Sebastian Kemper [Tue, 7 Mar 2023 21:31:41 +0000 (22:31 +0100)]
tiff: force libdeflate support to off
Commit
81d2b72 added a package providing libdeflate. Tiff by default
links to it, causing a build error.
Package libtiff is missing dependencies for the following libraries:
libdeflate.so.0
This commit forces libdeflate use off to avoid this. No revision bump is
done because the package is currently not compiling anyway.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Oskari Rauta [Mon, 6 Mar 2023 10:56:34 +0000 (10:56 +0000)]
netbird: update to 0.14.2
Update from 0.12.0 -> 0.14.2
Release notes: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Mon, 6 Mar 2023 11:04:17 +0000 (11:04 +0000)]
conmon: update to 2.1.7
- Fix leaking symbolic links in the opt_socket_path directory
- cgroup: Stumble on if we can't set up oom handling
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Aleksander Jan Bajkowski [Sun, 5 Mar 2023 16:25:37 +0000 (17:25 +0100)]
coremark: bump to 2023-01-25
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Daniel Golle [Sun, 19 Feb 2023 04:44:50 +0000 (04:44 +0000)]
transmission: update to version 4.0.1
This is a major release, both in numbering and in effort! It's been in
active development for over a year and has a huge list of changes --
over a thousand commits -- since Transmission 3.00.
For more information about the release see
https://github.com/transmission/transmission/releases/tag/4.0.0
https://github.com/transmission/transmission/releases/tag/4.0.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 19 Feb 2023 04:44:16 +0000 (04:44 +0000)]
libutp: add package
Add Transmission version of the uTorrent Transport Protocol library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 19 Feb 2023 04:43:43 +0000 (04:43 +0000)]
libdht: add package
Add Kademlia Distributed Hash Table (DHT) library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 19 Feb 2023 04:41:44 +0000 (04:41 +0000)]
libdeflate: add package
Add package for libdeflate which is a library for fast, whole-buffer
DEFLATE-based compression and decompression.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 19 Feb 2023 04:41:08 +0000 (04:41 +0000)]
libb64: add package
Add generic base64 encode/decode (static) library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Dirk Brenken [Mon, 6 Mar 2023 13:19:27 +0000 (14:19 +0100)]
banip: update 0.8.1-3
* finalized the LuCI frontend preparation (this is the minmal version to use the forthcoming LuCI frontend)
* added a Set survey, to list all elements of a certain set
* changed the default logterm for asterisk
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Van Waholtz [Sun, 5 Mar 2023 12:37:37 +0000 (20:37 +0800)]
sing-box: update to 1.1.6
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Van Waholtz [Sun, 5 Mar 2023 12:31:39 +0000 (20:31 +0800)]
sing-box: add necessary dependencies and cleanup Makefile
1. Add `kmod-inet-diag` as a dependency since it is needed for https://sing-box.sagernet.org/configuration/dns/rule/#process_name
2. Remove redundant `default n` (https://github.com/openwrt/openwrt/commit/
8bc72ea7be3976711dacc09f0fdab061d6e5152a)
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Christian Lachner [Sat, 18 Feb 2023 06:50:27 +0000 (07:50 +0100)]
haproxy: update to v2.6.9
- Update haproxy download URL and hash
- This release fixes a critial flaw known as CVE-2023-25725. See:
http://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=
73be199c4f5f1ed468161a4c5e10ca77cd5989d8
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Philip Prindeville [Sun, 5 Mar 2023 01:08:07 +0000 (18:08 -0700)]
Merge pull request #20570 from pprindeville/isc-dhcp-allow-no-default-route
isc-dhcp: allow no default route
Oskari Rauta [Thu, 2 Feb 2023 13:06:08 +0000 (13:06 +0000)]
netbird: new package
Netbird is similar vpn service as tailscale and zerotier.
Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Wed, 22 Feb 2023 17:19:19 +0000 (17:19 +0000)]
open-vm-tools: update to 12.1.5
added also --disable-glibc-check to configure args to allow building
on hosts that use musl.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Glen Huang [Fri, 3 Mar 2023 03:08:32 +0000 (11:08 +0800)]
acme: fix incompatibilty with image builder
Signed-off-by: Glen Huang <i@glenhuang.com>
Josef Schlehofer [Fri, 3 Mar 2023 06:55:05 +0000 (07:55 +0100)]
Merge pull request #20563 from paper42/clamav-0.104.4
clamav: update to 0.104.4
Tianling Shen [Fri, 3 Mar 2023 03:52:58 +0000 (11:52 +0800)]
v2raya: drop wrong patches
These patches should not be backported to OpenWrt, otherwise tproxy
won't work for devices connected to br-lan (bypassed by the fw rules).
We have introduced a new compile-time flag for new version (which
is not released yet), but it's unnecessray to backport redudant
patches as here is still at the old version.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Fri, 3 Mar 2023 03:58:41 +0000 (11:58 +0800)]
yq: Update to 4.31.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Fri, 3 Mar 2023 03:58:33 +0000 (11:58 +0800)]
cloudflared: Update to 2023.3.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Philip Prindeville [Mon, 27 Feb 2023 00:49:13 +0000 (17:49 -0700)]
isc-dhcp: allow suppression of default gateway
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Philip Prindeville [Mon, 27 Feb 2023 00:38:36 +0000 (17:38 -0700)]
isc-dhcp: make indent consistent in config
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Glen Huang [Tue, 28 Feb 2023 11:19:19 +0000 (19:19 +0800)]
acme: merge cli into init script
Signed-off-by: Glen Huang <i@glenhuang.com>
Vladimir Ermakov [Sat, 28 May 2022 15:33:35 +0000 (18:33 +0300)]
qemu: update to 7.2.0
drop disas and bios patches
refresh patches
qemu: vhost-scsi does not exist, drop unsupported vhost options
qemu: disable VDUSE by default
qemu: slirp and vnc-png option gone
Note: libpng still needed if vnc enabled.
Link: https://github.com/openwrt/packages/pull/18623
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
(squash commits)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Oskari Rauta [Wed, 22 Feb 2023 16:38:26 +0000 (16:38 +0000)]
nfs-kernel-server: update to v2.6.2
Also added patch that is from alpine's same package to assist building on musl.
Hostpkg build on musl also kept failing, so I added few more overrides, which
made it work perfectly.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Jianhui Zhao [Mon, 27 Feb 2023 15:02:44 +0000 (23:02 +0800)]
lua-eco: update to 2.0.0
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Tianling Shen [Wed, 1 Mar 2023 08:41:48 +0000 (16:41 +0800)]
cloudflared: Update to 2023.2.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Alan Swanson [Tue, 28 Feb 2023 09:45:37 +0000 (09:45 +0000)]
sed: remove old libpcre dependency
Signed-off-by: Alan Swanson <reiver@improbability.net>
Oskari Rauta [Mon, 27 Feb 2023 15:15:09 +0000 (15:15 +0000)]
podman: update to v4.4.2
Security:
- This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Bugfixes:
- Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).
- Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.
- Fixed a race condition in Podman's signal proxy.
Misc:
- Updated the containers/image library to v5.24.1.
Patch also refreshed
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Florian Eckert [Mon, 27 Feb 2023 08:09:27 +0000 (09:09 +0100)]
Merge pull request #20467 from tobiaspc/njalla
ddns-scripts: Add njal.la provider
Stan Grishin [Mon, 27 Feb 2023 06:32:08 +0000 (23:32 -0700)]
Merge pull request #20540 from stangri/master-curl
curl: update to 7.88.1
Hirokazu MORIKAWA [Thu, 23 Feb 2023 02:29:42 +0000 (11:29 +0900)]
node: bump to v18.14.2
Update to v18.14.2
Support for OpenSSL v3.0.x
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Daniel Bermond [Sun, 19 Feb 2023 14:02:43 +0000 (11:02 -0300)]
i2pd: update to version 2.46.1
Maintainer : @yangfl (David Yang)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-
01262c921c)
Run tested : r7800 OpenWrt git master (r22104-
01262c921c)
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
Stan Grishin [Sat, 25 Feb 2023 21:59:21 +0000 (21:59 +0000)]
perl-www-curl: add patch to ensure compatibility with curl 7.88
Patch comes from
https://github.com/openwrt/packages/pull/20540#issuecomment-
1439537287
Fixes:
/home/username/works/openwrt/staging_dir/target-x86_64_glibc_custom/usr/include/curl/curl.h:2515:3: note: declared here
2515 | CURLFORM_CONTENTTYPE CURL_DEPRECATED(7.56.0, "Use curl_mime_type()"),
| ^~~~~~~~~~~~~~~~~~~~
make[3]: *** [Makefile:347: Curl.o] Error 1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
S. Brusch [Sat, 25 Feb 2023 16:53:18 +0000 (17:53 +0100)]
crowdsec: update to 1.4.6
Update crowdsec to latest upstream release version 1.4.6
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3
Dirk Brenken [Sun, 26 Feb 2023 07:16:15 +0000 (08:16 +0100)]
banip: update 0.8.1-2
* add oisdbig as new feed
* LuCI frontend preparation:
- the json feed file points always to /etc/banip/banip.feeds (and is no longer compressed)
- supply country list in /etc/banip/banip.countries
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Koen Vandeputte [Mon, 13 Feb 2023 09:09:50 +0000 (10:09 +0100)]
gst1-libav: bump to 1.20.5
- avdec_h265: Fix endless renegotiation with alternate interlacing
- avviddec: Avoid flushing on framerate changes
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Koen Vandeputte [Mon, 13 Feb 2023 09:09:25 +0000 (10:09 +0100)]
gst1-plugins-ugly: bump to 1.20.5
No actual changes
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Koen Vandeputte [Mon, 13 Feb 2023 09:08:50 +0000 (10:08 +0100)]
gst1-plugins-bad: bump to 1.20.5
- aesdec: Fix padding removal for per-buffer-padding=FALSE
- aesdec test failing in gst-plugins-bad
- alphacombine: Add missing query handler for gaps
- avfdeviceprovider: do not leak the properties
- avfvideosrc: Report latency when doing screen capture
- d3d11screencapturesrc: Specify PAR 1/1 to template caps
- d3d11videosink: Fixing focus lost on desktop layout change
- d3d11videosink: Call ShowWindow() from window thread
- d3d11videosink: Fix deadlock when parent window is busy
- d3d11videosink: Always clear back buffer on resize
- decklink: reset calculation of time_mapping to fix clipping HDMI video
- directshow: Fix build error with glib 2.75 and newer
- dvbsubenc: Forward GAP events as-is if we wouldn't produce an end packet and...
- dvbsubenc: Write Display Definition Segment if a non-default width/height is used
- h265decoder: Do not abort when failed to prepare ref pic set
- h264parser: Fix a typo in pred_weight_table parsing.
- mediafoundation, d3d11: Fix memory leak and make leak tracer happy
- mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc)
- mpegts: Check continuity counter on section streams
- mpegts: Revert "mpegtspacketizer: memcmp potentially seen_before data"
- mpegtspacketizer: memcmp potentially seen_before data
- mpegtsdemux: Always clear packetizer on DISCONT push mode
- srt: various fixes - improve stats and error handling
- rtmp2: Improve error messages
- rtmp2sink: Correctly return GST_FLOW_ERROR on error
- vulkan: Fix static linking on macOS
- webrtcbin: also add rtcp-fb ccm fir for video mlines by default
- webrtc/nice: fix small leak of split strings
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Koen Vandeputte [Mon, 13 Feb 2023 09:08:01 +0000 (10:08 +0100)]
gst1-plugins-good: bump to 1.20.5
- flacparse: Fix handling of headers advertising 32bps
- qt5: deactivate context if fill_info fails
- qt5: initialize GError properly in gst_qt_get_gl_wrapcontext()
- qtdemux: check return value from gst_structure_get in PIFF box
- qtdemux: use unsigned int types to store result of QT_UINT32
- qtmux: Prefill mode fixes
- oss4: Fix debug category initialization
- multiudpsink: allow binding to IPv6 address
- rtpjitterbuffer tests: Cast drop-messages-interval type properly (fixing it on 32-bit architectures)
- rtspsrc: fix seek event leaks
- rtspsrc: Don't replace 404 errors with "no auth protocol found"
- rtspsrc: Only EOS on timeout if all streams are timed out/EOS
- rtspsrc: Fix usage of IPv6 connections in SETUP
- splitmuxsrc: don't queue data on unlinked pads
- v4l2: Fix SIGSEGV on 'change state' during 'format change'
- v4l2videodec: Fix activation of internal pool
- wavparse: Avoid occasional crash due to referencing freed buffer.
- wavparse: Fix crash that occurs in push mode when header chunks are corrupted in certain ways.
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Koen Vandeputte [Mon, 13 Feb 2023 09:07:19 +0000 (10:07 +0100)]
gst1-plugins-base: bump to 1.20.5
- audioconvert, audioresample, audiofilter: fix divide by 0 for input buffer without caps
- cdparanoia: Ignore compiler warning coming from the cdparanoia header
- oggdemux, parsebin: More leak fixes
- opengl: fix automatic dispmanx detection for rpi4
- opengl: Fix usage of eglCreate/DestroyImage
- opengl: Fix static linking on macOS
- opusdec: Various channel-related fixes
- textrender: Negotiate caps on a GAP event if none were negotiated yet
- textrender: Don't blindly forward all events and don't blindly forward all events
- timeoverlay: fix pad leak
- oggdemux: Don't leak incoming EOS event
- subparse: Fix non-closed tag handling.
- videodecoder: Only post latency message if it changed
- videoscale: buffer meta handling fixes (NULL-terminate array of valid meta tags)
- videosink: Don't return unknown end-time from get_times()
- Bump core requirement in 1.20 branch to 1.20.4
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Koen Vandeputte [Mon, 13 Feb 2023 09:06:27 +0000 (10:06 +0100)]
gstreamer: Update to 1.20.5
- allocator: Copy allocator name in gst_allocator_register()
- miniobject: support higher refcount values
- pads: Fix non-serialized sticky event push, e.g. instant change rate events
- padtemplate: Fix annotations
- systemclock: Use futex_time64 syscall on x32 and other platforms that always...
- Fix build of 1.20 branch with Meson 0.64.1 for those who have hotdoc installed on their system.
- meson: fix check for pthread_setname_np()
- -Wimplicit-function-declaration in pthread_setname_np check (missing GNUSOURCE)
- gst-inspect: Don't leak list
- concat: Properly propagate EOS seqnum
- fakesrc: avoid time overflow with datarate
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Stan Grishin [Mon, 20 Feb 2023 22:26:04 +0000 (22:26 +0000)]
curl: update to 7.88.1
* https://curl.se/changes.html#7_88_1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Tobias Hilbig [Wed, 8 Feb 2023 16:18:37 +0000 (17:18 +0100)]
ddns-scripts: Add njal.la provider
Add njal.la provider. Use the key as password. Username is not needed.
Signed-off-by: Tobias Hilbig <web.tobias@hilbig-ffb.de>
Dirk Brenken [Sat, 25 Feb 2023 08:33:50 +0000 (09:33 +0100)]
banip: release 0.8.1-1
* add missing wan-forward chain (incl. report/mail adaption)
* changed options:
- old: ban_blockforward, new: ban_blockforwardwan and ban_blockforwardlan
- old: ban_logforward, new: ban_logforwardwan and ban_logforwardlan
* add missing dhcp(v6) rules/exceptions
* update readme
Previously run tested by certain forum users (and by me).
Signed-off-by: Dirk Brenken <dev@brenken.org>
Tianling Shen [Sat, 25 Feb 2023 03:09:57 +0000 (11:09 +0800)]
dos2unix: Update to 7.4.4
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Lucian Cristian [Mon, 20 Feb 2023 15:13:57 +0000 (15:13 +0000)]
uacme: update to 1.7.4
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Lucian Cristian [Sun, 12 Feb 2023 13:43:57 +0000 (13:43 +0000)]
frr: update to 8.4.2 branch
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Lucian Cristian [Mon, 20 Feb 2023 14:54:20 +0000 (14:54 +0000)]
gddrescue: update to 1.27
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Lucian Cristian [Mon, 20 Feb 2023 14:58:09 +0000 (14:58 +0000)]
libdrm: update to 2.4.115
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Daniel Bermond [Sun, 19 Feb 2023 14:20:37 +0000 (11:20 -0300)]
tor: update to version 0.4.7.13
Maintainers : @hauke (Hauke Mehrtens) and @tripolar (Peter Wagner)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-
01262c921c)
Run tested : r7800 OpenWrt git master (r22104-
01262c921c)
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
Oskari Rauta [Wed, 22 Feb 2023 16:29:50 +0000 (16:29 +0000)]
libtirpc: update to v1.3.3
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Michal Vasilek [Wed, 15 Feb 2023 17:59:04 +0000 (18:59 +0100)]
miniflux: update to 2.0.42
add BASE_URL to the init script, this is useful when running in a
subpath and not directly on the root of a domain
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Zuev Aleksandr [Thu, 16 Feb 2023 18:18:35 +0000 (22:18 +0400)]
AdGuardHome: update to v0.107.24
Signed-off-by: Zuev Aleksandr <A.Zuev@stdev.su>
Tianling Shen [Fri, 24 Feb 2023 02:36:35 +0000 (10:36 +0800)]
msgpack-c: Update to 5.0.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Florian Eckert [Fri, 24 Feb 2023 06:58:22 +0000 (07:58 +0100)]
Merge pull request #20529 from braewoods/master
ddns-scripts: enable IPv6 for easydns.com
Michal Vasilek [Thu, 23 Feb 2023 16:27:33 +0000 (17:27 +0100)]
clamav: update to 0.104.4
* remove upstreamed 100-cmake-fix-findcurses.patch
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Eneas U de Queiroz [Thu, 23 Feb 2023 13:21:23 +0000 (10:21 -0300)]
Merge pull request #20560 from turris-cz/antfs-drop
Remove package: kmod-fs-antfs and its dependency antfs-mount
Josef Schlehofer [Thu, 23 Feb 2023 06:56:04 +0000 (07:56 +0100)]
antfs-mount: drop
Since kernel module was dropped, check the reasons why it was removed in
the commit
42a4fbe4a4fda8b61a1cec0762957872511f6527 ("
antfs: drop this kernel package"), then this package should be removed,
too as the dependency was removed and without it, it is not useful
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Moritz Warning [Wed, 22 Feb 2023 21:48:00 +0000 (22:48 +0100)]
zerotier: update to 1.10.3
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Josef Schlehofer [Thu, 23 Feb 2023 06:52:01 +0000 (07:52 +0100)]
antfs: drop this kernel package
Reasons to remove this package:
1. It is not available for Linux kernel 5.15 and onwards.
2. It seems that it is not maintained as the original repository was
done in 2018 and then the forked repository was done to have this
merged only to OpenWrt.
3. Anyone can use ntfs-3g (fuse) or ntfs3 from Paragon, which has been
available since Linux kernel 5.15
4. Nobody said why this package was necessary or required to be added
here or what was the difference between driver(s) in the Linux kernel and
this package.
5. No project home page, no documentation, only source code provided by
AVM
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Stan Grishin [Thu, 23 Feb 2023 04:47:39 +0000 (21:47 -0700)]
Merge pull request #20554 from stangri/master-https-dns-proxy
https-dns-proxy: 2022-10-15-11 update
James Buren [Mon, 20 Feb 2023 11:51:46 +0000 (05:51 -0600)]
ddns-scripts: enable IPv6 for easydns.com
easydns.com has supported IPv6 for awhile now using
the same update URL as IPv4. This duplicates the IPv4
entry for IPv6 to enable support for it.
Signed-off-by: James Buren <braewoods+mgh@braewoods.net>
Michal Vasilek [Thu, 16 Feb 2023 09:20:13 +0000 (10:20 +0100)]
git: update to 2.34.7
Fixes CVE-2023-22490, CVE-2023-23946
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Stan Grishin [Wed, 22 Feb 2023 20:35:59 +0000 (20:35 +0000)]
https-dns-proxy: 2022-10-15-11 update
* config file update
* introduce boot() function
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Tianling Shen [Tue, 21 Feb 2023 04:48:00 +0000 (12:48 +0800)]
golang: Update to 1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Dirk Brenken [Tue, 21 Feb 2023 20:42:24 +0000 (21:42 +0100)]
banip: update 0.8.0-4
* remove bogus log limit
Signed-off-by: Dirk Brenken <dev@brenken.org>
Eneas U de Queiroz [Tue, 21 Feb 2023 20:14:40 +0000 (17:14 -0300)]
Merge pull request #20480 from gstrauss/lighttpd-1.4.69
lighttpd: update to lighttpd 1.4.69 release hash
Dirk Brenken [Tue, 21 Feb 2023 17:43:17 +0000 (18:43 +0100)]
banip: update 0.8.0-3
* properly initialize the 'proto' variable in the log service
Signed-off-by: Dirk Brenken <dev@brenken.org>
Tianling Shen [Tue, 21 Feb 2023 07:57:46 +0000 (15:57 +0800)]
yq: Update to 4.31.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Tue, 21 Feb 2023 07:57:38 +0000 (15:57 +0800)]
dnsproxy: Update to 0.48.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Tue, 21 Feb 2023 07:57:28 +0000 (15:57 +0800)]
v2ray-core: Update to 5.4.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Lucian Cristian [Mon, 20 Feb 2023 15:02:05 +0000 (15:02 +0000)]
nss: update to 3.88.1
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Dirk Brenken [Mon, 20 Feb 2023 18:17:16 +0000 (19:17 +0100)]
banip: update 0.8.0-2
* fix a potential race condition during initial startup (after flash) which leads to a "disabled" service
Signed-off-by: Dirk Brenken <dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
Eneas U de Queiroz [Mon, 20 Feb 2023 15:07:16 +0000 (12:07 -0300)]
Merge pull request #20475 from cotequeiroz/openssl3
treewide: prepare packages for OpenSSL 3.0 update
Jan Hák [Mon, 13 Feb 2023 14:35:42 +0000 (15:35 +0100)]
knot: update to version 3.2.5
Signed-off-by: Jan Hák <jan.hak@nic.cz>
Eneas U de Queiroz [Mon, 20 Feb 2023 12:44:53 +0000 (09:44 -0300)]
Merge pull request #20484 from salim-b/patch-1
transmission: retrieve boolean config opts using `config_get_bool`
Eneas U de Queiroz [Mon, 20 Feb 2023 12:38:07 +0000 (09:38 -0300)]
Merge pull request #20525 from nxhack/node_16191
node: bump to v16.19.1
Glenn Strauss [Sun, 12 Feb 2023 05:29:06 +0000 (00:29 -0500)]
lighttpd: update to lighttpd 1.4.69 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Glenn Strauss [Sat, 21 Jan 2023 01:13:39 +0000 (20:13 -0500)]
lighttpd: remove patch included upstream
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Glenn Strauss [Sat, 21 Jan 2023 01:07:36 +0000 (20:07 -0500)]
lighttpd: add lighttpd-mod-webdav_min package
add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav
lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Alexandru Ardelean [Mon, 20 Feb 2023 09:10:55 +0000 (11:10 +0200)]
Merge pull request #20520 from commodo/django1
django: bump to version 4.1.7
Stan Grishin [Mon, 20 Feb 2023 02:52:47 +0000 (19:52 -0700)]
Merge pull request #20532 from stangri/master-simple-adblock
simple-adblock: bugfix: ensure directory for jsonFile is created
Michael Heimpold [Sun, 19 Feb 2023 21:16:46 +0000 (22:16 +0100)]
Merge pull request #20521 from mhei/libgpiod-update-1.6.4
libgpiod: update to 1.6.4
Stan Grishin [Sun, 19 Feb 2023 20:22:32 +0000 (20:22 +0000)]
simple-adblock: bugfix: ensure directory for jsonFile is created
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Sun, 19 Feb 2023 20:21:28 +0000 (13:21 -0700)]
Merge pull request #20523 from stangri/master-simple-adblock
simple-adblock: implement procd_boot_wan_timeout support
Stan Grishin [Sun, 19 Feb 2023 05:09:32 +0000 (05:09 +0000)]
simple-adblock: implement procd_boot_wan_timeout support
* implement procd_boot_wan_timeout support
* update config with oisd ABPlus and domains lists
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Sun, 19 Feb 2023 05:04:19 +0000 (22:04 -0700)]
Merge pull request #20511 from stangri/master-simple-adblock
simple-adblock: update to 1.9.4-1
Michael Heimpold [Sat, 18 Feb 2023 21:18:07 +0000 (22:18 +0100)]
libgpiod: update to 1.6.4
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Dirk Brenken [Sat, 18 Feb 2023 20:14:56 +0000 (21:14 +0100)]
Merge pull request #20491 from dibdot/banIP
banip: release 0.8.0 (nft rewrite)
Dirk Brenken [Mon, 13 Feb 2023 16:56:57 +0000 (17:56 +0100)]
banip: release 0.8.0 (nft rewrite)
- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course
Signed-off-by: Dirk Brenken <dev@brenken.org>
Dirk Brenken [Sat, 18 Feb 2023 19:17:34 +0000 (20:17 +0100)]
adblock: update 4.1.5-6
* adapted changed oisd downloads (again), fixed #20516
Signed-off-by: Dirk Brenken <dev@brenken.org>
Alexandru Ardelean [Fri, 17 Feb 2023 17:32:46 +0000 (19:32 +0200)]
django: bump to version 4.1.7
Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-23969
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Dengfeng Liu [Tue, 14 Feb 2023 05:45:21 +0000 (05:45 +0000)]
kcptun: update to version
20230207
add support for port-range dailer, port-range listener
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Oskari Rauta [Mon, 13 Feb 2023 17:45:32 +0000 (17:45 +0000)]
podman: update 4.4.1
patch refreshed.
Changes
- Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
- Documented journald identifiers used in the journald backend for the podman events command.
Bugfixes
- Fixed a bug where the default handling of pids-limit was incorrect.
- Fixed a bug where parallel calls to make docs crashed (#17322).
- Fixed a regression in the podman kube play command where existing resources got mistakenly removed.
Full list of changes: [Release notes](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Hirokazu MORIKAWA [Fri, 17 Feb 2023 02:51:35 +0000 (11:51 +0900)]
node: bump to v16.19.1
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Stan Grishin [Thu, 16 Feb 2023 22:59:10 +0000 (22:59 +0000)]
simple-adblock: update to 1.9.4-1
* update default config for new oisd.nl lists
* conf.update file to migrate oisd.nl lists to the new format
* introduce AdBlockPlus lists support (new oisd.nl format)
* longer wait for WAN up/gateway detection
* make load_environemnt only execute once to suppress duplicate
warnings/errors
PS. While I was testing this, oisd.nl has brought back the old domains
lists as well, so this version supports both as I'm unclear as to
why the "big" ABPlus list is only 6.2Mb where as the "big" domains
list is whopping 19.9Mb.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Eneas U de Queiroz [Thu, 9 Feb 2023 14:33:24 +0000 (11:33 -0300)]
apfree-wifidog: add support for OpenSSL 3.0
This adds an upstream commit to allow building with OpenSSL 3.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Eneas U de Queiroz [Thu, 9 Feb 2023 14:25:47 +0000 (11:25 -0300)]
libuhttpd: allow building with OpenSSL 3.0
Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>