Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate
Make the daemon reload after the tls certificate is updated
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit
fd1d506fff9462b3329585bdd148a6fd78cbd27a)
Tianling Shen [Mon, 22 Apr 2024 07:26:22 +0000 (15:26 +0800)]
v2ray-core: Update to 5.15.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ebed42fcb0e7e9bffee3c47b93244494377595ee)
Dirk Brenken [Fri, 26 Apr 2024 15:03:14 +0000 (17:03 +0200)]
banip: update 0.9.5-3
* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
2c6d5adac049a55ca067255da90dc938b5604249)
Dirk Brenken [Sun, 21 Apr 2024 19:57:17 +0000 (21:57 +0200)]
banip: update 0.9.5-2
* fixed possible Set search race condition (initiated from LuCI frontend)
* fixed the "no result" Set search problem in LuCI
* removed abandoned feeds: spamhaus edrop (was merged with spamhaus drop)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
ad755e0c4ddb63f8b8ed2204043ce750a4d4b928)
Dirk Brenken [Fri, 19 Apr 2024 20:09:29 +0000 (22:09 +0200)]
banip: release 0.9.5-1
* added a DDoS protection rules in a new pre-routing chain to prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets, flood tresholds are configured via 'ban_icmplimit' (default 10/s), 'ban_synlimit' (default 10/s) and 'ban_udplimit' (default 100/s)
* the new pre-routing rules are tracked via named nft counters and are part of the standard reporting, set 'ban_logprerouting' accordingly
* block countries dynamically by Regional Internet Registry (RIR)/regions, e.g. all countries related to ARIN. Supported service regions are: AFRINIC, ARIN, APNIC, LACNIC and RIPE, set 'ban_region' accordingly
* it's now possible to always allow certain protocols/destination ports in wan-input and wan-forward chains, set 'ban_allowflag' accordingly - e.g. ' tcp 80 443-445'
* filter/convert possible windows line endings of external feeds during processing
* the cpu core autodetection is now limited to max. 16 cores in parallel, set 'ban_cores' manually to overrule this limitation
* set the default nft priority to -100 for banIP input/forward chains (pre-routing is set to -150)
* update readme
* a couple of bugfixes & performance improvements
* removed abandoned feeds: darklist, ipblackhole
* added new feeds: becyber, ipsum, pallebone, debl (changed URL)
* requires a LuCI frontend update as well (separate PR/commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
fa80fefe22d0c7ca1c1e34deb52683b54af1ed17)
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1
Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1
Also bump version in the config file to avoid warning
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now
The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
26c101edc3e918be4fbfe76b3514d1c8398f7d31)
Stan Grishin [Thu, 25 Apr 2024 22:09:43 +0000 (15:09 -0700)]
Merge pull request #24014 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: bugfix: unbound-related fixes
Stan Grishin [Sun, 21 Apr 2024 14:06:52 +0000 (14:06 +0000)]
adblock-fast: bugfix: unbound-related fixes
* include `server:` directive at the top of unbound file
* update unbound-related outputGzip variable to include full path
* return always_nxdomain for blocked domains
* also update copyright stamp/license
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
474587a1f44db8b66caca8bdde9c2dd64b480638)
Stan Grishin [Thu, 25 Apr 2024 21:33:12 +0000 (14:33 -0700)]
Merge pull request #24006 from stangri/openwrt-23.05-nebula
[23.05] nebula: Use APK style release number
Sean Khan [Fri, 12 Apr 2024 16:09:59 +0000 (12:09 -0400)]
nebula: Use APK style release number
Maintainer: Stan Grishin <stangri@melmac.ca>
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
(cherry picked from commit
3cbb7474c3fad4b01f8ee065b1c045c4b7fb523f)
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options
Introduce `log_stdout` and `log_stderr` options for managing logging output.
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
5abbd3bcb2362963a2cc49c0a9de78dd5c5af185)
Hirokazu MORIKAWA [Wed, 24 Apr 2024 01:42:09 +0000 (10:42 +0900)]
node: bump to v18.20.2
This is a security release.
Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Paul Donald [Fri, 1 Mar 2024 20:49:30 +0000 (21:49 +0100)]
ntpd: update to version 4.2.8p17
Also some spell fixes for README.md
Drop patch-0001 - ntpd >= 4.2.8p16 patched this behaviour. See:
https://bugs.ntp.org/show_bug.cgi?id=3741 (and the linked diff there)
https://git.nwtime.org/websites/ntpwww/commit/
d2a7faef2fea5f10b28cc2ee1d842e4b241f414f
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
b2742ed05d5404d1c2cada7c51607126d19fa3f6)
Christian Marangi [Sun, 21 Apr 2024 15:38:24 +0000 (17:38 +0200)]
uwsgi: bump to latest 2.0.25.1 release
Bump to latest 2.0.25.1 release
Drop upstream PCRE2 patch and alarm memory leak fix.
Rework and refresh patch due to release bump.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
a9371952c916423876d3d380837b7b47ef08eb69)
Christian Marangi [Fri, 22 Sep 2023 13:39:23 +0000 (15:39 +0200)]
uwsgi: add experimental pcre2 patch and drop pcre
Add experimental pcre2 patch and drop pcre in favor of pcre2 library.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
4374c3250f424f1e57b175961adb41f24489510d)
Christian Marangi [Fri, 22 Sep 2023 13:38:27 +0000 (15:38 +0200)]
uwsgi: bump to release 2.0.22
Bump to release 2.0.22 to make it easier to apply patch for pcre2
support.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
94ded8ff315be664a806153a94913e7fbdcd3a49)
Tianling Shen [Mon, 15 Apr 2024 07:18:04 +0000 (15:18 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c1e6fbbcb06786c7f78f7a12f9bf7337e94b2160)
Tianling Shen [Thu, 4 Apr 2024 04:17:22 +0000 (12:17 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
06332b022937714fe465c572d7ae0c7665e7552b)
Tianling Shen [Mon, 15 Apr 2024 05:22:56 +0000 (13:22 +0800)]
cloudflared: Update to 2024.4.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d9419aeabd74f5d170483691d8a2ab0c68620fce)
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
ee8b29de2c42ffc7796cd825f38b19e56f838cd4)
Michael Heimpold [Wed, 17 Apr 2024 18:22:55 +0000 (20:22 +0200)]
Merge pull request #23947 from mhei/23.05-php8-update-to-8.2.18
[23.05] php8: update to 8.2.18
Josef Schlehofer [Wed, 17 Apr 2024 11:27:41 +0000 (13:27 +0200)]
Merge pull request #23871 from graysky2/snort-backport-fix
snort3 and libdaq3: sync with master and remove symbol @HAS_LUAJIT_ARCH
Daniel Golle [Thu, 4 Apr 2024 02:36:39 +0000 (03:36 +0100)]
exim: update to 4.97.1
IPv6 has accidentally been disabled in all Exim builds since the
package was introduced in OpenWrt due to a faulty `sed` script. This
has now been fixed, so beware that IPv6 is now enabled when updating
from previous releases.
Upstream changes since version 4.96.2 (bottom up):
JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
LF-only mode (as detected from the first header line). Previously we did
accept that in (normal) CRLF mode; this has been raised as a possible
attack scenario (under the name "smtp smuggling", CVE-2023-51766).
JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
SMTP connection" log lines.
JH/02 Option default value updates:
- queue_fast_ramp (main) true (was false)
- remote_max_parallel (main) 4 (was 2)
JH/03 Cache static regex pattern compilations, for use by ACLs.
JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/05 Follow symlinks for placing a watch on TLS creds files. This means
(under Linux) we watch the dir containing the final file; previously
it would be the dir with the first symlink. We still do not monitor
the entire path.
JH/06 Check for bad chars in rDNS for sender_host_name. The OpenBSD (at least)
dn_expand() is happy to pass them through.
JH/07 OpenSSL Fix auto-reload of changed server OCSP proof. Previously, if
the file with the proof had an unchanged name, the new proof(s) were
loaded on top of the old ones (and nover used; the old ones were stapled).
JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
more than one message arrived in a single connection a reference from
the earlier message could be re-used. Often a sigsegv resulted.
These variables were introduced in Exim 4.87.
Debug help from Graeme Fowler.
JH/09 Fix ${filter } for conditions that modify $value. Previously the
modified version would be used in construction the result, and a memory
error would occur.
JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
Find and fix by Jasen Betts.
JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
than TLSv1,2, Previously, more-recent versions of OpenSSL were permitting
the systemwide configuration to override the Exim config.
HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
API changes in libopendmarc.
JH/12 Bug 2930: Fix daemon startup. When started from any process apart from
pid 1, in the normal "background daemon" mode, having to drop process-
group leadership also lost track of needing to create listener sockets.
JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
resulted in the variable appearing empty. Find and fix by Ruben Jenster.
JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
a capture group which obtained no text (eg. "(abc)*" matching zero
occurrences) could cause a segfault if the corresponding $<n> was
expanded.
JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
included a close-brace character (eg. it itself used an expansion) an
error occurred.
JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
starting TLS. Previously it was after, meaning that attackers on such
ports had to be screened using the host_reject_connection main config
option. The new sequence aligns better with the STARTTLS behaviour, and
permits defences against crypto-processing load attacks, even though it
is strictly an incompatible change.
Also, avoid sending any SMTP fail response for either the connect ACL
or host_reject_connection, for TLS-on-connect ports.
JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
Previously this was not permitted, but it makes reasonable sense.
While there, restore a restriction on using it from a connect ACL; given
the change JH/16 it could only return false (and before 4.91 was not
permitted).
JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line
was exactly sized compared to the log buffer, a crash occurred with the
misleading message "bad memory reference; pool not found".
Found and traced by Jasen Betts.
JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
dns_again_means_nonexist included an element causing a DNS lookup which
itself returned DNS_AGAIN, unbounded recursion occurred. Possible results
included (though probably not limited to) a process crash from stack
memory limit, or from excessive open files. Replace this with a paniclog
whine (as this is likely a configuration error), and returning
DNS_NOMATCH.
JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously
this always failed, probably leading to the usual downgrade to in-clear
connections.
JH/21 Fix TLSA lookups. Previously dns_again_means_nonexist would affect
SERVFAIL results, which breaks the downgrade resistance of DANE. Change
to not checking that list for these lookups.
JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
closure log lines.
JH/23 Fix crash in string expansions. Previously, if an empty variable was
immediately followed by an expansion operator, a null-indirection read
was done, killing the process.
JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
include an SMTP response string which is longer than that supported
by the delivering transport. Alleviate by wrapping such lines before
column 80.
JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
chars (RFC limit). Previously a limit of 12 items was made, which with
a not-impossible References: in the message being bounced could still
be over-large and get stopped in the transport.
JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
close. Previously a bare socket close was done.
JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day
every 1024 days.
JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the
message being considered for delivery was already being handled by
another process, and having an SMTP connection already open, the function
to close it tried to use an uninitialized variable. This would afftect
high-volume sites more, especially when running mailing-list-style loads.
Pollution of logs was the major effect, as the other process delivered
the message. Found and partly investigated by Graeme Fowler.
JH/29 Change format of the internal ID used for message identification. The old
version only supported 31 bits for a PID element; the new 64 (on systems
which can use Base-62 encoding, which is all currently supported ones
but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
and must use Base-36). The new ID is 23 characters rather than 16, and is
visible in various places - notably logs, message headers, and spool file
names. Various of the ancillary utilities also have to know the format.
As well as the expanded PID portion, the sub-second part of the time
recorded in the ID is expanded to support finer precision. Theoretically
this permits a receive rate from a single comms channel of better than the
previous 2000/sec.
The major timestamp part of the ID is not changed; at 6 characters it is
usable until about year 3700.
Updating from previously releases is fully supported: old-format spool
files are still usable, and the utilities support both formats. New
message will use the new format. The one hints-DB file type which uses
message-IDs (the transport wait- DB) will be discarded if an old-format ID
is seen; new ones will be built with only new-format IDs.
Optionally, a utility can be used to convert spool files from old to new,
but this is only an efficiency measure not a requirement for operation
Downgrading from new to old requires running a provided utility, having
first stopped all operations. This will convert any spool files from new
back to old (losing time-precision and PID information) and remove any
wait- hints databases.
JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
we treated them as item separators when parsing for a list item, but they
need to be protected by the doublequotes. While there, add handling for
backslashes.
JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
Found and fixed by Jasen Betts. No testcase for this as my usual text
editor insists on emitting only valid UTF-8.
JH/32 Fix "tls_dhparam = none" under GnuTLS. At least with 3.7.9 this gave
a null-indirection SIGSEGV for the receive process.
JH/33 Fix free for live variable $value created by a ${run ...} expansion during
-bh use. Internal checking would spot this and take a panic.
JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
In 4.96 this would expand to empty.
JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
certificate. Find and fix by Andreas Metzler.
JH/36 Add ARC info to DMARC hostory records.
JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
or fakedefer. Previously the sender could discover that the message
had in fact been accepted.
JH/38 Taint-track intermediate values from the peer in multi-stage authentation
sequences. Previously the input was not noted as being tainted; notably
this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
bad coding of authenticators.
JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
and ${tr...}. Found and diagnosed by Heiko Schlichting.
JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
e8600462c735db5d635b872db949f2b98337de95)
Daniel Golle [Thu, 4 Apr 2024 02:01:39 +0000 (03:01 +0100)]
cryptsetup: update to version 2.7.1
The most notable change is the introduction of (optional) support for
hardware OPAL disk encryption. However, as this requires Linux 6.4 or
later, support for OPAL is implicitely disabled until targets used for
the package build have been updated to Linux 6.6.
See release notes for 2.7.0 and 2.7.1 for more details:
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.1-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
54a2534cb2b7b7f53ea21d07d0c56a3e577bcf96)
Daniel Golle [Thu, 4 Apr 2024 01:59:17 +0000 (02:59 +0100)]
lvm2: update to LVM2 2.03.17 and libdm Version 1.02.187
LVM2 Version 2.03.17 - 10th November 2022
=========================================
Add new options (--fs, --fsmode) for FS handling when resizing LVs.
Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
Fix lv_active field type to binary so --select and --binary applies properly.
Switch to use mallinfo2 and use it only with glibc.
Error out in lvm shell if using a cmd argument not supported in the shell.
Fix lvm shell's lastlog command to report previous pre-command failures.
Extend VDO and VDOPOOL without flushing and locking fs.
Add --valuesonly option to lvmconfig to print only values without keys.
Updates configure with recent autoconf tooling.
Fix lvconvert --test --type vdo-pool execution.
Add json_std output format for more JSON standard compliant version of output.
Fix vdo_slab_size_mb value for converted VDO volume.
Fix many corner cases in device_id, including handling of S/N duplicates.
Fix various issues in lvmdbusd.
DM Version 1.02.187 - 10th November 2022
========================================
Add DM_REPORT_GROUP_JSON_STD for more JSON standard compliant output format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
20cc530004d84c631a6d11fde0cf3dd8f55d34a3)
Daniel Golle [Fri, 8 Mar 2024 23:26:56 +0000 (23:26 +0000)]
gnunet: update to version v0.21.0
This release marks a noteworthy milestone in that it includes a
completely new transport layer. It lays the groundwork for fixing some
major design issues and may also already alleviate a variety of issues
seen in previous releases related to connectivity. This change also
deprecates our testbed and ATS subsystem.
This is a new major release. It breaks protocol compatibility with the
0.20.x versions. Please be aware that Git master is thus henceforth
(and has been for a while) INCOMPATIBLE with the 0.20.x GNUnet
network, and interactions between old and new peers will result in
issues. In terms of usability, users should be aware that there are
still a number of known open issues in particular with respect to ease
of use, but also some critical privacy issues especially for mobile
users. Also, the nascent network is tiny and thus unlikely to provide
good anonymity or extensive amounts of interesting information. As a
result, the 0.21.0 release is still only suitable for early adopters
with some reasonable pain tolerance.
v0.21.0:
- Reworked PEERSTORE API
- Added record flag for maintenance records
- ensure traits can be generated with subsystem-specific prefixes for
the symbols
- libgnunettesting first major testing NG refactor towards getting
dependency structure streamlined
- Remove single-use API macro GNUNET_VA_ARG_ENUM
- major revision of blind signature API
- Introduced closure to hold store context when caling function to add
hello in peerstore.
- Added DDLs for handling GNUNET_PEERSTORE_StoreHelloContext
- Removed old hello functionality.
- Refactoring components under src/ into lib/, plugin/, cli/ and
service/
- add support for encoding/decoding double values as part of JSON to
libgnunetjson
- Changed method GNUNET_HELLO_builder_get_expiration_time to not need
parameter GNUNET_HELLO_Builder.
- Code moved to the core package to get rid of circular dependencies.
- Moved code to testing to have more generic test setup, which can be
used not only from within transport.
- The old hello design replaced by the new hello design.
- Added api to get notified when hellos are stored with peerstore
service.
- Added api to store hellos with peerstore service.
- Changed new hello uri api to allow to change the expiration time
- Moved start peer command to testing subsystem.
- Removed all usage of old transport api, beside peerinfo tool,
gnunet-transport cli and usage in transport layer itself.
- Added __attribute__((deprecated)) to the old transport API
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
31e9aea1b659b34f9cc4e11ef4811f9e773ac036)
Daniel Golle [Wed, 20 Dec 2023 05:01:15 +0000 (05:01 +0000)]
gnunet: update to version 0.20.0
v0.20.0:
- GNUNET_TESTING_get_testname_from_underscore renamed to GNUNET_STRINGS_get_suffix_from_binary_name and moved from libgnunettesting to libgnuneutil
- Move GNUNET_s into libgnunetutil.
- re-introduce compiler annotation for array size in signature
- function-signature adjustment due to compiler error
- GNUNET_PQ_get_oid removed, GNUNET_PQ_get_oid_by_name improved
- Added GNUNET_PQ_get_oid_by_name
- added GNUNET_PQ_get_oid()
- Added new CCA-secure KEM and use in IDENTITY encryption
- Add KEM API to avoid ephemeral private key management
- Add new GNUNET_PQ_event_do_poll() API to gnunet_pq_lib.h
- Added API to support arrays in query results
- Improve PQ API documentation.
- API for array types extended for times
- API extended for array query types
- relevant array-types in queries (not results) in postgresql added
- just style fixes, int to enum
- initial steps towards support of array-types in posgresql
- adds GNUNET_JSON_spec_object_const() and GNUNET_JSON_spec_array_const()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
dbae7f9493620c6047ac53a37a1690a6041e40f7)
Daniel Golle [Sat, 8 Jul 2023 11:29:30 +0000 (12:29 +0100)]
gnunet: update to version 0.19.4
v0.19.4:
- No changes
v0.19.3:
- We now detect MySQL's strange, version-dependent my_bool type on configure.
- Add pkg-config definitions for gnunet messenger.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
bef5da553f40eb406e84be6c2738943c0c80e461)
Daniel Golle [Thu, 4 Apr 2024 02:35:48 +0000 (03:35 +0100)]
libcurl-gnutls: update to verison 8.7.1
See https://curl.se/changes.html#8_7_1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
428e9da9df4358f6893012cd60d9bd267db43ae5)
Aleksey Vasilenko [Wed, 21 Feb 2024 07:34:19 +0000 (09:34 +0200)]
libcurl-gnutls: fix build
- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
30fe2d99ab0c4826b06890c18ea34415b6820b44)
Konstantin Demin [Thu, 1 Feb 2024 00:29:58 +0000 (03:29 +0300)]
libcurl-gnutls: update to version 8.6.0
https://curl.se/changes.html#8_6_0
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit
af748ea6915e16e91bcd8b5402e474cf745eea55)
Daniel Golle [Wed, 20 Dec 2023 03:42:41 +0000 (03:42 +0000)]
libcurl-gnutls: update to version 8.5.0
https://curl.se/changes.html#8_5_0
Pick upstream patch to fix build with gnuTLS and verbose strings removed.
The patch should be removed with the next version bump.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cbdd619c23d4ccaf3bca229a659f70b2bcf7ab82)
Daniel Golle [Sat, 8 Jul 2023 11:29:13 +0000 (12:29 +0100)]
libcurl-gnutls: update to version 8.2.1
See cURL changes for details:
https://curl.se/changes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
7eaa2cd28454a2ef82fad49f26c7207ecf3f7db7)
Michael Heimpold [Mon, 15 Apr 2024 20:05:44 +0000 (22:05 +0200)]
php8: update to 8.2.18
This fixes:
- CVE-2024-1874
- CVE-2024-2756
- CVE-2024-3096
While at, switch to https download URL.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Mon, 8 Apr 2024 13:12:57 +0000 (21:12 +0800)]
golang: Update to 1.21.9
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a5557a2a47f57c651dd5dc97eac40de26617de91)
Stan Grishin [Fri, 12 Apr 2024 20:39:55 +0000 (13:39 -0700)]
Merge pull request #23874 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: improve Makefile's prerm
Stan Grishin [Fri, 12 Apr 2024 20:39:22 +0000 (13:39 -0700)]
Merge pull request #23815 from stangri/openwrt-23.05-curl
[23.05] curl: update to 8.7.1
Josef Schlehofer [Tue, 5 Mar 2024 17:03:13 +0000 (18:03 +0100)]
lualanes: update to version 3.16.3 and use tarball
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
8b7040b6de0d485fa3867ff315cd30f873c49a55)
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
(cherry picked from commit
08e51ab50a452d1c6217f3a6767f66146814878b)
krant [Wed, 7 Feb 2024 13:35:30 +0000 (15:35 +0200)]
hwdata: update to 0.379
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
9f45bfd3d5233284095a7bbe789c1f947138048c)
Fabrice Fontaine [Tue, 30 Jan 2024 20:13:59 +0000 (21:13 +0100)]
libs/libdaq3: assign PKG_LICENSE_FILES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit
b2c548975de4ab3d917c78d5d405a9993965b8ad)
John Audia [Thu, 18 Jan 2024 19:13:43 +0000 (14:13 -0500)]
libdaq3: update to 3.0.14
Update to latest version.
Changelog: https://github.com/snort3/libdaq/releases/tag/v3.0.14
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
651b7e1f92f0733c1d128a7fe3869def9f065954)
John Audia [Wed, 8 Nov 2023 21:09:27 +0000 (16:09 -0500)]
libdaq3: update to 3.0.13
Upstream bump
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
4c05ae5f6c4e64f404fa435a63e94de381504f42)
John Audia [Wed, 28 Jun 2023 16:30:13 +0000 (12:30 -0400)]
libdaq3: update to 3.0.11
Upstream bump
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
9f2d3c5bf855773d5e5756652b640e2c0565d1a9)
John Audia [Thu, 11 Apr 2024 18:10:31 +0000 (14:10 -0400)]
snort3: remove symbol @HAS_LUAJIT_ARCH
Remove symbol introduced in master to allow building.
Closes #23861
Signed-off-by: John Audia <therealgraysky@proton.me>
John Audia [Thu, 14 Mar 2024 19:14:45 +0000 (15:14 -0400)]
snort3: update to 3.1.82.0
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.82.0
Removed patches/010-gcc13.patch
,,_ -*> Snort++ <*-
o" )~ Version 3.1.82.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-03-06
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
fdebb16619b84831c2624f8fd8b9b38d732bc6df)
Stan Grishin [Wed, 10 Apr 2024 23:56:43 +0000 (23:56 +0000)]
adblock-fast: improve Makefile's prerm
* improve output of Makefile's prerm routines
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9eb61fe02da9085f1c211919af38e3c504098f61)
Hirokazu MORIKAWA [Sun, 7 Apr 2024 02:47:53 +0000 (11:47 +0900)]
node: April 3, 2024 Security Releases
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Hannu Nyman [Fri, 5 Apr 2024 14:35:42 +0000 (17:35 +0300)]
irqbalance: update to version 1.9.4
Update irqbalance to version 1.9.4.
* refresh version in meson patch
* remove EINVAL handling patch as upstream seems to have silenced
the log spam for unmanageable IRQs
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
b8d0049e7cb5ab5aaeb1c5517008dab4404faf6a)
krant [Fri, 5 Apr 2024 14:35:26 +0000 (17:35 +0300)]
irqbalance Update init script to remove duplicate spaces
I have some strange issues with irqbalance sometimes overwritin
smp_affinity values for banned/ignored IRQs. The issue is reproduceable
and is mitigated when I change theway how the irqbalance command line is
built. The only difference between the resulting command is that there
is only one space between the -t parameter and the first -i parameter
value.
Also see https://github.com/Irqbalance/irqbalance/issues/297
Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
(cherry picked from commit
41e5b979f583ed29a6cafa33ef9b5825f5165a43)
Jo-Philipp Wich [Thu, 4 Apr 2024 23:33:50 +0000 (01:33 +0200)]
nano: fix syntax highlighting for raw ucode scripts
Text between interpreter line and start of first directive should only
highlighted as uninterpreted when running in template mode, so adjust
the match rule accordingly.
Fixes: #23761
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
8f9564387d136c2a09c763b4c4ac7e4aa16baeb5)
Jo-Philipp Wich [Wed, 8 Nov 2023 13:53:37 +0000 (14:53 +0100)]
nano: add syntax highlighting for ucode scripts
Introduce local syntax highlighting support for ucode scripts, like
it is done already for uci configuration files.
Ref: https://github.com/jow-/ucode/issues/178
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d8a574f7f0eb2f5970119a2b0527048583054180)
Stan Grishin [Sun, 31 Mar 2024 16:36:19 +0000 (16:36 +0000)]
curl: update to 8.7.1
* update to 8.7.1: https://curl.se/changes.html#8_7_1
* use the new --disable-docs flag for configure
* update 200-no_docs_tests.patch
* switch to APK-compatible revision
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
227c8daa159acdc84aad9e06a6a33f7d07263130)
Andrea Pesaresi [Sat, 30 Mar 2024 08:41:35 +0000 (09:41 +0100)]
kmsbd-tools: switch to use tagged release
Instead of checking Git sources, we will use now tagged releases.
This solve the strange version 0~3.5.1-r1, now will be 3.5.2-r2
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
(cherry picked from commit
f8a7ee7f4757bc12e081deb3296ddbdbcd5f33b4)
Rosen Penev [Sat, 13 Jan 2024 03:13:29 +0000 (19:13 -0800)]
ksmbd-tools: update to 3.5.1
Various fixes for ksmbd, most notably a visibility fix for the latest
ksmbd code.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e9e1ae23862ceeaa95939b2a7cfa9156c5338f89)
Javier Marcet [Sat, 30 Mar 2024 15:59:10 +0000 (16:59 +0100)]
docker-compose: add PKG_NAME to PKG_SOURCE
Before this change, the tarball was downloaded as vVERSION.tar.gz.
For example, it was v2.26.1.tar.gz and that file was put into the dl folder
within the OpenWrt build system.
After this change, the tarball is properly downloaded as NAME-vVERSION.tar.gz.
In this case, it will look like this: docker-compose-v.2.26.1.tar.gz
The advantages of using this:
- Users, developers will know that what they downloaded (it has name and version)
- The tarball will not be overwritten by another package with the same version.
Signed-off-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added commit message]
(cherry picked from commit
261b38c14bed7865d244f24d0adb1bb33e963b88)
Glen Huang [Wed, 17 May 2023 09:53:51 +0000 (17:53 +0800)]
acme: standardize key_type
keylength, being an acme.sh value type, uses pure numbers for rsa keys.
This can be disorienting for other acme clients. This change introduces
a new option "key_type" that aims to remove this ambiguity, and makes
all key type names follow the same pattern, making acme-common more
client agnostic.
Signed-off-by: Glen Huang <me@glenhuang.com>
(cherry picked from commit
6d61014e51266f1cb083d9f31491f9c5fb73eeb0)
Van Waholtz [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: update to 1.8.10
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
1ca47e0ed4eecd56befc3516739b2cbcdb2aa702)
Van Waholtz [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: restart if the specified interfaces start up
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
da03a29cda0898e1a3e46e242b73a7795bbef492)
Van Waholtz [Wed, 28 Feb 2024 13:32:53 +0000 (21:32 +0800)]
sing-box: update to 1.8.7
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
3917a0af5878eb7ce76feff9affd06902806f370)
Toke Høiland-Jørgensen [Wed, 27 Mar 2024 20:51:49 +0000 (21:51 +0100)]
acme-common: backport config fixes from master
Backport config changes from commit
04ac8c177d9a ("acme-common: simplify config
example") from master, and apply the subsequent fixup. This should fix the issue
with ACME not working in Luci (resolving #23756).
Keep the version number bump as a bugfix (1.0.4) since we have not backported
all the ACME changes to 23.05.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
krant [Sun, 24 Mar 2024 09:47:43 +0000 (11:47 +0200)]
rust: update to 1.77.0
- Restore patch hunk mis-deleted in
dccb910
- Refresh patches
- Remove --enable-missing-tools configure option deleted in the upstream
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
7f01006f96190947a799621970bfdc719af732ec)
krant [Sat, 24 Feb 2024 16:47:34 +0000 (18:47 +0200)]
rust: update to 1.76.0
- Use .xz for source archive
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
dccb910ae0cb3d654a6432f7b82cd44d46db75e2)
Thibaut VARÈNE [Mon, 25 Mar 2024 10:33:51 +0000 (11:33 +0100)]
uspot: update to Git HEAD (2024-03-25)
56eebdad085e uspot: wrap spotfilter device under tip_mode
1a96d57e5fe0 uspot: client_enable() wrap spotfilter data in tip_mode
fe12f9a7abde uspot: clear ratelimit state on startup/shutdown
976badc4d0b6 update README
53b8cb88a94a Makefile: require minimum ucode version
ff6163190d5a uspot/portal: report client_enable() failure
8601d9199233 include sample radcli dictionaries
c670f6c4b48f update README
094f0df88150 uspot: work around ucode#191 missing in 23.05
Update the package Makefile to reflect the changes from the following
above-listed commit:
53b8cb88a94a Makefile: require minimum ucode version
Fixes: https://github.com/f00b4r0/uspot/issues/4
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit
bc33522715342e04461000fc119ec71df12514a1)
Tianling Shen [Thu, 21 Mar 2024 07:03:35 +0000 (15:03 +0800)]
dnsproxy: Update to 0.66.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4448d9f4a10bdfb3f86105f974f61db7e4f483fb)
Tianling Shen [Thu, 21 Mar 2024 07:03:30 +0000 (15:03 +0800)]
cloudflared: Update to 2024.3.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
bcb75533851c51bff4628d4273d2388d7007f6c8)
Tianling Shen [Thu, 21 Mar 2024 07:03:14 +0000 (15:03 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
7cb8ac09661aebec6b125ad494411d9804055708)
Tianling Shen [Thu, 21 Mar 2024 07:03:07 +0000 (15:03 +0800)]
v2ray-core: Update to 5.15.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b62792868216259b76b5dd11ea2c1fe583d91a3b)
Tianling Shen [Tue, 19 Mar 2024 04:37:49 +0000 (12:37 +0800)]
rclone: Update to 1.66.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
7ce54fa9127c280af48d9f3cde9c2ef6b89e3f29)
Peca Nesovanovic [Wed, 20 Mar 2024 20:21:36 +0000 (21:21 +0100)]
p910nd: fix running multiple instances
Compile tested: (ramips, rb760igs, 23.05 snapshot)
Run tested: (ramips, rb760igs, 23.05 snapshot, tests done)
Description:
In case we have multiple device defined in /etc/config/p910nd then init script will try to start multiple instance with same instance name
drop instance name as resolution
tested on 23.05 snapshot with 2 USB printers
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
(cherry picked from commit
152d80ce1326d0b1fee8e324ec8e68dd9f44cf4a)
Tianling Shen [Thu, 21 Mar 2024 06:53:59 +0000 (14:53 +0800)]
golang: Update to 1.21.8
go1.21.8 (released 2024-03-05) includes security fixes to the crypto/x509,
html/template, net/http, net/http/cookiejar, and net/mail packages,
as well as bug fixes to the go command and the runtime.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Josef Schlehofer [Tue, 5 Mar 2024 19:44:47 +0000 (20:44 +0100)]
syslog-ng: enable http module based on zlib support in curl
Since version 4.4.0, syslog-ng added compression to http() destination
using zlib from curl. [1] However, zlib is currently disabled in curl [2]
and it prevented syslog-ng to start.
This commit changes the configuration opinion to enable http module only if
zlib support is enabled for curl and as well it adds dependency for zlib (in that case).
If the zlib is disabled, then it disables http module, so syslog-ng can start
and thus zlib dependency is not required.
[1] https://gitlab.nic.cz/turris/os/packages/-/issues/932
[2] https://github.com/openwrt/packages/blob/
93cbaacbfb13048ad378520a7afea7c9027dd1d6/net/curl/Config.in#L134
Fixes: 4dd49d7c3cd571107958154f1ed1ec8d8dba7464 ("syslog-ng: update to version 4.4.0")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1e14d95d78d03ab163653166652972ca3e8c366e)
Paul Spooren [Thu, 14 Mar 2024 13:46:15 +0000 (14:46 +0100)]
ci: set correct arch for rootfs tests
With the commit
01e5cfc "CI: Add target/arch tags (no suffix) for
snapshot images"[1] the os/platform is set for all images, which is usually
different from what the GitHub action runner uses (x86). The Docker
deamon still tries to fetch the x86 version and fails.
This commit explicitly sets the fitting arch.
[1]: https://github.com/openwrt/docker/commit/
01e5cfccd73a72ecab730496607c7c22b904f366
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
d359fa04eda29638b9326c194490685c1177fd49)
Stan Grishin [Sun, 24 Mar 2024 14:04:59 +0000 (08:04 -0600)]
Merge pull request #23736 from stangri/openwrt-23.05-https-dns-proxy
[23.05] https-dns-proxy: prepare migration to APK
Stan Grishin [Sat, 23 Mar 2024 01:02:32 +0000 (01:02 +0000)]
https-dns-proxy: prepare migration to APK
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
b8a8c480fcd71144c794415a46264cc22262cc2a)
Stan Grishin [Sun, 24 Mar 2024 13:55:09 +0000 (07:55 -0600)]
Merge pull request #23719 from stangri/openwrt-23.05-https-dns-proxy
[23.05] https-dns-proxy: prepare migration to APK
Stan Grishin [Sun, 24 Mar 2024 13:09:02 +0000 (07:09 -0600)]
Merge pull request #23720 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: prepare migration to APK
Stan Grishin [Sun, 24 Mar 2024 13:07:30 +0000 (07:07 -0600)]
Merge pull request #23718 from stangri/openwrt-23.05-nebula
[23.05] nebula: prepare migration to APK
Michal Hrusecky [Tue, 13 Feb 2024 13:17:31 +0000 (14:17 +0100)]
knot-resolver: Update to version 5.7.1
- Fixes CVE-2023-50868 and CVE-2023-50387
- Also, the resolver has not been called 'Knot DNS Resolver' for quite
some time, so fix that, too.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit
1131acf57fb07c0fa3e47c71bdca172f9d2f2e43)
Šimon Bořek [Fri, 6 May 2022 11:18:08 +0000 (13:18 +0200)]
knot-resolver: enable dnstap module build by default
'dnstap' module will be built but not loaded by default at runtime
(configuration must be provided for it to be loaded). It is still possible to
disable dnstap build manually using menuconfig.
"The dnstap module supports logging DNS requests and responses to a unix socket
in dnstap format using fstrm framing library. This logging is useful if you need
effectively log all DNS traffic."[^1]
Adds dependency on 'protobuf', 'protobuf-c', 'libfstrm'. Listed packages are
available from OpenWrt packages, have uncomplicated manifests and
while 'protobuf-c' doesn't have a maintainer since spring 2020, all the
packages (including 'protobuf-c') seem to be maintained - the last
updates of all of them in autumn 2021.
As stated by Vladimír Čunát from Knot Resolver team they build dnstap
while packaging for majority of standard Linux distributions.
Therefore this change brings us closer to expected default.
[^1]: https://knot-resolver.readthedocs.io/en/stable/modules-dnstap.html
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
a68397ff778db68bd4e78ac26880dda959aaaf18)
Šimon Bořek [Thu, 5 May 2022 15:53:30 +0000 (17:53 +0200)]
knot-resolver: do not overwrite -Ddnstap=enabled configuration
It was possible to enable dnstap in menuconfig, but the configuration
only added dependencies while leaving dnstap module build disabled.
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
af521478f832639fa08a763c3182125e5cac1a80)
Glenn Strauss [Thu, 14 Mar 2024 04:31:23 +0000 (00:31 -0400)]
lighttpd: update to lighttpd 1.4.75 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a60a0d0730886ff23c75de1f9b88a039097aed37)
Stan Grishin [Sat, 23 Mar 2024 01:02:48 +0000 (01:02 +0000)]
nebula: prepare migration to APK
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9cb2dbd23ce740fb6f03a190327dc60ab7c6884d)
Stan Grishin [Sat, 23 Mar 2024 01:02:32 +0000 (01:02 +0000)]
https-dns-proxy: prepare migration to APK
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
dae56fd2a5d4ac579dff5d151cefe45b8d873bd6)
Stan Grishin [Sat, 23 Mar 2024 01:02:05 +0000 (01:02 +0000)]
adblock-fast: prepare migration to APK
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
706592edccd0fb562f9d1966c6a360e9dc099fb1)
Alexandru Ardelean [Thu, 14 Mar 2024 14:08:36 +0000 (16:08 +0200)]
django: bump to version 4.2.11
Addresses a bunch of CVEs.
A more recent one: https://nvd.nist.gov/vuln/detail/CVE-2024-24680
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Tianling Shen [Tue, 19 Mar 2024 09:11:10 +0000 (17:11 +0800)]
Merge pull request #23691 from EricLuehrsen/unbound_1193_wrt23
[23.05] Backport Unbound 1.19.3 and script fixes to stable
Jan Klos [Mon, 18 Mar 2024 20:26:51 +0000 (21:26 +0100)]
unbound: update to 1.19.3
Signed-off-by: Jan Klos <jan@klos.xyz>
Paul Donald [Fri, 15 Mar 2024 13:42:12 +0000 (14:42 +0100)]
unbound: spell fix
Closes openwrt/luci#6993
Signed-off-by: Paul Donald <newtwen@gmail.com>
Jan Klos [Mon, 19 Feb 2024 13:27:05 +0000 (14:27 +0100)]
unbound: add file parameter to service instance
that way, procd does not needlessly restart unbound on triggers when
everything remains the same - changes in non-default included
configuration files will not be registered, however
Signed-off-by: Jan Klos <jan@klos.xyz>
Jan Klos [Fri, 17 Nov 2023 23:59:07 +0000 (00:59 +0100)]
unbound: remove date/time from config headers
so that procd can decide whether to restart unbound based on config
file changes
Signed-off-by: Jan Klos <jan@klos.xyz>
Dirk Brenken [Mon, 18 Mar 2024 21:09:09 +0000 (22:09 +0100)]
travelmate: update 2.1.2-6
* fix vpn semaphore handling (#23643), thanks to @brianjmurrell
* disable vpn processing by default
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
b8c47eae98929ea61d124af0e554daad8cc4feae)
Paul Donald [Tue, 5 Mar 2024 13:59:49 +0000 (14:59 +0100)]
p910nd: restart daemon even if no driver file is needed
Not all USB printers need a blob loading; restart the daemon
independently of driver loading.
Closes openwrt/packages#23588
Signed-off-by: Paul Donald <newtwen@gmail.com>
Tested-by: minicx <minicx@disroot.org>
(cherry picked from commit
685ef7d97b345c09edd428250794dd9fce07a174)
W. Michael Petullo [Mon, 1 Jan 2024 23:47:35 +0000 (17:47 -0600)]
shared-mime-info: update to 2.4
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
09bfc9483dfb437904b2a9e77670e2addbe83738)
W. Michael Petullo [Tue, 20 Jun 2023 13:53:34 +0000 (08:53 -0500)]
shared-mime-info: update to 2.2
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit
4f608bb99852c96772dee55f0cb2ddbc17f2fd76)
Yousong Zhou [Tue, 12 Mar 2024 00:45:28 +0000 (00:45 +0000)]
shadowsocks-libev: add remote server ips to dst bypass ipset
To align with old iptables-based ss-rules implementation.
Supersedes openwrt/packages#20239
Link: https://github.com/openwrt/packages/pull/20239
Signed-off-by: Luis Liou <liouluis@gmail.com>
[minor fixup on commit title, version bump, etc.]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
85b634f0b4f03d057613d45553ca272af877c27e)
Peter van Dijk [Thu, 7 Mar 2024 11:22:18 +0000 (12:22 +0100)]
libwslay: remove, nothing depends on it since h2o is gone
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit
e1b6bac484e1a1d45f9001c4c0778f6136492a6c)
krant [Mon, 26 Feb 2024 11:12:21 +0000 (13:12 +0200)]
dnsdist: disable XSK to fix the build
XSK support is set to auto by default and on some hosts it is detected as
on and leads to:
```
In file included from dnsdist-backend.cc:32:
xsk.hh:28:10: fatal error: bits/types/struct_timespec.h: No such file or
directory
28 | #include <bits/types/struct_timespec.h>
```
Here we disable XSK so configure will behave more deterministically and
hopefully fix the builders.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
f8dcc36af4f2f40076e4d07b1acd1a0177a7dbcb)