https://docs.python.org/3.8/whatsnew/3.8.html#build-and-c-api-changes
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
3032e7063f5a215a4a2b15f79be8d54aace6b614,
adjusted PKG_RELEASE)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Rosen Penev [Sun, 25 Sep 2022 05:07:46 +0000 (22:07 -0700)]
python3: use tools/expat for host build
Oversight from when the expat host build was removed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d09844e395560a402a7b8c71ac03e0370066ec51)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Stan Grishin [Tue, 23 May 2023 17:59:55 +0000 (17:59 +0000)]
curl: update to 8.1.0
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
b2904dff93e805c1d72407ff765fe17a68046e86)
Ray Wang [Fri, 19 May 2023 15:16:04 +0000 (23:16 +0800)]
natmap: add myself to maintainers
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
c2ed86d59f876b30cd5cf70e9e416d30c085ffc5)
Ray Wang [Fri, 19 May 2023 14:53:20 +0000 (22:53 +0800)]
natmap: update to
20230519
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
ad612d813c788a1a2b8bc70f351a168237014f47)
Rafał Miłecki [Thu, 11 May 2023 11:27:32 +0000 (13:27 +0200)]
wsdd2: fix stopping service
Function start_service() is called whenever service may need reloading.
If SMB server is not running it could be simply because it has been
stopped. Reloading service in such case is not an error so:
1. Don't log error as it isn't one
2. Don't exit with error code as it was confusing procd
This change fixes scenario like:
/etc/init.d/ksmbd stop
/etc/init.d/wsdd2 reload
(previously above wasn't stopping wsdd2)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
6020ca52bf5d7b2869ef1ff8a966d15281aa56ab)
Li Zhang [Mon, 25 Apr 2022 14:18:31 +0000 (22:18 +0800)]
wsdd2: Remove extra comma, which breaks the key-value pair of the '-b' parameter
Signed-off-by: Li Zhang <starsunyzl@gmail.com>
(cherry picked from commit
5fc06d939fb9a37752b7665eca1355e23aa4e85f)
Rafał Miłecki [Sat, 8 Apr 2023 16:18:55 +0000 (18:18 +0200)]
lxc: set RUNTIME_PATH define to the /var/run path
The default runtime directory used by LXC is /run which doesn't exist
in OpenWrt. It causes errors like:
Failed to create lock for foo
lxc-create: foo: tools/lxc_create.c: main: 260 Failed to create lxc container
There has been workaround for that in the lxc-auto.init but it requires
installing "lxc-auto" package. Replacing that "ln -s" workaround with
Makefile specifying RUNTIME_PATH define allows using pure "lxc" in
OpenWrt (without the "lxc-auto").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
90fef036fe465262d5915489d45f430b313f22ab)
John Audia [Sat, 25 Mar 2023 19:47:26 +0000 (15:47 -0400)]
lxc: update to 5.0.2
Bump to latest upstream release.
Removed upstreamed patches:
001-build-detect-where-struct-mount_attr-is-declared.patch[1]
002-build-detect-sys-pidfd.h-availability.patch[2]
003-build-check-for-FS_CONFIG_-header-symbol-in-sys-moun.patch[3]
011-tree-wide-wipe-direct-or-indirect-linux-mount.h-incl.patch[4]
012-tree-wide-use-struct-clone_args-directly.patch[5]
013-tree-wide-use-struct-open_how-directly.patch[6]
1. https://github.com/lxc/lxc/commit/
b7b269680f4a773a54b274d7fbd1140fc32e1935
2. https://github.com/lxc/lxc/commit/
e510d6bd870c15fc509477343cb1268b9726caa6
3. https://github.com/lxc/lxc/commit/
02f4bd00f5b5648b7f71c266d36a961fe54dbfc6
4. https://github.com/lxc/lxc/commit/
497479ea3b8d13900a8f9427a5ade8a51facd7ab
5. https://github.com/lxc/lxc/commit/
c9bca33263ed82190edc77960cdc19c3088167e6
6. https://github.com/lxc/lxc/commit/
d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
11cac71248dea0a188cdc86d7b9ca193d5523da0)
S. Brusch [Wed, 17 May 2023 20:09:53 +0000 (22:09 +0200)]
crowdsec: new upstream release version 1.5.1
Update crowdsec to latest upstream release version 1.5.1
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Description: update to latest version of upstream
(cherry picked from commit
0c15327f988ce616443c004a40388068ebc69d1b)
Jan Hák [Mon, 13 Feb 2023 14:35:42 +0000 (15:35 +0100)]
knot: update to version 3.2.5
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
94512aba16e9bf4bc4a6dbc18bf67cbd97e035a6)
Josef Schlehofer [Sat, 1 Apr 2023 09:15:13 +0000 (11:15 +0200)]
syslog-ng: update to version 4.1.1
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.1.1
- Updated version in config
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
7de98324c73c8c680d05ef06bf2bf313d54bda83)
S. Brusch [Tue, 16 May 2023 16:18:32 +0000 (18:18 +0200)]
crowdsec-firewall-bouncer: new upstream release version 0.0.27
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.27
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
(cherry picked from commit
fa771eead4472dba3be5f9cb7cd2dd3078745460)
Dirk Brenken [Tue, 16 May 2023 10:27:13 +0000 (12:27 +0200)]
banip: update 0.8.6-2
* fix/rework no-op loop
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
cf4ac0301d886b129cd25965bb4796edc2e0327b)
Glenn Strauss [Thu, 11 May 2023 00:52:05 +0000 (20:52 -0400)]
lighttpd: include mod_h2 in base package
The next version of lighttpd will move HTTP/2 support from the lighttpd
base executable into a separate module: mod_h2
Include patch to do so now, and update packaging to handle it.
HTTP/2 support is enabled by default since lighttpd 1.4.59, but if
HTTP/2 support is explicitly disabled in the configuration, then mod_h2
will not be loaded, thereby reducing lighttpd memory use.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
f4152fccadc021b016b341526ddf83ddcf593ca1)
Glenn Strauss [Thu, 11 May 2023 00:49:24 +0000 (20:49 -0400)]
lighttpd: update to lighttpd 1.4.70 release hash
remove patches included upstream
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
0d5b110077d4c51a12d797a844495ce63071a205)
Glenn Strauss [Wed, 12 Apr 2023 17:15:49 +0000 (13:15 -0400)]
lighttpd: adjust packages for built-in modules
(.so is no longer built, but package still contains config files)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
7fda9563de92e58f0ae5c388e66de1d66e3df7f0)