Andreas Gnau [Fri, 5 Jul 2024 12:02:08 +0000 (14:02 +0200)]
mxml: Add PKG_CPE_ID
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Sean Khan [Fri, 5 Jul 2024 11:42:45 +0000 (07:42 -0400)]
openssh: fix incompatible ptr type error GCC 14.1
The `ssh_systemd_notify` function is causing compilation errors
when built against GCC 14.1. This is due to an incompatible pointer
type being passed to the connect function.
The connect function expects a pointer to `struct sockaddr`, but
was receiving a pointer to `struct sockaddr_un`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Yegor Yefremov [Thu, 4 Jul 2024 05:35:44 +0000 (07:35 +0200)]
libs/glib2: remove pcre2 fallback workaround
pcre2 can now be properly linked statically. Hence, remove both
the patch and -Dforce_fallback_for=libpcre2-8 option.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Yegor Yefremov [Tue, 2 Jul 2024 12:55:20 +0000 (14:55 +0200)]
libs/glib2: remove the upstream patch
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Yegor Yefremov [Tue, 2 Jul 2024 12:50:36 +0000 (14:50 +0200)]
libs/glib2: remove the deprecated option force_posix_threads
Resolves the following warning:
glib-2.80.3/meson.build:2053:
WARNING: DEPRECATION: Option 'force_posix_threads' is deprecated and
will be removed after GLib 2.72; please file an issue with your use case
if you still require it
For more information, see the following merge request:
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2474
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Jonas Jelonek [Wed, 3 Jul 2024 22:14:02 +0000 (00:14 +0200)]
eza: update to 0.18.21
Release notes:
0.18.19: https://github.com/eza-community/eza/releases/tag/v0.18.19
0.18.20: https://github.com/eza-community/eza/releases/tag/v0.18.20
0.18.21: https://github.com/eza-community/eza/releases/tag/v0.18.21
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Jonas Jelonek [Wed, 3 Jul 2024 22:12:58 +0000 (00:12 +0200)]
croc: update to 10.0.9
Release notes:
https://github.com/schollz/croc/releases/tag/v10.0.9
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Wesley Gimenes [Wed, 3 Jul 2024 03:41:45 +0000 (00:41 -0300)]
netbird: update to 0.28.3
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Milinda Brantini [Wed, 3 Jul 2024 12:51:40 +0000 (20:51 +0800)]
tailscale: Update to 1.68.2
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Clemens Hopfer [Tue, 2 Jul 2024 20:49:02 +0000 (22:49 +0200)]
openvpn: fix startup with script-security lower than 2
External scripts may only be specified with script-security 2 or higher,
otherwise OpenVPN fails at tunnel startup with an error.
This changes the previously hardcoded hotplug scripts to only be added if
script-security is 2 or higher is used.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Robert Marko [Wed, 3 Jul 2024 11:43:16 +0000 (13:43 +0200)]
utils: lpac: fix passing CMAKE options
Turns out that having a comment for QMI over QRTR in the CMAKE_OPTIONS will
drop anything after it, so lets move the comment above CMAKE_OPTIONS.
Fixes: 34f9d96b4cc3 ("lpac: make APDU backends configurable")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Lu jicong [Wed, 3 Jul 2024 11:51:28 +0000 (19:51 +0800)]
rust: select correct architecture for armv5
Currently, armv5 and armv6 targets are both using armv6 rustc.
Without this patch, rust programs in armv5 targets throw illegal instruction
error.
Signed-off-by: Lu jicong <jiconglu58@gmail.com>
Tianling Shen [Wed, 3 Jul 2024 18:06:49 +0000 (02:06 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Daniel Golle [Sun, 16 Jun 2024 11:35:36 +0000 (12:35 +0100)]
i2csfp: add package
Add i2csfp utility which comes handy when dealing with some SFP modules.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 5 Jun 2024 02:44:09 +0000 (03:44 +0100)]
postgresql: update to version 16.3
Switch to new major version 16.
Use meson to build for target, however, old autotools-style configure is
needed to clean the source directory before being able to run meson, and
host build of the timezone compiler ('zic') also still requires using the
old build system.
See also https://www.postgresql.org/docs/16/release-16.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Robert Marko [Tue, 2 Jul 2024 16:15:02 +0000 (18:15 +0200)]
lpac: make APDU backends configurable
Currently, lpac will be built with the PCSC and AT APDU backends by default
and its not configurable in OpenWrt.
Since smart card reads are not really common on OpenWrt devices lets
disable PCSC backend by default so we dont have to include PCSC lib and
daemon by default.
AT backend is left enabled by default since it has no external dependecies
and all modems have it.
QMI over QRTR backend is not selectable even though it is part of the 2.0.2
relase since it requires unstable libqmi 1.35.4 or newer and we are still
using 1.34 stable branch.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Tianling Shen [Tue, 2 Jul 2024 11:14:48 +0000 (19:14 +0800)]
miniupnpc: Update to 2.2.8
Updated binary path, rebased patches.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Tue, 2 Jul 2024 11:07:30 +0000 (19:07 +0800)]
libnatpmp: Update to
20230423
Rebased patches.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
John Audia [Mon, 1 Jul 2024 10:20:33 +0000 (06:20 -0400)]
openssh: bump to 9.8p1
Release notes: https://www.openssh.com/txt/release-9.8
* 9.8p1 fixes CVE-2024-6387
* Adjusted Makefile to provide /usr/lib/sshd-session
* Given the troubles with -fzero-call-used-regs and all the
broken checks, makes sense to skip it
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Yegor Yefremov [Mon, 15 Apr 2024 11:39:20 +0000 (13:39 +0200)]
libs/glib2: update to 2.80.3
Explicitly disable gobject introspection option.
Set runtime_dir to /var/run as current glib2 version sets this option
to /run by default.
Add a patch removing the Python packaging module dependency.
Refresh patches.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Eric Fahlgren [Mon, 1 Jul 2024 23:45:02 +0000 (16:45 -0700)]
owut: update to 2024.07.01
- bugs
https://github.com/efahl/owut/commit/
1ed0c8d6c61988b400d963ba2a5efb857d3efdf6 partial fix for 'what-provides'
https://github.com/efahl/owut/commit/
189b27210ff32ac0a75c92fb0501d6674786d0fb bad sutype
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Tianling Shen [Tue, 2 Jul 2024 11:01:09 +0000 (19:01 +0800)]
Merge pull request #24497 from p-w-p/patch-5
docker: Update to 27.0.3
Milinda Brantini [Tue, 2 Jul 2024 07:26:38 +0000 (15:26 +0800)]
dockerd: Update to 27.0.3
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Milinda Brantini [Tue, 2 Jul 2024 07:25:31 +0000 (15:25 +0800)]
docker: Update to 27.0.3
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Robert Marko [Sun, 30 Jun 2024 19:35:31 +0000 (21:35 +0200)]
lpac: update to 2.0.2
Release notes:
https://github.com/estkme-group/lpac/releases/tag/v2.0.2
Signed-off-by: Robert Marko <robimarko@gmail.com>
Dirk Brenken [Sun, 30 Jun 2024 17:30:11 +0000 (19:30 +0200)]
adblock: update 4.1.5-11
* removed an accidentally commited flag of the upcoming adblock 5.x, this fixes a startup regression without trigger interface
Signed-off-by: Dirk Brenken <dev@brenken.org>
Nikos Mavrogiannopoulos [Sun, 30 Jun 2024 07:15:54 +0000 (09:15 +0200)]
Merge pull request #24488 from neheb/k
p11-kit: update to 0.25.3
Rosen Penev [Mon, 24 Jun 2024 21:42:36 +0000 (14:42 -0700)]
apinger: fix time_t format
Needs to be 64-bit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 26 Jun 2024 22:16:56 +0000 (15:16 -0700)]
libtalloc: update to 2.42
Refresh patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sat, 29 Jun 2024 21:21:42 +0000 (14:21 -0700)]
unixobdc: fix compilation with GCC14 again
Use upstream backport.
Remove autoreconf for speed. Nothing is being patched anyway.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Fri, 28 Jun 2024 20:03:50 +0000 (13:03 -0700)]
p11-kit: update to 0.25.3
Upstream backport fixing 32-bit -Wformat warning.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 10 Jun 2024 01:25:50 +0000 (18:25 -0700)]
xmlrpc-c: update to 1.59.03
Add nls.mk as libxml2 needs it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Goetz Goerisch [Fri, 28 Jun 2024 07:29:01 +0000 (09:29 +0200)]
jool: update to 4.1.12
Update jool to 4.1.12
Changelog: https://github.com/NICMx/Jool/releases/tag/v4.1.12
Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
John Audia [Fri, 28 Jun 2024 20:23:48 +0000 (16:23 -0400)]
lxc: update to 6.0.1
Changelog: https://discuss.linuxcontainers.org/t/lxc-6-0-lts-has-been-released/19567
Required libdbus as a depends for liblxc. I verified that both
lxc-create and lxc-checkconfig work with the rebases to the
following patches but do please review:
020-lxc-checkconfig.patch
025-remove-unsupported-option.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Rosen Penev [Wed, 26 Jun 2024 22:15:51 +0000 (15:15 -0700)]
hwinfo: remove uuid hacks
util-linux uuid is used now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 24 Jun 2024 05:17:27 +0000 (22:17 -0700)]
sumo: update to 1.16.0
Add patch for GCC14.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tianling Shen [Fri, 28 Jun 2024 10:08:24 +0000 (18:08 +0800)]
alist: Update to 3.35.0
Add GO_PKG_EXCLUDES to fix build on non-64bit (arm64/amd64) system.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Milinda Brantini [Fri, 28 Jun 2024 07:12:24 +0000 (15:12 +0800)]
dnsproxy: Update to 0.71.2
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Milinda Brantini [Fri, 28 Jun 2024 06:03:15 +0000 (14:03 +0800)]
docker: Update to 27.0.2
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Milinda Brantini [Fri, 28 Jun 2024 06:02:35 +0000 (14:02 +0800)]
runc: Update to 1.1.13
This is the thirteenth patch release in the 1.1.z release branch of runc.
Itbrings in Go 1.22.x compatibility and fixes a few issues,
including anoccasional wrong nofile rlimit in runc exec,
and a race between runc list and runc delete.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Milinda Brantini [Thu, 27 Jun 2024 13:18:59 +0000 (21:18 +0800)]
dockerd: Update to 27.0.2
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Fabian Lipken [Thu, 27 Jun 2024 18:10:24 +0000 (20:10 +0200)]
fx: update to 35.0.0
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Tianling Shen [Thu, 27 Jun 2024 18:06:43 +0000 (02:06 +0800)]
Merge pull request #24468 from ne20002/master-crowdsec
Update crowdsec to latest upstream release version 1.6.2
Jan Hák [Wed, 26 Jun 2024 08:50:00 +0000 (10:50 +0200)]
knot: update to version 3.3.7
Signed-off-by: Jan Hák <jan.hak@nic.cz>
S. Brusch [Thu, 27 Jun 2024 10:58:15 +0000 (12:58 +0200)]
crowdsec: Update to latest upstream release version 1.6.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested: with manual install on different partition tested
Description: update to latest version of upstream
Dirk Brenken [Thu, 27 Jun 2024 05:47:10 +0000 (07:47 +0200)]
adblock: update 4.1.5-10
* made the DNS Reporting / tcpdump parsing code more capable
* small init fixes
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Esaaprilia Salsabila [Tue, 25 Jun 2024 16:10:01 +0000 (17:10 +0100)]
freeradius3: add PKG_BUILD_PARALLEL:=0
freeradius-3.2.4 had a build failure in the snapshoot release but it builds successfully when doing a pull request
https://downloads.openwrt.org/snapshots/faillogs/aarch64_generic/packages/freeradius3/compile.txt
https://github.com/openwrt/packages/pull/24417
as a solution we need to add
PKG_BUILD_PARALLEL:=0
to prevent freeradius3 from doing the build in parallel
Signed-off-by: Esaaprilia Salsabila <esaapriliasalsabila@gmail.com>
Daniel Golle [Tue, 25 Jun 2024 16:10:01 +0000 (17:10 +0100)]
auc: remove package
With 'owut' there is now a much better alternative available.
Retire and remove 'auc' in favor of 'owut'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Eric Fahlgren [Wed, 14 Feb 2024 15:14:31 +0000 (07:14 -0800)]
snort3: improve date filtering in report
- Take advantage of bug fix in jsonfilter to get rid of array hack, should
improve memory footprint quite a bit
- Implement substring matching in dates so you can collect data for a specific
day, hour or run bin reports for histograms
- Report title now contains specified date range, footer percentages
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Javier Marcet [Mon, 24 Jun 2024 14:38:39 +0000 (16:38 +0200)]
docker-compose: Update to version 2.28.1
Release notes:
https://github.com/docker/compose/releases/tag/v2.28.1
Signed-off-by: Javier Marcet <javier@marcet.info>
Eric Fahlgren [Mon, 24 Jun 2024 19:33:22 +0000 (12:33 -0700)]
owut: update to 2024.06.24
- fix up versioning in Makefile
- change package description doc link to wiki entry instead of github
- changes
https://github.com/efahl/owut/commit/
73b70e52e912527dc0e2b52e8723d930c519a116
https://github.com/efahl/owut/commit/
714c462cc8ee6bd683ffec9a488c706dd5ac755c
https://github.com/efahl/owut/commit/
1b222bdcb803d3a762eaedac93a91e05272ef56d
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Ryan Keane [Thu, 20 Jun 2024 21:16:27 +0000 (17:16 -0400)]
cloudflared: Fix incorrect uci config syntax
Fix incorrect uci config syntax, caused by a careless newbie contributer.
Modify function append_param_arg() in init script, to support hyphenated
arguments.
Add more command parameters as uci options, no value is set to keep it default.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Milinda Brantini [Mon, 24 Jun 2024 04:04:00 +0000 (12:04 +0800)]
dnslookup: Update to 1.11.1
Fixed unnecessary error when running with no arguments.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Self Hosting Group [Wed, 19 Jun 2024 00:00:00 +0000 (00:00 +0000)]
miniupnpd: Update package to 2.3.6
and change title to term used in LuCi
Signed-off-by: Self Hosting Group <155233284+Self-Hosting-Group@users.noreply.github.com>
Marius Dinu [Fri, 17 Nov 2023 11:59:45 +0000 (13:59 +0200)]
qrencode: add support for PNG output
Added menuconfig option to enable PNG output. Default=disabled.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
Peca Nesovanovic [Wed, 27 Mar 2024 14:33:32 +0000 (15:33 +0100)]
net-snmp: include ipv6 address & route mibs
description: Since IPv6 is present in everyday use, we need to include
information about IPv6 addresses & routes in SNMP
example:
IP-MIB::ipAddressOrigin.ipv6
IP-MIB::ipAddressOrigin[ipv6]["00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fd:00:00:09:02:55:00:00:00:00:00:00:00:00:01:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:00:09:ff:fe:06:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:02:09:ff:fe:00:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:ae:84:c6:ff:fe:25:8c:ce"] = linklayer
tested:
23.05-snapshot
master snapshot
with LibreNMS, OpenWRT device IPv6 Addresses & Routes are properly recognized
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
Martin Hübner [Sat, 23 Mar 2024 14:59:58 +0000 (15:59 +0100)]
gatling: Add procd files
This commit adds a uci configuration file and makes the gatling server
controllable by procd.
Co-authored-by: Moritz Warning <moritzwarning@web.de>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
Roland Osborne [Wed, 3 Apr 2024 18:58:17 +0000 (11:58 -0700)]
databag: add package
Signed-off-by: Roland Osborne <roland.osborne@gmail.com>
Chen Minqiang [Mon, 22 Apr 2024 11:48:14 +0000 (19:48 +0800)]
modemmanager: add sourcefilter option support
This make source based IPv6 routing option available for
modemmanager case dhcpv6
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Tony Ambardar [Tue, 30 Apr 2024 02:52:59 +0000 (19:52 -0700)]
speedtest-netperf: add idle latency measurement
Allow measuring ping latency and CPU details at idle as a baseline before
measuring under data transfer loading. This allows better determination of
Latency Under Load, a critical bufferbloat parameter. The CPU details can
also be used to verify idle conditions or examine CPU frequency against
ping variations and jitter.
Change the default test duration to 30 seconds, which is adequate for SQM
tuning while reducing bandwidth consumption for upstream netperf servers.
Change the default ping host from gstatic.com to one.one.one.one, which is
widely available and generally shows lower latency.
When warning of internal netperf errors, suggest running netperf directly
to view error details.
Other minor updates include:
- clear tmp file names for safety in case of traps
- simplify ping code, argument parsing and number validation
- fix cases of wrong protocol usage with hostname as ping target
- drop unneeded egrep usage
Also update README accordingly, with clearer usage text and terminology.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Daniel Kucera [Thu, 25 Apr 2024 06:47:29 +0000 (08:47 +0200)]
tinyproxy: fix upstream config generation
Signed-off-by: Daniel Kucera <daniel.kucera@gmail.com>
Erwan MAS [Sun, 23 Jun 2024 20:27:39 +0000 (16:27 -0400)]
tinc: fix regression bring by commit
fd61f2d
Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
Christopher Ng [Wed, 1 May 2024 12:10:35 +0000 (13:10 +0100)]
knot: fix EXTRA_DEPENDS for APK version schema
EXTRA_DEPENDS now requires an `r` before the `PKG_RELEASE` because of
https://github.com/openwrt/openwrt/commit/
e8725a932e16eaf6ec51add8c084d959cbe32ff2.
Fixes https://github.com/openwrt/packages/issues/23735
Signed-off-by: Christopher Ng <facboy@gmail.com>
Milinda Brantini [Sun, 23 Jun 2024 07:12:20 +0000 (15:12 +0800)]
dockerd: Update to 26.1.4
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Yanase Yuki [Wed, 5 Jun 2024 13:22:32 +0000 (22:22 +0900)]
zabbix: update to 7.0.0
License has been changed to AGPL-3.0-only
Signed-off-by: Yanase Yuki <dev@zpc.st>
Yanase Yuki [Wed, 5 Jun 2024 13:18:46 +0000 (22:18 +0900)]
zabbix: update to 6.4.15
Signed-off-by: Yanase Yuki <dev@zpc.st>
Yanase Yuki [Tue, 30 Apr 2024 03:26:03 +0000 (12:26 +0900)]
zabbix: update to 6.4.14
Signed-off-by: Yanase Yuki <dev@zpc.st>
Yanase Yuki [Wed, 27 Mar 2024 09:32:28 +0000 (18:32 +0900)]
zabbix: update to 6.4.13
Signed-off-by: Yanase Yuki <dev@zpc.st>
Yanase Yuki [Thu, 7 Mar 2024 08:23:55 +0000 (17:23 +0900)]
zabbix: update to 6.4.12
Signed-off-by: Yanase Yuki <dev@zpc.st>
Yanase Yuki [Thu, 7 Mar 2024 08:15:22 +0000 (17:15 +0900)]
zabbix: zabbix-agentd: depend on libevent2-pthreads
zabbix-agentd requires libevent2-pthreads to build
correctly, so add it to DEPENDS.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Sean Khan [Wed, 5 Jun 2024 03:20:14 +0000 (23:20 -0400)]
nginx-util: Rework ptr cleanup and error handling
As per @Ansuel's not about ctx cleanup in error path, decided to rework
the patch.
Changes and Improvements:
Smart Pointers for Memory Management:
* The `EVP_PKEY_ptr` and `X509_NAME_ptr` smart pointers
are used to manage the memory of `EVP_PKEY` and `X509_NAME`
objects respectively to ensure proper cleanup.
Error Handling:
* Improved error messages and exception handling to provide
more information about what went wrong.
Resource Cleanup:
* Ensured all allocated resources are now properly freed
in case of an error to prevent memory leaks.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Sean Khan [Mon, 15 Apr 2024 00:07:30 +0000 (20:07 -0400)]
nginx-util: fix deprecated openssl 3.0 functions
Since upstream openwrt has been using openssl 3.0 for quite some time,
figured we could clean up some of the legacy code.
This PR updates the code for EC/RSA key generation.
nginx-util currently only generates 'ecc' keys, even though the
framework is there for rsa as well.
In order properly test the changes, I created two binaries:
'nginx-util-ssl' (generates ec keys)
'nginx-util-ssl-rsa' (generates rsa keys)
where I would change line:455 in `src/nginx-ssl-util.hpp`
`auto pkey = gen_eckey(NID_secp384r1)` to `auto pkey = gen_rsakey(2048)`
Example with UCI config
```
config server '_rsa'
list listen '443 ssl default_server'
list listen '[::]:443 ssl default_server'
option server_name '_rsa'
list include 'restrict_locally'
list include 'conf.d/*.locations'
option uci_manage_ssl 'self-signed'
option key_type 'rsa'
option ssl_certificate '/etc/nginx/conf.d/_rsa.crt'
option ssl_certificate_key '/etc/nginx/conf.d/_rsa.key'
option ssl_session_cache 'shared:SSL:32k'
option ssl_session_timeout '64m'
option access_log 'off; # logd openwrt'
```
➤ /opt/bin/nginx-ssl-util-rsa add_ssl _rsa
Adding SSL directives to UCI server: nginx._rsa
uci_manage_ssl='self-signed'
Created self-signed SSL certificate '/etc/nginx/conf.d/_rsa.crt' with key '/etc/nginx/conf.d/_rsa.key'.
[04/14/24 18:37:15](K-6.6.27)
root@WRX36 ~
➤ openssl x509 -in /etc/nginx/conf.d/_rsa.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:55:a6:cd:52:25:31:fd:3c:78:66:24:82:5f:bb:b6:a6:fe:8f:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrtBF399B64ACF71BC3
Validity
Not Before: Apr 14 22:37:15 2024 GMT
Not After : Jul 16 22:37:15 2027 GMT
Subject: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrtBF399B64ACF71BC3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ac:52:71:af:25:e9:05:0a:a5:d7:86:d3:8d:0b:
66:e0:09:cf:2a:cd:a1:63:57:36:46:61:04:16:fe:
94:84:d0:20:ab:01:15:55:aa:a1:89:c2:85:a9:84:
47:ba:84:d7:1f:a9:0c:c0:f0:67:2f:81:1d:1b:3b:
31:d5:94:6e:a0:f0:e6:ec:26:91:4a:e2:fd:58:4c:
ac:b5:9e:a1:cd:7d:91:51:29:81:1d:3e:4a:d9:d1:
d5:f1:2f:34:2f:ca:95:dc:42:d5:c4:d3:d6:b2:91:
d5:19:61:a2:b5:b1:90:f0:83:88:ef:92:c9:bf:a4:
59:a9:d6:00:6f:1c:0d:70:16:40:cc:cb:c0:de:c4:
8f:00:83:a3:2f:77:ca:18:cd:7b:d4:77:96:47:78:
1b:c1:ff:08:86:93:79:91:8f:a7:95:71:46:06:69:
fc:cc:65:64:e7:99:11:cc:82:bb:39:6b:12:27:73:
0e:d1:e7:65:51:9e:ad:dc:b3:ff:3f:ba:b0:72:4f:
22:ad:7e:41:bb:3c:c7:80:30:81:5f:8b:32:f4:7f:
22:48:3f:3d:a9:eb:28:27:12:db:a9:63:c9:7e:e2:
ed:36:de:e7:68:31:4e:9c:c0:36:e8:f2:d9:3f:50:
09:50:a3:e8:7a:03:00:4f:8d:e1:10:eb:a1:87:44:
be:23
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
06:7d:84:00:ac:8f:8b:a6:b6:b7:b5:ed:ee:7f:61:76:6d:ee:
11:53:f6:d1:f8:95:ad:6c:d7:d0:3e:01:ac:bb:d7:7a:8d:59:
80:ec:ba:b2:7b:78:5c:4f:5e:3f:f1:74:ad:d9:8c:a2:6b:08:
9c:bf:b1:42:fd:8d:a6:35:48:4d:a7:2d:92:c9:45:66:77:32:
a4:e0:ea:eb:e0:4a:42:f5:dd:ea:a2:c0:0a:66:5a:32:03:1d:
e7:87:3a:7f:1e:00:ed:d0:21:01:d5:f9:e2:b1:e6:b7:cb:1c:
67:11:de:69:7f:a2:ce:d0:fc:2d:f2:6c:33:84:4c:3d:f4:f6:
60:6b:2e:31:b7:0c:41:2c:73:31:7e:94:19:a2:2b:6a:56:3f:
07:37:71:97:28:58:91:63:b2:58:97:b2:aa:1e:d5:d9:6d:af:
6f:a0:02:e0:06:39:b0:c9:f5:50:41:b5:58:41:6a:30:72:89:
9a:67:7e:a1:7a:a5:02:b9:2a:f3:f8:93:4f:59:6e:b1:27:54:
86:d1:ec:96:7a:dd:d1:44:6b:1e:3b:17:cf:15:64:ad:83:6b:
63:20:2d:42:c3:28:68:14:de:12:4e:8a:c3:f3:10:c8:4b:4f:
c7:d8:2b:a8:45:fb:3a:bd:9d:bd:08:71:08:09:ed:ea:9b:b9:
3b:33:a6:a6
[04/14/24 18:37:27](K-6.6.27)
root@WRX36 ~
➤ /opt/bin/nginx-ssl-util add_ssl _ec
Adding SSL directives to UCI server: nginx._ec
uci_manage_ssl='self-signed'
Created self-signed SSL certificate '/etc/nginx/conf.d/_ec.crt' with key '/etc/nginx/conf.d/_ec.key'.
[04/14/24 18:37:43](K-6.6.27)
root@WRX36 ~
➤ openssl x509 -in /etc/nginx/conf.d/_ec.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:32:fe:07:09:79:d1:40:d7:43:2e:45:3d:98:4a:77:65:d0:29:41
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrt2EDD40F41960C8C1
Validity
Not Before: Apr 14 22:37:43 2024 GMT
Not After : Jul 16 22:37:43 2027 GMT
Subject: C = ZZ, ST = Somewhere, L = None, CN = OpenWrt, O = OpenWrt2EDD40F41960C8C1
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (384 bit)
pub:
04:97:d2:b2:f0:c9:60:60:89:7e:ea:6f:48:1c:90:
8e:6d:1d:d8:58:46:8c:de:e9:50:e2:74:ea:d8:dd:
8c:d9:ed:f4:4c:b7:41:95:55:98:38:5a:9e:66:83:
b9:7c:79:71:9b:ec:18:ed:d9:09:3c:f7:64:32:ae:
59:ad:92:de:d7:c4:15:2e:e5:89:65:f4:29:8a:62:
a0:85:21:95:22:3a:38:e3:11:e6:f2:01:f6:50:62:
01:ed:68:0d:d0:0c:d4
ASN1 OID: secp384r1
NIST CURVE: P-384
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:65:02:30:78:af:d1:4f:57:b1:97:2b:87:aa:7f:a2:26:39:
19:30:5c:4f:9c:f0:d7:ee:24:8e:a2:39:ec:70:af:16:eb:a6:
72:96:d4:a7:2f:c1:38:f4:65:ed:ed:bf:22:c6:a4:6d:02:31:
00:bc:ec:19:0e:3d:6a:d1:5a:ae:6d:5c:a3:ec:96:60:32:f9:
6a:88:06:92:ed:c1:a7:44:2c:33:7a:22:72:0f:2a:ce:83:f0:
f2:04:9e:49:60:ef:83:b4:7f:8b:af:61:c9
```
Maintainer: Peter Stadler <peter.stadler@student.uibk.ac.at>
Compile tested: aarch64, qualcommax, Master Branch
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Lars Kruse [Mon, 6 May 2024 10:09:56 +0000 (12:09 +0200)]
mwan3: "use" action: run process via `exec` and handle whitespace
Previously the "use" command had the following shortcomings:
* a subprocess was created instead of replacing the shell process
* whitespace in arguments was not handled correctly
Implementation detail:
In shell context the `"$@"` expression should be used (instead of `$*`).
This allows the safe handling of arguments containing whitespace.
Closes: #20001
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
David Andreoletti [Tue, 2 Apr 2024 15:53:17 +0000 (23:53 +0800)]
shairport-sync: fixed diagnostics settings
shairport-sync expects statistics/log_verbosity/log_output_to settings
to be in the diagnostics section of shairport-sync's native config.
Prior to this commit, these settings were either missing (log_output_to)
or generated in the incorrect (general) native config section bloc.
Signed-off-by: David Andreoletti <david@andreoletti.net>
Daniel Golle [Sat, 22 Jun 2024 14:34:02 +0000 (15:34 +0100)]
libjwt: add package
Add package for JWT C Library built against OpenSSL.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Jianhui Zhao [Sat, 22 Jun 2024 15:09:37 +0000 (23:09 +0800)]
lua-ffi: Add package
Lua-ffi is a portable lightweight C FFI for Lua, based on libffi
and aiming to be mostly compatible with LuaJIT FFI, but written
from scratch in C language.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Luiz Angelo Daros de Luca [Mon, 3 Jun 2024 04:58:06 +0000 (01:58 -0300)]
sane-backends: update to 1.3.1
Many changes since 1.0.31. See:
- https://gitlab.com/sane-project/backends/-/releases/1.0.32
- https://gitlab.com/sane-project/backends/-/releases/1.1.1
- https://gitlab.com/sane-project/backends/-/releases/1.2.1
- https://gitlab.com/sane-project/backends/-/releases/1.3.1
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Eric Fahlgren [Tue, 4 Jun 2024 16:52:13 +0000 (09:52 -0700)]
owut: add new package
owut (OpenWrt Update Tool) is a command line program that gathers
information from the various openwrt.org build sites and reports
status on various aspects of builds and package availability.
It also shows many details about your current configuration and
installed packages, allowing it to create, download, verify and
install new images containing the user-installed packages.
It is written completely in 'ucode', allowing for user customization
on the installed device, without the need for compilers and linkers.
Documentation is available at https://github.com/efahl/owut
Forum thread at https://forum.openwrt.org/t/owut-openwrt-upgrade-tool/200035
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Yangyu Chen [Thu, 20 Jun 2024 07:04:30 +0000 (15:04 +0800)]
nfs-kernel-server: do not export /mnt by default
Currently, the nfs-kernel-server package exports /mnt by default after
it is installed. This is not a good default behavior, as it may expose
sensitive data to the network if a user mounts something on /mnt. This
commit commented out the line that exports /mnt, so the user has to
enable it explicitly.
Signed-off-by: Yangyu Chen <cyy@cyyself.name>
Daniel Golle [Wed, 5 Jun 2024 01:09:21 +0000 (02:09 +0100)]
opensc: update to version 0.25.1
* New in 0.25.1; 2024-04-05
** General improvements
* Add missing file to dist tarball to build documentation (#3063)
** minidriver
* Fix RSA decryption with PKCS#1 v1.5 padding (#3077)
* Fix crash when app is not set (#3084)
* New in 0.25.0; 2024-03-06
** Security
* [CVE-2023-5992](https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992): Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC (#2948)
* [CVE-2024-1454](https://github.com/OpenSC/OpenSC/wiki/CVE-2024-1454): Potential use-after-free in AuthentIC driver during card enrollment in pkcs15init (#2962)
** General improvements
* Update OpenSSL 1.1.1 to 3.0 in MacOS build (#2930)
* Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable Cyberflex driver (#2885)
* Fix 64b to 32b conversions (#2993)
* Improvements for the p11test (#2991)
* Fix reader initialization without SCardControl (#3007)
* Make RSA PKCS#1 v1.5 depadding constant-time (#2948)
* Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card (#2975)
* Enable MSI signing via Signpath CI integration for Windows (#2799)
* Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
** minidriver
* Fix wrong hash selection (#2932)
** pkcs11-tool
* Simplify printing EC keys parameters (#2960)
* Add option to import GENERIC key (#2955)
* Add support for importing
Ed25518/448 keys (#2985)
** drust-tool
* Add tool for D-Trust cards (#3026, #3051)
** IDPrime
* Support uncompressed certificates on IDPrime 940 (#2958)
* Enhance IDPrime logging (#3003)
* Add SafeNet 5110+ FIPS token support (#3048)
** D-Trust Signature Cards
* Add support for RSA D-Trust Signature Card 4.1 and 4.4 (#2943)
** EstEID
* Remove expired EstEID 3.* card support (#2950)
** ePass2003
* Allow SW implementation with more SHA2 hashes and ECDSA (#3012)
* Fix EC key generation (#3045)
** SmartCard-HSM
* Fix SELECT APDU command (#2978)
** MyEID
* Update for PKCS#15 profile (#2965)
** Rutoken
* Support for RSA 4096 key algorithm (#3011)
** OpenPGP
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 5 Jun 2024 01:07:51 +0000 (02:07 +0100)]
pcsc-tools: update to version 1.7.1
Adds a bunch of new ATRs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 5 Jun 2024 01:05:13 +0000 (02:05 +0100)]
pcsc-lite: update to version 2.2.3
Switch to meson build system instead of autotools.
Changes since version 2.0.1:
2.2.3: Ludovic Rousseau
26 May 2024
- meson:
. Fix build on Slackware 15
. fail if both libusb and libudev are used
- Fix memory leak on exit
- libpcscspy: dump an output buffer only if the call succeeded
- Some code cleanup
2.2.2: Ludovic Rousseau
20 May 2024
- Serial support is ENABLED by default
2.2.1: Ludovic Rousseau
8 May 2024
- fix meson related issues
- Some code cleanup
2.2.0: Ludovic Rousseau
3 May 2024
- provide files for meson build tool (replaces autoconf/auoomake)
- fix a missing symbol in libpcscspy (bug introduced by the previous version)
- fix shutdown issues with hotplug_libusb
- update pcsc-spy manpage
- update copyright date
- Some other minor improvements
2.1.0: Ludovic Rousseau
12 April 2024
- LIBPCSCLITE_DELEGATE is used to redirect to another libpcsclite library
- setup_spy.sh displays the LIBPCSCLITE_DELEGATE value to use for spying
- provides libfake.c as a sample source code
- Some other minor improvements
2.0.3: Ludovic Rousseau
3 March 2024
- add SCARD_E_UNKNOWN_RES_MNG back
2.0.2: Ludovic Rousseau
3 March 2024
- SCardConnect() & SCardReconnect(): restrict the protocol used
- negotiate PTS also for the backup protocol
- pcscd.8:
. document --disable-polkit
. add "CONFIGURATION FILE" section
- Some other minor improvements
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Milinda Brantini [Sun, 23 Jun 2024 08:09:02 +0000 (16:09 +0800)]
containerd: Update to 1.7.18
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Milinda Brantini [Sun, 23 Jun 2024 08:12:39 +0000 (16:12 +0800)]
docker: Update to 26.1.4
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Nathaniel Wesley Filardo [Sat, 22 Jun 2024 22:56:08 +0000 (23:56 +0100)]
kafs-client: introduce package
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
Nathaniel Wesley Filardo [Wed, 19 Jun 2024 23:59:39 +0000 (00:59 +0100)]
keyutils: package into the right directories
The kernel knows about /sbin/request-key *at that path*, and the shipped
configuration file presumes that /sbin/key.dns_resolver and /bin/keyctl are the
correct paths.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
Hirokazu MORIKAWA [Sun, 23 Jun 2024 06:05:29 +0000 (15:05 +0900)]
node: bump to v20.15.0
Notable Changes
* test_runner: support test plans
* inspector: introduce the --inspect-wait flag
* zlib: expose zlib.crc32()
* cli: allow running wasm in limited vmem with --disable-wasm-trap-handler
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Antonio Pastor [Wed, 29 May 2024 00:24:13 +0000 (20:24 -0400)]
netatalk: update to 3.2.0.
Commit restores package after it was removed from OpenWrt 21.02.
Signed-off-by: Antonio Pastor <apccv@outlook.com>
Yaroslav Petrov [Sat, 22 Jun 2024 04:50:14 +0000 (06:50 +0200)]
monit: update to 5.34.0
Compile tested: x86_64, PC Engines APU4, OpenWrt 22.03.5/main
Run tested: x86_64, PC Engines APU4, OpenWrt 22.03.5/main, div. tests
* update from 5.33.0 to 5.34.0 (See changelog: https://mmonit.com/monit/changes/)
* remove upstream (obsolete) patch
Signed-off-by: Yaroslav Petrov <info@lank.me>
Erwan MAS [Sat, 22 Jun 2024 22:57:04 +0000 (18:57 -0400)]
moreutils: fix depencies for ts
Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
Carlos Miguel Ferreira [Sun, 23 Jun 2024 03:51:53 +0000 (04:51 +0100)]
boost: Updates package to version 1.85.0
This commit updates boost to version 1.85.0
New available libraries:
* *Charconv:* A high quality implementation of <charconv> in C++11,
from Matt Borland. [2]
* *Scope:* A collection of scope guard utilities and a
unique_resource wrapper, from Andrey Semashev. [3]
More info about Boost 1.85.0 can be found at the usual place [1].
[1]: https://www.boost.org/users/history/version_1_85_0.html
[2]: https://www.boost.org/libs/charconv/
[3]: https://www.boost.org/libs/scope/
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Javier Marcet [Fri, 21 Jun 2024 16:28:00 +0000 (18:28 +0200)]
docker-compose: Update to version 2.28.0
Release notes:
https://github.com/docker/compose/releases/tag/v2.28.0
Signed-off-by: Javier Marcet <javier@marcet.info>
Javier Marcet [Fri, 21 Jun 2024 16:27:35 +0000 (18:27 +0200)]
docker-compose: Update to version 2.27.3
Release notes:
https://github.com/docker/compose/releases/tag/v2.27.3
Signed-off-by: Javier Marcet <javier@marcet.info>
Dirk Brenken [Sat, 22 Jun 2024 08:12:59 +0000 (10:12 +0200)]
banip: update 1.0.0-4
* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Esaaprilia Salsabila [Wed, 19 Jun 2024 04:54:51 +0000 (12:54 +0800)]
freeradius3: update version 3.2.4
https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4
don't make the DH file. It's not needed for OpenSSL >=1.1.0
FreeRADIUS/freeradius-server@
afbf93b
update freeradius version 3.2.4
added freeradius3 package module
Signed-off-by: Esaaprilia Salsabila <esaapriliasalsabila@gmail.com>
Ivan Pavlov [Fri, 21 Jun 2024 05:10:44 +0000 (08:10 +0300)]
openvpn: update to 2.6.11
This is a bugfix release containing several security fixes.
Security fixes
--------------
- CVE-2024-4877: Windows: harden interactive service pipe.
Security scope: a malicious process with "some" elevated privileges
could open the pipe a second time, tricking openvn GUI
into providing user credentials (tokens), getting full access
to the account openvpn-gui.exe runs as.
- CVE-2024-5594: control channel: refuse control channel messages
with nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn log,
or cause high CPU load.
- CVE-2024-28882: only call schedule_exit() once (on a given peer).
Security scope: an authenticated client can make the server "keep the session"
even when the server has been told to disconnect this client
Bug fixes
---------
- fix connect timeout when using SOCKS proxies
- work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers
- Add bracket in fingerprint message and do not warn about missing verification
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Sebastian Hamann [Sun, 31 Mar 2024 18:49:22 +0000 (20:49 +0200)]
dnsdist: add config options for --uid and --gid
These options allow running dnsdist as a non-root user.
Signed-off-by: Sebastian Hamann <code@ares-macrotechnology.com>
Javier Marcet [Thu, 20 Jun 2024 23:10:42 +0000 (01:10 +0200)]
docker-compose: Update to version 2.27.2
Release notes:
https://github.com/docker/compose/releases/tag/v2.27.2
Signed-off-by: Javier Marcet <javier@marcet.info>
Milinda Brantini [Fri, 21 Jun 2024 03:23:51 +0000 (11:23 +0800)]
xray-core: update to 1.8.16
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Milinda Brantini [Thu, 20 Jun 2024 07:44:41 +0000 (15:44 +0800)]
natmap: reset PKG_RELEASE to 1
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>