feed/packages.git
23 months agoflent: Integrate flent-tools into the flent package 20099/head
Toke Høiland-Jørgensen [Sat, 17 Dec 2022 21:17:26 +0000 (22:17 +0100)]
flent: Integrate flent-tools into the flent package

Now that we're packaging flent itself, there's no reason to have a
completely separate flent-tools package. So integrate the flent-tools
package specification into the main flent package so it's always kept in
sync.

Also add a dependency from flent itself on flent-tools, as the shell
versions of those utilities that Flent uses when running tests doesn't work
on the busybox shell included with openwrt.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
23 months agoflent: Rename and update package
Toke Høiland-Jørgensen [Sat, 17 Dec 2022 21:02:35 +0000 (22:02 +0100)]
flent: Rename and update package

Update the Flent package and move it to net/, renaming it to just 'flent'
instead of python3-flent (it's not a library, having the python3- prefix
makes no sense). Also add python3-defusedxml as a dependency to protect
against XML bombs if using the one of the backends that use XML-RPC, and
trim the dependencies to those used directly by Flent.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
23 months agoigmpproxy: update to version 0.4.0
Oli Ze [Mon, 12 Dec 2022 06:53:36 +0000 (07:53 +0100)]
igmpproxy: update to version 0.4.0

Signed-off-by: Oli Ze <olze@trustserv.de>
23 months agoapr-util: disable parallel build
Michal Vasilek [Thu, 15 Dec 2022 10:18:00 +0000 (11:18 +0100)]
apr-util: disable parallel build

Build reliably fails with -j20

    crypto/apr_passwd.c:200:1: fatal error: error closing -: Broken pipe
      200 | }
          | ^
    compilation terminated.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
23 months agodosfstools: fix PKG_SOURCE
Stijn Tintel [Wed, 14 Dec 2022 18:23:57 +0000 (20:23 +0200)]
dosfstools: fix PKG_SOURCE

Both mirrors provided in the Makefile only serve gzipped tarballs.

Fixes: dcd7fcfa5b4e ("dosfstools: update to v4.0")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
23 months agodocker-compose: Update to version 2.14.1
Javier Marcet [Fri, 16 Dec 2022 14:33:32 +0000 (15:33 +0100)]
docker-compose: Update to version 2.14.1

Signed-off-by: Javier Marcet <javier@marcet.info>
23 months agopython3-pytz: bump to version 2022.6
Alexandru Ardelean [Wed, 14 Dec 2022 07:30:28 +0000 (09:30 +0200)]
python3-pytz: bump to version 2022.6

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
23 months agoAdGuardHome: update to v0.107.21
YiZhen Choo [Thu, 15 Dec 2022 18:28:38 +0000 (02:28 +0800)]
AdGuardHome: update to v0.107.21

Signed-off-by: YiZhen Choo <yizhen.c02@gmail.com>
23 months agoOpenAppID: add new package
John Audia [Sat, 10 Dec 2022 12:53:31 +0000 (07:53 -0500)]
OpenAppID: add new package

Traditionally, Snort rules are based upon packet analysis.  OpenAppID
enables detection of applications/cloud applications on the network.

This package provides OpenAppID and signature files used by OpenAppID to detect
network traffic from certain applications can be used to identify rogue
application use, detect malicious applications and implement various
application policies, such as application blacklisting, limiting application
usage, and enforcing conditional controls.

To use, for example, edit /etc/snort/local.lua and add the following section
at a minimum:

appid = {
  app_detector_dir = '/usr/lib/openappid',
  log_stats = true,
  app_stats_period = 60,
}

Signed-off-by: John Audia <therealgraysky@proton.me>
23 months agonano: update to 7.1
Hannu Nyman [Thu, 15 Dec 2022 15:54:26 +0000 (17:54 +0200)]
nano: update to 7.1

Update nano editor to version 7.1
* drop the backported upstream fix for 7.0
* drop AUTORELEASE
* disable justify from 'plus'. Rarely needed with OpenWrt

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
23 months agopdns-recursor: update to 4.8.0
Peter van Dijk [Mon, 12 Dec 2022 13:15:55 +0000 (14:15 +0100)]
pdns-recursor: update to 4.8.0

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
23 months agoMerge pull request #20083 from paper42/miniflux-2.0.41
Tianling Shen [Wed, 14 Dec 2022 20:24:29 +0000 (04:24 +0800)]
Merge pull request #20083 from paper42/miniflux-2.0.41

miniflux: update to 2.0.41

23 months agoMerge pull request #20088 from tohojo/acme-paths
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 15:45:29 +0000 (16:45 +0100)]
Merge pull request #20088 from tohojo/acme-paths

acme: Export the canonical paths for certificates and challenges

23 months agoacme-acmesh: Provide a 'combined' certificate bundle as well 20088/head
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:21:59 +0000 (15:21 +0100)]
acme-acmesh: Provide a 'combined' certificate bundle as well

The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.

Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
23 months agoacme-acmesh: Don't hard-code certificate directory
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:14:59 +0000 (15:14 +0100)]
acme-acmesh: Don't hard-code certificate directory

The acme-acmesh package hardcoded the certificate path in its hook script.
Now that we export it as a variable we can avoid hard-coding and use the
variable version instead. Also factor out the linking of certificates into
a function so it's not repeated.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
23 months agoacme-common: Export canonical paths for storing certificates and challenges
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:11:58 +0000 (15:11 +0100)]
acme-common: Export canonical paths for storing certificates and challenges

The contract between the acme-common framework and consumers and hook
scripts is that certificates can be consumed from /etc/ssl/acme and that
web challenges are stored in /var/run/acme/challenge. Make this explicit by
exporting $CERT_DIR and $CHALLENGE_DIR as environment variables as well,
instead of having knowledge of those paths depend on out-of-band
information. We already exported $challenge_dir, but let's change it to
upper-case to make it clear that it's not a user configuration variable.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
23 months agoperl: enable threading support for aarch64 by default
Doug Thomson [Sun, 11 Dec 2022 00:22:09 +0000 (11:22 +1100)]
perl: enable threading support for aarch64 by default

Perl threads seem to be supported and working for aarch64, and
including aarch64 here would allow packages like freeswitch-mod-perl
to become available from the standard OpwnWrt package repository for
popular routers such as the Linksys E8450 and Belkin RT3200.

Signed-off-by: Doug Thomson <dwt62f+github@gmail.com>
23 months agoMerge pull request #20082 from paper42/yt-dlp-2022.11.11
Tianling Shen [Wed, 14 Dec 2022 14:07:22 +0000 (22:07 +0800)]
Merge pull request #20082 from paper42/yt-dlp-2022.11.11

yt-dlp: update to 2022.11.11

23 months agobase16384: add new package
源 文雨 [Wed, 14 Dec 2022 03:48:25 +0000 (03:48 +0000)]
base16384: add new package

Encode binary files to printable utf16be.
See more at https://github.com/fumiama/base16384.

Signed-off-by: 源 文雨 <fumiama@foxmail.com>
23 months agoMerge pull request #20059 from hgl/acme
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:00:48 +0000 (15:00 +0100)]
Merge pull request #20059 from hgl/acme

acme: deprecate state_dir

23 months agoMerge pull request #20067 from dynasticorpheus/master
Alexandru Ardelean [Wed, 14 Dec 2022 13:47:20 +0000 (15:47 +0200)]
Merge pull request #20067 from dynasticorpheus/master

python-pycares: bump to 4.3.0

23 months agoacme-acmesh: use $challenge_dir 20059/head
Glen Huang [Wed, 14 Dec 2022 13:16:57 +0000 (21:16 +0800)]
acme-acmesh: use $challenge_dir

Signed-off-by: Glen Huang <i@glenhuang.com>
23 months agoacme: deprecate state_dir
Glen Huang [Sun, 11 Dec 2022 05:25:00 +0000 (13:25 +0800)]
acme: deprecate state_dir

state_dir is actually a hardcoded value in conffiles. Allowing users to
customize it could result in losing certificates after upgrading if they
don't also specify the dir as being preserved. We shouldn't default to
this dangerous behavior.

With the new ACME package, certificates live in the standard location
/etc/ssl/acme, users who need to do certificate customizations should
look for them in that dir instead.

Signed-off-by: Glen Huang <i@glenhuang.com>
23 months agoMerge pull request #20016 from commodo/stress-ng-update
Hannu Nyman [Tue, 13 Dec 2022 15:16:02 +0000 (17:16 +0200)]
Merge pull request #20016 from commodo/stress-ng-update

stress-ng: bump to version 0.15.00

23 months agopython-pycares: PKG_RELEASE:=1 20067/head
Fabian Lipken [Tue, 13 Dec 2022 10:08:12 +0000 (11:08 +0100)]
python-pycares: PKG_RELEASE:=1

Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
23 months agominiflux: update to 2.0.41 20083/head
Michal Vasilek [Tue, 13 Dec 2022 09:00:53 +0000 (10:00 +0100)]
miniflux: update to 2.0.41

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
23 months agoyt-dlp: update to 2022.11.11 20082/head
Michal Vasilek [Tue, 13 Dec 2022 08:57:36 +0000 (09:57 +0100)]
yt-dlp: update to 2022.11.11

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
23 months agostress-ng: bump to version 0.15.00 20016/head
Alexandru Ardelean [Sat, 3 Dec 2022 19:29:13 +0000 (21:29 +0200)]
stress-ng: bump to version 0.15.00

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
23 months agoMerge pull request #20062 from stangri/master-pbr
Stan Grishin [Tue, 13 Dec 2022 03:21:12 +0000 (20:21 -0700)]
Merge pull request #20062 from stangri/master-pbr

pbr: detect missing iptables

23 months agoopenssh: update to 9.1p1
Sibren Vasse [Mon, 5 Dec 2022 23:13:13 +0000 (00:13 +0100)]
openssh: update to 9.1p1

Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
23 months agoMerge pull request #20076 from stangri/master-simple-adblock
Stan Grishin [Mon, 12 Dec 2022 22:11:10 +0000 (15:11 -0700)]
Merge pull request #20076 from stangri/master-simple-adblock

simple-adblock: bugfix: add dnsmasq.nftset to uci_load_validate

23 months agosimple-adblock: bugfix: add dnsmasq.nftset to uci_load_validate 20076/head
Stan Grishin [Mon, 12 Dec 2022 21:43:00 +0000 (21:43 +0000)]
simple-adblock: bugfix: add dnsmasq.nftset to uci_load_validate

* fixes https://github.com/openwrt/openwrt/issues/11481 thanks to:
* https://github.com/mistepien for reporting
* https://github.com/dave14305 for diagnosing

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agoMerge pull request #19982 from golddranks/master
Tianling Shen [Mon, 12 Dec 2022 19:59:46 +0000 (03:59 +0800)]
Merge pull request #19982 from golddranks/master

ddns-scripts: update_gandi_net: improve logging & add timeout

23 months agoknot: update to version 3.2.4
Jan Hák [Mon, 12 Dec 2022 14:15:45 +0000 (15:15 +0100)]
knot: update to version 3.2.4

Signed-off-by: Jan Hák <jan.hak@nic.cz>
23 months agosyncthing: update to 1.22.2
Van Waholtz [Mon, 12 Dec 2022 15:08:42 +0000 (23:08 +0800)]
syncthing: update to 1.22.2

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
23 months agopython-pycares: bump to 4.3.0
Fabian Lipken [Mon, 12 Dec 2022 13:38:15 +0000 (14:38 +0100)]
python-pycares: bump to 4.3.0

Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
23 months agoMerge pull request #20064 from luizluca/ruby-3.1.3
Josef Schlehofer [Mon, 12 Dec 2022 04:55:04 +0000 (05:55 +0100)]
Merge pull request #20064 from luizluca/ruby-3.1.3

ruby: update to 3.1.3

23 months agoruby: update to 3.1.3 20064/head
Luiz Angelo Daros de Luca [Mon, 12 Dec 2022 03:10:09 +0000 (00:10 -0300)]
ruby: update to 3.1.3

This release includes a security fix.

- CVE-2021-33621: HTTP response splitting in CGI

For more details:
- https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
23 months agopbr: detect missing iptables 20062/head
Stan Grishin [Mon, 12 Dec 2022 02:52:59 +0000 (02:52 +0000)]
pbr: detect missing iptables

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agopdns: update to 4.7.3
Peter van Dijk [Fri, 9 Dec 2022 10:27:52 +0000 (11:27 +0100)]
pdns: update to 4.7.3

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
23 months agowget: apply upstream fix to avoid nettle linking in nossl
Hannu Nyman [Sun, 11 Dec 2022 14:10:15 +0000 (16:10 +0200)]
wget: apply upstream fix to avoid nettle linking in nossl

Replace my own patch with the upstream solution, which they issued
in response to my bug report.
(Two patches as they overlooked something on the first try.
Reference to https://savannah.gnu.org/bugs/index.php?63431 )

The nettle lib evaluation is now conditional to not having "--disable-ntlm".

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
23 months agoMerge pull request #20052 from stangri/master-https-dns-proxy
Stan Grishin [Sun, 11 Dec 2022 03:32:03 +0000 (20:32 -0700)]
Merge pull request #20052 from stangri/master-https-dns-proxy

https-dns-proxy: fix restart

23 months agohttps-dns-proxy: fix restart 20052/head
Stan Grishin [Sat, 10 Dec 2022 05:32:20 +0000 (05:32 +0000)]
https-dns-proxy: fix restart

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agoMerge pull request #20040 from stangri/master-https-dns-proxy
Stan Grishin [Sat, 10 Dec 2022 05:02:49 +0000 (22:02 -0700)]
Merge pull request #20040 from stangri/master-https-dns-proxy

https-dns-proxy: add mdns service records

23 months agoMerge pull request #20050 from stangri/master-simple-adblock
Stan Grishin [Sat, 10 Dec 2022 05:02:11 +0000 (22:02 -0700)]
Merge pull request #20050 from stangri/master-simple-adblock

simple-adblock: support new OISD dnsmasq config

23 months agosimple-adblock: support new OISD dnsmasq config 20050/head
Stan Grishin [Sat, 10 Dec 2022 01:52:58 +0000 (01:52 +0000)]
simple-adblock: support new OISD dnsmasq config

* OISD dnsmasq config files switched from using address= to server=

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agoddns-scripts: update_gandi_net: improve logging & add timeout 19982/head
Pyry Kontio [Mon, 28 Nov 2022 15:15:47 +0000 (00:15 +0900)]
ddns-scripts: update_gandi_net: improve logging & add timeout

- Improved logging
  - Log the executed curl command to be able to rerun and test it manually
  - Log the curl exit status
- Added 30 second timeout timeout for clear-cut detection of flaky connections.

Signed-off-by: Pyry Kontio <pyry.kontio@drasa.eu>
23 months agoMerge pull request #20018 from cbarrick/gcp_ddns
Florian Eckert [Fri, 9 Dec 2022 14:55:30 +0000 (15:55 +0100)]
Merge pull request #20018 from cbarrick/gcp_ddns

ddns-scripts: add support for Google Cloud DNS

23 months agoMerge pull request #20037 from 1715173329/g1194
Josef Schlehofer [Fri, 9 Dec 2022 10:53:40 +0000 (11:53 +0100)]
Merge pull request #20037 from 1715173329/g1194

golang: Update to 1.19.4

23 months agozoneinfo: updated to the latest release
Vladimir Ulrich [Thu, 8 Dec 2022 14:28:30 +0000 (17:28 +0300)]
zoneinfo: updated to the latest release

Signed-off-by: Vladimir Ulrich <admin@evl.su>
23 months agoddns-scripts: add support for Google Cloud DNS 20018/head
Chris Barrick [Sun, 4 Dec 2022 04:00:51 +0000 (23:00 -0500)]
ddns-scripts: add support for Google Cloud DNS

The implementation uses a GCP service account. The user is expected to
create and secure a service account and generate a private key. The
"password" field can contain the key inline or be a file path pointing
to the key file on the router.

The GCP project name and Cloud DNS ManagedZone must also be provided.
These are taken as form-urlencoded key-value pairs in param_enc. The TTL
can optionally be supplied in param_opt.

Signed-off-by: Chris Barrick <chrisbarrick@google.com>
23 months agotailscale: preserve tailscaled state file
Carlo Alberto Ferraris [Wed, 2 Nov 2022 13:14:01 +0000 (22:14 +0900)]
tailscale: preserve tailscaled state file

Fixes #19774

Signed-off-by: Carlo Alberto Ferraris <cafxx@strayorange.com>
23 months agomodemmanager: bump to 1.20.2
Kuan-Yi Li [Mon, 28 Nov 2022 18:34:28 +0000 (02:34 +0800)]
modemmanager: bump to 1.20.2

Drop deprecated AUTORELEASE.

Disable unused tests as its compilation is optional in 1.20.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
23 months agolibqmi: bump to 1.32.2
Kuan-Yi Li [Mon, 28 Nov 2022 18:18:11 +0000 (02:18 +0800)]
libqmi: bump to 1.32.2

Drop deprecated AUTORELEASE.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
23 months agolibmbim: bump to 1.28.2
Kuan-Yi Li [Mon, 28 Nov 2022 18:17:51 +0000 (02:17 +0800)]
libmbim: bump to 1.28.2

Drop deprecated AUTORELEASE.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
23 months agolibqrtr-glib: drop deprecated AUTORELEASE
Kuan-Yi Li [Mon, 28 Nov 2022 18:17:27 +0000 (02:17 +0800)]
libqrtr-glib: drop deprecated AUTORELEASE

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
23 months agoswig: bump to 4.1.1
Hirokazu MORIKAWA [Tue, 6 Dec 2022 06:05:07 +0000 (15:05 +0900)]
swig: bump to 4.1.1

update summary
* Add Javascript Node v12-v18 support, remove support prior to v6.
* Octave 6.0 to 6.4 support added.
* Add PHP 8 support.
* PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
* Perl 5.8.0 is now the oldest version SWIG supports.
* Python 3.3 is now the oldest Python 3 version SWIG supports.
* Python 3.9-3.11 support added.
* Various memory leak fixes in Python generated code.
* Scilab 5.5-6.1 support improved.
* Many improvements for each and every target language.
* Various preprocessor expression handling improvements.
* Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
* Make SWIG much more move semantics friendly.
* Add C++ std::unique_ptr support.
* Few minor C++ template handling improvements.
* Various C++ using declaration fixes.
* Few fixes for handling Doxygen comments.
* GitHub Actions is now used instead of Travis CI for continuous integration.
* Add building SWIG using CMake as a secondary build system.
* Update optional SWIG build dependency for regex support from PCRE to PCRE2.
* Couple of stability fixes.
* Stability fix in ccache-swig when calculating hashes of inputs.
* Some template handling improvements.
* R - minor fixes plus deprecation for rtypecheck typemaps being optional.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
23 months agogithub-ci: error on any shell errors
Alois Klink [Wed, 23 Nov 2022 18:37:01 +0000 (18:37 +0000)]
github-ci: error on any shell errors

Enable `errexit` and `nounset` [POSIX shell options][1]
in `.github/workflows/entrypoint.sh` so that the script fails
if any command within the script fails.

[1]: https://pubs.opengroup.org/onlinepubs/9699919799//utilities/V3_chap02.html#set

Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Fixes: https://github.com/openwrt/packages/issues/19953
Signed-off-by: Alois Klink <alois@aloisklink.com>
23 months agoprivoxy: fix preinst/postinst script indentation
Alois Klink [Wed, 23 Nov 2022 23:32:14 +0000 (23:32 +0000)]
privoxy: fix preinst/postinst script indentation

Fix the indentation of the preinst/postinst scripts for the privoxy
package.

Because these scripts didn't start with `#!/bin/sh`
(they instead started with the TAB character), `/bin/sh` was not used
to start them.

On x86_64 and i386_pentium-mmx, this seems to be fine, but on
arm_cortex-a15_neon-vfpv4 and aarch64_cortex-a53, running these
scripts fails with a:

```
Installing privoxy (3.0.33-3) to root...
Collected errors:
 * pkg_run_script: package "privoxy" preinst script returned status 1.
 * preinst_configure: Aborting installation of privoxy.
 * opkg_install_cmd: Cannot install package privoxy.
```

Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Alois Klink <alois@aloisklink.com>
23 months agoMerge pull request #20032 from peter-stadler/django
Alexandru Ardelean [Thu, 8 Dec 2022 09:27:05 +0000 (11:27 +0200)]
Merge pull request #20032 from peter-stadler/django

django: bump version 4.1.3

23 months agodjango: bump version 4.1.3 20032/head
Peter Stadler [Fri, 2 Dec 2022 21:26:34 +0000 (22:26 +0100)]
django: bump version 4.1.3

fix CVE-2022-41323

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
23 months agoMerge pull request #19933 from stintel/vallumd
Stijn Tintel [Wed, 7 Dec 2022 22:02:18 +0000 (00:02 +0200)]
Merge pull request #19933 from stintel/vallumd

vallumd: updates

23 months agohttps-dns-proxy: add mdns service records 20040/head
Stan Grishin [Wed, 7 Dec 2022 20:59:28 +0000 (20:59 +0000)]
https-dns-proxy: add mdns service records

* add mdns records for started instances
* Makefile: use $(PKG_VERSION) as a value for PKG_SOURCE_DATE instead of
  hard-coding it

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agosnort3: unified configs: local.lua and homenet.lua
John Audia [Tue, 29 Nov 2022 10:50:45 +0000 (05:50 -0500)]
snort3: unified configs: local.lua and homenet.lua

This commit adds /etc/snort/local.lua and /etc/snort/homenet.lua for user
defined config options which is more simplistic than modifying upstream
files directly. That can be tedious and decisive to maintain in sync with
upstream changes.  The init script has been adjusted accordingly.

Acknowledgment to amish who maintains the Arch Linux snort-nfqueue package[1]
for these ideas and initial code.

Another modification is dropping the following args in the call to
/usr/bin/snort by the init system as these options are provided in
/etc/snort/local.lua:

 * --daq-dir /usr/lib/daq/
 * -A "$alert_module"

Instructions to configure snort3:
1. Edit /etc/snort/homenet.lua and redefine HOME_NET and EXTERNAL_NET, for example:

   HOME_NET = [[ 10.9.8.0/24 192.168.1.0/24 ]]
   EXTERNAL_NET = "!$HOME_NET"

2. Edit /etc/snort/local.lua to setup options unique to your use case of snort.
   The default ones I included should be sane for the role of IDS (alert only),
   but users may easily uncomment some options therein to use IPS (drop) mode.

3. Install or symlink rules to /etc/snort/rules/snort.rules and optionally
   edit /etc/snort/local.lua to define extra rules files if not using a unified
   'snort.rules'

References:
1. https://aur.archlinux.org/packages/snort-nfqueue

Signed-off-by: John Audia <therealgraysky@proton.me>
23 months agogolang: Update to 1.19.4 20037/head
Tianling Shen [Wed, 7 Dec 2022 16:43:34 +0000 (00:43 +0800)]
golang: Update to 1.19.4

go1.19.4 (released 2022-12-06) includes security fixes to the net/http
and os packages, as well as bug fixes to the compiler, the runtime,
and the crypto/x509, os/exec, and sync/atomic packages.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
23 months agoMerge pull request #20036 from ysc3839/natmap-fix
Tianling Shen [Wed, 7 Dec 2022 14:28:29 +0000 (22:28 +0800)]
Merge pull request #20036 from ysc3839/natmap-fix

natmap: merge "ipv4" and "ipv6" options into single "family" option

23 months agobpfcountd: remove incomplete/broken namespace feature
Linus Lüssing [Mon, 5 Dec 2022 15:03:02 +0000 (16:03 +0100)]
bpfcountd: remove incomplete/broken namespace feature

The original idea of the extra namespace variable was to set up
bpfcountd from other daemons etc. independent of what a user configured
in /etc/config/bpfcountd for instance. Like:

 $ UCI_CONFIG_DIR=/var/run/bpfcountd/gluon-config \
   /etc/init.d/bpfcountd start "" gluon

However there are still issues with this approach:

1) Instance specific stop calls like:

 $ /etc/init.d/bpfcountd stop <instance-name> <namespace>"

will not  stop the according namespaced instance, as the stop() in
/etc/rc.common will call procd_kill() without the namespace prefix.
And we can't overwrite that behaviour. And asking a user to use
"... start <in> <ns>" and "... stop <ns>.<in>" is confusing.
(and currently "... stop <ns>.<in>" would not remove the correct
unix socket).

2) A stop call without an instance/config name would always stop all
instances. So the namespace variable would be ignored.
While start without an instance "works", but:

3) It would stop any process that is not in the currently selected
UCI_CONFIG_DIR.

As all this is not easily fixable without changing OpenWrt internals,
just remove the whole namespace idea for now.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
23 months agonatmap: merge "ipv4" and "ipv6" options into single "family" option 20036/head
Richard Yu [Wed, 7 Dec 2022 07:18:09 +0000 (15:18 +0800)]
natmap: merge "ipv4" and "ipv6" options into single "family" option

Signed-off-by: Richard Yu <yurichard3839@gmail.com>
23 months agodnsproxy: Update to 0.46.4
Tianling Shen [Tue, 6 Dec 2022 22:58:42 +0000 (06:58 +0800)]
dnsproxy: Update to 0.46.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
23 months agocloudflared: Update to 2022.11.1
Tianling Shen [Tue, 6 Dec 2022 22:58:35 +0000 (06:58 +0800)]
cloudflared: Update to 2022.11.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
23 months agoMerge pull request #19613 from wormi4ok/tailscale-version-bump
Josef Schlehofer [Mon, 5 Dec 2022 22:08:33 +0000 (23:08 +0100)]
Merge pull request #19613 from wormi4ok/tailscale-version-bump

tailscale: update to v1.32.0

23 months agosnort3: update to 3.1.48.0-1
John Audia [Thu, 1 Dec 2022 15:07:00 +0000 (10:07 -0500)]
snort3: update to 3.1.48.0-1

Had to add a patch to allow builds of targets containing '+' in their dir name

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
23 months agoMerge pull request #19998 from ysc3839/natmap
Tianling Shen [Mon, 5 Dec 2022 16:28:53 +0000 (00:28 +0800)]
Merge pull request #19998 from ysc3839/natmap

natmap: add new package

23 months agonatmap: add new package 19998/head
Richard Yu [Mon, 5 Dec 2022 08:03:51 +0000 (16:03 +0800)]
natmap: add new package

NATMap is a program for opening port behind full cone NAT (NAT-1),
without the need for using UPnP or another port forward settings.

More details can be found at original repo: https://github.com/heiher/natmap

Signed-off-by: Richard Yu <yurichard3839@gmail.com>
23 months agosnowflake: update to version 2.4.1
Daniel Golle [Mon, 5 Dec 2022 01:18:43 +0000 (01:18 +0000)]
snowflake: update to version 2.4.1

Changes in version v2.4.1 - 2022-12-01
 - Issue 40224: Bug fix in utls roundtripper

Changes in version v2.4.0 - 2022-11-29
 - Fix proxy command line help output
 - Issue 40123: Reduce multicast DNS candidates
 - Add ICE ephemeral ports range setting
 - Reformat using Go 1.19
 - Update CI tests to include latest and minimum Go versions
 - Issue 40184: Use fixed unit for bandwidth logging
 - Update gorilla/websocket to v1.5.0
 - Issue 40175: Server performance improvements
 - Issue 40183: Change snowflake proxy log verbosity
 - Issue 40117: Display proxy NAT type in logs
 - Issue 40198: Add a `orport-srcaddr` server transport option
 - Add gofmt output to CI test
 - Issue 40185:  Change bandwidth type from int to int64 to prevent overflow
 - Add version output support to snowflake
 - Issue 40229: Change regexes for ipv6 addresses to catch url-encoded addresses
 - Issue 40220: Close stale connections in standalone proxy

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
23 months agoMerge pull request #19763 from stangri/master-pbr
Stan Grishin [Sun, 4 Dec 2022 17:50:59 +0000 (10:50 -0700)]
Merge pull request #19763 from stangri/master-pbr

pbr: initial commit

23 months agodocker-compose: Update to version 2.14.0
Javier Marcet [Fri, 2 Dec 2022 20:43:36 +0000 (21:43 +0100)]
docker-compose: Update to version 2.14.0

Signed-off-by: Javier Marcet <javier@marcet.info>
23 months agoxz: update to 5.2.9
Hannu Nyman [Sun, 4 Dec 2022 09:32:37 +0000 (11:32 +0200)]
xz: update to 5.2.9

Update xz to version 5.2.9.

Switch back to .bz2 sources, as we already download .bz2 for tools/
No sense to re-download sources as a .xz file.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
23 months agotvheadend: Fix github warning about AUTORELEASE
Marius Dinu [Wed, 30 Nov 2022 09:45:13 +0000 (11:45 +0200)]
tvheadend: Fix github warning about AUTORELEASE

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
23 months agotvheadend: add conditions for -O3 and LTO optimizations
Marius Dinu [Wed, 30 Nov 2022 09:21:39 +0000 (11:21 +0200)]
tvheadend: add conditions for -O3 and LTO optimizations

Building for arc, mips and powerpc platforms fails if -O3 and LTO optimizations are enabled. This patch removes that option for everything other than arm and x86_64. These are known to work.
Fixes issue #19923.
Also fixes a typo in the description.

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
23 months agotailscale: Update to version 1.32.3 19613/head
Stanislav Petrashov [Sat, 3 Dec 2022 18:49:08 +0000 (19:49 +0100)]
tailscale: Update to version 1.32.3

Signed-off-by: Stanislav Petrashov <s@petrashov.ru>
23 months agotailscale: update to v1.32.0
Stanislav Petrashov [Sun, 16 Oct 2022 16:11:11 +0000 (18:11 +0200)]
tailscale: update to v1.32.0

Signed-off-by: Stanislav Petrashov <s@petrashov.ru>
23 months agopbr: initial commit 19763/head
Stan Grishin [Mon, 31 Oct 2022 23:08:01 +0000 (23:08 +0000)]
pbr: initial commit

* The makefile produces the nft and iptables capable `pbr` package
  and the `pbr-iptables` package for legacy setups
* This replaces `vpnbypass` and `vpn-policy-routing` packages
* I'm soliciting feedback on this package and my intention is to
  update the version to 1.0.0 before this is merged, but I need the
  feedback on this and luci-app-pbr before then.

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agobpfcountd: add initial package
Linus Lüssing [Sun, 27 Nov 2022 09:55:37 +0000 (10:55 +0100)]
bpfcountd: add initial package

bpfcountd was created to obtain packet statistics in larger networks
without stressing the cpu resources. bpfcountd will count the amount
of packages and bytes over time (for each defined rule). The rules
are defined using the tcpdump filter syntax (bpf). The collected
data is provided on a unix socket in plaintext.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
23 months agoMerge pull request #19993 from stangri/master-simple-adblock
Stan Grishin [Fri, 2 Dec 2022 19:19:21 +0000 (12:19 -0700)]
Merge pull request #19993 from stangri/master-simple-adblock

simple-adblock: localizable error/warning messages

23 months agoci: only comment AUTORELEASE deprecation if exists
Paul Spooren [Thu, 1 Dec 2022 20:02:10 +0000 (21:02 +0100)]
ci: only comment AUTORELEASE deprecation if exists

If it doesn't exists, don't confuse the contributors.

Signed-off-by: Paul Spooren <mail@aparcar.org>
23 months agostubby: bump to latest 0.4.2
Rudy Andram [Thu, 1 Dec 2022 06:01:33 +0000 (06:01 +0000)]
stubby: bump to latest 0.4.2

Maintainer: @neheb (find it by checking history of the package Makefile)
Compile tested: aarch64/ipq8074
Run tested: aarch64/ipq8074

Description: stubby: bump to latest 0.4.2

Signed-off-by: Rudy Andram <rmandrad@gmail.com>
23 months agofrr: update to 8.4.1
Lucian Cristian [Fri, 2 Dec 2022 10:20:10 +0000 (10:20 +0000)]
frr: update to 8.4.1

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
23 months agonss: update to 3.85
Lucian Cristian [Fri, 2 Dec 2022 10:18:05 +0000 (10:18 +0000)]
nss: update to 3.85

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
23 months agolighttpd: add lighttpd-mod-rrdtool dep on rrdtool1
Glenn Strauss [Wed, 30 Nov 2022 05:21:49 +0000 (00:21 -0500)]
lighttpd: add lighttpd-mod-rrdtool dep on rrdtool1

add lighttpd-mod-rrdtool dependency on rrdtool1

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
23 months agolighttpd: lighttpd-1.4.67-4
Glenn Strauss [Wed, 30 Nov 2022 04:32:44 +0000 (23:32 -0500)]
lighttpd: lighttpd-1.4.67-4

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
23 months agolighttpd: lighttpd.conf vars, comments, guidance
Glenn Strauss [Wed, 30 Nov 2022 03:22:14 +0000 (22:22 -0500)]
lighttpd: lighttpd.conf vars, comments, guidance

lighttpd.conf variables, documentation comments, configuration guidance

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
23 months agolighttpd: print stderr trace if validation fails
Glenn Strauss [Sun, 27 Nov 2022 20:39:24 +0000 (15:39 -0500)]
lighttpd: print stderr trace if validation fails

lighttpd.init validate_conf(): print stderr trace if validation fails

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
23 months agomicrosocks: add low resource SOCKS5 TCP/IP only proxy server
Mateusz Korniak [Thu, 21 Jul 2022 12:38:06 +0000 (14:38 +0200)]
microsocks: add low resource SOCKS5 TCP/IP only proxy server

Initial version 1.0.3

Signed-off-by: Mateusz Korniak <matkorgithubcom@ant.gliwice.pl>
23 months agoMerge pull request #19992 from hnyman/wget
Hannu Nyman [Wed, 30 Nov 2022 15:35:08 +0000 (17:35 +0200)]
Merge pull request #19992 from hnyman/wget

wget: update to 1.21.3

23 months agosimple-adblock: localizable error/warning messages 19993/head
Stan Grishin [Tue, 29 Nov 2022 22:37:53 +0000 (22:37 +0000)]
simple-adblock: localizable error/warning messages

* store all error/warning messages with the error text id so that
  they can be made localizable for the luci app

Signed-off-by: Stan Grishin <stangri@melmac.ca>
23 months agoMerge pull request #19987 from stangri/master-simple-adblock
Stan Grishin [Tue, 29 Nov 2022 21:41:06 +0000 (14:41 -0700)]
Merge pull request #19987 from stangri/master-simple-adblock

simple-adblock: bugfix: detect dnsmasq ipset support

23 months agoMerge pull request #19985 from stangri/master-https-dns-proxy
Stan Grishin [Tue, 29 Nov 2022 21:40:53 +0000 (14:40 -0700)]
Merge pull request #19985 from stangri/master-https-dns-proxy

https-dns-proxy: improve performance on restart

23 months agowget: update to 1.21.3 19992/head
Hannu Nyman [Tue, 29 Nov 2022 18:03:26 +0000 (20:03 +0200)]
wget: update to 1.21.3

Update wget to 1.21.3

* Remove patch 100-fix-hsts-time.patch as upstream has issued
  its own version on the fixes

* Add a hack (and fixup autoreconf) to fix an upstream bug that
  forces the nettle library into nossl even if NTLM is disabled.
  Upstream bug filed: https://savannah.gnu.org/bugs/?63431

* Remove old maintainer who has not been active

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
23 months agoMerge pull request #19973 from julienmalik/borg
Hannu Nyman [Tue, 29 Nov 2022 14:57:10 +0000 (16:57 +0200)]
Merge pull request #19973 from julienmalik/borg

borgbackup: initial commit