feed/packages.git
5 months agocloudflared: Add more run parameters in UCI
Ryan Keane [Wed, 19 Jun 2024 10:25:28 +0000 (06:25 -0400)]
cloudflared: Add more run parameters in UCI

https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/

Close #24122

Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
(cherry picked from commit 31c91837f9f171828ef6d4bd1e1867f4c593e2cc)
[rebased upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 months agoadblock: update 4.1.5-10
Dirk Brenken [Thu, 27 Jun 2024 05:47:10 +0000 (07:47 +0200)]
adblock: update 4.1.5-10

* made the DNS Reporting / tcpdump parsing code more capable
* small init fixes
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit a029f01d81b021b6ab7fd24e5da7d9af03681aba)

5 months agoaardvark-dns: update to 1.11.0
Milinda Brantini [Tue, 18 Jun 2024 06:29:32 +0000 (14:29 +0800)]
aardvark-dns: update to 1.11.0

changelogs:
https://github.com/containers/aardvark-dns/compare/v1.10.0...v1.11.0

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 39f75472f5f3686833c890daea0dca0166ebb5db)

5 months agoaardvark-dns: update to 1.10.0
Oskari Rauta [Fri, 16 Feb 2024 07:33:02 +0000 (09:33 +0200)]
aardvark-dns: update to 1.10.0

changelogs: https://github.com/containers/aardvark-dns/releases

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit f03ac48d30629b032ac2372b24d41a9f9b8e4732)

5 months agolibjwt: add package
Daniel Golle [Sat, 22 Jun 2024 14:34:02 +0000 (15:34 +0100)]
libjwt: add package

Add package for JWT C Library built against OpenSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 57fdc5d2b98e6bdd96f8f0f6f0448579bc3ddbad)

5 months agopowertop: update to 2.15
Milinda Brantini [Thu, 20 Jun 2024 06:46:08 +0000 (14:46 +0800)]
powertop: update to 2.15

Release mainly focuses on bug fixes and patching compatibility issues.
Also, adds support to multiple platforms.
Removed obsolete patch as upstream has fixed.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
5 months agoxray-core: update to 1.8.16
Milinda Brantini [Fri, 21 Jun 2024 03:23:51 +0000 (11:23 +0800)]
xray-core: update to 1.8.16

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit f84ed39a615011d029077335578ba1d4db795e5d)

5 months agoxray-core: update to 1.8.15
Milinda Brantini [Tue, 18 Jun 2024 06:13:43 +0000 (14:13 +0800)]
xray-core: update to 1.8.15

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 4cbfd4709e1050a85f51b42fafab3753a0329901)

5 months agonatmap: reset PKG_RELEASE to 1
Milinda Brantini [Thu, 20 Jun 2024 07:44:41 +0000 (15:44 +0800)]
natmap: reset PKG_RELEASE to 1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 1d542b8919a0e98836055bdd251e0345b80a0bc6)

5 months agonatmap: update to 20240603
Milinda Brantini [Mon, 3 Jun 2024 16:36:36 +0000 (00:36 +0800)]
natmap: update to 20240603

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b0a4fd300f23f99bc678162165c23e93bb1e24e8)

5 months agobanip: update 1.0.0-4
Dirk Brenken [Sat, 22 Jun 2024 08:12:59 +0000 (10:12 +0200)]
banip: update 1.0.0-4

* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit d17f661aee8aab300bd73d682748eac61bea27a2)

5 months agogolang: Update to 1.21.11
Milinda Brantini [Thu, 20 Jun 2024 07:06:50 +0000 (15:06 +0800)]
golang: Update to 1.21.11

go1.21.11 (released 2024-06-04) includes
security fixes to the archive/zip and net/netip packages,
as well as bug fixes to the compiler,
the go command, the runtime, and the os package.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
5 months agolighttpd: fix missing dependency for OpenSSL crypto library
Glenn Strauss [Sun, 12 May 2024 07:11:32 +0000 (03:11 -0400)]
lighttpd: fix missing dependency for OpenSSL crypto library

This change will provide the necessary dependency resolution, fixing:

  Package lighttpd is missing dependencies for the following libraries:
  libcrypto.so.3

Fixes: #23794
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a300185d49e87848f9b8027393196631841b32f6)

5 months agolighttpd: add option to use OpenSSL crypto library
Petr Štetiar [Wed, 24 Apr 2024 19:28:40 +0000 (19:28 +0000)]
lighttpd: add option to use OpenSSL crypto library

Currently, it is not feasible to configure lighttpd to use OpenSSL as
its internal crypto library. Instead, one must rely on alternative
crypto libraries such as Nettle or mbedTLS. This setup is not ideal in
scenarios where a single crypto library is preferred. To address this
issue, lets propose introducing OpenSSL as an additional configuration
option.  Similarly, propose GnuTLS as additional configuration option.

Closes: #24004
Co-developed-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8c9597f1dcb0ab5965a5ecdb506e234c5da61a3e)

5 months agoschroot: fix compilation with GCC14
Rosen Penev [Mon, 13 May 2024 22:59:55 +0000 (15:59 -0700)]
schroot: fix compilation with GCC14

GCC now does not allow assigning an std::locale to an std::string. No
idea why it worked originally.

Also fixed compilation with full NLS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c3e2dcc128adde5af8b0d07c38962cc4fd8b3a3b)

5 months agostlink: fix compilation with GCC 14
Rosen Penev [Mon, 13 May 2024 03:27:37 +0000 (20:27 -0700)]
stlink: fix compilation with GCC 14

Switch to local git tarballs. Smaller.

Upstream backport and a local patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 41a5880f01529c7226af5c1fece9b8e0017c5132)

5 months agoprometheus-node-exporter-lua: Add optional mwan3 collector
Ryan Doyle [Mon, 20 Feb 2023 08:46:15 +0000 (19:46 +1100)]
prometheus-node-exporter-lua: Add optional mwan3 collector

Supports interface metrics exposed by mwan3. The performance is a
little slow compared to other collectors (~300ms) as the ubus call is
where most of the time is spent. Any future speedups are likely better
put into mwan3's rpcd binary.

Signed-off-by: Ryan Doyle <ryan@doylenet.net>
[rename metrics,bump version]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit c279efb760ca516db7cdaee32216344df47f2203)

5 months agoprometheus-node-exporter-lua: Add "node_textfile_mtime_seconds" metric
Rob Hoelz [Fri, 2 Dec 2022 15:25:17 +0000 (09:25 -0600)]
prometheus-node-exporter-lua: Add "node_textfile_mtime_seconds" metric

…for textfile collector, to make it more consistent with the upstream
Prometheus node-exporter

Signed-off-by: Rob Hoelz <rob@hoelz.ro>
[bump version]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 4edae8449946f46bbb3943eb0af066048ef37c54)

5 months agoprometheus-node-exporter-lua: remove duplicated nat samples
Antoine C [Wed, 5 Jun 2024 18:34:33 +0000 (19:34 +0100)]
prometheus-node-exporter-lua: remove duplicated nat samples

Merge duplicate src/dest samples by suming their value (bytes count)

Fixes #24166

Signed-off-by: Antoine C <hi@acolombier.dev>
[bump version number]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit cd8f67298c588a6e80c5991b6921222eea10a06f)

5 months agoprometheus-node-exporter-lua: fix netclass duplicate TYPE lines
René Treffer [Mon, 3 Jun 2024 20:16:11 +0000 (22:16 +0200)]
prometheus-node-exporter-lua: fix netclass duplicate TYPE lines

Fixes a315c40b7232bbc83582685c98e41466d84d7a35

[initial fix]
Signed-off-by: René Treffer <treffer@measite.de>
[fixup René version]
Signed-off-by: PichetGoulu <pichet@nosuid.be>
[actual commit]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit aa7ea7938f4b39fef4b8a0a3f9ab14c1119be515)

5 months agoprometheus-node-exporter-lua-hostapd_stations: fix not reporting metrics
Balázs Urbán [Sun, 17 Mar 2024 18:59:20 +0000 (19:59 +0100)]
prometheus-node-exporter-lua-hostapd_stations: fix not reporting metrics

- fix incorrect interface name mapping in hostapd_stations exporter

Signed-off-by: Balázs Urbán <szalab9@gmail.com>
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 1930d39a15113a8ede7d2794e394678e87697f5d)

5 months agoprometheus-node-exporter-lua: add missing libubus-lua dependency
Etienne Champetier [Sun, 2 Jun 2024 20:20:30 +0000 (22:20 +0200)]
prometheus-node-exporter-lua: add missing libubus-lua dependency

Fixes a315c40b7232bbc83582685c98e41466d84d7a35

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit fe489585c260a40832ce76ab1236751cf6561da8)

5 months agoprometheus-node-exporter-lua: bump package version
Ivan Mironov [Thu, 13 Jul 2023 15:21:52 +0000 (17:21 +0200)]
prometheus-node-exporter-lua: bump package version

Signed-off-by: Ivan Mironov <mironov.ivan@gmail.com>
(cherry picked from commit 41975220c0b177892bd0184387a354bc036bc983)

5 months agoprometheus-node-exporter-lua: add basic hwmon exporter
Ivan Mironov [Wed, 12 Jul 2023 23:45:44 +0000 (01:45 +0200)]
prometheus-node-exporter-lua: add basic hwmon exporter

This collector supports following metrics:

 * node_hwmon_temp_celsius
 * node_hwmon_pwm

and following auxiliary mappings:

 * node_hwmon_chip_names
 * node_hwmon_sensor_label

Tested on:

 * Banana Pi BPI-r3 / OpenWrt 23.05.0-rc2
 * TP-Link Archer C7 v5 / OpenWrt 22.03.5

Signed-off-by: Ivan Mironov <mironov.ivan@gmail.com>
(cherry picked from commit 431fefbdea559625c5b46ff2011237fefcbf1c1c)

5 months agoprometheus-node-exporter-lua: Add thermal collector
Joel Pettersson [Sat, 13 May 2023 10:26:45 +0000 (12:26 +0200)]
prometheus-node-exporter-lua: Add thermal collector

Signed-off-by: Joel Pettersson <me@joelpet.se>
(cherry picked from commit 1eeb1dc2de82c093e2cd1ccc71ffd36a449301f9)

5 months agobanip: update 1.0.0-3
Dirk Brenken [Tue, 18 Jun 2024 15:03:23 +0000 (17:03 +0200)]
banip: update 1.0.0-3

* fixed a regression in the split Set function (reported in the forum)
* fixed regex for urlhaus feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2cc7cf3ca0aa6ad2cf5d67a66632ca5a516eb07b)

5 months agoapfree-wifidog: update to 7.06.2008
Dengfeng Liu [Thu, 13 Jun 2024 07:59:50 +0000 (15:59 +0800)]
apfree-wifidog: update to 7.06.2008

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit a1b1bd87bf87643e8a3b9235c3b21a3099722658)

5 months agoapfree-wifidog: support rule group and websocket&dns proxy flag
Dengfeng Liu [Thu, 13 Jun 2024 07:57:58 +0000 (15:57 +0800)]
apfree-wifidog: support rule group and websocket&dns proxy flag

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit a34f47e7bb067f98419c217d132e529549d2ecc5)

5 months agoruby: update to 3.2.4
Luiz Angelo Daros de Luca [Mon, 3 Jun 2024 03:44:22 +0000 (00:44 -0300)]
ruby: update to 3.2.4

The 3.2.3 release includes many bug-fixes. This release also includes
the update of uri.gem to 0.12.2 which contains the security fix.

- CVE-2023-36617: ReDoS vulnerability in URI

See: https://www.ruby-lang.org/en/news/2024/01/18/ruby-3-2-3-released/

The 3.2.4 release includes security fixes. Please check the topics below
for details.

- CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
- CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
- CVE-2024-27280: Buffer overread vulnerability in StringIO

See: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-2-4-released/

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
5 months agobanip: update 1.0.0-2
Dirk Brenken [Sun, 16 Jun 2024 19:50:40 +0000 (21:50 +0200)]
banip: update 1.0.0-2

* fixed a possible "Argument list too long" error in the f_log function
* fixed multiple, incomplete digit character classes
* fixed/optimized split file handling
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 059a5303296cd8a56aa6777ef5c9a61bef5dd48a)

5 months agosing-box: update to 1.9.3
Milinda Brantini [Sun, 9 Jun 2024 16:50:11 +0000 (00:50 +0800)]
sing-box: update to 1.9.3

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 128c0f03ef0d166f9f6d2fe83cea55a6d80789df)

5 months agosing-box: update to 1.9.2
Milinda Brantini [Sun, 9 Jun 2024 00:24:06 +0000 (08:24 +0800)]
sing-box: update to 1.9.2

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b82a70dd191f8e401d3aeb710d2aeb0530895b05)

5 months agosing-box: update to 1.9.1
Milinda Brantini [Sat, 8 Jun 2024 07:18:49 +0000 (15:18 +0800)]
sing-box: update to 1.9.1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 909ec005b605857d529bc449843206195a4c1e32)

5 months agounbound: pull in adblock-fast generated adb_list
Stan Grishin [Sun, 21 Apr 2024 13:43:06 +0000 (13:43 +0000)]
unbound: pull in adblock-fast generated adb_list

* adblock-fast can generate the compatible adb_list-file, but it's
  only pulled if net/adblock installed, this patch also pulls in the
  adb_list file if net/adblock-fast is installed.
* also bump PKG_RELEASE

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit d7d1743c834dffeb7e3ea0c9ee16ec587788f0ca)

5 months agoMerge pull request #24340 from mhei/23.05-php8-update-to-8.2.20
Michael Heimpold [Mon, 10 Jun 2024 04:52:18 +0000 (06:52 +0200)]
Merge pull request #24340 from mhei/23.05-php8-update-to-8.2.20

[23.05] php8: update to 8.2.20

5 months agoiperf3: fix usage with big endian
Rosen Penev [Sat, 8 Jun 2024 22:40:19 +0000 (15:40 -0700)]
iperf3: fix usage with big endian

Upstream submissions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 37ade7efabae535bb4612177bc4cf0a32353b8e9)

5 months agoiperf3: update to 3.17.1
John Audia [Sat, 25 May 2024 11:51:49 +0000 (07:51 -0400)]
iperf3: update to 3.17.1

Changelogs since last release:
https://github.com/esnet/iperf/releases/tag/3.17
https://github.com/esnet/iperf/releases/tag/3.17.1

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit b450fbc5eaf7bcfeac1b0e8641f5d46a5d3f821c)

5 months agobanip: release 1.0
Dirk Brenken [Sat, 8 Jun 2024 08:32:48 +0000 (10:32 +0200)]
banip: release 1.0

* made sure, that the domain lookup always add the found IPs to the underlying allow-/blocklist-Set
* major readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cc709768b5a243d0f021834a9cc4ca872e5f84bb)

5 months agophp8: update to 8.2.20 24340/head
Michael Heimpold [Sat, 8 Jun 2024 04:22:25 +0000 (06:22 +0200)]
php8: update to 8.2.20

This fixes:
    - CVE-2024-4577
    - CVE-2024-5458
    - CVE-2024-5585

Changelog: https://www.php.net/ChangeLog-8.php#8.2.20

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
5 months agolibpfring: backport patch fixing compilation error for sa_data
Christian Marangi [Tue, 19 Mar 2024 10:40:36 +0000 (11:40 +0100)]
libpfring: backport patch fixing compilation error for sa_data

Backport patch fixing compilation error for sa_data not well defined.
This is triggered only on platform that makes use of fortify string and
cause compilation error due to the fact that sa_data is not well defined
and his size is arbitrary.

Patch has been accepted in the PF_RING project and this is just a
backport.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c3a50a9fac8f9d8665f8b012abd85bb9e461e865)

5 months agolibpfring: update to 8.4.0
John Thomson [Fri, 21 Oct 2022 04:01:24 +0000 (14:01 +1000)]
libpfring: update to 8.4.0

Release notes:
https://github.com/ntop/PF_RING/releases/tag/8.4.0

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 534bd518f3fff6c31656a1edcd7e10922f3e06e5)

5 months agohev-socks5-server: update to 2.6.6
Ray Wang [Mon, 3 Jun 2024 05:32:43 +0000 (13:32 +0800)]
hev-socks5-server: update to 2.6.6

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit c6777c6ecc2a5097d3ef12b142c1d330f226cbf4)

5 months agoMerge pull request #24317 from p-w-p/xray-core_update
Tianling Shen [Tue, 4 Jun 2024 08:46:10 +0000 (16:46 +0800)]
Merge pull request #24317 from p-w-p/xray-core_update

[23.05] xray-core: update to 1.8.13

5 months agoxray-core: update to 1.8.13 24317/head
Tianling Shen [Fri, 24 May 2024 14:06:09 +0000 (22:06 +0800)]
xray-core: update to 1.8.13

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6a9b65119d95ebddd5875135ffaca1fc77a28e5f)

5 months agonode: bump to v18.20.3
Hirokazu MORIKAWA [Mon, 3 Jun 2024 04:25:01 +0000 (13:25 +0900)]
node: bump to v18.20.3

Notable changes
This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.
A fix has also been included for compiling Node.js from source with newer versions of Clang.
The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies
* acorn updated to 8.11.3.
* acorn-walk updated to 8.3.2.
* ada updated to 2.7.8.
* c-ares updated to 1.28.1.
* corepack updated to 0.28.0.
* nghttp2 updated to 1.61.0.
* ngtcp2 updated to 1.3.0.
* npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
* simdutf updated to 5.2.4.
* zlib updated to 1.3.0.1-motley-7d77fb7.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
5 months agosing-box: update to 1.9.0
Anya Lin [Thu, 30 May 2024 06:16:46 +0000 (14:16 +0800)]
sing-box: update to 1.9.0

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 087fe17bf746fa1edc6f452c02ac05d75fa93daf)

5 months agobanip: update 0.9.6-3
Dirk Brenken [Sat, 1 Jun 2024 14:06:59 +0000 (16:06 +0200)]
banip: update 0.9.6-3

* fixed concurrent, too high nft loads during feed processing (seen in LuCI frontend)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3584187f69f954e0e70dc86ffcf7d46d0df37452)

6 months agoapache: add compile fix for libxml-2.12.x
Michael Heimpold [Sun, 17 Dec 2023 13:25:51 +0000 (14:25 +0100)]
apache: add compile fix for libxml-2.12.x

libxml2 restructured includes, thus another include is now required
otherwise build fails.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 7009c6be73cdb1535c4e13bd86bbccb623cade87)

6 months agobanip: update 0.9.6-2
Dirk Brenken [Thu, 30 May 2024 19:36:33 +0000 (21:36 +0200)]
banip: update 0.9.6-2

* fix regex for nixspam and sslbl feed
* list the pre-routing limits in the banIP status
* small fixes and log improvements

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 27e86ef42e832545a9a66d479c4bbd99afaab5c5)

6 months agoxfrpc: update to 3.05.661
Dengfeng Liu [Mon, 27 May 2024 11:03:39 +0000 (19:03 +0800)]
xfrpc: update to 3.05.661

This version is compatible with FRPS 0.58.0

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit d5c22612a90e9a0fd09d4307e567240562a10287)

6 months agoxfrpc: Revised the config file and adjusted the corresponding init file
Dengfeng Liu [Mon, 27 May 2024 11:01:22 +0000 (19:01 +0800)]
xfrpc: Revised the config file and adjusted the corresponding init file

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit e39af317532bd67580e6d12d4b4c9590cafa574e)

6 months agoocserv: use a more neutral character for sed
Nikos Mavrogiannopoulos [Sun, 26 May 2024 15:35:05 +0000 (17:35 +0200)]
ocserv: use a more neutral character for sed

This resolves a startup issue.

Resolves: #24203

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agonextdns: Update to version 1.43.5
Olivier Poitrey [Fri, 24 May 2024 11:36:01 +0000 (11:36 +0000)]
nextdns: Update to version 1.43.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agosing-box: update to 1.8.14
Van Waholtz [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: update to 1.8.14

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 2b7369c323ac232ccb39f0321c5b86053a29b263)

6 months agodnsdist: update to 1.9.4
Peter van Dijk [Mon, 13 May 2024 11:50:23 +0000 (13:50 +0200)]
dnsdist: update to 1.9.4

fixes CVE-2024-25581

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
6 months agohaproxy: update to v2.8.9
Christian Lachner [Sun, 19 May 2024 08:35:41 +0000 (10:35 +0200)]
haproxy: update to v2.8.9

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>
6 months agobanip: release 0.9.6-1
Dirk Brenken [Sat, 18 May 2024 06:29:34 +0000 (08:29 +0200)]
banip: release 0.9.6-1

* refine IPv4 parsing, skip rough feed entries like loopback addresses
* better error logging during banIP nftables initialization and Set loading
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ccca9c832540d9eea78d5a438c14142f8e087735)

6 months agoopenconnect: introduced URI parameter
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:18:44 +0000 (21:18 +0200)]
openconnect: introduced URI parameter

This allows specifying a camouflage string in ocserv.

Fixes: #23364
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agoopenconnect: backport fix for anyconnect compatibility
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:00:31 +0000 (21:00 +0200)]
openconnect: backport fix for anyconnect compatibility

Fixes: #21135
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agogptfdisk: update to 1.0.10
krant [Thu, 11 Apr 2024 19:27:13 +0000 (22:27 +0300)]
gptfdisk: update to 1.0.10

- Delete upstreamed patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit ad6344d0455038e374f57a7fb15d3d1ace8d889b)

6 months agogolang: Update to 1.21.10
Tianling Shen [Sat, 11 May 2024 05:49:37 +0000 (13:49 +0800)]
golang: Update to 1.21.10

go1.21.10 (released 2024-05-07) includes security fixes to the go
command, as well as bug fixes to the net/http package.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 months agoMerge pull request #24139 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Mon, 13 May 2024 23:03:32 +0000 (16:03 -0700)]
Merge pull request #24139 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: update to 1.1.2-1

6 months agopdns-recursor: update to 4.8.8
Peter van Dijk [Tue, 30 Apr 2024 13:47:26 +0000 (15:47 +0200)]
pdns-recursor: update to 4.8.8

fixes CVE-2024-25583; also includes changes from 4.8.7 that
fix regressions introduced with the security fixes in 4.8.6

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
6 months agoadblock-fast: update to 1.1.2-1 24139/head
Stan Grishin [Mon, 13 May 2024 04:30:55 +0000 (04:30 +0000)]
adblock-fast: update to 1.1.2-1

* move extra_command and EXTRA_HELP to the top of the init file
* add packageCompat variable for compatibility check with WebUI
* add OutputFilter variables for supported resolvers
* simplify adb_check with the use of OutputFilter variables
* add show_blocklist command to display currently blocked domains

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit fb151d5b8269f458cd54b75975d6a63ad8401b35)

6 months agoocserv: updated to 1.3.0
Nikos Mavrogiannopoulos [Mon, 6 May 2024 06:30:19 +0000 (08:30 +0200)]
ocserv: updated to 1.3.0

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
6 months agobanip: update 0.9.5-5
Dirk Brenken [Sun, 5 May 2024 19:57:28 +0000 (21:57 +0200)]
banip: update 0.9.5-5

* fix a processing race condition
* it's now possible to disable the icmp/syn/udp safeguards in pre-routing - set the threshold to '0'.

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 083554094b169ad79ce4d4054e227f0829722de7)

6 months agodocker: Update to 26.1.0
Gerard Ryan [Wed, 1 May 2024 11:51:07 +0000 (21:51 +1000)]
docker: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agodockerd: Update to 26.1.0
Gerard Ryan [Wed, 1 May 2024 11:50:47 +0000 (21:50 +1000)]
dockerd: Update to 26.1.0
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agocontainerd: Update to 1.7.15
Gerard Ryan [Wed, 1 May 2024 11:50:08 +0000 (21:50 +1000)]
containerd: Update to 1.7.15
* Explicitly list GO_PKG_INSTALL_EXTRA
* Removed unnecessary GO lang variables

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
6 months agouspot: update to Git HEAD (2024-05-03)
Thibaut VARÈNE [Sat, 4 May 2024 08:55:42 +0000 (10:55 +0200)]
uspot: update to Git HEAD (2024-05-03)

5e2d15a110bb treewide: remove tip_mode
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
ef0f5291365b uspot/uspotfilter: implement disconnect_delay
92d3356d3fb3 update README

Update the package Makefile to reflect the changes from the following
above-listed commit:

e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter

(cherry picked from commit 5181ce4a483711791329a13e07d29f9321d85178)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
6 months agoxray-core: Update to 1.8.11
Tianling Shen [Fri, 3 May 2024 05:42:35 +0000 (13:42 +0800)]
xray-core: Update to 1.8.11

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0db33e866b108b9d0768f6b9f488c2d99c2363bf)
[added a patch to fix build with go 1.21]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 months agoxray-core: Update to 1.8.10
Tianling Shen [Mon, 1 Apr 2024 07:59:40 +0000 (15:59 +0800)]
xray-core: Update to 1.8.10

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1b59556d06059cc87945ad52bdbccbfc06f93d9e)

6 months agoxray-core: Update to 1.8.9
Tianling Shen [Thu, 21 Mar 2024 07:02:50 +0000 (15:02 +0800)]
xray-core: Update to 1.8.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 09c4a4b1bab44a4d15a38907e4c48a9a09bb916d)

6 months agov2ray-core: Update to 5.16.0
Tianling Shen [Fri, 3 May 2024 05:54:50 +0000 (13:54 +0800)]
v2ray-core: Update to 5.16.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c0608d93befc062e33fb7dc2adbb70abe262c8cf)

6 months agov2ray-geodata: Update to latest version
Tianling Shen [Fri, 3 May 2024 05:42:40 +0000 (13:42 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3f7a3e4edfcd5c37abd68fdc19b25e7795589345)

6 months agoacme-acmesh: use validation_method option instead of guessing
Sergey Ponomarev [Wed, 28 Feb 2024 20:13:47 +0000 (22:13 +0200)]
acme-acmesh: use validation_method option instead of guessing

The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot

The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
6 months agohev-socks5-server: add new package
Ray Wang [Thu, 25 Apr 2024 13:36:14 +0000 (21:36 +0800)]
hev-socks5-server: add new package

HevSocks5Server is a high-performance socks5 server for Unix.

More details: https://github.com/heiher/hev-socks5-server

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 8d36908aead7a37416ff4ac74d7c6ff59ded505e)

6 months agonano: update to 8.0
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0

Update nano editor to version 8.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 69166dbbb709625a848f327c9822c667db39744f)

6 months agobanip: update 0.9.5-4
Dirk Brenken [Wed, 1 May 2024 13:02:44 +0000 (15:02 +0200)]
banip: update 0.9.5-4

* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4d7c38c7708110cb1d0290f50ef48129192dd76a)

6 months agonextdns: Update to version 1.43.3
Olivier Poitrey [Mon, 29 Apr 2024 21:54:23 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
7 months agodnsproxy: add three new features
Emily H. [Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)]
dnsproxy: add three new features

This commit adds the following features:
1. UCI support for local DNS over HTTPS/TLS/QUIC server.
2. UCI support for using private reverse DNS.
3. procd jail with CAP_NET_BIND_SERVICE, allowing
   dnsproxy to serve on standard ports directly.

Signed-off-by: Emily H. <battery_tag708@simplelogin.com>
(cherry picked from commit 5df794e34303ed2d1832c0626291ad392a228e8c)

7 months agomsmtp: update to version 1.8.25
Josef Schlehofer [Fri, 26 Apr 2024 13:35:52 +0000 (15:35 +0200)]
msmtp: update to version 1.8.25

Release notes:
https://marlam.de/msmtp/news/msmtp-1-8-25/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 490866d752b41bc90661b10d2c9c41884575bf8b)

7 months agotransmission: update to version 4.0.5
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5

Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 19a424aede70ddaedb1153144216db6423fa09e2)

7 months agosing-box: update to 1.8.12
Van Waholtz [Mon, 29 Apr 2024 09:08:50 +0000 (17:08 +0800)]
sing-box: update to 1.8.12

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit 3fefdbf34bbe2601fcd677fd887e4156214b37ac)

7 months agoMerge pull request #24023 from rs/nextdns-1.43.0-openwrt-23.05
Stan Grishin [Mon, 29 Apr 2024 00:33:38 +0000 (17:33 -0700)]
Merge pull request #24023 from rs/nextdns-1.43.0-openwrt-23.05

[23.05] nextdns: Update to version 1.43.0

7 months agonextdns: Update to version 1.43.0 24023/head
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
7 months agolibndpi: backport patch for PCRE2 support
Christian Marangi [Wed, 1 Nov 2023 00:43:36 +0000 (01:43 +0100)]
libndpi: backport patch for PCRE2 support

Backport patch for PCRE2 support as PCRE is EOL and won't receive any
support updates anymore.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit baa0d5127062929fd26671adb5388f9b30b61a36)

7 months agoopenssh: bump to 9.7p1
John Audia [Tue, 12 Mar 2024 12:13:02 +0000 (08:13 -0400)]
openssh: bump to 9.7p1

Release notes: https://www.openssh.com/txt/release-9.7

Removed upstreamed patch: 010-better_fzero-call-detection.patch

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 6be0617c00bdf5e9309ad3738d09fe498cb9fb0a)

7 months agolibrespeed-go: improve the description
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description

This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.

Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
(cherry picked from commit 06ea66c55866aa409ab567a593a22bd24e727f04)

7 months agolibrespeed-go: Reload the daemon after modifying the tls certificate
Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate

Make the daemon reload after the tls certificate is updated

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit fd1d506fff9462b3329585bdd148a6fd78cbd27a)

7 months agov2ray-core: Update to 5.15.3
Tianling Shen [Mon, 22 Apr 2024 07:26:22 +0000 (15:26 +0800)]
v2ray-core: Update to 5.15.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ebed42fcb0e7e9bffee3c47b93244494377595ee)

7 months agobanip: update 0.9.5-3
Dirk Brenken [Fri, 26 Apr 2024 15:03:14 +0000 (17:03 +0200)]
banip: update 0.9.5-3

* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2c6d5adac049a55ca067255da90dc938b5604249)

7 months agobanip: update 0.9.5-2
Dirk Brenken [Sun, 21 Apr 2024 19:57:17 +0000 (21:57 +0200)]
banip: update 0.9.5-2

* fixed possible Set search race condition (initiated from LuCI frontend)
* fixed the "no result" Set search problem in LuCI
* removed abandoned feeds: spamhaus edrop (was merged with spamhaus drop)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ad755e0c4ddb63f8b8ed2204043ce750a4d4b928)

7 months agobanip: release 0.9.5-1
Dirk Brenken [Fri, 19 Apr 2024 20:09:29 +0000 (22:09 +0200)]
banip: release 0.9.5-1

* added a DDoS protection rules in a new pre-routing chain to prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets, flood tresholds are configured via 'ban_icmplimit' (default 10/s), 'ban_synlimit' (default 10/s) and 'ban_udplimit' (default 100/s)
* the new pre-routing rules are tracked via named nft counters and are part of the standard reporting, set 'ban_logprerouting' accordingly
* block countries dynamically by Regional Internet Registry (RIR)/regions, e.g. all countries related to ARIN. Supported service regions are: AFRINIC, ARIN, APNIC, LACNIC and RIPE, set 'ban_region' accordingly
* it's now possible to always allow certain protocols/destination ports in wan-input and wan-forward chains, set 'ban_allowflag' accordingly - e.g. ' tcp 80 443-445'
* filter/convert possible windows line endings of external feeds during processing
* the cpu core autodetection is now limited to max. 16 cores in parallel, set 'ban_cores' manually to overrule this limitation
* set the default nft priority to -100 for banIP input/forward chains (pre-routing is set to -150)
* update readme
* a couple of bugfixes & performance improvements
* removed abandoned feeds: darklist, ipblackhole
* added new feeds: becyber, ipsum, pallebone, debl (changed URL)
* requires a LuCI frontend update as well (separate PR/commit)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit fa80fefe22d0c7ca1c1e34deb52683b54af1ed17)

7 months agosyslog-ng: update to version 4.7.1
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1

Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1

Also bump version in the config file to avoid warning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)

7 months agoCI: remove CircleCI for now
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now

The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 26c101edc3e918be4fbfe76b3514d1c8398f7d31)

7 months agoMerge pull request #24014 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Thu, 25 Apr 2024 22:09:43 +0000 (15:09 -0700)]
Merge pull request #24014 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: bugfix: unbound-related fixes

7 months agoadblock-fast: bugfix: unbound-related fixes 24014/head
Stan Grishin [Sun, 21 Apr 2024 14:06:52 +0000 (14:06 +0000)]
adblock-fast: bugfix: unbound-related fixes

* include `server:` directive at the top of unbound file
* update unbound-related outputGzip variable to include full path
* return always_nxdomain for blocked domains
* also update copyright stamp/license

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 474587a1f44db8b66caca8bdde9c2dd64b480638)

7 months agoMerge pull request #24006 from stangri/openwrt-23.05-nebula
Stan Grishin [Thu, 25 Apr 2024 21:33:12 +0000 (14:33 -0700)]
Merge pull request #24006 from stangri/openwrt-23.05-nebula

[23.05] nebula: Use APK style release number

7 months agonebula: Use APK style release number 24006/head
Sean Khan [Fri, 12 Apr 2024 16:09:59 +0000 (12:09 -0400)]
nebula: Use APK style release number

Maintainer: Stan Grishin <stangri@melmac.ca>

Run tested: aarch64, Dynalink DL-WRX36, Master Branch

Signed-off-by: Sean Khan <datapronix@protonmail.com>
(cherry picked from commit 3cbb7474c3fad4b01f8ee065b1c045c4b7fb523f)