feed/packages.git
2 months agosing-box: Update to 1.9.6
Milinda Brantini [Mon, 23 Sep 2024 13:10:04 +0000 (21:10 +0800)]
sing-box: Update to 1.9.6

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 06eb251067537d576fee86f8471377239b5254fe)

2 months agosing-box: Update to 1.9.5
Milinda Brantini [Mon, 23 Sep 2024 13:09:09 +0000 (21:09 +0800)]
sing-box: Update to 1.9.5

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 500a8ab995a020a336948f058e7755efafff80e7)

2 months agodelve: update to 1.23.1
Aleksey Kolosov [Tue, 24 Sep 2024 08:44:50 +0000 (11:44 +0300)]
delve: update to 1.23.1

Signed-off-by: Aleksey Kolosov <softovick@gmail.com>
2 months agoadblock-fast: bugfixes and shellcheck update
Stan Grishin [Thu, 19 Sep 2024 16:14:35 +0000 (16:14 +0000)]
adblock-fast: bugfixes and shellcheck update

* BUGFIX: correctly identify available RAM
* BUGFIX: properly store remote list filesize in config
* shellcheck updates

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 4bdaea90d63ed12af4b513d833de64bac5f0f2b8)

2 months agobanIP: update to 1.0.0-7
Dirk Brenken [Fri, 20 Sep 2024 08:04:09 +0000 (10:04 +0200)]
banIP: update to 1.0.0-7

* fixed auto allow-/blocklist-issue with IPv6 addresses in CIDR notation
* removed edrop feed from readme (had been removed from feeds for a while)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit aeda25086e7797b403a4307d88716e66f3239504)

2 months agosoftflowd: add '-b' option to config
Rafal Macyszyn [Mon, 1 Apr 2024 18:50:49 +0000 (20:50 +0200)]
softflowd: add '-b' option to config

- add '-b' option to enable bidirectional flow probing

Signed-off-by: Rafal Macyszyn <rafal@v92.pl>
(cherry picked from commit 80b15f0b9e6135978a7d17543d4be5fd13481b1a)

2 months agosoftflowd: bump to 1.1.0
Stijn Tintel [Sat, 15 Jul 2023 16:03:30 +0000 (19:03 +0300)]
softflowd: bump to 1.1.0

The tag is now prefixed with v; update PKG_SOURCE_URL and PKG_BUILD_DIR
to reflect this.
Drop upstreamed patches. Refresh leftover patch.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 4bdf55d35248500efd41e5f7b61c428d3a22db85)

2 months agoadblock: update to 4.2.2-5
Dirk Brenken [Fri, 20 Sep 2024 03:57:24 +0000 (05:57 +0200)]
adblock: update to 4.2.2-5

* filter out unrelated multicast traffic from reporting

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3474adc309cf77fd9e461e964965cbcfc3c51620)

2 months agoadblock: update to 4.2.2-4
Dirk Brenken [Tue, 17 Sep 2024 19:31:46 +0000 (21:31 +0200)]
adblock: update to 4.2.2-4

* fixed wrongly detected NX domains in adblock reporting
* remove existing pcap files when restarting/stopping adblock
   to prevent problems when changing tcpdump parameters

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 180ee1321934cfd27d1245426f8fed3053a1cc66)

2 months agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 19 Sep 2024 06:10:00 +0000 (14:10 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fecdb92b3ffa6c30a551bb4cbc79cc417f05be8e)

2 months agov2ray-core: Update to 5.18.0
Tianling Shen [Thu, 19 Sep 2024 06:09:39 +0000 (14:09 +0800)]
v2ray-core: Update to 5.18.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7eef7e36e91b4e39a226a479a9702b22f3880b39)

2 months agov2ray-core: Update to 5.17.1
Tianling Shen [Sat, 31 Aug 2024 03:08:25 +0000 (11:08 +0800)]
v2ray-core: Update to 5.17.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a2d87d2658161d0fd265986a0bc9922fe908f3dc)

2 months agov2ray-core: update to 5.16.1
Tianling Shen [Thu, 9 May 2024 08:15:08 +0000 (16:15 +0800)]
v2ray-core: update to 5.16.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0c645cb6a6d643aabde2e4027b5bcf6802b6df66)

2 months agorclone: Update to 1.68.0
Tianling Shen [Tue, 10 Sep 2024 13:01:35 +0000 (21:01 +0800)]
rclone: Update to 1.68.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 59986cf970e5e5fdff1c579996ebb7eec7e05dbe)

2 months agotravelmate: update to 2.1.3-1
Dirk Brenken [Sat, 14 Sep 2024 11:48:27 +0000 (13:48 +0200)]
travelmate: update to 2.1.3-1

* fixed STA connection issues / restart the travelmate interface on new connections via ubus
* fixed NTP hotplug issues / trigger the NTP hotplug event via ubus
* fixed minor log issues (mail/hotplug)
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 7f976e1602254ee4ae793b611abd596e607d26b3)

2 months agophp8: update to 8.2.23
Michael Heimpold [Thu, 5 Sep 2024 05:22:02 +0000 (07:22 +0200)]
php8: update to 8.2.23

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.23

A minor adaption to a single patch is required.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 months agobanip: update 1.0.0-6
Dirk Brenken [Mon, 9 Sep 2024 19:07:22 +0000 (21:07 +0200)]
banip: update 1.0.0-6

* automatic blocking of IP ranges via RDAP request now supports multiple CIDRs
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b157e03e8024a2a32993688b0450cda9497deedd)

2 months agogg: Update to 0.2.19
Tianling Shen [Tue, 3 Sep 2024 12:02:07 +0000 (20:02 +0800)]
gg: Update to 0.2.19

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7ba22665d75f87083dc15a4dfe4abe4b1fd6ab99)

2 months agocloudflared: reload service if wan inferface has (re)connected
Tianling Shen [Sat, 31 Aug 2024 13:53:39 +0000 (21:53 +0800)]
cloudflared: reload service if wan inferface has (re)connected

Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 52037eb625a864c7e9b2b4e30b975bc5a8092192)
[based upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agonano: update to 8.2
Hannu Nyman [Thu, 5 Sep 2024 17:16:21 +0000 (20:16 +0300)]
nano: update to 8.2

Update nano editor to version 8.2

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 14a80bff16bcbc5768fee7eaf6eff7b445b78a19)

2 months agoglib2: update to 2.74.7 to fix several CVEs
Petr Štetiar [Thu, 22 Aug 2024 19:04:12 +0000 (19:04 +0000)]
glib2: update to 2.74.7 to fix several CVEs

Bump glib2 to 2.74.7 which fixes CVE-2023-29499, CVE-2023-32611,
CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 and on top of that
backport CVE-2024-34397 fix from Debian Bookworm glib2 package
2.74.6-2+deb12u2. While at it refresh the patches so they apply cleanly.

References: https://security-tracker.debian.org/tracker/source-package/glib2.0
Fixes: CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2024-34397
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2 months agorust: update to 1.80.1 24909/head
Luca Barbato [Tue, 13 Aug 2024 07:21:47 +0000 (07:21 +0000)]
rust: update to 1.80.1

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit d4416c2e6399a2c715d684c7b439a0ac4ff93e96)

2 months agorust: update to 1.80.0
Aleksey Vasilenko [Thu, 25 Jul 2024 13:25:01 +0000 (16:25 +0300)]
rust: update to 1.80.0

- Remove two upstreamed patches
- Manually refresh one patch
- Automatically refresh another patch

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit 8d68f0b0dbb0d3f3929144507e28a449c67ea3ca)

2 months agoyq: Update to 4.44.3
Tianling Shen [Sat, 31 Aug 2024 03:06:36 +0000 (11:06 +0800)]
yq: Update to 4.44.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agoyq: Update to 4.44.1
Tianling Shen [Fri, 24 May 2024 14:05:55 +0000 (22:05 +0800)]
yq: Update to 4.44.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 78d0e1662961145b03c88e7181aeb93b855c9142)

2 months agoyq: Update to 4.43.1
Tianling Shen [Mon, 1 Apr 2024 07:59:34 +0000 (15:59 +0800)]
yq: Update to 4.43.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab21adbbff2fa0376d454e52630def0c15db5320)

2 months agov2ray-geodata: Update to latest version
Tianling Shen [Sat, 31 Aug 2024 03:06:28 +0000 (11:06 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b9de33f106c61d150ca6c335e1d3a74bd150f769)

2 months agoxray-core: update to 1.8.24
Milinda Brantini [Fri, 30 Aug 2024 09:54:29 +0000 (17:54 +0800)]
xray-core: update to 1.8.24

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 1c7bd8ba1d116466aba9192e8b589a40a3632df3)

2 months agoapfree-wifidog: update to 7.08.2035
Dengfeng Liu [Tue, 27 Aug 2024 11:09:58 +0000 (19:09 +0800)]
apfree-wifidog: update to 7.08.2035

https://github.com/liudf0716/apfree-wifidog/releases/tag/7.08.2035

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit 632d4ea93d2a3e9dd5c842bbbf1ffa7290987a5f)

2 months agoapfree-wifidog: modify wifidogx.init
Dengfeng Liu [Tue, 27 Aug 2024 11:06:07 +0000 (19:06 +0800)]
apfree-wifidog: modify wifidogx.init
1. to address the isssue of incomplement firwall rules
2. added support for gateway settings

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit d552c5733a3459466e5f2509f2ce681d413e0ede)

3 months agodhtd: udpate to 1.0.2
Moritz Warning [Tue, 6 Aug 2024 21:28:40 +0000 (23:28 +0200)]
dhtd: udpate to 1.0.2

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 3934cfdbdcda4d2a7508a2d3220e2088f889bb25)

3 months agodhtd: update to 1.0.1
Moritz Warning [Mon, 1 Jan 2024 15:37:10 +0000 (16:37 +0100)]
dhtd: update to 1.0.1

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit ed5e79644dbf5668558f28c980b2f10c52e8bce4)

3 months agocrowdsec-firewall-bouncer: new upstream release version 0.0.29
S. Brusch [Mon, 22 Jul 2024 16:20:39 +0000 (16:20 +0000)]
crowdsec-firewall-bouncer: new upstream release version 0.0.29

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.4

Description:
 - updated to new upstream release version 0.0.29
 - added retry_initial_commit option to init script (by Quba1)
 - aligned namings in script with crowdsec-firewall-bouncer

Co-authored-by: Quba1 <22771850+Quba1@users.noreply.github.com>
(cherry picked from commit 5988abae10d9c20d87efe23a6ac5d8645aee51af)

3 months agosing-box: update to 1.9.4
Milinda Brantini [Mon, 19 Aug 2024 09:05:46 +0000 (17:05 +0800)]
sing-box: update to 1.9.4

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b788651e272ab7459ac9ea4298ada4cfe6d8aad0)

3 months agolxc: fix huge binary sizes by backporting upstream Meson dynlink fixes
Petr Štetiar [Mon, 29 Jul 2024 18:04:06 +0000 (18:04 +0000)]
lxc: fix huge binary sizes by backporting upstream Meson dynlink fixes

LXC after the switch to the Meson build system increased the binary sizes
significantly as each binary is basically static so shipping complete
liblxc which should be linked dynamically.

Upstream later fixed it with series of 10 commits and this fixes are
available in LXC release v6.0.0. Since we can't upstep to that release,
lets fix it by backporting those fixes only, basically making libxlc a
shared library again.

Package sizes before:

 384K lxc-user-nic_5.0.3-1_aarch64_cortex-a53.ipk
 383K lxc-ls_5.0.3-1_aarch64_cortex-a53.ipk
 382K lxc-top_5.0.3-1_aarch64_cortex-a53.ipk
 382K lxc-copy_5.0.3-1_aarch64_cortex-a53.ipk
 381K lxc-unshare_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-start_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-monitor_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-info_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-create_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-autostart_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-attach_5.0.3-1_aarch64_cortex-a53.ipk
 379K lxc-execute_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-wait_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-usernsexec_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-unfreeze_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-stop_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-freeze_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-device_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-destroy_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-console_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-cgroup_5.0.3-1_aarch64_cortex-a53.ipk
 376K liblxc_5.0.3-1_aarch64_cortex-a53.ipk
 375K lxc-config_5.0.3-1_aarch64_cortex-a53.ipk
 12K lxc-hooks_5.0.3-1_aarch64_cortex-a53.ipk
 11K lxc-templates_5.0.3-1_aarch64_cortex-a53.ipk
 3.7K lxc-checkconfig_5.0.3-1_aarch64_cortex-a53.ipk
 2.4K lxc-configs_5.0.3-1_aarch64_cortex-a53.ipk
 1.9K lxc-auto_5.0.3-1_aarch64_cortex-a53.ipk
 1.6K lxc-common_5.0.3-1_aarch64_cortex-a53.ipk
 1.2K lxc-unprivileged_5.0.3-1_aarch64_cortex-a53.ipk
 978 lxc_5.0.3-1_aarch64_cortex-a53.ipk

Sizes after:

 378K liblxc_5.0.3-2_aarch64_cortex-a53.ipk
 27K lxc-user-nic_5.0.3-2_aarch64_cortex-a53.ipk
 24K lxc-ls_5.0.3-2_aarch64_cortex-a53.ipk
 21K lxc-usernsexec_5.0.3-2_aarch64_cortex-a53.ipk
 21K lxc-top_5.0.3-2_aarch64_cortex-a53.ipk
 20K lxc-unshare_5.0.3-2_aarch64_cortex-a53.ipk
 20K lxc-copy_5.0.3-2_aarch64_cortex-a53.ipk
 20K lxc-attach_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-start_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-info_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-execute_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-device_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-create_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-autostart_5.0.3-2_aarch64_cortex-a53.ipk
 17K lxc-destroy_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-wait_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-unfreeze_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-stop_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-freeze_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-console_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-cgroup_5.0.3-2_aarch64_cortex-a53.ipk
 15K lxc-monitor_5.0.3-2_aarch64_cortex-a53.ipk
 13K lxc-config_5.0.3-2_aarch64_cortex-a53.ipk
 12K lxc-hooks_5.0.3-2_aarch64_cortex-a53.ipk
 11K lxc-templates_5.0.3-2_aarch64_cortex-a53.ipk
 3.7K lxc-checkconfig_5.0.3-2_aarch64_cortex-a53.ipk
 2.4K lxc-configs_5.0.3-2_aarch64_cortex-a53.ipk
 1.9K lxc-auto_5.0.3-2_aarch64_cortex-a53.ipk
 1.6K lxc-common_5.0.3-2_aarch64_cortex-a53.ipk
 1.1K lxc-unprivileged_5.0.3-2_aarch64_cortex-a53.ipk
 944 lxc_5.0.3-2_aarch64_cortex-a53.ipk

Sum of Package Sizes:

 Before: 8758.78K
 After:   814.64K

The total package size has decreased by approximately 90% after the fix.

References: https://github.com/lxc/lxc/pull/4401
Signed-off-by: Petr Štetiar <ynezz@true.cz>
3 months agoadblock: update to 4.2.2-3
Dirk Brenken [Tue, 20 Aug 2024 21:05:59 +0000 (23:05 +0200)]
adblock: update to 4.2.2-3

* bugfix: users reported unexpected side effects with  the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4803143a91a9d7d80e4ba584dbb4a5e5d4c4567f)

3 months agoadblock: update to 4.2.2-2
Dirk Brenken [Tue, 20 Aug 2024 14:02:26 +0000 (16:02 +0200)]
adblock: update to 4.2.2-2

* removal of a superfluous opkg code block (missed in the last commit)
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 9428ef4320919c66dc0759c97033f84c6bb9adb2)

3 months agoadblock: update to 4.2.2
Dirk Brenken [Sun, 18 Aug 2024 08:43:03 +0000 (10:43 +0200)]
adblock: update to 4.2.2

* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 34db79bcd584f2da9a64dd4c1e84f138e3e4f70b)

3 months agobind: bump to 9.18.28
Noah Meyerhans [Fri, 16 Aug 2024 18:26:08 +0000 (14:26 -0400)]
bind: bump to 9.18.28

Fixes CVEs:
- CVE-2024-1975: remove sig 0 support
- CVE-2024-4076: qctx-zversion was not being cleared when it should have been
  leading to an assertion failure if it needed to be reused.
- CVE-2024-1737: An excessively large number of rrtypes per owner can slow
  down database query processing, so a limit has been placed on the number of
  rrtypes that can be stored per owner (node) in a cache or zone database. This
  is configured with the new "max-rrtypes-per-name" option, and defaults to 100.
- CVE-2024-1737: Excessively large rdatasets can slow down database query
  processing, so a limit has been placed on the number of records that can be
  stored per rdataset in a cache or zone database. This is configured with the
  new "max-records-per-type" option, and defaults to 100.
- CVE-2024-0760: Malicious DNS client that sends many queries over TCP but
  never reads responses can cause server to respond slowly or not respond at
  all for other clients.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
3 months agonatmap: allow binding to a port or port range
Ray Wang [Fri, 16 Aug 2024 14:40:45 +0000 (22:40 +0800)]
natmap: allow binding to a port or port range

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 5a33fe052479f1ac7f607fc098c5154aa571eb2a)

3 months agohev-socks5-server: update to 2.6.7
Ray Wang [Tue, 13 Aug 2024 15:21:49 +0000 (23:21 +0800)]
hev-socks5-server: update to 2.6.7

This commit follows the upstream project's change of license from GPLv3
to MIT.

Link: https://github.com/heiher/hev-socks5-server/commit/3175713e779a98f1d53fc4463b3e83944155ddbc
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 003b4e3696a661a74f112fdd84646b303ea8500d)

3 months agonatmap: update to 20240813
Ray Wang [Tue, 13 Aug 2024 15:15:01 +0000 (23:15 +0800)]
natmap: update to 20240813

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 7e52cafc1655c8b5c678a4e2d95ce72a1acff6cf)

3 months agomjpg-streamer: fix option enabled check in init.d
Luiz Angelo Daros de Luca [Fri, 2 Aug 2024 19:46:38 +0000 (16:46 -0300)]
mjpg-streamer: fix option enabled check in init.d

[ "$enabled" ] returns true whatever non-empty value enabled has,
including 0.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 20ea1d9812fe8d6f693e21004d0eaeb5a5128718)

3 months agoMerge pull request #24789 from stangri/openwrt-23.05-pbr
Stan Grishin [Thu, 15 Aug 2024 13:31:36 +0000 (06:31 -0700)]
Merge pull request #24789 from stangri/openwrt-23.05-pbr

[23.05] pbr: cherry-pick commits from snapshots to update to 1.1.6-20

3 months agopbr: update to 1.1.6-20 24789/head
Stan Grishin [Sat, 3 Aug 2024 23:17:13 +0000 (23:17 +0000)]
pbr: update to 1.1.6-20

This version is the final version supporting iptables and:

* it separates the old iptables/nft-capable init script from the new nft-only init script
* the new nft-script is a significant rewrite of the old recursive calls/policy parsing
  and tries to create inline nft sets which offers performance improvements

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 920d64734aeacbc00738b3529b1fb0b6c631d187)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
3 months agopbr: bugfix: fix IPv6 interface errors
Stan Grishin [Sat, 13 Apr 2024 22:31:52 +0000 (22:31 +0000)]
pbr: bugfix: fix IPv6 interface errors

* update license to AGPL-3.0-or-later
* rename pbr_get_gateway to pbr_get_gateway4 for better readability
* improve IPv6 "gateway" detection/display on start
* prevent IPv6 interface errors on start
* revert release format

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 717a800ec519bd14458c4b5de0e8705eebc6071c)

3 months agopbr: update to 1.1.4-r15
Stan Grishin [Thu, 11 Apr 2024 16:21:28 +0000 (16:21 +0000)]
pbr: update to 1.1.4-r15

* delete obsolete files/etc/init.d/pbr.init
* add files/etc/uci-defaults/91-pbr-iptables to help update from older OpenWrt
* add files/etc/uci-defaults/91-pbr-nft to help update from older OpenWrt
* update files/etc/uci-defaults/91-pbr-netifd to only add tables to supported ifaces
* re-organize variants in the Makefile so that they hopefull work this time
* update prerm for all variants for better user experience
* update the -netifd prerm to remove leftofver entries from network and rt_tables file

In the init script:
* add decorations for netifd-interfaces related operations (blue ticks)
* add rtTablesFile variables instead of hard-coding the rt_tables file
* add function to check if the table is netifd-derived
* add error messages/hints for failed interface setup and failed WAN discovery
* make cleanup_rt_tables the netifd-compatible
* streamline interface_process function with a clearer case statement
* rename the interface_process `pre-init` option to `pre_init` to conform to the other
  functions options naming style

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit bb5de23743b46864ba6992ed130b2d2452df72db)

3 months agopbr: prepare migration to APK
Stan Grishin [Sat, 23 Mar 2024 01:03:22 +0000 (01:03 +0000)]
pbr: prepare migration to APK

* remove dependencies/references to opkg
* simplify wan/wan6 discovery

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 44f1f1184a59354618383a81f003bd877fcd793d)

3 months agopbr: update to 1.1.4-5
Stan Grishin [Mon, 18 Mar 2024 01:43:50 +0000 (01:43 +0000)]
pbr: update to 1.1.4-5

This update includes the following changes:
1. Makefile
  * update copyright
  * attempt to implement the proper variants to avoid luci-app dependency on both variants
  * quietly stop service on uninstall

2. Config-file
  * add the list of dnsmasq instances to target in supported dnsmasq modes
  * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset`
  * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset`
  * add the `nft_file_support` (disabled by default)
  * introduce `procd_boot_delay` to delay service start on boot
  * introduce the following nft set creation options:
    * nft_set_auto_merge
    * nft_set_counter
    * nft_set_flags_interval
    * nft_set_flags_timeout
    * nft_set_gc_interval
    * nft_set_policy
    * nft_set_timeout
  * add the pbr.user.wg_server_and_client custom user script to allow running wg server and
    client at the same time
  * add the "Ignore Local Requests" sample policy

3. Hotplug firewall/interface scripts
  * better logged messages

4. The pbr and pbr-iptables uci defaults script
  * use functions from the init script
  * improve vpn-policy-routing migration

5. The pbr-netifd uci defaults script
  * use functions from the init script
  * improve uci operations

6. Introduce the firewall.include file

7. Improve pbr.user.aws custom user script

8. Improve pbr.user.netflix custom user script

9. Introduce pbr.user.wg_server_and_client custom user script

10. Update the init file:
  * refactor some code to allow the init script file to be sourced by the uci defaults scripts
    and the luci rpcd script for shared functions
  * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include
    file for faster operations on service reload
  * improve Tor support (nft mode only)
  * implement support for nft set options
  * update validation functions for new options/parameters

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 790753f6a65c1805e6de817fba009aa8fc6402dc)

3 months agoMerge pull request #24737 from stangri/openwrt-23.05-https-dns-proxy
Stan Grishin [Wed, 14 Aug 2024 07:24:25 +0000 (00:24 -0700)]
Merge pull request #24737 from stangri/openwrt-23.05-https-dns-proxy

[23.05] https-dns-proxy: update to 2023.12.26-1

3 months agoboost: update GCC options in Makefile
Richard Muzik [Mon, 22 Jul 2024 11:31:38 +0000 (13:31 +0200)]
boost: update GCC options in Makefile

Update the options to match the master branch. This drops options of no
longer supported GCC versions.

Signed-off-by: Richard Muzik <richard.muzik@nic.cz>
3 months agoadblock: update to 4.2.1
Dirk Brenken [Sun, 11 Aug 2024 07:31:29 +0000 (09:31 +0200)]
adblock: update to 4.2.1

* added full 1Hosts feed support (4 categories)
* changed the OISD list sources to alternate wildcard domains syntax
* used only the adguard source in default config
* fixed a needless reload delay plus a few cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 875fcf3f125f857c515fd83894ed643466b84785)

3 months agoadblock: update to 4.2.0
Dirk Brenken [Fri, 9 Aug 2024 14:59:49 +0000 (16:59 +0200)]
adblock: update to 4.2.0

* new gawk dependency
* full hagezi support (all 32 categories)
* refine Stevenblack support
* refine whitelist handling
* fixed tcpdump command line for ports other than 53 (see #24685)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 7b18f22e7305dc903ed3008fe87ede9076f5e47a)

3 months agoMerge pull request #24745 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Sat, 10 Aug 2024 20:25:37 +0000 (13:25 -0700)]
Merge pull request #24745 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.1.2-3

3 months agogolang: Update to 1.21.13
Milinda Brantini [Wed, 7 Aug 2024 03:00:59 +0000 (11:00 +0800)]
golang: Update to 1.21.13

go1.21.13 (released 2024-08-06) includes fixes to the go command,
the covdata command, and the bytes package.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
3 months agoMerge pull request #24754 from mhei/23.05-php8-update-to-8.2.22
Michael Heimpold [Thu, 8 Aug 2024 05:20:52 +0000 (07:20 +0200)]
Merge pull request #24754 from mhei/23.05-php8-update-to-8.2.22

[23.05] php8: update to 8.2.22

3 months agoadblock-fast: update to 1.1.2-3 24745/head
Stan Grishin [Sat, 3 Aug 2024 23:25:44 +0000 (23:25 +0000)]
adblock-fast: update to 1.1.2-3

This version brings two significant updates:
* support for text labels/names for the external lists
* better processing of the config update files, which cleans up
  entries with missing URLs

Also:
* new config file contains names for all lists
* it tries to match existing URLs with the names from the new config file
  and update user config as part of uci-defaults script
* contains minor updates to copyright/license/upstream URL/README
* updates the config update script to remove sysctl.org list as it's outdated
* adds two new remote lists: Hagezi and 1Hosts

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 50e85ed27f0999c8c43ed43675f9b702944ee3e8)

3 months agohttps-dns-proxy: update to 2023.12.26-1 24737/head
Stan Grishin [Thu, 1 Aug 2024 23:54:18 +0000 (23:54 +0000)]
https-dns-proxy: update to 2023.12.26-1

Cherry-pick commit has been updated to reflect a different hash required for 23.05

Makefile:
* update to latest upstream version
* remove PKG_SOURCE_DATE/PKG_SOURCE_RELEASE as they are no longer needed
* set TARGET_CFLAGS/TARGET_LDFLAGS
* update CMAKE_OPTIONS
* add CONFIGURE_ARGS to prepare for building with HTTP/3
* update package URL to upstream repo instead of documentation
* update package/description
* add README.md with link to documentation

init-script:
* do not run within image builder
* add a line which can be uncommented to remove outdated doh_server entries

020-src-options.c-add-version.patch:
* remove it, as it's no longer needed with version set in CMAKE_OPTIONS

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 9e600ac071514c1e2d2e3b7f9651e755664e31e6)

3 months agophp8: update to 8.2.22 24754/head
Michael Heimpold [Sun, 4 Aug 2024 19:40:15 +0000 (21:40 +0200)]
php8: update to 8.2.22

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
3 months agoruby: update to 3.2.5
Luiz Angelo Daros de Luca [Sun, 28 Jul 2024 19:30:47 +0000 (16:30 -0300)]
ruby: update to 3.2.5

Ruby 3.2.5 includes many bug-fixes and a security fix in bundled gem
rexml.

- CVE-2024-39908: DoS in REXML.

See: https://www.ruby-lang.org/en/news/2024/07/26/ruby-3-2-5-released/

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
4 months agodockerd: Update to 27.1.1
Milinda Brantini [Wed, 24 Jul 2024 04:10:17 +0000 (12:10 +0800)]
dockerd: Update to 27.1.1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 84f20279113d05284de92bc246a1cf9149108ed9)

4 months agodocker: Update to 27.1.1
Milinda Brantini [Wed, 24 Jul 2024 04:07:42 +0000 (12:07 +0800)]
docker: Update to 27.1.1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit a14185ce28d2b37722b6fe5930ea2b430a4e0494)

4 months agocontainerd: Update to 1.7.20
Milinda Brantini [Tue, 23 Jul 2024 02:59:29 +0000 (10:59 +0800)]
containerd: Update to 1.7.20

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 79fac95444e4874a411c1a135ad01b12a8e36007)

4 months agodockerd: Update to 27.1.0
Milinda Brantini [Tue, 23 Jul 2024 02:26:46 +0000 (10:26 +0800)]
dockerd: Update to 27.1.0

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 7e4cabe225894905c77cd5ac39e2a896dac45912)

4 months agodocker: Update to 27.1.0
Milinda Brantini [Tue, 23 Jul 2024 02:25:27 +0000 (10:25 +0800)]
docker: Update to 27.1.0

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit c8d63383add0ec11e53f4f05d15ece6118b1cf41)

4 months agoxray-core: update to 1.8.23
Milinda Brantini [Tue, 30 Jul 2024 07:54:05 +0000 (15:54 +0800)]
xray-core: update to 1.8.23

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b82deed3de4b3fbb7fa337543988ce8d70e567cc)

4 months agosqm-scripts-extra: remove the ancient package
Hannu Nyman [Sun, 28 Jul 2024 17:46:40 +0000 (20:46 +0300)]
sqm-scripts-extra: remove the ancient package

Remove the ancient package with experimental cake options,
from time when cake was not yet officially here.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 217e4ecb35e3181b0a57af9198d475f460b770ad)

4 months agonano: update to 8.1
Hannu Nyman [Sun, 28 Jul 2024 17:45:09 +0000 (20:45 +0300)]
nano: update to 8.1

Update nano editor to version 8.1.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 98f642226fc11d7ce8f2fdbb03a4b5669bccf7a6)

4 months agodelve: update to 1.23.0
Aleksey Kolosov [Thu, 25 Jul 2024 07:44:57 +0000 (10:44 +0300)]
delve: update to 1.23.0

Support Golang 1.21 and 1.22

Signed-off-by: Aleksey Kolosov <softovick@gmail.com>
4 months agoxray-core: update to 1.8.21
Milinda Brantini [Mon, 22 Jul 2024 14:27:59 +0000 (22:27 +0800)]
xray-core: update to 1.8.21

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit ebeeafb99630ea54bd9a14ab0484f213218028aa)

4 months agop910nd: set bidi only if not already set
Paul Donald [Sun, 31 Mar 2024 18:25:17 +0000 (20:25 +0200)]
p910nd: set bidi only if not already set

Closes #23774

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
(cherry picked from commit 4628b6bd43ac1c212363535fe4d32739c5f7e622)

4 months agomake: update to 4.4.1
krant [Wed, 31 Jan 2024 11:38:30 +0000 (13:38 +0200)]
make: update to 4.4.1

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 532f6e078291d25eb2a17f7de01a69edbe1c090e)

4 months agoautoconf: update to 2.72
krant [Tue, 6 Feb 2024 13:25:47 +0000 (15:25 +0200)]
autoconf: update to 2.72

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 90d316b4286986192fc38bd064e138c336d8960c)

4 months agoautomake: update to 1.16.5
krant [Tue, 6 Feb 2024 13:29:27 +0000 (15:29 +0200)]
automake: update to 1.16.5

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 2bcd9a4cd7d8d5fd2c2a25fb18f5e0ec605c335c)

4 months agoxray-core: update to 1.8.20
Milinda Brantini [Sat, 20 Jul 2024 12:26:36 +0000 (20:26 +0800)]
xray-core: update to 1.8.20

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit c4a706898238b01b0bcfce40710562b382395f5b)

4 months agounbound: Update to 1.20.0
Ryan Keane [Sun, 16 Jun 2024 00:45:29 +0000 (20:45 -0400)]
unbound: Update to 1.20.0

Updated 010-configure-uname.patch as source changed.
Removed 100-example-conf-in.patch as not needed any more.

Release message:

This release has a fix for the DNSBomb issue CVE-2024-33655. This has a
low severity for Unbound, since it makes Unbound complicit in targeting
others, but does not affect Unbound so much.

To mitigate the issue new configuration options are introduced.
The options discard-timeout: 1900, wait-limit: 1000
and wait-limit-cookie: 10000 are enabled by default. They limit the
number of outstanding queries that a querier can have. This limits
the reply pulse, and make Unbound less favorable for the issue.
With the config wait-limit-netblock and wait-limit-cookie-netblock
the parameters can be fine tuned for specific destinations.
More information on the attack and Unbound's mitigations are
presented further down.

Other fixes in this release are that Unbound no longer follows symlinks
when truncating the pidfile. Unbound also does not chown the pidfile,
this is for safety reasons. There are also a number of fixes for RPZ, in
handling CNAMEs. There is a memory leak fix for the edns client subnet
cache. For DNSSEC validation a case is fixed when the query is of type
DNAME. The unbound-anchor program is fixed to first write to a temporary
file, before replacing the original. This handles disk full situations,
and because of it unbound-anchor needs permission to create that file,
in the same directory as the original file. There is also a fix for
IP_DONTFRAG, to disable fragmentation instead of the opposite.

The option cache-min-negative-ttl can be used to set the minimum TTL
for negative responses in the cache. It complements existing options to
set the maximum ttl for negative responses and to set the minimum and
maximum ttl but not specifically for negative responses.

The option cachedb-check-when-serve-expired option makes Unbound use
cachedb to check for expired responses, when serve-expired is enabled,
and cachedb is used. It is enabled by default.

The -q option for unbound-checkconf can be added to silence it when
there are no errors.

Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
(cherry picked from commit d421db0527f41ae48ecff56501de2d56217f1182)

4 months agotransmission: update to version 4.0.6
Karol Kolacinski [Sat, 6 Jul 2024 16:12:01 +0000 (18:12 +0200)]
transmission: update to version 4.0.6

Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.6

Remove temporary patch included in 4.0.6 release.

Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
(cherry picked from commit c32139757cf13b78a114fbd900aadba8ae1b94b7)

4 months agotransmission: fix compile with MbedTLS 3.X
Seo Suchan [Sat, 11 May 2024 19:20:50 +0000 (04:20 +0900)]
transmission: fix compile with MbedTLS 3.X

Backport pending patch, which was submitted to upstream via GitHub
to use renamed function to compile it against MbedTLS 3.x.

Signed-off-by: Seo Suchan <tjtncks@gmail.com>
(cherry picked from commit 42140c67e04392898e8372c4619a9c7ebfa876ca)

4 months agobind: bump to 9.18.27
Philip Prindeville [Thu, 30 May 2024 16:29:04 +0000 (10:29 -0600)]
bind: bump to 9.18.27

Fixes: https://gitlab.isc.org/isc-projects/bind9/-/issues/4586
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 56c0f16e8b258c33f06c9b8cb412f7f1dd434c15)

4 months agoddns-scripts: Update knot resolver regexp
Denis Shulyaka [Tue, 16 Jul 2024 10:54:54 +0000 (13:54 +0300)]
ddns-scripts: Update knot resolver regexp

The output format of `khost` has changed. This commit fixes the regexp
for IPv4. It fixes the issue of using a custom DNS to resolve current
address.

```bash
root@localhost:~# khost ns2.afraid.org
ns2.afraid.org. has IPv4 address 69.65.50.223
ns2.afraid.org. has IPv6 address 2001:1850:1:5:800::6b
Host ns2.afraid.org. has no MX record
root@localhost:~# khost --version
khost (Knot DNS), version 3.3.5
```

Signed-off-by: Denis Shulyaka <Shulyaka@gmail.com>
(cherry picked from commit ebeae334d9ff39d81898a7d8b5275151518318f1)

4 months agoexim: update to 4.98
Daniel Golle [Wed, 17 Jul 2024 01:53:35 +0000 (02:53 +0100)]
exim: update to 4.98

Remove upstreamed patch 300-avoid-time-printf.patch
Exim/exim@9ae8613607b12257e1fe59c603119bc5d4cd3474

Exim version 4.98
-----------------

JH/01 Support list of dkim results in the dkim_status ACL condition, making
      it more usable in the data ACL.

JH/02 Bug 3040: Handle error on close of the spool data file during reception.
      Previously This was only logged, on the assumption that errors would be
      seen for a previous fflush().  However, a fuse filesystem has been
      reported as showing this an error for the fclose().  The spool is now in
      an uncertain state, and we have logged and responded acceptance.  Change
      this to respond with a temp-reject, wipe spoolfiles, and log the error
      detail.

JH/03 Bug 3030: Fix handling of DNS servfail respons for DANE TLSA.  When hit
      during a recipient verify callout, a QUIT command was attempted on the
      now-closed callout channel, causing a paniclog entry.

JH/04 Bug 3039: Fix handling of of an empty log_reject_target, with
      a connection_reject log_selector, under tls_on_connect.  Previously
      with this combination, when the connect ACL rejected, a spurious
      paniclog entry was made.

JH/05 Fix TLS resumption for TLS-on-connect.  This was broken by the advent
      of loadbalancer-detection for resumption, in 4.96 - which tries to
      use the EHLO response. SMTPS does not have one at the time it is starting
      TLS.  Change the default for the smtp transport host_name_extract option
      to be a static string, for TLS-on-connect cases; meaning that resumption
      will always be attempted (unless deliberately overriden).

JH/06 Bug 3054: Fix dnsdb lookup for a TXT record with multiple chunks, with a
      chunk-separator specification.  This was broken by hardening introduced
      for Bug 3031.

JH/07 Bug 3050: Fix -bp for old message_id format spoolfiles.  Previously it
      included the -H with the id; this also messed up exiqgrep.

JH/08 Bug 3056: Tighten up parsing of DKIM DNS records.  Previously, whitespace
      was not properly skipped and empty elements would cause mis-parsing.
      Tighten parsing of DKIM header records.  Previously, all but lowercase
      alpha chars would be ignored in potential tag names.

JH/09 Bug 3057: Add heuristic for spotting mistyped IPv6 addresses in lists
      being searched.  Previously we only had one for IPv4 addresses. Per the
      documentation, the error results by default in a no-match result for the
      list.  It is logged if the unknown_in_list log_selector is used.

JH/10 Bug 3058: Ensure that a failing expansion in a router "set" option defers
      the routing operation.  Previously it would silently stop routing the
      message.

JH/11 Bug 3046: Fix queue-runs.  Previously, the arrivel of a notification or
      info-request event close in time to a scheduled run timer could result in
      the latter being missed, and no further queue scheduled runs being
      initiated.  This ouwld be more likely on high-load systems.

JH/12 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
      LF-only mode (as detected from the first header line).  Previously we did
      accept that in (normal) CRLF mode; this has been raised as a possible
      attack scenario (under the name "smtp smuggling").

JH/13 Add an fdatasync call for the received message data file in spool, before
      loggging reception and sending the SMTP ack.  Previously we only flushed
      the stdio buffer so there was still the possibility of a disk error.

JH/14 Bug 3061: Avoid a split log line when trying to rewrite a malformed
      address.  Previously, for the last address in a header line (commonly
      there is only one) the terminating newline was part of the logged
      information.

JH/15 Bug 3061: Ensure a log line is written for a malformed address in a
      header, when parsing for address-qualification.  Previously one was only
      written if there were rewrite rules.

JH/16 Two-phase queue runs are now reported in the daemon startup log line and
      in exiwhat output.

JH/17 Bug 3064: Fix combination of "-q<period> -R <recipients>". Introduction of
      the multiple-queue-runners facility for 4.97 broke this, giving only a
      one-time run of the queue.

JH/18 Bug 3068: Log a warning for use of deprecated syntax in query-style
      lookups.

JH/19 Fix TLS startup. When the last expansion done before the initiation of a
      TLS session resulted in a forced-fail, a misleading error was logged for
      the expansino of tls_certificates.  This would affect the common case of
      that option being set (main-section options) but not having any variable
      parts.  It could also potentially affect tls_privatekeys.  The underlyding
      coding errors go back to 4.90 but were only exposed in 4.97.

JH/20 Bug 3047: A recent (somewhere between 10.34 and 10.42) version of the
      pcre2 library starting allocating 20kB rather than 112 bytes per match
      call, which broke the 2GB total limitation on Exim's memory management
      when a user had over 104207 messages stored and the appendfile
      maildir_quota_directory_regex option is in use.  Release the allocated
      memory every thosand files to avoid this.
      The same issue arises with the ACL regex condition, which is applied
      to every line of a received message.

JH/21 Bug 3059: Fix crash in smtp transport. When running for a message for
      which all recipients had been handled (itself an issue) a null-pointer
      deref was done on trying to write a retry record. Fix that by counting
      the outstanding recipients before trying to transmit the message.
      The situation arose for a second MX try within a transport run, when the
      first had perm-rejected a recipient (the only one for the connection, in
      the case seen) during pipelining, and then closed the TCP connection.
      The transport classified that as an I/O error, leaving the message
      outstanding but having marked up the recipient as dealt-with. It then
      tried another MX because of the I/O error. Fix this by converting the
      message-level status to ok if there was a close but all recipients were
      dealt with.  Thanks to Wolfgand Breyha for debug runs.

JH/22 The ESMTP_LIMITS facility (RFC 9422) is promoted from experimental status
      and is now controlled by the build-time option DISABLE_ESMTP_LIMITS.

JH/23 Bug 3066: Avoid leaking lookup database credentials to log.

JH/24 Bug 3081: Fix a delivery process crash.  When the router "errors_to"
      option specified a fixed address, later rewriting on that address would
      trip on the configuration data being readonly.  Instead of modifying
      in-place, copy data.  Found and fixed by Peter Benie.

JH/25 Bug 3079: Fix crash in dbmnz.  When a key was present for zero-length
      data a null pointer was followed.  Find and testcase by Sebastian Bugge.

JH/26 Fix encoding for an AUTH parameter on a MAIL FROM command.  Previously
      decimal 127 chars were not encoded, and lowercase hex was used for
      encoded values.  Outstanding since at least 1999.

JH/27 Fix crash in logging.  When a message with a large number of recipients
      had been received, and logging of recipients is enabled, the buffer used
      for logging could reach limit.  A read using a null pointer would then
      be done, resulting in a crash of the receiving process before an SMTP
      ACK for the message was returned to the sending system.  Duplicate
      messages were created as a result.
      Find and debug help by Mateusz Krawczyk

JH/28 Bug 3086: Fix exinext for ipv6.  Change the format of keys in the retry
      DB, wrapping transport record bare-ip "host names" and ipv6
      "host addresses" in square-brackets.  This makes the parsing that
      exinext does more reliable.

JH/29 Bug 3087: Fix SRS encode.  A zero-length quoted element in the local-part
      would cause a crash.

JH/30 Bug 3029: Avoid feeding Resent-From: to DMARC.

JH/31 Bug 3027: For -bh / -bhc tests change to using the compressed form of
      ipv6 addresses for the sender.  Previously the uncompressed form was used,
      and if used in textual form this would result in behavior difference
      versus non-bh.

JH/32 Bug 3096: MAIL before HELO/EHLO, where required by hosts_require_helo, is
      now classed as a protocol error and subject to smtp_max_synprot_errors.

JH/33 Bug 2994: A subdir dsearch lookup should permit a directory name that starts
      ".." and has following characters.

JH/34 Fix delivery ordering for 2-phase queue run combined with
      queue_run_in_order.

JH/35 Bug 3099: fix parsing of MIME filename= split over multiple paramemters.
      Previously the $mime_filename variable would have an incorrect value.
      While in the code, extend coverage to name= which previously was only
      supported for single parameters, despite also filling in $mime_filename.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 00c4a7f9c3103caf84646f074af3ba6b261c658a)

4 months agoxray-core: update to 1.8.19
Milinda Brantini [Wed, 17 Jul 2024 14:21:35 +0000 (22:21 +0800)]
xray-core: update to 1.8.19

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b85b8e869df6a79757d09401911d1000ffea6544)

4 months agoMerge pull request #24572 from mhei/23.05-php8-update-to-8.2.21
Michael Heimpold [Tue, 16 Jul 2024 19:20:34 +0000 (21:20 +0200)]
Merge pull request #24572 from mhei/23.05-php8-update-to-8.2.21

[23.05] php8: update to 8.2.21

4 months agodockerd: fix breaks IPv6 routing
Milinda Brantini [Sun, 14 Jul 2024 12:03:06 +0000 (20:03 +0800)]
dockerd: fix breaks IPv6 routing

Add option to support ip6tables configuration(default false).

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 55e689176ec52afde0cda0ee2b48dbff349d6c6c)

4 months agov2ray-geodata: Update to latest version
Tianling Shen [Tue, 16 Jul 2024 04:46:47 +0000 (12:46 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1016f8f1ba41b743bff905cf27b6c6f2b8de6c8e)

4 months agov2ray-geodata: Update to latest version
Tianling Shen [Wed, 3 Jul 2024 18:06:49 +0000 (02:06 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 309687f01abeca6f369e7e1d62aa2a5a47df02e7)

4 months agov2ray-geodata: Update to latest version
Tianling Shen [Fri, 24 May 2024 14:06:45 +0000 (22:06 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ef9be4a53c8f05f2d01cc4809055d5cb6999cb94)

4 months agov2raya: update to 2.2.5.7
Milinda Brantini [Mon, 15 Jul 2024 04:34:10 +0000 (12:34 +0800)]
v2raya: update to 2.2.5.7

ci: Fix up Docker images' tag from version number
chore(deps): bump github.com/gin-contrib/cors from 1.3.1 to 1.6.0

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit ccccd5c92df2b4f80a9e5c43d1e96edf0a6b7e6a)

4 months agoxray-core: update to 1.8.18
Milinda Brantini [Mon, 15 Jul 2024 14:08:08 +0000 (22:08 +0800)]
xray-core: update to 1.8.18

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 88ba5210fb7ad6e3b6199cf4b70d4b53dc5fe3cf)
[Removed obsolete patch as upstream has fixed.]
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
4 months agobanip: update 1.0.0-5
Dirk Brenken [Sun, 14 Jul 2024 20:26:36 +0000 (22:26 +0200)]
banip: update 1.0.0-5

* filter crappy IP entries from urlhaus feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 9968fe6bf770f3a2eac47fbee17511d4144479cf)

4 months agokrb5: update to 1.21.3
W. Michael Petullo [Sun, 14 Jul 2024 05:53:01 +0000 (00:53 -0500)]
krb5: update to 1.21.3

Fixes the following CVEs when compared to the last-packaged version,
1.20.1:

CVE-2024-37370
CVE-2024-37371
CVE-2023-36054

Signed-off-by: W. Michael Petullo <mike@flyn.org>
4 months agoxray-core: update to 1.8.17
Milinda Brantini [Fri, 12 Jul 2024 11:11:30 +0000 (19:11 +0800)]
xray-core: update to 1.8.17

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 48ea7d33e169dee3513d4b3f22203b0b78df304c)

4 months agodnsproxy: Update to 0.67.0
Milinda Brantini [Sun, 14 Jul 2024 02:13:16 +0000 (10:13 +0800)]
dnsproxy: Update to 0.67.0

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
4 months agophp8: update to 8.2.21 24572/head
Michael Heimpold [Sat, 13 Jul 2024 20:18:23 +0000 (22:18 +0200)]
php8: update to 8.2.21

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.21

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
4 months agoadguardhome: Update to 0.107.46
Milinda Brantini [Fri, 12 Jul 2024 03:00:57 +0000 (11:00 +0800)]
adguardhome: Update to 0.107.46

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
4 months agoadguardhome: Update to 0.107.42
Zuev Aleksandr [Thu, 16 Nov 2023 16:00:35 +0000 (20:00 +0400)]
adguardhome: Update to 0.107.42

Signed-off-by: Zuev Aleksandr <A.Zuev@stdev.su>
(cherry picked from commit 050f13c2c7d0c35f497ddac005dcf4ada19efbf8)

4 months agoadguardhome: wait for interfaces to be up at boot
Hiếu Lê [Fri, 29 Sep 2023 19:45:14 +0000 (19:45 +0000)]
adguardhome: wait for interfaces to be up at boot

This should allow the service to be activated even earlier during
the boot process and also avoids race condition against network.

Signed-off-by: Hiếu Lê <leorize+oss@disroot.org>
(cherry picked from commit d00131e2a0c8e846b42df22eda6c8356d4fce4a9)

4 months agoMerge pull request #24546 from ynezz/ynezz/openwrt-23.05/license-fixes-backports
Tianling Shen [Fri, 12 Jul 2024 03:20:14 +0000 (11:20 +0800)]
Merge pull request #24546 from ynezz/ynezz/openwrt-23.05/license-fixes-backports

[23.05] backport package license fixes

4 months agov2raya: update to 2.2.5.6
Milinda Brantini [Thu, 11 Jul 2024 10:17:31 +0000 (18:17 +0800)]
v2raya: update to 2.2.5.6

chore(deps): bump golang.org/x/net from 0.18.0 to 0.23.0 in /service

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 5a05a3a2b9c1343c585fbbd291a91807104257d4)

4 months agov2raya: update to 2.2.5.5
Milinda Brantini [Wed, 19 Jun 2024 16:05:51 +0000 (16:05 +0000)]
v2raya: update to 2.2.5.5

Fix: docker dev environment build.
Remove is-text in button style.
Add tun mode with sing-tun.
Publish docker images on Github Container Registry.
Ci: add separated singtun workflow.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit edb50c24fc61a14664017981c8ba0b4096d96c0a)