Rui Salvaterra [Wed, 23 Nov 2022 19:10:06 +0000 (19:10 +0000)]
tor: bump to 0.4.7.11 stable
Quoting the changelog:
Changes in version 0.4.7.11 - 2022-11-10
This version contains several major fixes aimed at helping defend against
network denial of service. It is also extending drastically the MetricsPort
for relays to help us gather more internal data to investigate performance
and attacks.
We strongly recommend to upgrade to this version especially for Exit relays
in order to help the network defend against this ongoing DDoS.
o Directory authority changes (dizum, Faravahar):
- Change dizum IP address. Closes ticket 40687.
- Remove Faravahar until its operator, Sina, set it back up online
outside of Team Cymru network. Closes ticket 40688.
o Major bugfixes (geoip data):
- IPFire informed us on August 12th that databases generated after
(including) August 10th did not have proper ARIN network
allocations. We are updating the database to use the one generated
on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13.
o Major bugfixes (onion service):
- Set a much higher circuit build timeout for opened client rendezvous
circuit. Before this, tor would time them out very quickly leading to
unnecessary retries meaning more load on the network. Fixes bug 40694;
bugfix on 0.3.5.1-alpha.
o Major bugfixes (OSX):
- Fix coarse-time computation on Apple platforms (like Mac M1) where
the Mach absolute time ticks do not correspond directly to
nanoseconds. Previously, we computed our shift value wrong, which
led us to give incorrect timing results. Fixes bug 40684; bugfix
on 0.3.3.1-alpha.
o Major bugfixes (relay):
- Improve security of our DNS cache by randomly clipping the TTL
value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.
o Minor feature (Mac and iOS build):
- Change how combine_libs works on Darwin like platforms to make
sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
symbols on the archive before we repack and run ${RANLIB} on the
archive. This fixes a build issue with recent Xcode versions on
Mac Silicon and iOS. Closes ticket 40683.
o Minor feature (metrics):
- Add various congestion control counters to the MetricsPort. Closes
ticket 40708.
o Minor feature (performance):
- Bump the maximum amount of CPU that can be used from 16 to 128. Note
that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug
40703; bugfix on 0.3.5.1-alpha.
o Minor feature (relay):
- Make an hardcoded value for the maximum of per CPU tasks into a
consensus parameter.
- Two new consensus parameters are added to control the wait time in
queue of the onionskins. One of them is the torrc
MaxOnionQueueDelay options which supersedes the consensus
parameter. Closes ticket 40704.
o Minor feature (relay, DoS):
- Apply circuit creation anti-DoS defenses if the outbound circuit
max cell queue size is reached too many times. This introduces two
new consensus parameters to control the queue size limit and
number of times allowed to go over that limit. Closes ticket 40680.
o Minor feature (relay, metrics):
- Add DoS defenses counter to MetricsPort.
- Add congestion control RTT reset counter to MetricsPort.
- Add counters to the MetricsPort how many connections, per type,
are currently opened and how many were created.
- Add relay flags from the consensus to the MetricsPort.
- Add total number of opened circuits to MetricsPort.
- Add total number of streams seen by an Exit to the MetricsPort.
- Add traffic stats as in number of read/written bytes in total.
- Related to ticket 40194.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 10, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/11/10.
o Minor bugfixes (authorities, sandbox):
- Allow to write file my-consensus-<flavor-name> to disk when
sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (dirauth):
- Directory authorities stop voting a consensus "Measured" weight
for relays with the Authority flag. Now these relays will be
considered unmeasured, which should reserve their bandwidth for
their dir auth role and minimize distractions from other roles. In
place of the "Measured" weight, they now include a
"MeasuredButAuthority" weight (not used by anything) so the
bandwidth authority's opinion on this relay can be recorded for
posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth
torrc option which never worked right. Fixes bugs 40698 and 40700;
bugfix on 0.4.7.2-alpha.
o Minor bugfixes (onion service client):
- A collapsing onion service circuit should be seen as an
"unreachable" error so it can be retried. Fixes bug 40692; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (onion service):
- Make the service retry a rendezvous if the circuit is being
repurposed for measurements. Fixes bug 40696; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (relay overload statistics):
- Count total create cells vs dropped create cells properly, when
assessing if our fraction of dropped cells is too high. We only
count non-client circuits in the denominator, but we would include
client circuits in the numerator, leading to surprising log lines
claiming that we had dropped more than 100% of incoming create
cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha.
o Code simplification and refactoring (bridges):
- Remove unused code related to ExtPort connection ID. Fixes bug
40648; bugfix on 0.3.5.1-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
9136ff153249eac852b71e18107c68d78fd47215)
Glenn Strauss [Thu, 22 Feb 2024 18:03:24 +0000 (13:03 -0500)]
lighttpd: update to lighttpd 1.4.74 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
4d8bb07b734391d11318cb319548a17273820685)
krant [Fri, 9 Feb 2024 20:44:43 +0000 (22:44 +0200)]
squid: fix configure options
- Remove non-existing 'dlmalloc' option
- Use 'with-cap' instead of 'with-libcap'
- Use 'with-xml2' instead of 'with-libxml2'
- Patch configure.ac to properly handle 'with-nettle'
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
f58be51721fb0e2c5aa0747bce36a19deb7392dd)
krant [Thu, 8 Feb 2024 13:01:10 +0000 (15:01 +0200)]
squid: update to 6.7
- Switch URL to HTTPS
- Remove default/obsolete configure options
- Fix and refresh the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
4007a08529a86b600b4ce6476cf6367de577a645)
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
(cherry picked from commit
35ba14e50c6c90b3cc32538573d02a3b4f5b9184)
Sebastian Kemper [Tue, 7 Mar 2023 21:31:41 +0000 (22:31 +0100)]
tiff: force libdeflate support to off
Commit
81d2b72 added a package providing libdeflate. Tiff by default
links to it, causing a build error.
Package libtiff is missing dependencies for the following libraries:
libdeflate.so.0
This commit forces libdeflate use off to avoid this. No revision bump is
done because the package is currently not compiling anyway.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
e3c6da4e25a96eae0cf249393af8599659a04b09)
Daniel Golle [Sun, 19 Feb 2023 04:41:08 +0000 (04:41 +0000)]
libb64: add package
Add generic base64 encode/decode (static) library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6993b5d9456f4747583082106e889eacc4d8ab08)
Tianling Shen [Wed, 17 May 2023 13:34:02 +0000 (21:34 +0800)]
libdeflate: Update to 1.18
Release note:
https://github.com/ebiggers/libdeflate/blob/master/NEWS.md#version-118
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
8591e8fb3f0400b25793543600ba4e9a6f93abe0)
Daniel Golle [Sun, 19 Feb 2023 04:41:44 +0000 (04:41 +0000)]
libdeflate: add package
Add package for libdeflate which is a library for fast, whole-buffer
DEFLATE-based compression and decompression.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
81d2b7262e510b9a4746656712d9f5a2b6521249)
Daniel Golle [Sun, 19 Feb 2023 04:43:43 +0000 (04:43 +0000)]
libdht: add package
Add Kademlia Distributed Hash Table (DHT) library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a281a8af9f7b74960a52a3e102fc636c0722b92c)
Daniel Golle [Sun, 19 Feb 2023 04:44:16 +0000 (04:44 +0000)]
libutp: add package
Add Transmission version of the uTorrent Transport Protocol library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
1ecef46f1cb00aeac717710e6a25b82b68a2970b)
Liangbin Lian [Mon, 10 Jul 2023 07:53:33 +0000 (15:53 +0800)]
transmission: fix depends on libmbedtls
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit
2311e7921893453094bd065e1a94ffa8d850c8b7)
Tianling Shen [Tue, 20 Feb 2024 05:47:37 +0000 (13:47 +0800)]
Merge pull request #23416 from systemcrash/p910nd_22_picks
P910nd v22.03 picks
Rosen Penev [Mon, 25 Dec 2023 06:01:33 +0000 (22:01 -0800)]
openconnect: update to 9.12
Remove upstream backport and fix libxml 1.12 compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Vladislav Grigoryev [Sat, 14 Oct 2023 09:25:34 +0000 (12:25 +0300)]
openconnect: add support for option --pfs
Add support for the OpenConnect option `--pfs`.
Designed to require perfect forward secrecy.
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
John Audia [Fri, 28 Jul 2023 21:52:17 +0000 (17:52 -0400)]
lxc: update to 5.0.3
Bump to latest upstream release.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
1b5ee689f3f8fa68580206274b5b67c06db3ec91)
Jeffery To [Fri, 24 Nov 2023 07:21:26 +0000 (15:21 +0800)]
fail2ban: Fix compatibility with Python 3.11
This backports 2 commits from upstream[1]; the other 3 are not strictly
necessary. One of the patches has been updated to remove a change to a
regex that does not exist in 0.11.2.
[1]: https://github.com/fail2ban/fail2ban/pull/3267
Fixes: https://github.com/openwrt/packages/issues/22736
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
0d9cc4aed202c9126966f7a9e73eaa7f48d51b6b)
Marius Dinu [Sun, 23 Jul 2023 17:36:02 +0000 (20:36 +0300)]
transmission: add copy_file_range syscall to seccomp
Fixes this crash:
root@RPi3OpenWrt:/# grep -i seccomp /var/log/audit/audit.log
type=SECCOMP msg=audit(
1689503903.597:16): auid=
4294967295 uid=224 gid=1012 ses=
4294967295 pid=1752 comm="transmission-da" exe="/usr/bin/transmission-daemon" sig=31 arch=
c00000b7 syscall=285 compat=0 ip=0x7fa3b0eefc code=0x80000000
root@RPi3OpenWrt:/# ausyscall 285
copy_file_range
root@RPi3OpenWrt:/#
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
f0926b44f48fa04401c660b0818e74f6b654e5bc)
Marius Dinu [Sun, 16 Jul 2023 13:43:25 +0000 (16:43 +0300)]
transmission: add ftruncate syscall to seccomp
Fixes many crashes.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
a0372545887a2f16329be56949465e13af0d04c7)
Leonid Bogdanov [Sat, 10 Jun 2023 13:06:31 +0000 (23:06 +1000)]
transmission: Fix env variables passing
It's not possible to configure custom Transmission web home as corresponding
env var gets overwritten by the command that sets CA bundle env var.
Signed-off-by: Leonid Bogdanov <leonidbogdanov86@gmail.com>
(cherry picked from commit
c662aefd9aaa15b3a1f7570ccd1d5fe33aeb2a45)
Marius Dinu [Sat, 20 May 2023 16:41:57 +0000 (19:41 +0300)]
transmission: add missing nls.mk include
Fixes issue #21016.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
f66bcdd1b6f8534c0e366a13ee2750820a13e3bb)
Daniel Golle [Fri, 19 May 2023 01:53:53 +0000 (02:53 +0100)]
transmission: add missing ftruncate64 syscall
Transmission 4.0.3 started using the ftruncate64 syscall.
Add it to the list of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
142bbc77f1aa8a81cd1ffb1ebad3ce4f2ef24b8a)
Daniel Golle [Thu, 18 May 2023 02:15:52 +0000 (03:15 +0100)]
transmission: add new syscall needed with musl 1.2.4
Apparently the "revcmsg" syscall is now needed, add it to the list
of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6afcc1bc88a960a9ce5b0d5ed1e8cce87647d5fa)
Andrew Sim [Mon, 15 May 2023 05:12:06 +0000 (07:12 +0200)]
transmission: Update to v4.03
Update transmission to latest stable v4.0.3 release
Changelog: https://github.com/transmission/transmission/releases/tag/4.0.3
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit
f6c43e7c5ad86685f6e5c892b0b412fbd8831200)
Daniel Golle [Sun, 19 Mar 2023 21:48:11 +0000 (21:48 +0000)]
transmission: update to version 4.0.2
See release notes for more details:
https://github.com/transmission/transmission/releases/tag/4.0.2
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
08ee78e022fd03df13e031b456a8a964d7758e85)
Daniel Golle [Sun, 19 Feb 2023 04:44:50 +0000 (04:44 +0000)]
transmission: update to version 4.0.1
This is a major release, both in numbering and in effort! It's been in
active development for over a year and has a huge list of changes --
over a thousand commits -- since Transmission 3.00.
For more information about the release see
https://github.com/transmission/transmission/releases/tag/4.0.0
https://github.com/transmission/transmission/releases/tag/4.0.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
96fd2dc5317f811a575de449d1db8dfdee5c3e61)
Rosen Penev [Sat, 9 Jul 2022 07:49:04 +0000 (00:49 -0700)]
transmission: get rid of iconv dependency
No need for an external one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
142b73b5dbef01b5a331405da564e33af531b461)
Salim B [Sun, 12 Feb 2023 21:20:00 +0000 (22:20 +0100)]
transmission: retrieve boolean config opts using `config_get_bool`
The tranmission UCI config options
- `config_overwrite`
- `incomplete_dir_enabled`
- `watch_dir_enabled`
are all booleans, so we have to retrieve them using `config_get_bool` in order
to make sure they are properly interpreted in case the user sets them to a
keyword (`true`/`false`, `on`/`off` etc.) and not an integer (`0`/`1`).
Signed-off-by: Salim B <git@salim.space>
(cherry picked from commit
63dc13d7d2f5150bf3cf4b6648d8c7f10975381f)
Alexander Egorenkov [Sun, 10 Apr 2022 14:24:24 +0000 (16:24 +0200)]
transmission: add 'incomplete' and 'watch' dirs to ujail mounts
To fix the errors:
Sun Apr 10 14:19:41 2022 daemon.err transmission-daemon[29831]: [2022-04-10 14:19:41.098] watchdir Failed to open directory "/mnt/sda1/openwrt/transmission/watch" (2): No such file or directory (watchdir.c:358)
and
Sun Apr 10 14:20:18 2022 daemon.err transmission-daemon[30175]: [2022-04-10 14:20:18.641] Couldn't create "/mnt/sda1/openwrt/transmission/incomplete": Permission denied (file-posix.c:243)
References:
- https://github.com/openwrt/packages/issues/17674
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit
cbc1b0790dd673d57ec673c159bee8d7b4a2c22b)
Florian Eckert [Tue, 17 Oct 2023 12:14:58 +0000 (14:14 +0200)]
zabbix: update to version 6.4.7
Switch to current stable version 6.4.7.
See release notes:
https://www.zabbix.com/rn/rn6.4.7
So that the new version builds cleanly. The 'libevent2-pthreads' must be
added as dependency.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
4f9ced5cf9d411dc54a815beb365b539c561bbfb)
Christian Marangi [Sun, 29 Oct 2023 14:45:45 +0000 (15:45 +0100)]
zabbix: move to PCRE2 library
Move to PCRE2 library as PCRE is not EOL and won't receive any security
updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
3dfb00c6c6758524282c6fa4a1995280ea613e9c)
Jeffery To [Thu, 1 Jun 2023 16:40:56 +0000 (00:40 +0800)]
zabbix: Add "oldstable" source URL
Zabbix moved the 6.2 directory from "stable" into "oldstable". This adds
the "oldstable" URL to PKG_SOURCE_URL.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
c196aac4b121f434639db90272cb60507aa687f1)
Florian Eckert [Wed, 12 Oct 2022 15:21:58 +0000 (17:21 +0200)]
zabbix: add sqlite3 support
This change makes it possible to build zabbix with sqlite3 support.
Attention:
By selecting "SQLite" as "Database Software" you are not able
to build the zabbix-server and zabbix-server-frontend package anymore.
This database is not supported for this service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
3c11092560ffebeb64c004a40608a2698350fbb0)
Scott Roberts [Mon, 26 Sep 2022 15:41:21 +0000 (09:41 -0600)]
zabbix: update to 6.2.3
Refreshed patches.
Signed-off-by: Scott Roberts <ttocsr@gmail.com>
(cherry picked from commit
475d1cc0e9e061551b6bc227d32c4da5a66a4a3e)
Florian Eckert [Wed, 3 Aug 2022 07:36:05 +0000 (09:36 +0200)]
zabbix: add fping dependency
If fping is not installed on the system the following message is show if
hosts should be monitored via icmp.
Log-Message:
"At least one of '/usr/sbin/fping', '/usr/sbin/fping6' must exist. Both
are missing in the system."
To fix this also, add a dependency to 'fping' for 'zabbix-server' and
'zabbix-proxy' for installation to allow icmp hosts monitoring.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
672a655d6bdccee30d5779a1348a42e4f34b850f)
Julien Cassette [Tue, 21 Nov 2023 08:43:29 +0000 (09:43 +0100)]
unbound: fix `create_host_record_from_host` error when `dns` is not set
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
(cherry picked from commit
8d60419251b2c94f87425f41ce49214771d2bf6a)
Julien Cassette [Fri, 3 Nov 2023 17:42:48 +0000 (18:42 +0100)]
unbound: create extra host records from DHCP static leases
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
(cherry picked from commit
b4a31f92deb8de923d6bc6fb12506e24f4475581)
Eric Luehrsen [Fri, 10 Nov 2023 20:58:15 +0000 (15:58 -0500)]
unbound: update to 1.19.0
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry picked from commit
183f1662795930f846e497be7530e0474c7eff0e)
Eric Luehrsen [Wed, 6 Sep 2023 03:49:41 +0000 (23:49 -0400)]
unbound: update to 1.18.0
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
(cherry picked from commit
03f70dcfd530560c088f05819a11715286ce45d9)
Ted Hess [Thu, 17 Aug 2023 22:20:54 +0000 (18:20 -0400)]
Unbound: Silence SSL unexpected eof messages
Refs: https://github.com/NLnetLabs/unbound/issues/812
https://github.com/NLnetLabs/unbound/issues/846
This is a backport of: https://github.com/NLnetLabs/unbound/commit/
d7e7761
and can be removed with the next release/update of the Unbound package
Signed-off-by: Ted Hess <thess@kitschensync.net>
(cherry picked from commit
2a71e17ca12341682430e587889d8fb7af58ae30)
John Audia [Thu, 11 Jan 2024 20:28:22 +0000 (15:28 -0500)]
htop: update to 3.3.0
Changelog: https://github.com/htop-dev/htop/compare/3.2.2...3.3.0
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
3ee7b46610e9dbd8fd2bba87bd06024cd0d9c08f)
Alexander Egorenkov [Sun, 31 Dec 2023 10:57:42 +0000 (11:57 +0100)]
yt-dlp: bump to version 2023.12.30
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit
5d3424f992b09602f2abd4e71cb163a3af8f3e7c)
Alexander Egorenkov [Sun, 29 Oct 2023 12:42:34 +0000 (13:42 +0100)]
yt-dlp: bump to version 2023.11.16
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit
707e87884d67650c26fda2c30c790d5832e319d7)
Rani Hod [Wed, 19 Jul 2023 15:20:09 +0000 (18:20 +0300)]
yt-dlp: add missing dependencies
Added missing python3-{logging,uuid} dependencies.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit
40a680ffd7d155798123a9eadcc3411f7a201259)
Jonas Jelonek [Fri, 1 Dec 2023 21:37:39 +0000 (22:37 +0100)]
iperf3: update to 3.16
notable changes:
- multithreading support
changelog: https://github.com/esnet/iperf/releases/tag/3.16
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
(cherry picked from commit
bdb6d2a37fda8daa3a2e02af20f0f582dc6e5d7b)
Jakub Raczynski [Wed, 18 Oct 2023 10:03:39 +0000 (10:03 +0000)]
iperf3: Fix dependecy conflict with iperf3-ssl
When selecting both iperf3 and iperf3 ssl, there is a problem that
both packages install same binary file.
This patch fixes this issue by adding conflict between those packages.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
(cherry picked from commit
cea45c75c0153a190ee41dedaf6526ae08e33928)
Alexander Couzens [Mon, 18 Sep 2023 22:54:52 +0000 (00:54 +0200)]
net/iperf3: assign PKG_CPE_ID
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit
e97f763a7281b543dfb9709cf84da97f28bbf0db)
Leo Douglas [Fri, 15 Sep 2023 02:32:57 +0000 (10:32 +0800)]
iperf3: update to 3.15
see changelog: https://github.com/esnet/iperf/releases/tag/3.15.
Signed-off-by: Leo Douglas <douglarek@gmail.com>
(cherry picked from commit
8a223d4724d996db13bc8077035b27562b5e8fbd)
John Audia [Mon, 10 Jul 2023 10:17:44 +0000 (06:17 -0400)]
iperf3: update to 3.14
Release Notes:
https://github.com/esnet/iperf/blob/master/RELNOTES.md
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
8c0afc4cabdba316835706e06919271bd7f13a62)
Nick Hainke [Wed, 26 Apr 2023 06:21:25 +0000 (08:21 +0200)]
iperf3: update to 3.13
Release Notes:
https://software.es.net/iperf/news.html#iperf-3-13-released
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
1bfd2f7adeaafb317345af41f472564d9ae28a79)
Nick Hainke [Fri, 7 Oct 2022 08:25:06 +0000 (10:25 +0200)]
iperf3: update to 3.12
Release Notes:
https://groups.google.com/g/iperf-dev/c/_DgSWrpl9Gk?pli=1
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
431016a23d55469c2028ca74d6c44f0026abcdfc)
Nick Hainke [Wed, 14 Sep 2022 20:46:09 +0000 (22:46 +0200)]
iperf3: fix install section of Makefile and dependencies
In the Makefile the library installation was accidentally called
"Package/iperf3/install" and not "Package/libiperf3/install". Fix this
typo. Thanks to Hartmut spotting this.
Also the iperf3-ssl does not need to depend on libiperf3.
Fixes
ae48be8e2157 ("iperf3: add shared libiperf library and link iperf3 dynamically")
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
dc59d98c2ca24a077a9f5f135b86e9737fa6780e)
Nick Hainke [Sun, 11 Sep 2022 12:31:33 +0000 (14:31 +0200)]
iperf3: add shared libiperf library and link iperf3 dynamically
Add library for creating own functions with iperf3 functionality.
Example: https://github.com/esnet/iperf/blob/master/examples/mis.c
This library is needed by python3-iperf3.
Build iperf3 binary with dynamically linked libiperf3. However, still
build iperf3-ssl as static binary due to a lack of shipping two libiperf
versions.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
ae48be8e2157bc7c352b3b6d30c026fafdae4867)
Jan Hák [Mon, 29 Jan 2024 10:00:48 +0000 (11:00 +0100)]
knot: update to version 3.3.4
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
66c1065b453b46a709f5143459d8a4cee777f9a0)
Jan Hák [Wed, 13 Dec 2023 10:01:41 +0000 (11:01 +0100)]
knot: update to version 3.3.3
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
a693dd5821b11c442bff817cbc4a8193d0367839)
Jan Hák [Wed, 25 Oct 2023 13:20:12 +0000 (15:20 +0200)]
knot: update to version 3.3.2
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
fbfa63a03be5916873e3b2d1d17d21d1742de7de)
Noah Meyerhans [Thu, 15 Feb 2024 17:36:41 +0000 (09:36 -0800)]
bind: bump to 9.18.24
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
d277e41e78972130f75dc816ebcbd7931f582519)
Marius Dinu [Sun, 23 Jul 2023 17:36:02 +0000 (20:36 +0300)]
transmission: add copy_file_range syscall to seccomp
Fixes this crash:
root@RPi3OpenWrt:/# grep -i seccomp /var/log/audit/audit.log
type=SECCOMP msg=audit(
1689503903.597:16): auid=
4294967295 uid=224 gid=1012 ses=
4294967295 pid=1752 comm="transmission-da" exe="/usr/bin/transmission-daemon" sig=31 arch=
c00000b7 syscall=285 compat=0 ip=0x7fa3b0eefc code=0x80000000
root@RPi3OpenWrt:/# ausyscall 285
copy_file_range
root@RPi3OpenWrt:/#
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
f0926b44f48fa04401c660b0818e74f6b654e5bc)
Peter van Dijk [Tue, 13 Feb 2024 14:28:01 +0000 (15:28 +0100)]
pdns-recursor: update to 4.8.6 (fixes CVE-2023-50387, CVE-2023-50868)
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Eneas U de Queiroz [Thu, 9 Feb 2023 18:05:30 +0000 (15:05 -0300)]
squid: bump to release 5.7
This is the latest version and brings compatibility with OpenSSL 3.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
78dcc29e47079b6f5aad917dcdf935325b5e4fdf)
Paul Donald [Wed, 14 Feb 2024 22:58:07 +0000 (23:58 +0100)]
p910nd: bump release
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
9dad4285d3c2de30cf27baa2b299246bda514577)
Paul Donald [Sun, 11 Feb 2024 17:41:23 +0000 (18:41 +0100)]
p910nd: hotplug shellcheck fixes
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
77f47a6341f1f5c272e95bc83cb6cf228d2b3760)
Paul Donald [Sun, 11 Feb 2024 18:28:38 +0000 (19:28 +0100)]
p910nd: init: check device (/dev/usb/lpX) existence
this prevents the daemon exiting when a configured device
is not plugged in.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
4d461aacca9b144ded709320de1652603f7f2458)
Paul Donald [Sat, 10 Feb 2024 21:02:58 +0000 (22:02 +0100)]
p910nd: init: partial fix for openwrt/packages#10496
Harmless to carry this fix until procd.sh adds the param
This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:
"Apple LaserWriter Pro 630"
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
60be0017753364069c044dd591b3ef1e0e3f8438)
Paul Donald [Sun, 11 Feb 2024 03:13:53 +0000 (04:13 +0100)]
p910nd: hotplug+init: include extra ieee1284 properties
Apple and macOS GUI co-opts the mDNS note= param as "Location"
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
c74f82e17b21641667cb768da30244a8cba1d73e)
Paul Donald [Sun, 11 Feb 2024 18:02:57 +0000 (19:02 +0100)]
p910nd: hotplug: minor bug fixes
Commit driver_home defaults before continuing
Fix missing path for serial number acquisition
Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
c54cb399f32abbf76cecbd279c2c55c3e46d5613)
Paul Donald [Sun, 11 Feb 2024 17:43:43 +0000 (18:43 +0100)]
p910nd: hotplug: small refactor
replace -a with &&
shorten uci commands via variables
add optional ieee1284_id parameters
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
d1b868b407a5ec1e6f109ec603c65423f6b11b87)
Paul Donald [Sun, 11 Feb 2024 17:33:03 +0000 (18:33 +0100)]
p910nd: init: add txtvers=1 to mDNS properties
The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:
... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
55d00e3821674789d903ea0dfef000a2b4306f24)
Paul Donald [Sun, 11 Feb 2024 02:30:56 +0000 (03:30 +0100)]
p910nd: init: line-break and conditionalize mDNS properties
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
d939c5c3aafcc10db5273bb242469eff0bea6d14)
Paul Donald [Sat, 10 Feb 2024 17:37:00 +0000 (18:37 +0100)]
p910nd: init: only run mDNS changes if mdns is set to on
i.e. don't do the extra work unless mdns setting is enabled
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
2c5927cfac6aa867bc892d499170fdf4d7d1f5d8)
Paul Donald [Sat, 10 Feb 2024 17:35:35 +0000 (18:35 +0100)]
p910nd: init script
Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.
This way, all supplied parameters should be visible via e.g.:
ps
xargs -0 < /proc/{procid}/cmdline
Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
3f04d2d791fb18d03e990926955b87198293bb9d)
Paul Donald [Tue, 16 Jan 2024 01:47:32 +0000 (02:47 +0100)]
p910nd: hotplug script
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
825b22a4db952c891b07341e0176bc6d64f2d72a)
Olivier Poitrey [Sun, 4 Feb 2024 23:50:58 +0000 (23:50 +0000)]
nextdns: Update to version 1.42.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Sergey Ponomarev [Sat, 3 Feb 2024 20:13:22 +0000 (22:13 +0200)]
cloudflared: refine config.yml
The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.
The `url: http://localhost:8000` is not a valid config option.
Additionally add a smale of configuring ingres rules.
The cloudflared.config has missing option token.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit
b3580a76d8a4bc0bfa075ba3da945bfe92526871)
Tianling Shen [Tue, 30 Jan 2024 15:41:30 +0000 (23:41 +0800)]
rclone: Update to 1.65.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4437234dc43095212299417ee25aa43266374f50)
Stan Grishin [Sat, 3 Feb 2024 23:15:40 +0000 (16:15 -0700)]
Merge pull request #23254 from stangri/openwrt-22.03-curl
[22.03] curl: update to 8.6.0
Konstantin Demin [Thu, 1 Feb 2024 00:28:09 +0000 (03:28 +0300)]
curl: update to 8.6.0
* https://curl.se/changes.html#8_6_0
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit
0f2c98d53f1aec96c21a707fc0e1a01b5a53a840)
Ray Wang [Fri, 26 Jan 2024 15:04:21 +0000 (23:04 +0800)]
natmap: update to
20240126
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
42c6e10ada066e54071026930460e91ba14dfb4b)
Tianling Shen [Wed, 24 Jan 2024 16:38:09 +0000 (00:38 +0800)]
v2raya: do not allow changing config/log directory
We need stable path to persist configurations and read log from LuCI.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
272cff0d1c6265fe374aeed582423858beedf6bc)
Tianling Shen [Fri, 26 Jan 2024 04:20:05 +0000 (12:20 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1aaa5c045dd835331d6c5bb70636e9d34d6bb530)
Tianling Shen [Sun, 14 Jan 2024 06:07:45 +0000 (14:07 +0800)]
rclone: Update to 1.65.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
05b61b3b6d8c3e2ab8f20e8b08932adfd25fbc3a)
Tianling Shen [Tue, 5 Dec 2023 11:02:27 +0000 (19:02 +0800)]
rclone: Update to 1.65.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ac17302410dfa0958494b004e07d427cad7dd9cf)
Michael Heimpold [Fri, 29 Dec 2023 09:04:00 +0000 (10:04 +0100)]
Merge pull request #22999 from mhei/22.03-php8-update-to-8.1.27
[22.03] php8: update to 8.1.27
Rosen Penev [Fri, 10 Jul 2020 00:45:17 +0000 (17:45 -0700)]
mosquitto: update to 2.0.18
Switch to CMake. Allows faster compilation.
Small Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
aa89f847c673343af0cde4dbd9535a63272f7f14)
Michael Heimpold [Wed, 27 Dec 2023 12:45:01 +0000 (13:45 +0100)]
php8: update to 8.1.27
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Stan Grishin [Sun, 10 Dec 2023 17:38:24 +0000 (17:38 +0000)]
curl: update to 8.5.0
* https://curl.se/changes.html#8_5_0
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
6501290c17fb2c65e0fb589da94d121ff89e7d5e)
Michael Heimpold [Sun, 17 Dec 2023 19:31:17 +0000 (20:31 +0100)]
Merge pull request #22904 from mhei/22.03-php8-update-to-8.1.26
[22.03] php8: update to 8.1.26
Michael Heimpold [Sat, 16 Dec 2023 15:56:55 +0000 (16:56 +0100)]
php8: update to 8.1.26
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Stan Grishin [Mon, 11 Dec 2023 22:45:59 +0000 (15:45 -0700)]
Merge pull request #22874 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: only restart firewall when needed
Stan Grishin [Mon, 11 Dec 2023 13:18:21 +0000 (13:18 +0000)]
https-dns-proxy: only restart firewall when needed
* only restart firewall when needed
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
8b6635bae9717babbc3dcf1347cf4727fc15f9bd)
Stan Grishin [Sun, 26 Nov 2023 00:12:39 +0000 (17:12 -0700)]
Merge pull request #22747 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: fix unintentional call of service_stopped in boot()
Stan Grishin [Fri, 24 Nov 2023 16:11:57 +0000 (16:11 +0000)]
https-dns-proxy: fix unintentional call of service_stopped in boot()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
2e9f6c44460a48876cd85cde3557ce373693df6b)
Stan Grishin [Fri, 24 Nov 2023 07:13:24 +0000 (00:13 -0700)]
Merge pull request #22738 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: bugfix: prevent erros from boot()
Stan Grishin [Thu, 23 Nov 2023 22:38:12 +0000 (22:38 +0000)]
https-dns-proxy: bugfix: prevent erros from boot()
* fixes https://github.com/openwrt/packages/issues/22674
* rename resolver_health_check to is_resolver_running for readability
* reorder functions in the init file by name
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
f519b68401b68f011091e83badadb54a43eae33d)
Alexandru Ardelean [Sun, 30 Oct 2022 17:31:26 +0000 (19:31 +0200)]
numpy: bump version to 1.24.3
Need to also fix build for GCC 13 + musl.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
8f176e30f3dae121e374be4ca7f641cc157ea152)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Nikos Mavrogiannopoulos [Thu, 9 Nov 2023 19:06:34 +0000 (20:06 +0100)]
tang: set the right permissions to keys
Resolves: #22632
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
S. Brusch [Sat, 21 Oct 2023 17:22:13 +0000 (19:22 +0200)]
crowdsec-firewall-bouncer: add ujail
* added ujail for crowdsec-firewall-bouncer
* set nice to reduce priority for process
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0
(cherry picked from commit
a8df73ce7277134c5bd318b3e63cc14e2c70e9a7)
Josef Schlehofer [Sun, 5 Nov 2023 12:58:43 +0000 (13:58 +0100)]
nmap: backport fix to be able to compile it with OpenSSL 1.1
The latest nmap version 7.9.3 currently fails to compile with OpenSSL 1.1 [1],
it required to backport upstream patch to fix the compilation. [2]
[1] https://github.com/nmap/nmap/issues/2516
[2] https://github.com/nmap/nmap/commit/
d6bea8dcdee36a3902cece14097993350306f1b6
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
2c87004346f9456cfd5cc58559ab8ff4e94cd773)
Josef Schlehofer [Sun, 5 Nov 2023 13:51:31 +0000 (14:51 +0100)]
netbird: downgrade to version 0.17.0
The version, which is currently in OpenWrt 22.03 requires Go 1.20.
See the output:
../../../../../dl/go-mod-cache/github.com/netbirdio/wireguard-go@v0.0.0-
20230524172305-
5a498a82b33f/tun/tun_linux.go:362:18: undefined: errors.Join
note: module requires Go 1.20
Having Go 1.20 in OpenWrt 22.03 could be time consuming and as it is the stable branch, it seems like better idea to downgrade netbird to version 0.17.0, which is the latest version, which requires to use Go 1.19.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Tianling Shen [Sun, 5 Nov 2023 08:30:58 +0000 (16:30 +0800)]
Merge pull request #22598 from muink/dnsproxy-22.03
[22.03] dnsproxy: add more options