feed/packages.git
8 months agohttps-dns-proxy: prepare migration to APK 23719/head
Stan Grishin [Sat, 23 Mar 2024 01:02:32 +0000 (01:02 +0000)]
https-dns-proxy: prepare migration to APK

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit dae56fd2a5d4ac579dff5d151cefe45b8d873bd6)

8 months agodjango: bump to version 4.2.11
Alexandru Ardelean [Thu, 14 Mar 2024 14:08:36 +0000 (16:08 +0200)]
django: bump to version 4.2.11

Addresses a bunch of CVEs.
A more recent one: https://nvd.nist.gov/vuln/detail/CVE-2024-24680

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
8 months agoMerge pull request #23691 from EricLuehrsen/unbound_1193_wrt23
Tianling Shen [Tue, 19 Mar 2024 09:11:10 +0000 (17:11 +0800)]
Merge pull request #23691 from EricLuehrsen/unbound_1193_wrt23

[23.05] Backport Unbound 1.19.3 and script fixes to stable

8 months agounbound: update to 1.19.3 23691/head
Jan Klos [Mon, 18 Mar 2024 20:26:51 +0000 (21:26 +0100)]
unbound: update to 1.19.3

Signed-off-by: Jan Klos <jan@klos.xyz>
8 months agounbound: spell fix
Paul Donald [Fri, 15 Mar 2024 13:42:12 +0000 (14:42 +0100)]
unbound: spell fix

Closes openwrt/luci#6993

Signed-off-by: Paul Donald <newtwen@gmail.com>
8 months agounbound: add file parameter to service instance
Jan Klos [Mon, 19 Feb 2024 13:27:05 +0000 (14:27 +0100)]
unbound: add file parameter to service instance

that way, procd does not needlessly restart unbound on triggers when
everything remains the same - changes in non-default included
configuration files will not be registered, however

Signed-off-by: Jan Klos <jan@klos.xyz>
8 months agounbound: remove date/time from config headers
Jan Klos [Fri, 17 Nov 2023 23:59:07 +0000 (00:59 +0100)]
unbound: remove date/time from config headers

so that procd can decide whether to restart unbound based on config
file changes

Signed-off-by: Jan Klos <jan@klos.xyz>
8 months agotravelmate: update 2.1.2-6
Dirk Brenken [Mon, 18 Mar 2024 21:09:09 +0000 (22:09 +0100)]
travelmate: update 2.1.2-6

* fix vpn semaphore handling (#23643), thanks to @brianjmurrell
* disable vpn processing by default

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b8c47eae98929ea61d124af0e554daad8cc4feae)

8 months agop910nd: restart daemon even if no driver file is needed
Paul Donald [Tue, 5 Mar 2024 13:59:49 +0000 (14:59 +0100)]
p910nd: restart daemon even if no driver file is needed

Not all USB printers need a blob loading; restart the daemon
independently of driver loading.

Closes openwrt/packages#23588

Signed-off-by: Paul Donald <newtwen@gmail.com>
Tested-by: minicx <minicx@disroot.org>
(cherry picked from commit 685ef7d97b345c09edd428250794dd9fce07a174)

8 months agoshared-mime-info: update to 2.4
W. Michael Petullo [Mon, 1 Jan 2024 23:47:35 +0000 (17:47 -0600)]
shared-mime-info: update to 2.4

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 09bfc9483dfb437904b2a9e77670e2addbe83738)

8 months agoshared-mime-info: update to 2.2
W. Michael Petullo [Tue, 20 Jun 2023 13:53:34 +0000 (08:53 -0500)]
shared-mime-info: update to 2.2

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 4f608bb99852c96772dee55f0cb2ddbc17f2fd76)

8 months agoshadowsocks-libev: add remote server ips to dst bypass ipset
Yousong Zhou [Tue, 12 Mar 2024 00:45:28 +0000 (00:45 +0000)]
shadowsocks-libev: add remote server ips to dst bypass ipset

To align with old iptables-based ss-rules implementation.

Supersedes openwrt/packages#20239

Link: https://github.com/openwrt/packages/pull/20239
Signed-off-by: Luis Liou <liouluis@gmail.com>
[minor fixup on commit title, version bump, etc.]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 85b634f0b4f03d057613d45553ca272af877c27e)

8 months agolibwslay: remove, nothing depends on it since h2o is gone
Peter van Dijk [Thu, 7 Mar 2024 11:22:18 +0000 (12:22 +0100)]
libwslay: remove, nothing depends on it since h2o is gone

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit e1b6bac484e1a1d45f9001c4c0778f6136492a6c)

8 months agodnsdist: disable XSK to fix the build
krant [Mon, 26 Feb 2024 11:12:21 +0000 (13:12 +0200)]
dnsdist: disable XSK to fix the build

XSK support is set to auto by default and on some hosts it is detected as
on and leads to:

```
In file included from dnsdist-backend.cc:32:
xsk.hh:28:10: fatal error: bits/types/struct_timespec.h: No such file or
directory
   28 | #include <bits/types/struct_timespec.h>
```

Here we disable XSK so configure will behave more deterministically and
hopefully fix the builders.

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit f8dcc36af4f2f40076e4d07b1acd1a0177a7dbcb)

8 months agodnsdist: update to 1.9.0
Peter van Dijk [Thu, 15 Feb 2024 15:35:28 +0000 (16:35 +0100)]
dnsdist: update to 1.9.0

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit aa4fb5151a38e5ac0a495882b423f1d4f679ac0b)

8 months agodnsdist: Enable custom load-balancing policies in the light version
Remi Gacogne [Thu, 28 Dec 2023 09:52:35 +0000 (10:52 +0100)]
dnsdist: Enable custom load-balancing policies in the light version

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
(cherry picked from commit 738937a9c60079b8b15979cd79614d79ef132cff)

8 months agodnsdist: update to 1.8.3
Peter van Dijk [Tue, 19 Dec 2023 11:26:26 +0000 (12:26 +0100)]
dnsdist: update to 1.8.3

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit b6b9519975318cb2177710aafe6286bbdf583d83)

8 months agoh2o: remove, nothing depends on it anymore
Peter van Dijk [Fri, 16 Feb 2024 14:29:04 +0000 (15:29 +0100)]
h2o: remove, nothing depends on it anymore

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit d30a34bac1376a90f5767bfefa6e5eeaf4a945a7)

8 months agonghttp3: fix pkgconfig file
Rosen Penev [Wed, 21 Feb 2024 20:46:46 +0000 (12:46 -0800)]
nghttp3: fix pkgconfig file

CMake build is passing host paths in pkgconfig.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fa79aaad5f79447b579b98ea2e418486be71261d)

8 months agoclamav: update to 1.3.0
krant [Thu, 22 Feb 2024 10:53:47 +0000 (12:53 +0200)]
clamav: update to 1.3.0

- Add build-time Rust dependency
- Don't set default and rename changed CMake options

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit a9a1e7c3a68fab5317153835de90db8cd5c9ec3c)

8 months agoknot: update to version 3.3.5
Jan Hák [Wed, 6 Mar 2024 13:30:16 +0000 (14:30 +0100)]
knot: update to version 3.3.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit d660dc6e7ca497bf83b09865570d5c3b37b2609e)

8 months agoacme-common: use validation_method option instead of guessing
Sergey Ponomarev [Wed, 28 Feb 2024 19:59:27 +0000 (21:59 +0200)]
acme-common: use validation_method option instead of guessing

The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot

The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit 7d07c75154d8d77b39db1012493a21ef02cbf5bb)

8 months agontpclient: remove
Paul Donald [Fri, 1 Mar 2024 20:28:43 +0000 (21:28 +0100)]
ntpclient: remove

ntp sources are dead and gone. The most important functionality is now
provided by ntpd.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 2cd10d81134b5ff4b6350c477da3c9196e1b7489)

8 months agosyslog-ng: update to version 4.6.0
Josef Schlehofer [Tue, 5 Mar 2024 19:24:19 +0000 (20:24 +0100)]
syslog-ng: update to version 4.6.0

1. Bump version config to 4.6
2. Updated to 4.6.0 version
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.6.0
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.5.0

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit cf4df28d06e3ffa9ce0971fb29f9212cb97cfbee)

8 months agosyslog-ng: conf: fix deprecated stats_freq
Sergey Ponomarev [Sun, 26 Nov 2023 08:50:56 +0000 (10:50 +0200)]
syslog-ng: conf: fix deprecated stats_freq

The deprecated stats_freq() replaced with stats(freq(0)).

Also make comments shorter.
Fix tabs.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit 37d2d69595e2e454c2562c3d963dc8065a24db70)

8 months agov2ray-core: Update to 5.14.1
Tianling Shen [Tue, 5 Mar 2024 05:28:00 +0000 (13:28 +0800)]
v2ray-core: Update to 5.14.1

Including security fixes, see release note:
https://github.com/v2fly/v2ray-core/releases/tag/v5.14.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 9834d79ea17a2fed3d7e84d225de03b512310a88)

8 months agoc-ares: update to 1.27.0
krant [Fri, 23 Feb 2024 20:19:37 +0000 (22:19 +0200)]
c-ares: update to 1.27.0

- Update package URL
- Don't set default CMake options

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 0858accfda87e09df019c2e8ba4ab51f6323f17e)

8 months agoapfree-wifidog: update to 7.02.1977
Dengfeng Liu [Wed, 28 Feb 2024 05:05:26 +0000 (13:05 +0800)]
apfree-wifidog: update to 7.02.1977

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
8 months agoapfree-wifidog: fix some bugs in the wifidogx.init file
Dengfeng Liu [Wed, 28 Feb 2024 04:43:29 +0000 (12:43 +0800)]
apfree-wifidog: fix some bugs in the wifidogx.init file

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
8 months agoMerge pull request #23573 from stangri/openwrt-23.05-https-dns-proxy
Stan Grishin [Mon, 4 Mar 2024 20:59:51 +0000 (13:59 -0700)]
Merge pull request #23573 from stangri/openwrt-23.05-https-dns-proxy

[23.05] https-dns-proxy: update to upstream 2023-11-19

8 months agobanip: update 0.9.4-3
Dirk Brenken [Mon, 4 Mar 2024 20:26:44 +0000 (21:26 +0100)]
banip: update 0.9.4-3

* fix another logical glitch in the logfile monitor

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4356180197a7a32236a05b332eebf6cf1329cb25)

8 months agonatmap: update to 20240303
Ray Wang [Sun, 3 Mar 2024 10:23:39 +0000 (18:23 +0800)]
natmap: update to 20240303

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 7bbd9156cc478ab133d142f05f243eb3061d0c8d)

8 months agov2raya: Update to 2.2.5.1
Tianling Shen [Sat, 2 Mar 2024 15:33:03 +0000 (23:33 +0800)]
v2raya: Update to 2.2.5.1

Hot fix for a frontend failure bug.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab2f10233ed984b0c8935005a0d26efa57c7a4d1)

8 months agodnsproxy: Update to 0.65.2
Tianling Shen [Sat, 2 Mar 2024 11:50:51 +0000 (19:50 +0800)]
dnsproxy: Update to 0.65.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b5290ace07891fe744863a0858290bc627bbff01)

8 months agogolang: Update to 1.21.7
Tianling Shen [Mon, 26 Feb 2024 08:25:18 +0000 (16:25 +0800)]
golang: Update to 1.21.7

go1.21.6 (released 2024-01-09) includes fixes to the compiler,
the runtime, and the crypto/tls, maps, and runtime/pprof packages.

go1.21.7 (released 2024-02-06) includes fixes to the compiler,
the go command, the runtime, and the crypto/x509 package.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 34867e83ca666094114d1f53c2831d2da221c428)

8 months agov2raya: Update to 2.2.5
Tianling Shen [Sat, 2 Mar 2024 09:56:04 +0000 (17:56 +0800)]
v2raya: Update to 2.2.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 381d1af34796bbc2254581360243e56ea3766e19)

8 months agobanip: update 0.9.4-2
Dirk Brenken [Sat, 2 Mar 2024 20:25:47 +0000 (21:25 +0100)]
banip: update 0.9.4-2

* fix a long standing problem in the logfile-parser with dropbear and compressed IPv6 addresses

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 7b06b1d312ed3a43d2d030b55b6932a55365b5bd)

8 months agobanip: release 0.9.4-1
Dirk Brenken [Sat, 2 Mar 2024 08:28:39 +0000 (09:28 +0100)]
banip: release 0.9.4-1

* add support for destination port & protocol limitations for external feeds (see readme for details),
  useful for lan-forward ad- or DoH-blocking, e.g. only tcp ports 80 and 443
* add turris sentinel blocklist feed
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 730ad59cb960bd10c1a3a7597cafaabf080dcf7a)

8 months agorclone: add fuse3-utils as dependency
Tianling Shen [Tue, 27 Feb 2024 16:39:15 +0000 (00:39 +0800)]
rclone: add fuse3-utils as dependency

rclone has switched to use fuse3 since v1.62.0.

Reported-by: qiuzi <gxfclql@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit df9d076d600a3d02da198af4a625980ed0633d2a)

8 months agoyq: Update to 4.42.1
Tianling Shen [Mon, 26 Feb 2024 08:22:26 +0000 (16:22 +0800)]
yq: Update to 4.42.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fa54dbc72a8aa25830b1c2e341876182ea19b455)

8 months agov2fly-geodata: Update to latest version
Tianling Shen [Mon, 26 Feb 2024 08:18:56 +0000 (16:18 +0800)]
v2fly-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 120fc57d553ef76ce144fccec1426b7ce1bc4c73)

8 months agocloudflared: Update to 2024.2.1
Tianling Shen [Mon, 26 Feb 2024 08:21:09 +0000 (16:21 +0800)]
cloudflared: Update to 2024.2.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 18aef55126916334e35fe24d3a9268fac6cb9e76)

8 months agobtop: Update to 1.3.2
Tianling Shen [Tue, 20 Feb 2024 07:48:04 +0000 (15:48 +0800)]
btop: Update to 1.3.2

Synced LDFLAGS from upstream Makefile.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 187b52c95afc826213ba3e204e43ed009d8e8908)

8 months agov2raya: Update to 2.2.4.7
Tianling Shen [Tue, 20 Feb 2024 07:47:42 +0000 (15:47 +0800)]
v2raya: Update to 2.2.4.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 870d09c5dd577a05cd850228b4a2e4aaa3f4362c)

8 months agoyq: Update to 4.41.1
Tianling Shen [Tue, 20 Feb 2024 07:47:34 +0000 (15:47 +0800)]
yq: Update to 4.41.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 69d963df9e7fc580d7efa11ccaf372b2b2dc8986)

8 months agoyq: Update to 4.40.7
Tianling Shen [Wed, 14 Feb 2024 04:51:13 +0000 (12:51 +0800)]
yq: Update to 4.40.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit aec476691327417dd1b5576fad1600ae53b03697)

8 months agocloudflared: Update to 2024.2.0
Tianling Shen [Wed, 14 Feb 2024 04:51:05 +0000 (12:51 +0800)]
cloudflared: Update to 2024.2.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 87bd747652ad03a07ea550db79797563e132da00)

8 months agov2ray-geodata: Update to latest version
Tianling Shen [Wed, 14 Feb 2024 04:50:54 +0000 (12:50 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 21a8b968d16cb1655eb8bed516a334be198a0c7c)

8 months agohttps-dns-proxy: update to upstream 2023-11-19 23573/head
Stan Grishin [Sat, 2 Mar 2024 00:13:49 +0000 (00:13 +0000)]
https-dns-proxy: update to upstream 2023-11-19

* update to upstream 2023-11-19
  (changes: https://github.com/aarond10/https_dns_proxy/commit/489c57efd46983e688579974a2ab7aeaa7df8d83)
* bugfix: include resolveip dependency in Makefile
  (fixes https://github.com/openwrt/packages/issues/23567)
* minor update for failed healthcheck logging

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit bd501dd89c65857c060ca1ac034bc2fe7846b4e7)

8 months agortl-sdr: update to v2.0.1
Edmunt Pienkowsky [Sat, 17 Feb 2024 08:57:08 +0000 (09:57 +0100)]
rtl-sdr: update to v2.0.1

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
(cherry picked from commit c623291b383495a71dcddbbb866d5aa6c9ccb1a4)
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
8 months agortl_433: update to 23.11
Edmunt Pienkowsky [Sat, 17 Feb 2024 09:03:02 +0000 (10:03 +0100)]
rtl_433: update to 23.11

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
(cherry picked from commit 0bb9240f6be9b695d1eebf9f0d96092957efe85c)
Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
8 months agotravelmate: update 2.1.2-5
Dirk Brenken [Thu, 29 Feb 2024 20:00:21 +0000 (21:00 +0100)]
travelmate: update 2.1.2-5

* final vpn tweaks

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit bec5f35dea7ac5b4b4b7d75a931be470a19d4f22)

8 months agoadblock: update 4.1.5-9
Dirk Brenken [Wed, 28 Feb 2024 20:11:48 +0000 (21:11 +0100)]
adblock: update 4.1.5-9

* minimal fix with reporting interface 'any'

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 0af6e8d15898f62c0c5080877af4fd8557bb4731)

8 months agoragel: new package to build vectorscan
John Audia [Thu, 25 May 2023 12:50:53 +0000 (08:50 -0400)]
ragel: new package to build vectorscan

This is a new package for ragel which is a dependency for another
new package vectorscan

Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fa76c4df5c857ee564bf2f2eaeedfea5b497b1e7)

8 months agosnort3: build against gperftools-runtime
John Audia [Sun, 25 Feb 2024 00:06:45 +0000 (19:06 -0500)]
snort3: build against gperftools-runtime

Should provide increases in snort3 performance thanks to thread-
caching malloc provided by gperftools.  Avg CPU usage is down.
Another user reported higher throughput achieved with snort3
compiled with this on samba transfers on system with CPU-limited
snort3 performance.[1]

1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4295bd7f45943b92e6e12ba91aac5f701b2da5a3)

8 months agosnort3: update to 3.1.81.0
John Audia [Tue, 20 Feb 2024 20:36:26 +0000 (15:36 -0500)]
snort3: update to 3.1.81.0

Changelog: https://github.com/snort3/snort3/releases/tag/3.1.81.0

   ,,_     -*> Snort++ <*-
  o"  )~   Version 3.1.81.0
   ''''    By Martin Roesch & The Snort Team
           http://snort.org/contact#team
           Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using DAQ version 3.0.14
           Using LuaJIT version 2.1.0-beta3
           Using OpenSSL 3.0.13 30 Jan 2024
           Using libpcap version 1.10.4 (with TPACKET_V3)
           Using PCRE version 8.45 2021-06-15
           Using ZLIB version 1.3.1
           Using Hyperscan version 5.4.2 2024-02-16
           Using LZMA version 5.4.6

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a7b5bfbfb75c07f05072e52224d3259648165916)

8 months agogperftools: add new package
John Audia [Thu, 13 Jul 2023 14:20:48 +0000 (10:20 -0400)]
gperftools: add new package

Thread-caching malloc provided by this package improves snort3
performance.  I have been running with this for over seven months
without issues.  Avg CPU usage is down.  Another user reported
higher throughput achieved with snort3 compiled with this on
samba transfers on system with CPU-limited snort performance.[1]

1. https://forum.openwrt.org/t/some-help-with-a-makefile-gperftools/165656/22

Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c1b4e80825d6855d66899dc32490b0ce9537aff5)

8 months agohyperscan: new package for speeding up regex ops
John Audia [Sat, 1 Jul 2023 09:41:41 +0000 (05:41 -0400)]
hyperscan: new package for speeding up regex ops

Hyperscan is a high performance regular expression matching
library from Intel that runs on x86 platforms and offers
support for Perl Compatible Regular Expressions (PCRE) syntax,
simultaneous matching of groups of regular expressions, and
streaming operations.

This has utility in speeding up snort3.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1db5c5461778223c661ae9206f3c5d6929081b84)

8 months agodockerd: Update to 25.0.3
Gerard Ryan [Sun, 31 Dec 2023 06:15:27 +0000 (16:15 +1000)]
dockerd: Update to 25.0.3

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
8 months agodocker: Update to 25.0.3
Gerard Ryan [Sun, 31 Dec 2023 06:15:04 +0000 (16:15 +1000)]
docker: Update to 25.0.3

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
8 months agocontainerd: Update to 1.7.13
Gerard Ryan [Sun, 31 Dec 2023 06:13:12 +0000 (16:13 +1000)]
containerd: Update to 1.7.13

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
8 months agorunc: Update to 1.1.12
Gerard Ryan [Sun, 31 Dec 2023 06:12:55 +0000 (16:12 +1000)]
runc: Update to 1.1.12

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
8 months agotailscale: Update to 1.58.2
Zephyr Lykos [Thu, 25 Jan 2024 18:21:33 +0000 (02:21 +0800)]
tailscale: Update to 1.58.2

https://github.com/tailscale/tailscale/releases/tag/v1.58.2

Signed-off-by: Zephyr Lykos <git@mochaa.ws>
(cherry picked from commit a37a6e17035f67c8f6c3e4325d0bae116e0fcf2a)

8 months agotailscale: Update to 1.58.0
Zephyr Lykos [Fri, 19 Jan 2024 10:13:05 +0000 (18:13 +0800)]
tailscale: Update to 1.58.0

https://github.com/tailscale/tailscale/releases/tag/v1.58.0

Signed-off-by: Zephyr Lykos <git@mochaa.ws>
(cherry picked from commit 0b0a13ed3338e7111f28c14c296a00a4f6b9123c)

8 months agotravelmate: update 2.1.2-4
Dirk Brenken [Sat, 24 Feb 2024 21:39:10 +0000 (22:39 +0100)]
travelmate: update 2.1.2-4

* more re-connections tweaks
* made travelmate generated emails responsive

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit bd8829b341b8e86147280ba5aa2c4523f3adc2af)

8 months agoMerge pull request #23485 from mhei/23.05-php8-update-to-8.2.16
Michael Heimpold [Sat, 24 Feb 2024 09:53:07 +0000 (10:53 +0100)]
Merge pull request #23485 from mhei/23.05-php8-update-to-8.2.16

[23.05] php8: update to 8.2.16

8 months agotravelmate: update 2.1.2-3
Dirk Brenken [Sat, 24 Feb 2024 05:58:40 +0000 (06:58 +0100)]
travelmate: update 2.1.2-3

* various vpn optimizations
* remove obsololete trm_maxscan option
* small fixes for net status and captive portal handling
* add an additional login variant to the h-hotels login script
* fix the wifibahn login script work again with wifionice hotspots again
* update readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 6e4ea63b7e701298807babecfc8d319327d6a4ad)

9 months agogit: update to 2.43.2
krant [Thu, 22 Feb 2024 20:54:29 +0000 (22:54 +0200)]
git: update to 2.43.2

- Refresh a patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit f9e16375f6ab491be91b506e6c9a7828ee9f7adf)

9 months agogit: update to 2.43.0
krant [Tue, 6 Feb 2024 08:10:04 +0000 (10:10 +0200)]
git: update to 2.43.0

- Refresh patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 158b76119385cc5d4bacdde9b903da8cabd44706)

9 months agolighttpd: update to lighttpd 1.4.74 release hash
Glenn Strauss [Thu, 22 Feb 2024 18:03:24 +0000 (13:03 -0500)]
lighttpd: update to lighttpd 1.4.74 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 4d8bb07b734391d11318cb319548a17273820685)

9 months agoovn: bump to 22.03.5
Yousong Zhou [Wed, 21 Feb 2024 08:41:19 +0000 (08:41 +0000)]
ovn: bump to 22.03.5

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 4d1c7a144ab06dfdad6b11a90a364e7f88a976c3)

9 months agoopenvswitch: bump to 2.17.9
Yousong Zhou [Mon, 5 Feb 2024 03:14:38 +0000 (03:14 +0000)]
openvswitch: bump to 2.17.9

Refresh and backport patches so that

 - ./python path in the source code takes precedence over the same dir in hostpkg
 - OVN LTS version 22.03.5 which depends on Open vSwitch 3.0 can compile
   with Open vSwitch 2.17

Fixes: https://github.com/openwrt/packages/issues/22744
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 7ccbb9a66cfadba035e2ad95a7931877e5faf504)

9 months agosquid: fix configure options
krant [Fri, 9 Feb 2024 20:44:43 +0000 (22:44 +0200)]
squid: fix configure options

- Remove non-existing 'dlmalloc' option
- Use 'with-cap' instead of 'with-libcap'
- Use 'with-xml2' instead of 'with-libxml2'
- Patch configure.ac to properly handle 'with-nettle'

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit f58be51721fb0e2c5aa0747bce36a19deb7392dd)

9 months agounbound: update to latest upstream release version 1.19.1
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1

Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2 with updated packages from snapshot
Signed-off-by: S. Brusch <ne20002@gmx.ch>
(cherry picked from commit 35ba14e50c6c90b3cc32538573d02a3b4f5b9184)

9 months agolibuv: fix CVE-2024-24806
Hirokazu MORIKAWA [Fri, 16 Feb 2024 09:33:14 +0000 (18:33 +0900)]
libuv: fix CVE-2024-24806

Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks

Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e73530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 02a982bc10e8278905d0b76ac073b82192576433)

9 months agohaproxy: update to v2.8.6
Christian Lachner [Fri, 16 Feb 2024 07:43:35 +0000 (08:43 +0100)]
haproxy: update to v2.8.6

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>
9 months agoocserv: updated config
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:49:13 +0000 (15:49 +0200)]
ocserv: updated config

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
9 months agoocserv: use better separator for sed
Nikos Mavrogiannopoulos [Sun, 10 Sep 2023 13:48:12 +0000 (15:48 +0200)]
ocserv: use better separator for sed

This prevents clashes with network addresses that
contain '/'.

Resolves: #18589

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
9 months agoopenconnect: make host dependency more resilient
Nikos Mavrogiannopoulos [Sat, 10 Feb 2024 13:30:12 +0000 (14:30 +0100)]
openconnect: make host dependency more resilient

Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.

Resolves: #23185

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
9 months agoopenconnect: update to 9.12
Rosen Penev [Mon, 25 Dec 2023 06:01:33 +0000 (22:01 -0800)]
openconnect: update to 9.12

Remove upstream backport and fix libxml 1.12 compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agoopenconnect: add support for option --pfs
Vladislav Grigoryev [Sat, 14 Oct 2023 09:25:34 +0000 (12:25 +0300)]
openconnect: add support for option --pfs

Add support for the OpenConnect option `--pfs`.
Designed to require perfect forward secrecy.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
9 months agophp8: update to 8.2.16 23485/head
Michael Heimpold [Mon, 19 Feb 2024 07:10:19 +0000 (08:10 +0100)]
php8: update to 8.2.16

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
9 months agolxc: update to 5.0.3
John Audia [Fri, 28 Jul 2023 21:52:17 +0000 (17:52 -0400)]
lxc: update to 5.0.3

Bump to latest upstream release.

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1b5ee689f3f8fa68580206274b5b67c06db3ec91)

9 months agozabbix: update to version 6.4.7
Florian Eckert [Tue, 17 Oct 2023 12:14:58 +0000 (14:14 +0200)]
zabbix: update to version 6.4.7

Switch to current stable version 6.4.7.
See release notes:
https://www.zabbix.com/rn/rn6.4.7

So that the new version builds cleanly. The 'libevent2-pthreads' must be
added as dependency.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 4f9ced5cf9d411dc54a815beb365b539c561bbfb)

9 months agoyt-dlp: bump to version 2023.12.30
Alexander Egorenkov [Sun, 31 Dec 2023 10:57:42 +0000 (11:57 +0100)]
yt-dlp: bump to version 2023.12.30

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit 5d3424f992b09602f2abd4e71cb163a3af8f3e7c)

9 months agoyt-dlp: bump to version 2023.11.16
Alexander Egorenkov [Sun, 29 Oct 2023 12:42:34 +0000 (13:42 +0100)]
yt-dlp: bump to version 2023.11.16

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit 707e87884d67650c26fda2c30c790d5832e319d7)

9 months agoyt-dlp: add missing dependencies
Rani Hod [Wed, 19 Jul 2023 15:20:09 +0000 (18:20 +0300)]
yt-dlp: add missing dependencies

Added missing python3-{logging,uuid} dependencies.

Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 40a680ffd7d155798123a9eadcc3411f7a201259)

9 months agonode: February 14 2024 Security Releases
Hirokazu MORIKAWA [Fri, 16 Feb 2024 07:06:52 +0000 (16:06 +0900)]
node: February 14 2024 Security Releases

Update to v18.19.1
This is a security release.

Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* npm version 10.2.4

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
9 months agoMerge pull request #23407 from stangri/openwrt-23.05-adblock-fast
Stan Grishin [Fri, 16 Feb 2024 23:12:44 +0000 (16:12 -0700)]
Merge pull request #23407 from stangri/openwrt-23.05-adblock-fast

[23.05] adblock-fast: add force_dns_interface setting

9 months agobind: bump to 9.18.24
Noah Meyerhans [Thu, 15 Feb 2024 17:36:41 +0000 (09:36 -0800)]
bind: bump to 9.18.24

Fixes CVEs:

- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
  could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
  excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
  excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
  failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
  named to crash with an assertion failure, when both of these features were
  enabled.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit d277e41e78972130f75dc816ebcbd7931f582519)

9 months agobind: bump to 9.18.19
Noah Meyerhans [Wed, 27 Sep 2023 17:42:59 +0000 (10:42 -0700)]
bind: bump to 9.18.19

Fixes CVEs:

CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.

CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 835b1051511b592d69bc0b8a7d5d993337f890da)

9 months agobind: update to version 9.18.18
Josef Schlehofer [Tue, 19 Sep 2023 23:01:48 +0000 (01:01 +0200)]
bind: update to version 9.18.18

Release notes:
https://downloads.isc.org/isc/bind9/9.18.18/doc/arm/html/notes.html#notes-for-bind-9-18-18
https://downloads.isc.org/isc/bind9/9.18.17/doc/arm/html/notes.html#notes-for-bind-9-18-17

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 6a8d3565f0a99fe22cac6db9a8bbf553b7dff5a5)

9 months agobind: bump to 9.18.16
Noah Meyerhans [Mon, 26 Jun 2023 03:02:35 +0000 (20:02 -0700)]
bind: bump to 9.18.16

Fixes CVEs:

- CVE-2023-2828: The overmem cleaning process has been improved, to
  prevent the cache from significantly exceeding the configured
  max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
  triggers a fetch to refresh the stale data in cache. If the fetch is
  aborted for exceeding the recursion quota, it was possible for named
  to enter an infinite callback loop and crash due to stack overflow.

The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 9ac79ad46966908d2ceb64c0e0d8a0bff435767a)

9 months agopdns-recursor: update to 4.8.6 (fixes CVE-2023-50387, CVE-2023-50868)
Peter van Dijk [Tue, 13 Feb 2024 14:00:20 +0000 (15:00 +0100)]
pdns-recursor: update to 4.8.6 (fixes CVE-2023-50387, CVE-2023-50868)

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
9 months agoMerge pull request #23415 from systemcrash/p910nd_picks
Tianling Shen [Fri, 16 Feb 2024 06:02:12 +0000 (14:02 +0800)]
Merge pull request #23415 from systemcrash/p910nd_picks

P910nd v23.05 picks

9 months agosquid: update to 6.7
krant [Thu, 8 Feb 2024 13:01:10 +0000 (15:01 +0200)]
squid: update to 6.7

- Switch URL to HTTPS
- Remove default/obsolete configure options
- Fix and refresh the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 4007a08529a86b600b4ce6476cf6367de577a645)

9 months agop910nd: bump release 23415/head
Paul Donald [Wed, 14 Feb 2024 22:58:07 +0000 (23:58 +0100)]
p910nd: bump release

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 9dad4285d3c2de30cf27baa2b299246bda514577)

9 months agop910nd: hotplug shellcheck fixes
Paul Donald [Sun, 11 Feb 2024 17:41:23 +0000 (18:41 +0100)]
p910nd: hotplug shellcheck fixes

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 58e7bfc41f02118e5d8b6f5b08a021d9bc351e00)

9 months agop910nd: init: check device (/dev/usb/lpX) existence
Paul Donald [Sun, 11 Feb 2024 18:28:38 +0000 (19:28 +0100)]
p910nd: init: check device (/dev/usb/lpX) existence

this prevents the daemon exiting when a configured device
is not plugged in.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit dabeaa76439260a6a41942365b2526c69dc728aa)

9 months agop910nd: init: partial fix for openwrt/packages#10496
Paul Donald [Sat, 10 Feb 2024 21:02:58 +0000 (22:02 +0100)]
p910nd: init: partial fix for openwrt/packages#10496

Harmless to carry this fix until procd.sh adds the param

This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:

"Apple LaserWriter Pro 630"

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit ac501c908d1a6a607f89373d4667a6949b88ca55)