krant [Wed, 28 Feb 2024 11:50:10 +0000 (13:50 +0200)]
inotify-tools: fix link error on x86
Previous commit removed unnecessary linking with libstdc++
but introduced another error on x86 platforms:
undefined reference to `__stack_chk_fail_local'
Fix it by explicitly linking libssp_nonshared.a
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Tue, 27 Feb 2024 09:53:19 +0000 (11:53 +0200)]
logrotate: update to 3.21.0
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Mon, 26 Feb 2024 11:12:21 +0000 (13:12 +0200)]
dnsdist: disable XSK to fix the build
XSK support is set to auto by default and on some hosts it is detected as
on and leads to:
```
In file included from dnsdist-backend.cc:32:
xsk.hh:28:10: fatal error: bits/types/struct_timespec.h: No such file or
directory
28 | #include <bits/types/struct_timespec.h>
```
Here we disable XSK so configure will behave more deterministically and
hopefully fix the builders.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Oskari Rauta [Mon, 26 Feb 2024 23:03:49 +0000 (01:03 +0200)]
mc: depend on libe2p
Now that libe2p is separated from e2fsprogs;
midnight commander needs it added to depends.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Michael Heimpold [Tue, 27 Feb 2024 06:24:00 +0000 (07:24 +0100)]
Merge pull request #23542 from mhei/use-https-for-php-and-pecl
php8/pecl8-pecl-*: use https URLs for PKG_SOURCE_URLs
krant [Sun, 25 Feb 2024 09:09:05 +0000 (11:09 +0200)]
httping: update to 3.5
- Update package URLs
- Use local tarball for sources
- Switch to CMake
- Drop obsolete patches including 'minimize' (ipk size +3KB only)
- Add 3 new patches to fix musl, openssl and cmake issues
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Mon, 26 Feb 2024 12:57:50 +0000 (14:57 +0200)]
dump1090: fix soft float ARM build
Package CPU features detection is not supporting soft float ARM.
So we disable it altogether.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Michael Heimpold [Tue, 20 Feb 2024 16:38:25 +0000 (17:38 +0100)]
php8/pecl8-pecl-*: use https URLs for PKG_SOURCE_URLs
Most packages already use https URLs and for PHP and PECL
package downloads https is working properly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Mon, 26 Feb 2024 08:22:26 +0000 (16:22 +0800)]
yq: Update to 4.42.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 26 Feb 2024 08:18:56 +0000 (16:18 +0800)]
v2fly-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 26 Feb 2024 08:21:15 +0000 (16:21 +0800)]
alist: Update to 3.31.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 26 Feb 2024 08:21:09 +0000 (16:21 +0800)]
cloudflared: Update to 2024.2.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Daniel Golle [Mon, 26 Feb 2024 05:08:04 +0000 (05:08 +0000)]
uvol: add support for detecting fitblk boot device
Auto-detect LVM2 volume on boot device used with fitblk uImage.FIT
sub-image driver.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
krant [Sun, 25 Feb 2024 16:14:58 +0000 (18:14 +0200)]
inotify-tools: update to 4.23.9.0
- Workaround superfluous linking with libstdccp
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sat, 24 Feb 2024 16:47:34 +0000 (18:47 +0200)]
rust: update to 1.76.0
- Use .xz for source archive
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
John Audia [Sun, 25 Feb 2024 00:06:45 +0000 (19:06 -0500)]
snort3: build against gperftools-runtime
Should provide increases in snort3 performance thanks to thread-
caching malloc provided by gperftools. Avg CPU usage is down.
Another user reported higher throughput achieved with snort3
compiled with this on samba transfers on system with CPU-limited
snort3 performance.[1]
1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Rosen Penev [Sat, 24 Feb 2024 20:24:22 +0000 (12:24 -0800)]
rtpmidi: update to 23.12
Get rid of codeload and use local tarballs.
Fixes compilation with newer fmt.
Minor cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Maxim Storchak [Sat, 24 Feb 2024 22:32:21 +0000 (00:32 +0200)]
tmux: update to 3.4
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Dirk Brenken [Sat, 24 Feb 2024 21:39:10 +0000 (22:39 +0100)]
travelmate: update 2.1.2-4
* more re-connections tweaks
* made travelmate generated emails responsive
Signed-off-by: Dirk Brenken <dev@brenken.org>
krant [Tue, 20 Feb 2024 11:49:43 +0000 (13:49 +0200)]
python-yaml: fix build with Cython 3
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
John Audia [Tue, 20 Feb 2024 20:36:26 +0000 (15:36 -0500)]
snort3: update to 3.1.81.0
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.81.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.81.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-02-16
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Darren Tucker [Thu, 15 Feb 2024 08:33:05 +0000 (19:33 +1100)]
conserver: free correct addrinfo to prevent crash.
When looping through addrinfo lists in AddrsMatch, keep a copy of the
original addrinfo pointers to free instead of ending up at the terminating
NULLs and trying to free those.
OpenWRT uses musl in which freeaddrinfo(NULL) is not safe (which is
fine, it's not required by the spec) so this fixes a segfault.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
krant [Sat, 24 Feb 2024 11:02:57 +0000 (13:02 +0200)]
htpdate: update to 1.3.7
- Switch package URLs to HTTPS
- Use .gz for source archive since .xz is no longer available
- Remove upstreamed patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Oldřich Jedlička [Fri, 23 Feb 2024 22:35:37 +0000 (23:35 +0100)]
fwknop: update to 2.6.11
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
krant [Sat, 24 Feb 2024 10:34:11 +0000 (12:34 +0200)]
dump1090: update to 9.0
- Fix version to be properly configured
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 23 Feb 2024 20:19:37 +0000 (22:19 +0200)]
c-ares: update to 1.27.0
- Update package URL
- Don't set default CMake options
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 23 Feb 2024 09:19:45 +0000 (11:19 +0200)]
avrdude: fix dependencies
- libftdi, libhidapi, libusb-0.1 was incorrectly leaking into the build.
- libgpiod was incorrectly missing out despite LINUXGPIO feature
was explicitly requested.
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
John Audia [Thu, 13 Jul 2023 14:20:48 +0000 (10:20 -0400)]
gperftools: add new package
Thread-caching malloc provided by this package improves snort3
performance. I have been running with this for over seven months
without issues. Avg CPU usage is down. Another user reported
higher throughput achieved with snort3 compiled with this on
samba transfers on system with CPU-limited snort performance.[1]
1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
Dirk Brenken [Sat, 24 Feb 2024 05:58:40 +0000 (06:58 +0100)]
travelmate: update 2.1.2-3
* various vpn optimizations
* remove obsololete trm_maxscan option
* small fixes for net status and captive portal handling
* add an additional login variant to the h-hotels login script
* fix the wifibahn login script work again with wifionice hotspots again
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Glenn Strauss [Thu, 22 Feb 2024 18:03:24 +0000 (13:03 -0500)]
lighttpd: update to lighttpd 1.4.74 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
krant [Fri, 23 Feb 2024 01:30:19 +0000 (03:30 +0200)]
sysstat: add missing xz-utils dependency
Depending only on 'xz' hides the package when 'xz-utils' is not selected
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Alexander Egorenkov [Sat, 17 Feb 2024 10:02:08 +0000 (11:02 +0100)]
imagemagick: add missing libzip dependency
Package imagemagick is missing dependencies for the following libraries:
libzip.so.5.
Fixes: 7b697342e9fc ("imagemagick: update to 7.1.1-28")
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
krant [Wed, 21 Feb 2024 11:03:11 +0000 (13:03 +0200)]
tesseract: update to 5.3.4
- Fix NEON mis-detection which was breaking builds on some platforms
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 08:44:11 +0000 (10:44 +0200)]
micropython: disable mold
package fails to build with mold linker due to unregocnized flag.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Ivan Pavlov [Mon, 12 Feb 2024 19:23:24 +0000 (22:23 +0300)]
openvpn: update to 2.6.9
- license change is now complete, and all code has been re-licensed
under the new license (still GPLv2, but with new linking exception
for Apache2 licensed code).
Code that could not be re-licensed has been removed or rewritten.
- add support for building with mbedTLS 3.x.x
- new option "--force-tls-key-material-export" to only accept clients
that can do TLS keying material export to generate session keys
(mostly an internal option to better deal with TLS 1.0 PRF failures).
- Windows: bump vcpkg-ports/pkcs11-helper to 1.30
- Log incoming SSL alerts in easier to understand form and move logging
from "--verb 8" to "--verb 3".
- protocol_dump(): add support for printing "--tls-crypt" packets
and other fixes
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.9/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
John Audia [Thu, 22 Feb 2024 20:21:46 +0000 (15:21 -0500)]
hyperscan: symlinks redundant ABI shared objects
Use $(CP) macro rather than $(INSTALL_DATA) to preserve symlinks
on shared objects which saves approx 11.8 M of space.
From hyperscan-runtime_5.4.2-1:
% ls -lh /usr/lib/libhs*
-rw-r--r-- 1 root root 4.7M Feb 16 14:29 /usr/lib/libhs.so
-rw-r--r-- 1 root root 4.7M Feb 16 14:29 /usr/lib/libhs.so.5
-rw-r--r-- 1 root root 4.7M Feb 16 14:29 /usr/lib/libhs.so.5.4.2
-rw-r--r-- 1 root root 1.2M Feb 16 14:29 /usr/lib/libhs_runtime.so
-rw-r--r-- 1 root root 1.2M Feb 16 14:29 /usr/lib/libhs_runtime.so.5
-rw-r--r-- 1 root root 1.2M Feb 16 14:29 /usr/lib/libhs_runtime.so.5.4.2
% grep Installed-Size /usr/lib/opkg/info/hyperscan-runtime.control
Installed-Size:
18370560
From hyperscan-runetime_5.4.2-2 (created by this PR):
% ls -lh /usr/lib/libhs*
lrwxr-xr-x 1 root root 10 Feb 22 15:56 /usr/lib/libhs.so -> libhs.so.5
lrwxr-xr-x 1 root root 14 Feb 22 15:56 /usr/lib/libhs.so.5 -> libhs.so.5.4.2
-rwxr-xr-x 1 root root 4.6M Feb 22 15:27 /usr/lib/libhs.so.5.4.2
lrwxr-xr-x 1 root root 18 Feb 22 15:56 /usr/lib/libhs_runtime.so -> libhs_runtime.so.5
lrwxr-xr-x 1 root root 22 Feb 22 15:56 /usr/lib/libhs_runtime.so.5 -> libhs_runtime.so.5.4.2
-rwxr-xr-x 1 root root 1.2M Feb 22 15:27 /usr/lib/libhs_runtime.so.5.4.2
% grep Installed-Size /usr/lib/opkg/info/hyperscan-runtime.control
Installed-Size:
5918720
Credit to @efahl for pointing this out.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
krant [Sun, 11 Feb 2024 23:23:25 +0000 (01:23 +0200)]
screen: update to 4.9.1
- Remove upstreamed patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Pierre Parent [Wed, 14 Feb 2024 10:51:59 +0000 (11:51 +0100)]
coova-chilli: fix libxt-coova not loading properly from iptables ( openwrt/packages#23092 )
Signed-off-by: Pierre Parent <m@pierre-parent.fr>
Edmunt Pienkowsky [Sat, 17 Feb 2024 09:03:02 +0000 (10:03 +0100)]
rtl_433: update to 23.11
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
Edmunt Pienkowsky [Sat, 17 Feb 2024 08:57:08 +0000 (09:57 +0100)]
rtl-sdr: update to v2.0.1
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
krant [Thu, 22 Feb 2024 10:53:47 +0000 (12:53 +0200)]
clamav: update to 1.3.0
- Add build-time Rust dependency
- Don't set default and rename changed CMake options
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Jonas Jelonek [Thu, 22 Feb 2024 19:03:43 +0000 (20:03 +0100)]
croc: update to 9.6.12
changelogs:
9.6.10: https://github.com/schollz/croc/releases/tag/v9.6.10
9.6.11: https://github.com/schollz/croc/releases/tag/v9.6.10
9.6.12: https://github.com/schollz/croc/releases/tag/v9.6.10
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
krant [Thu, 22 Feb 2024 21:05:06 +0000 (23:05 +0200)]
fswebcam: update to
20200725
- Remove dead mirror
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 22 Feb 2024 20:54:29 +0000 (22:54 +0200)]
git: update to 2.43.2
- Refresh a patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 22 Feb 2024 19:03:05 +0000 (21:03 +0200)]
boinc: update to 7.24.3
- Use local tarball
- Remove upstreamed and refresh remaining patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 22 Feb 2024 07:36:14 +0000 (09:36 +0200)]
avrdude: update to 7.3
- Use local tarball
- Use CMake
- Depend from libusb-1.0 instead of libusb-compat
- Remove obsolete patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 22 Feb 2024 14:29:06 +0000 (16:29 +0200)]
ripgrep: update to 14.1.0
- Link pcre2 dynamically
- it was linked statically and libpcre2 dependency was useless
- it magically fixes build error when global LTO is enabled
- it reduces resulting binary size
- Use 'release-lto' cargo profile to further reduce binary size
'rg' binary sizes comparision (arm_cortex-a9+neon):
- 4293KB: unmodified
- 4018KB: dynamic libpcre2
- 3521KB: dynamic libpcre2 + release-lto
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 22 Feb 2024 06:32:26 +0000 (08:32 +0200)]
bluez: update to 5.72
- Use HTTPS for URL
- Don't set default configure option
- Refresh the patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Rosen Penev [Wed, 21 Feb 2024 20:52:11 +0000 (12:52 -0800)]
glib2: use internal pcre2 for host
There's some weird issue where -lpcre2 is not being passed. Fixes
vala/host which links to static libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 21 Feb 2024 20:48:28 +0000 (12:48 -0800)]
libiio: fix pkgconfig paths
CMake build is passing host paths in pkgconfig file.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Wed, 21 Feb 2024 20:46:46 +0000 (12:46 -0800)]
nghttp3: fix pkgconfig file
CMake build is passing host paths in pkgconfig.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
krant [Wed, 21 Feb 2024 15:27:04 +0000 (17:27 +0200)]
sysstat: update to 12.7.5
- Update package URLs
- Add missing xz dependency
- Fix incorrectly set sa_dir
- Refresh the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Jo-Philipp Wich [Wed, 21 Feb 2024 20:50:42 +0000 (21:50 +0100)]
nlbwmon: update to Git HEAD (2024-02-21)
8dab2ae24c54 neigh: fix potential integer underflow in avl_cmp_neigh()
992f9078b1d5 nfnetlink: fix netlink dump receive logic
ec1a39e53d3f nfnetlink: improve message reception in event callback
0ef61c3bebcb build: convert CMakeList.txt to lowercase
c7616bcfaaef nlbwmon: utilize uloop interval timer if available
Fixes: https://github.com/jow-/nlbwmon/issues/57
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
krant [Wed, 21 Feb 2024 12:15:00 +0000 (14:15 +0200)]
libffi: update to 3.4.6
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 21 Feb 2024 10:54:53 +0000 (12:54 +0200)]
libpng: update to 1.6.42
- Don't set default and rename renamed CMake options
- Enable NEON optimizations
- Rebase the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Yousong Zhou [Wed, 21 Feb 2024 08:41:19 +0000 (08:41 +0000)]
ovn: bump to 22.03.5
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Mon, 5 Feb 2024 03:14:38 +0000 (03:14 +0000)]
openvswitch: bump to 2.17.9
Refresh and backport patches so that
- ./python path in the source code takes precedence over the same dir in hostpkg
- OVN LTS version 22.03.5 which depends on Open vSwitch 3.0 can compile
with Open vSwitch 2.17
Fixes: https://github.com/openwrt/packages/issues/22744
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
krant [Wed, 21 Feb 2024 07:34:19 +0000 (09:34 +0200)]
libcurl-gnutls: fix build
- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Jianhui Zhao [Tue, 20 Feb 2024 14:13:31 +0000 (22:13 +0800)]
rtty: update to 8.1.1
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Gerard Ryan [Sun, 31 Dec 2023 06:15:27 +0000 (16:15 +1000)]
dockerd: Update to 25.0.3
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 31 Dec 2023 06:15:04 +0000 (16:15 +1000)]
docker: Update to 25.0.3
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 31 Dec 2023 06:13:12 +0000 (16:13 +1000)]
containerd: Update to 1.7.13
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Sun, 31 Dec 2023 06:12:55 +0000 (16:12 +1000)]
runc: Update to 1.1.12
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Jonas Lochmann [Mon, 1 Jan 2024 00:00:00 +0000 (01:00 +0100)]
mwan3: check removed route before removal
This makes mwan3rtmon check if mwan3_get_routes returns a route
before removing it. This helps with IPv6 routes with source address
selector removal where multiple original routes are transformed to
the same mwan3 route if one of the source routes is removed while
the others are kept.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
Dirk Brenken [Mon, 19 Feb 2024 13:54:08 +0000 (14:54 +0100)]
openvpn: fix start_path_instance function
Check the conffile existance (with .conf extension), before calling the
function 'start_path_instance'. This fixes errors with non-existing and
wrong spelling instances.
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Update commit description
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Michael Heimpold [Tue, 20 Feb 2024 16:34:15 +0000 (17:34 +0100)]
Merge pull request #23472 from mhei/php8-update-to-8.3.3
php8: update to 8.3.3
Tianling Shen [Tue, 20 Feb 2024 07:48:04 +0000 (15:48 +0800)]
btop: Update to 1.3.2
Synced LDFLAGS from upstream Makefile.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Tue, 20 Feb 2024 07:47:42 +0000 (15:47 +0800)]
v2raya: Update to 2.2.4.7
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Tue, 20 Feb 2024 07:47:34 +0000 (15:47 +0800)]
yq: Update to 4.41.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Glen Huang [Tue, 21 Nov 2023 03:07:07 +0000 (11:07 +0800)]
strongswan: add empty config
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
John Audia [Thu, 4 Jan 2024 20:21:50 +0000 (15:21 -0500)]
snort3: build against hyperscan
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Hirokazu MORIKAWA [Fri, 16 Feb 2024 09:33:14 +0000 (18:33 +0900)]
libuv: fix CVE-2024-24806
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6
0f2d7e7,
3530bcc and
e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:49:13 +0000 (15:49 +0200)]
ocserv: updated config
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:48:12 +0000 (15:48 +0200)]
ocserv: use better separator for sed
This prevents clashes with network addresses that
contain '/'.
Resolves: #18589
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Mon, 19 Feb 2024 12:24:20 +0000 (13:24 +0100)]
Merge pull request #23348 from nmav/bug/23185
openconnect: make host dependency more resilient
Michael Heimpold [Mon, 19 Feb 2024 07:07:02 +0000 (08:07 +0100)]
php8: update to 8.3.3
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Mon, 19 Feb 2024 06:31:02 +0000 (07:31 +0100)]
Merge pull request #23463 from mhei/fix-apr
apr/subversion: fix subversion build and apache-mod-php8 build regres…
Rosen Penev [Sun, 18 Feb 2024 22:59:02 +0000 (14:59 -0800)]
mariadb: fix compilation with newer fmt
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Sun, 18 Feb 2024 21:48:49 +0000 (13:48 -0800)]
libfmt: fix compilation with mariadb
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Peter van Dijk [Fri, 16 Feb 2024 14:29:04 +0000 (15:29 +0100)]
h2o: remove, nothing depends on it anymore
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Peter van Dijk [Thu, 15 Feb 2024 15:35:28 +0000 (16:35 +0100)]
dnsdist: update to 1.9.0
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Vladimir Ermakov [Sat, 23 Dec 2023 11:12:33 +0000 (12:12 +0100)]
qemu: update to 8.2.0
- Refresh patches.
- Disable new features like AF XDP, Rutabaga VGA, libkeyutils
- Delete removed features such as HAX hypervisor
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
krant [Fri, 16 Feb 2024 12:46:45 +0000 (14:46 +0200)]
openblas: enable ARM-specific optimizations
OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.
Automatically detected ARM families:
- Cortex-A9 without NEON
- Cortex-A9 with NEON
- Cortex-A15
- Cortex-A53
- Cortex-A72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Alexander Egorenkov [Sun, 31 Dec 2023 10:57:42 +0000 (11:57 +0100)]
yt-dlp: bump to version 2023.12.30
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
Christian Lachner [Fri, 16 Feb 2024 07:43:35 +0000 (08:43 +0100)]
haproxy: update to v2.8.6
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 08:17:51 +0000 (10:17 +0200)]
podman: update to 4.9.3
Changelogs: https://github.com/containers/podman/releases
Patches refreshed
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Oskari Rauta [Fri, 16 Feb 2024 08:01:25 +0000 (10:01 +0200)]
conmon: update to 2.1.10
bug fixes:
- Fix incorrect free in conn_sock
- logging: Respect log-size-max immediately after open
- fix some issues flagged by SAST scan
- src: fix write after end of buffer
- src: open all files with O_CLOEXEC
- oom-score: restore oom score before running exit command
new features:
- Forward more messages on the sd-notify socket
- logging: -l passthrough accepts TTYs
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Michael Heimpold [Fri, 16 Feb 2024 23:21:49 +0000 (00:21 +0100)]
apr/subversion: fix subversion build and apache-mod-php8 build regression (fixes #23460)
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf632 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Stan Grishin [Fri, 16 Feb 2024 23:12:40 +0000 (16:12 -0700)]
Merge pull request #23406 from stangri/master-adblock-fast
adblock-fast: add force_dns_interface setting
Oskari Rauta [Fri, 16 Feb 2024 07:52:32 +0000 (09:52 +0200)]
slirp4netns: update to 1.2.3
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Noah Meyerhans [Thu, 15 Feb 2024 17:36:41 +0000 (09:36 -0800)]
bind: bump to 9.18.24
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Oskari Rauta [Fri, 16 Feb 2024 07:33:02 +0000 (09:33 +0200)]
aardvark-dns: update to 1.10.0
changelogs: https://github.com/containers/aardvark-dns/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Hirokazu MORIKAWA [Fri, 16 Feb 2024 06:14:51 +0000 (15:14 +0900)]
node: February 14 2024 Security Releases
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Florian Eckert [Fri, 16 Feb 2024 14:03:03 +0000 (15:03 +0100)]
Merge pull request #23457 from TDT-AG/pr/
20240216-procps-ng
procps-ng: update to version 4.0.4 and rename old version 3.3.16 to procps-ng3
Florian Eckert [Fri, 16 Feb 2024 14:01:26 +0000 (15:01 +0100)]
Merge pull request #23459 from TDT-AG/pr/
20240216-glib2
glib2: revert latest changes to get back to working version 2.74.0
krant [Thu, 15 Feb 2024 11:16:21 +0000 (13:16 +0200)]
procps-ng: Re-add procps-ng with API version 4
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 15 Feb 2024 11:11:09 +0000 (13:11 +0200)]
procps-ng3: update to 3.3.17 and install library only
- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
krant [Thu, 15 Feb 2024 11:05:43 +0000 (13:05 +0200)]
procps-ng: rename procps-ng to procps-ng3
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
krant [Thu, 1 Feb 2024 15:34:58 +0000 (17:34 +0200)]
Revert "procps-ng: update to 4.0.4"
The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit
81629ba5918f48a0886e6f601d63d0b016ef8c1e.