feed/packages.git
5 months agophp8: update to 8.1.29 24342/head
Michael Heimpold [Sat, 8 Jun 2024 05:32:11 +0000 (07:32 +0200)]
php8: update to 8.1.29

This fixes:
    - CVE-2024-4577
    - CVE-2024-5458
    - CVE-2024-5585

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
5 months agopython-jmespath: Update to 1.0.1
Jeffery To [Mon, 7 Aug 2023 06:39:56 +0000 (14:39 +0800)]
python-jmespath: Update to 1.0.1

This also updates the Python dependency from python3 to python3-light.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit cde28d04e67a522bc7b6ecce90a3664d0c1a6f03)

5 months agopython-botocore: Update to 1.31.7, update dependencies
Jeffery To [Thu, 20 Jul 2023 09:50:18 +0000 (17:50 +0800)]
python-botocore: Update to 1.31.7, update dependencies

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 3d83c5c8d6c83e8d3ad571b9aeb0c8bef3592cb6)

5 months agopython-s3transfer: Update to 0.6.1, update dependencies
Jeffery To [Thu, 20 Jul 2023 09:52:12 +0000 (17:52 +0800)]
python-s3transfer: Update to 0.6.1, update dependencies

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 1ac094d012ece0621f62dae37916cbc730b25cbc)

5 months agopython-boto3: Update to 1.28.7, update dependencies
Jeffery To [Thu, 20 Jul 2023 09:54:47 +0000 (17:54 +0800)]
python-boto3: Update to 1.28.7, update dependencies

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 182eaed42d4172fbe7ebd6bfe8f3ff0b4599ddbc)

5 months agopython-awscli: Update to 1.29.7, update dependencies
Jeffery To [Thu, 20 Jul 2023 09:57:49 +0000 (17:57 +0800)]
python-awscli: Update to 1.29.7, update dependencies

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 211724c3fc0ed3c1a96c1e6be547c085bd340cae)

5 months agoxfrpc: update to 3.05.661
Dengfeng Liu [Mon, 27 May 2024 11:03:39 +0000 (19:03 +0800)]
xfrpc: update to 3.05.661

This version is compatible with FRPS 0.58.0

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit d5c22612a90e9a0fd09d4307e567240562a10287)

5 months agoxfrpc: Revised the config file and adjusted the corresponding init file
Dengfeng Liu [Mon, 27 May 2024 11:01:22 +0000 (19:01 +0800)]
xfrpc: Revised the config file and adjusted the corresponding init file

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit e39af317532bd67580e6d12d4b4c9590cafa574e)

6 months agonextdns: Update to version 1.43.5
Olivier Poitrey [Fri, 24 May 2024 11:36:01 +0000 (11:36 +0000)]
nextdns: Update to version 1.43.5

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agohaproxy: update to v2.4.26
Christian Lachner [Sun, 19 May 2024 08:44:43 +0000 (10:44 +0200)]
haproxy: update to v2.4.26

- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.4.git;a=shortlog

Signed-off-by: Christian Lachner <gladiac@gmail.com>
6 months agonano: update to 8.0
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0

Update nano editor to version 8.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 69166dbbb709625a848f327c9822c667db39744f)

6 months agonextdns: Update to version 1.43.3
Olivier Poitrey [Mon, 29 Apr 2024 21:54:18 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
6 months agotransmission: update to version 4.0.5
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5

Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 19a424aede70ddaedb1153144216db6423fa09e2)

6 months agoCI: Update sdk action, always upload artifacts
Jeffery To [Tue, 7 Nov 2023 09:40:15 +0000 (17:40 +0800)]
CI: Update sdk action, always upload artifacts

The updated version of gh-action-sdk will return compiled packages and
build logs for both build success and build errors.

This ensures these artifacts are always uploaded. This also sets the V
environment variable to enable verbose build output.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit aca4330c0427a7a2d1cdc23b14207a95a15b292c)

6 months agoCI: Do package run-tests only if target packages were built
Jeffery To [Wed, 10 May 2023 06:10:37 +0000 (14:10 +0800)]
CI: Do package run-tests only if target packages were built

Currently, the package run-test phase will fail for PRs that only
add/update host-only packages, as no target packages (*.ipk) are built.

This checks if any target packages are built before attempting the
run-tests.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 5ce254fd8e4136fbb3d385f4e55e2cdae0d6eb39)

6 months agoCI: Run "apt-get update" before installing signify-openbsd
Jeffery To [Wed, 10 May 2023 05:51:59 +0000 (13:51 +0800)]
CI: Run "apt-get update" before installing signify-openbsd

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 955a90944b2ebfbd66a6149d14126d6d9ced6c5e)

6 months agoCI: Add local feed for CI-built packages
Jeffery To [Wed, 22 Mar 2023 07:46:13 +0000 (15:46 +0800)]
CI: Add local feed for CI-built packages

To test each package, the CI-built target package (ipk) file is
installed, but currently the target package's dependencies are installed
from the standard opkg feeds.

There are cases when the CI-built target packages should be
installed/tested together:

* If a pull request contains several new packages that depend on each
  other, the test step will fail as the new dependencies cannot be found
  in the current packages feed.

* If a pull request upgrades a source package that builds several target
  packages that depend on each other, the test step may fail due to the
  version/ABI mismatch between a newer target package and the older
  dependencies installed from the packages feed.

This sets up a local feed for the CI-built packages so that dependencies
are also installed from the same set of packages.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e9bb94840288d35b90ca43574b698c43403a7ec4)

6 months agoci: set correct arch for rootfs tests
Paul Spooren [Thu, 14 Mar 2024 13:46:15 +0000 (14:46 +0100)]
ci: set correct arch for rootfs tests

With the commit 01e5cfc "CI: Add target/arch tags (no suffix) for
snapshot images"[1] the os/platform is set for all images, which is usually
different from what the GitHub action runner uses (x86). The Docker
deamon still tries to fetch the x86 version and fails.

This commit explicitly sets the fitting arch.

[1]: https://github.com/openwrt/docker/commit/01e5cfccd73a72ecab730496607c7c22b904f366

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit d359fa04eda29638b9326c194490685c1177fd49)

6 months agoMerge pull request #24024 from rs/nextdns-1.43.0-openwrt-22.03
Stan Grishin [Mon, 29 Apr 2024 00:33:55 +0000 (17:33 -0700)]
Merge pull request #24024 from rs/nextdns-1.43.0-openwrt-22.03

[22.03] nextdns: Update to version 1.43.0

6 months agoopenssh: fix build failure on powerpc_8548
Sibren Vasse [Wed, 20 Dec 2023 16:01:50 +0000 (17:01 +0100)]
openssh: fix build failure on powerpc_8548
https://github.com/openssh/openssh-portable/commit/1036d77b34a5fa15e56f516b81b9928006848cbd

Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit a79c49578ca136556bd10d8990aa52ef4eb0664b)

6 months agoopenssh: bump to 9.6p1
Rucke Teg [Wed, 3 Jan 2024 22:11:05 +0000 (23:11 +0100)]
openssh: bump to 9.6p1

Release notes: https://www.openssh.com/txt/release-9.6

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
(cherry picked from commit e8dfc6abbee88f35887c66ec785b081252d6d07d)

6 months agoopenssh: bump to 9.5p1
John Audia [Wed, 4 Oct 2023 19:35:03 +0000 (15:35 -0400)]
openssh: bump to 9.5p1

Changelog: https://www.openssh.com/txt/release-9.5

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 6dc86d46da18d573971b7e7a2d625b2498dbe249)

6 months agonextdns: Update to version 1.43.0 24024/head
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
7 months agotvheadend: Fix github warning about AUTORELEASE
Marius Dinu [Wed, 30 Nov 2022 09:45:13 +0000 (11:45 +0200)]
tvheadend: Fix github warning about AUTORELEASE

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit 091681e1523d2943e665c392b09f79d6959fe632)

7 months agotvheadend: add conditions for -O3 and LTO optimizations
Marius Dinu [Wed, 30 Nov 2022 09:21:39 +0000 (11:21 +0200)]
tvheadend: add conditions for -O3 and LTO optimizations

Building for arc, mips and powerpc platforms fails if -O3 and LTO optimizations are enabled. This patch removes that option for everything other than arm and x86_64. These are known to work.
Fixes issue #19923.
Also fixes a typo in the description.

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit 149053198146a8821e8c12d7c7fce8c3a175c5b7)

7 months agoopenvpn: update to 2.5.8
Ivan Pavlov [Fri, 4 Nov 2022 21:22:12 +0000 (00:22 +0300)]
openvpn: update to 2.5.8

Mostly bugfix release
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.5.8/Changes.rst

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit f49645d24c2bf0a920dbb9b84621f1f26bf0b22e)

7 months agoopenvpn: add possibility to set param "compress" without algorithm
Martin Schiller [Tue, 14 Jan 2020 14:20:14 +0000 (15:20 +0100)]
openvpn: add possibility to set param "compress" without algorithm

In some situations you need to set the compress param without an
algorithm. Compression will be turned off, but the packet framing for
compression will still be enabled, allowing a different setting to be
pushed later.

As it is not possible to have options with optional values at the
moment, I've introduced a pseudo value "frames_only" which will be
removed in the init script.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 5ce5220eb23ffdfcce74541f07cff4fb3a3ade08)

7 months agoopenssh: update to 9.4p1
Sibren Vasse [Fri, 11 Aug 2023 15:14:55 +0000 (17:14 +0200)]
openssh: update to 9.4p1

Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit 7fb8e823b977c6d95225cc98fdb1f31455b5e179)

7 months agoopenssh: add server config subdirectory
Philip Prindeville [Mon, 7 Aug 2023 21:21:26 +0000 (15:21 -0600)]
openssh: add server config subdirectory

Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit ead95a26b68f4145937034d84abdf9e0f7fe1eb7)

7 months agolibrespeed-go: improve the description
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description

This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.

Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
(cherry picked from commit 06ea66c55866aa409ab567a593a22bd24e727f04)

7 months agolibrespeed-go: Reload the daemon after modifying the tls certificate
Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate

Make the daemon reload after the tls certificate is updated

Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit fd1d506fff9462b3329585bdd148a6fd78cbd27a)

7 months agosyslog-ng: update to version 4.7.1
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1

Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1

Also bump version in the config file to avoid warning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)

7 months agoCI: remove CircleCI for now
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now

The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 26c101edc3e918be4fbfe76b3514d1c8398f7d31)

7 months agoCircleCI: Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
Jeffery To [Wed, 11 May 2022 08:40:55 +0000 (16:40 +0800)]
CircleCI: Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit dce83a50225774f9dfcb0c27415dd3fea528a878)

7 months agonatmap: add log_std{out,err} options
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options

Introduce `log_stdout` and `log_stderr` options for managing logging output.

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 5abbd3bcb2362963a2cc49c0a9de78dd5c5af185)

7 months agomodemmanager: drop backported patches
Josef Schlehofer [Tue, 23 Apr 2024 14:37:21 +0000 (16:37 +0200)]
modemmanager: drop backported patches

These patches were included in 1.18.8, thus it can be removed.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
7 months agomodemmanager: fix unquoted strings when launching pppd
Aleksander Morgado [Fri, 4 Nov 2022 13:52:04 +0000 (14:52 +0100)]
modemmanager: fix unquoted strings when launching pppd

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit eb283ea8a3d0ff573b04242b045934541a460f06)

7 months agomodemmanager: fix mm_log() invocations in 25-modemmanager* files
Arkadiusz Drabczyk [Wed, 13 Jul 2022 12:35:34 +0000 (14:35 +0200)]
modemmanager: fix mm_log() invocations in 25-modemmanager* files

Definition of mm_log() was changed in
45a56a889943b437f78fa2bfca3d5d8ac555c77e but 25-modemmanager* weren't
changed.

Signed-off-by: Arkadiusz Drabczyk <arkadiusz@drabczyk.org>
(cherry picked from commit cdbc7a67fc17e6472ef9a1344d85f0137e8c2c59)

7 months agomodemmanager: explicitly disconnect even if no bearers found
Aleksander Morgado [Mon, 13 Jun 2022 10:24:43 +0000 (12:24 +0200)]
modemmanager: explicitly disconnect even if no bearers found

A network restart where netifd is cleanly restarted involves bringing
the network interfaces down. The 'modemmanager' protocol handler will
run a mmcli --simple-disconnect in this case, but only if there are
bearer objects found.

If the network restart happened *during* the connection attempt
procedure, while the modem is e.g. being registered in the network, no
bearer objects exist yet, and so, we would skip doing anything during
the interface teardown operation. This would lead to the original
connection attempt succeeding, so leaving the modem in ModemManager
in connected state, while the associated interface in netifd is
reported down.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit c15e94f6c5fbbaedd41fd74b930a2a205f80afc0)

7 months agomodemmanager: report network initiated disconnections to netifd
Aleksander Morgado [Wed, 4 May 2022 12:01:57 +0000 (14:01 +0200)]
modemmanager: report network initiated disconnections to netifd

The new connection dispatcher scripts support integrated in
ModemManager 1.18.8 allows us to provide a openwrt-specific dispatcher
script used to report netifd that the underlying network connection is
down.

See also https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/775

Fixes https://github.com/openwrt/openwrt/issues/8368
Fixes https://github.com/openwrt/packages/issues/14096

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit bc754f31cfdb004eefa43038f8f0827922107fc6)

7 months agomodemmanager: install available FCC unlock scripts
Aleksander Morgado [Tue, 29 Mar 2022 11:12:43 +0000 (13:12 +0200)]
modemmanager: install available FCC unlock scripts

The FCC unlock scripts are installed but not enabled by default.

Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit e430420aa176af672e913a2e50c5911e3ea70ef3)

7 months agomodemmanager: bump to 1.18.12
Maxim Anisimov [Mon, 12 Sep 2022 07:01:33 +0000 (10:01 +0300)]
modemmanager: bump to 1.18.12

Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
(cherry picked from commit c588b92d517fa015d5ca54cce26d29e35f8bfa97)

7 months agounbound: update to 1.19.3
Jan Klos [Mon, 18 Mar 2024 20:26:51 +0000 (21:26 +0100)]
unbound: update to 1.19.3

Signed-off-by: Jan Klos <jan@klos.xyz>
(cherry picked from commit 558cbcac4698d58b11be23f954a7f64a296ab593)

7 months agotor: update to 0.4.8.10 stable
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable

Bugfix release, see the changelog [1] for what's new.

[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit ee8b29de2c42ffc7796cd825f38b19e56f838cd4)

7 months agotransmission: update to 4.0.4
Andrew Sim [Sun, 22 Oct 2023 06:12:44 +0000 (08:12 +0200)]
transmission: update to 4.0.4

Update Transamission to 4.0.4 stable release
Changelog: https://github.com/transmission/transmission/releases/tag/4.0.4

Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit 45170d9b672b6e017f51c7ac2cdae9b636f2c0b2)

7 months agoMerge pull request #23940 from mhei/22.03-php8-update-to-8.1.28
Michael Heimpold [Tue, 16 Apr 2024 19:10:07 +0000 (21:10 +0200)]
Merge pull request #23940 from mhei/22.03-php8-update-to-8.1.28

[22.03] php8: update to 8.1.28

7 months agophp8: update to 8.1.28 23940/head
Michael Heimpold [Mon, 15 Apr 2024 20:05:53 +0000 (22:05 +0200)]
php8: update to 8.1.28

This fixes:
  - CVE-2024-1874
  - CVE-2024-2756
  - CVE-2024-3096

While at, switch to https download URL.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
7 months agolighttpd: update to lighttpd 1.4.76 release hash
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a5557a2a47f57c651dd5dc97eac40de26617de91)

7 months agolualanes: update to version 3.16.3 and use tarball
Josef Schlehofer [Tue, 5 Mar 2024 17:03:13 +0000 (18:03 +0100)]
lualanes: update to version 3.16.3 and use tarball

1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3

2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.

Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 8b7040b6de0d485fa3867ff315cd30f873c49a55)

7 months agolualanes: Version bump to v3.16.2
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2

Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.

Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.

Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.

Signed-off-by: Mark Baker <mark@vpost.net>
(cherry picked from commit 08e51ab50a452d1c6217f3a6767f66146814878b)

7 months agohwdata: update to 0.379
krant [Wed, 7 Feb 2024 13:35:30 +0000 (15:35 +0200)]
hwdata: update to 0.379

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 9f45bfd3d5233284095a7bbe789c1f947138048c)

7 months agonano: fix syntax highlighting for raw ucode scripts
Jo-Philipp Wich [Thu, 4 Apr 2024 23:33:50 +0000 (01:33 +0200)]
nano: fix syntax highlighting for raw ucode scripts

Text between interpreter line and start of first directive should only
highlighted as uninterpreted when running in template mode, so adjust
the match rule accordingly.

Fixes: #23761
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8f9564387d136c2a09c763b4c4ac7e4aa16baeb5)

7 months agonano: add syntax highlighting for ucode scripts
Jo-Philipp Wich [Wed, 8 Nov 2023 13:53:37 +0000 (14:53 +0100)]
nano: add syntax highlighting for ucode scripts

Introduce local syntax highlighting support for ucode scripts, like
it is done already for uci configuration files.

Ref: https://github.com/jow-/ucode/issues/178
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d8a574f7f0eb2f5970119a2b0527048583054180)

8 months agop910nd: fix running multiple instances
Peca Nesovanovic [Wed, 20 Mar 2024 20:21:36 +0000 (21:21 +0100)]
p910nd: fix running multiple instances

Compile tested: (ramips, rb760igs, 23.05 snapshot)
Run tested: (ramips, rb760igs, 23.05 snapshot, tests done)

Description:
In case we have multiple device defined in /etc/config/p910nd then init script will try to start multiple instance with same instance name
drop instance name as resolution

tested on 23.05 snapshot with 2 USB printers

Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
(cherry picked from commit 152d80ce1326d0b1fee8e324ec8e68dd9f44cf4a)

8 months agosyslog-ng: enable http module based on zlib support in curl
Josef Schlehofer [Tue, 5 Mar 2024 19:44:47 +0000 (20:44 +0100)]
syslog-ng: enable http module based on zlib support in curl

Since version 4.4.0, syslog-ng added compression to http() destination
using zlib from curl. [1] However, zlib is currently disabled in curl [2]
and it prevented syslog-ng to start.

This commit changes the configuration opinion to enable http module only if
zlib support is enabled for curl and as well it adds dependency for zlib (in that case).
If the zlib is disabled, then it disables http module, so syslog-ng can start
and thus zlib dependency is not required.

[1] https://gitlab.nic.cz/turris/os/packages/-/issues/932
[2] https://github.com/openwrt/packages/blob/93cbaacbfb13048ad378520a7afea7c9027dd1d6/net/curl/Config.in#L134
Fixes: 4dd49d7c3cd571107958154f1ed1ec8d8dba7464 ("syslog-ng: update to version 4.4.0")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1e14d95d78d03ab163653166652972ca3e8c366e)

8 months agoknot-resolver: Update to version 5.7.1
Michal Hrusecky [Tue, 13 Feb 2024 13:17:31 +0000 (14:17 +0100)]
knot-resolver: Update to version 5.7.1

- Fixes CVE-2023-50868 and CVE-2023-50387
- Also, the resolver has not been called 'Knot DNS Resolver' for quite
some time, so fix that, too.

Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit 1131acf57fb07c0fa3e47c71bdca172f9d2f2e43)

8 months agoknot-resolver: enable dnstap module build by default
Šimon Bořek [Fri, 6 May 2022 11:18:08 +0000 (13:18 +0200)]
knot-resolver: enable dnstap module build by default

'dnstap' module will be built but not loaded by default at runtime
(configuration must be provided for it to be loaded). It is still possible to
disable dnstap build manually using menuconfig.

"The dnstap module supports logging DNS requests and responses to a unix socket
in dnstap format using fstrm framing library. This logging is useful if you need
effectively log all DNS traffic."[^1]

Adds dependency on 'protobuf', 'protobuf-c', 'libfstrm'. Listed packages are
available from OpenWrt packages, have uncomplicated manifests and
while 'protobuf-c' doesn't have a maintainer since spring 2020, all the
packages (including 'protobuf-c') seem to be maintained - the last
updates of all of them in autumn 2021.

As stated by Vladimír ÄŒunát from Knot Resolver team they build dnstap
while packaging for majority of standard Linux distributions.
Therefore this change brings us closer to expected default.

[^1]: https://knot-resolver.readthedocs.io/en/stable/modules-dnstap.html

Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit a68397ff778db68bd4e78ac26880dda959aaaf18)

8 months agoknot-resolver: do not overwrite -Ddnstap=enabled configuration
Šimon Bořek [Thu, 5 May 2022 15:53:30 +0000 (17:53 +0200)]
knot-resolver: do not overwrite -Ddnstap=enabled configuration

It was possible to enable dnstap in menuconfig, but the configuration
only added dependencies while leaving dnstap module build disabled.

Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit af521478f832639fa08a763c3182125e5cac1a80)

8 months agolighttpd: update to lighttpd 1.4.75 release hash 23725/head
Glenn Strauss [Thu, 14 Mar 2024 04:31:23 +0000 (00:31 -0400)]
lighttpd: update to lighttpd 1.4.75 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a60a0d0730886ff23c75de1f9b88a039097aed37)

8 months agotreewide: assign PKG_CPE_ID
Fabrice Fontaine [Fri, 2 Feb 2024 17:37:33 +0000 (18:37 +0100)]
treewide: assign PKG_CPE_ID

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 5afe5c9031190844f267357c68efe3c9c3cbe51d)

8 months agop910nd: restart daemon even if no driver file is needed
Paul Donald [Tue, 5 Mar 2024 13:59:49 +0000 (14:59 +0100)]
p910nd: restart daemon even if no driver file is needed

Not all USB printers need a blob loading; restart the daemon
independently of driver loading.

Closes openwrt/packages#23588

Signed-off-by: Paul Donald <newtwen@gmail.com>
Tested-by: minicx <minicx@disroot.org>
(cherry picked from commit 685ef7d97b345c09edd428250794dd9fce07a174)

8 months agoknot: update to version 3.3.5
Jan Hák [Wed, 6 Mar 2024 13:30:16 +0000 (14:30 +0100)]
knot: update to version 3.3.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit d660dc6e7ca497bf83b09865570d5c3b37b2609e)

8 months agontpclient: remove
Paul Donald [Fri, 1 Mar 2024 20:28:43 +0000 (21:28 +0100)]
ntpclient: remove

ntp sources are dead and gone. The most important functionality is now
provided by ntpd.

Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 2cd10d81134b5ff4b6350c477da3c9196e1b7489)

8 months agosyslog-ng: update to version 4.6.0
Josef Schlehofer [Tue, 5 Mar 2024 19:24:19 +0000 (20:24 +0100)]
syslog-ng: update to version 4.6.0

1. Bump version config to 4.6
2. Updated to 4.6.0 version
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.6.0
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.5.0

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit cf4df28d06e3ffa9ce0971fb29f9212cb97cfbee)

8 months agosyslog-ng: conf: fix deprecated stats_freq
Sergey Ponomarev [Sun, 26 Nov 2023 08:50:56 +0000 (10:50 +0200)]
syslog-ng: conf: fix deprecated stats_freq

The deprecated stats_freq() replaced with stats(freq(0)).

Also make comments shorter.
Fix tabs.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit 37d2d69595e2e454c2562c3d963dc8065a24db70)

8 months agoapfree-wifidog: update to 7.02.1977
Dengfeng Liu [Wed, 28 Feb 2024 05:05:26 +0000 (13:05 +0800)]
apfree-wifidog: update to 7.02.1977

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
8 months agoapfree-wifidog: fix some bugs in the wifidogx.init file
Dengfeng Liu [Wed, 28 Feb 2024 04:43:29 +0000 (12:43 +0800)]
apfree-wifidog: fix some bugs in the wifidogx.init file

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
8 months agoMerge pull request #23572 from stangri/openwrt-22.03-https-dns-proxy
Stan Grishin [Mon, 4 Mar 2024 20:58:32 +0000 (13:58 -0700)]
Merge pull request #23572 from stangri/openwrt-22.03-https-dns-proxy

[23.05] https-dns-proxy: update to upstream 2023-11-19

8 months agonatmap: update to 20240303
Ray Wang [Sun, 3 Mar 2024 10:23:39 +0000 (18:23 +0800)]
natmap: update to 20240303

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit 7bbd9156cc478ab133d142f05f243eb3061d0c8d)

8 months agorclone: add fuse3-utils as dependency
Tianling Shen [Tue, 27 Feb 2024 16:39:15 +0000 (00:39 +0800)]
rclone: add fuse3-utils as dependency

rclone has switched to use fuse3 since v1.62.0.

Reported-by: qiuzi <gxfclql@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit df9d076d600a3d02da198af4a625980ed0633d2a)

8 months agohttps-dns-proxy: update to upstream 2023-11-19 23572/head
Stan Grishin [Sat, 2 Mar 2024 00:13:49 +0000 (00:13 +0000)]
https-dns-proxy: update to upstream 2023-11-19

* update to upstream 2023-11-19
  (changes: https://github.com/aarond10/https_dns_proxy/commit/489c57efd46983e688579974a2ab7aeaa7df8d83)
* bugfix: include resolveip dependency in Makefile
  (fixes https://github.com/openwrt/packages/issues/23567)
* minor update for failed healthcheck logging

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit bd501dd89c65857c060ca1ac034bc2fe7846b4e7)

8 months agotor: update to 0.4.8.7 stable
Rui Salvaterra [Sun, 3 Sep 2023 17:22:55 +0000 (18:22 +0100)]
tor: update to 0.4.8.7 stable

Bugfix release, see the changelog [1] for what's new.

[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.7/ChangeLog

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 5cb304e2b3484691b9f60a3a47a707dfcf5fa34b)

8 months agotor: fix daemon reloading
ValdikSS ValdikSS [Sun, 22 Oct 2023 16:30:04 +0000 (19:30 +0300)]
tor: fix daemon reloading

procd requires init script name, not the path to executable

Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
(cherry picked from commit af58942738c13c431f531e78f368d18a0d2dd84d)

8 months agotor: update to 0.4.8.4 stable
Rui Salvaterra [Wed, 26 Jul 2023 22:32:34 +0000 (23:32 +0100)]
tor: update to 0.4.8.4 stable

First release of the 0.4.8.x series, see the changelog [1] for what's new.

[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.4/ChangeLog

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 1b2c1ddbb2a693aca87fae96beff3b1741951c90)

8 months agotor: update to version 0.4.7.13
Daniel Bermond [Sun, 19 Feb 2023 14:20:37 +0000 (11:20 -0300)]
tor: update to version 0.4.7.13

Maintainers  : @hauke (Hauke Mehrtens) and @tripolar (Peter Wagner)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-01262c921c)
Run tested   : r7800 OpenWrt git master (r22104-01262c921c)

Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
(cherry picked from commit 5f0a9ec722266a15739786aed12e2c33e9da7acd)

8 months agotor: bump to 0.4.7.12 stable
Rui Salvaterra [Thu, 8 Dec 2022 18:40:05 +0000 (18:40 +0000)]
tor: bump to 0.4.7.12 stable

Quoting the changelog:

Changes in version 0.4.7.12 - 2022-12-06
  This version contains a major change that is a new key for moria1. Also, new
  metrics are exported on the MetricsPort for the congestion control
  subsystem.

  o Directory authority changes (moria1):
    - Rotate the relay identity key and v3 identity key for moria1. They
      have been online for more than a decade and refreshing keys
      periodically is good practice. Advertise new ports too, to avoid
      confusion. Closes ticket 40722.

  o Minor feature (Congestion control metrics):
    - Add additional metricsport relay metrics for congestion control.
      Closes ticket 40724.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on December 06, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/12/06.

  o Minor bugfixes (cpuworker, relay):
    - Fix an off by one overload calculation on the number of CPUs being
      used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 3fd37a234c61146f6f6e921f7e3c7adfb19f4623)

8 months agotor: bump to 0.4.7.11 stable
Rui Salvaterra [Wed, 23 Nov 2022 19:10:06 +0000 (19:10 +0000)]
tor: bump to 0.4.7.11 stable

Quoting the changelog:

Changes in version 0.4.7.11 - 2022-11-10
  This version contains several major fixes aimed at helping defend against
  network denial of service. It is also extending drastically the MetricsPort
  for relays to help us gather more internal data to investigate performance
  and attacks.

  We strongly recommend to upgrade to this version especially for Exit relays
  in order to help the network defend against this ongoing DDoS.

  o Directory authority changes (dizum, Faravahar):
    - Change dizum IP address. Closes ticket 40687.
    - Remove Faravahar until its operator, Sina, set it back up online
      outside of Team Cymru network. Closes ticket 40688.

  o Major bugfixes (geoip data):
    - IPFire informed us on August 12th that databases generated after
      (including) August 10th did not have proper ARIN network
      allocations. We are updating the database to use the one generated
      on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13.

  o Major bugfixes (onion service):
    - Set a much higher circuit build timeout for opened client rendezvous
      circuit. Before this, tor would time them out very quickly leading to
      unnecessary retries meaning more load on the network. Fixes bug 40694;
      bugfix on 0.3.5.1-alpha.

  o Major bugfixes (OSX):
    - Fix coarse-time computation on Apple platforms (like Mac M1) where
      the Mach absolute time ticks do not correspond directly to
      nanoseconds. Previously, we computed our shift value wrong, which
      led us to give incorrect timing results. Fixes bug 40684; bugfix
      on 0.3.3.1-alpha.

  o Major bugfixes (relay):
    - Improve security of our DNS cache by randomly clipping the TTL
      value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.

  o Minor feature (Mac and iOS build):
    - Change how combine_libs works on Darwin like platforms to make
      sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
      symbols on the archive before we repack and run ${RANLIB} on the
      archive. This fixes a build issue with recent Xcode versions on
      Mac Silicon and iOS. Closes ticket 40683.

  o Minor feature (metrics):
    - Add various congestion control counters to the MetricsPort. Closes
      ticket 40708.

  o Minor feature (performance):
    - Bump the maximum amount of CPU that can be used from 16 to 128. Note
      that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug
      40703; bugfix on 0.3.5.1-alpha.

  o Minor feature (relay):
    - Make an hardcoded value for the maximum of per CPU tasks into a
      consensus parameter.
    - Two new consensus parameters are added to control the wait time in
      queue of the onionskins. One of them is the torrc
      MaxOnionQueueDelay options which supersedes the consensus
      parameter. Closes ticket 40704.

  o Minor feature (relay, DoS):
    - Apply circuit creation anti-DoS defenses if the outbound circuit
      max cell queue size is reached too many times. This introduces two
      new consensus parameters to control the queue size limit and
      number of times allowed to go over that limit. Closes ticket 40680.

  o Minor feature (relay, metrics):
    - Add DoS defenses counter to MetricsPort.
    - Add congestion control RTT reset counter to MetricsPort.
    - Add counters to the MetricsPort how many connections, per type,
      are currently opened and how many were created.
    - Add relay flags from the consensus to the MetricsPort.
    - Add total number of opened circuits to MetricsPort.
    - Add total number of streams seen by an Exit to the MetricsPort.
    - Add traffic stats as in number of read/written bytes in total.
    - Related to ticket 40194.

  o Minor features (fallbackdir):
    - Regenerate fallback directories generated on November 10, 2022.

  o Minor features (geoip data):
    - Update the geoip files to match the IPFire Location Database, as
      retrieved on 2022/11/10.

  o Minor bugfixes (authorities, sandbox):
    - Allow to write file my-consensus-<flavor-name> to disk when
      sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (dirauth):
    - Directory authorities stop voting a consensus "Measured" weight
      for relays with the Authority flag. Now these relays will be
      considered unmeasured, which should reserve their bandwidth for
      their dir auth role and minimize distractions from other roles. In
      place of the "Measured" weight, they now include a
      "MeasuredButAuthority" weight (not used by anything) so the
      bandwidth authority's opinion on this relay can be recorded for
      posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth
      torrc option which never worked right. Fixes bugs 40698 and 40700;
      bugfix on 0.4.7.2-alpha.

  o Minor bugfixes (onion service client):
    - A collapsing onion service circuit should be seen as an
      "unreachable" error so it can be retried. Fixes bug 40692; bugfix
      on 0.3.5.1-alpha.

  o Minor bugfixes (onion service):
    - Make the service retry a rendezvous if the circuit is being
      repurposed for measurements. Fixes bug 40696; bugfix
      on 0.3.5.1-alpha.

  o Minor bugfixes (relay overload statistics):
    - Count total create cells vs dropped create cells properly, when
      assessing if our fraction of dropped cells is too high. We only
      count non-client circuits in the denominator, but we would include
      client circuits in the numerator, leading to surprising log lines
      claiming that we had dropped more than 100% of incoming create
      cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha.

  o Code simplification and refactoring (bridges):
    - Remove unused code related to ExtPort connection ID. Fixes bug
      40648; bugfix on 0.3.5.1-alpha.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 9136ff153249eac852b71e18107c68d78fd47215)

9 months agolighttpd: update to lighttpd 1.4.74 release hash
Glenn Strauss [Thu, 22 Feb 2024 18:03:24 +0000 (13:03 -0500)]
lighttpd: update to lighttpd 1.4.74 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 4d8bb07b734391d11318cb319548a17273820685)

9 months agosquid: fix configure options
krant [Fri, 9 Feb 2024 20:44:43 +0000 (22:44 +0200)]
squid: fix configure options

- Remove non-existing 'dlmalloc' option
- Use 'with-cap' instead of 'with-libcap'
- Use 'with-xml2' instead of 'with-libxml2'
- Patch configure.ac to properly handle 'with-nettle'

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit f58be51721fb0e2c5aa0747bce36a19deb7392dd)

9 months agosquid: update to 6.7
krant [Thu, 8 Feb 2024 13:01:10 +0000 (15:01 +0200)]
squid: update to 6.7

- Switch URL to HTTPS
- Remove default/obsolete configure options
- Fix and refresh the patch

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 4007a08529a86b600b4ce6476cf6367de577a645)

9 months agounbound: update to latest upstream release version 1.19.1
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1

Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
(cherry picked from commit 35ba14e50c6c90b3cc32538573d02a3b4f5b9184)

9 months agotiff: force libdeflate support to off
Sebastian Kemper [Tue, 7 Mar 2023 21:31:41 +0000 (22:31 +0100)]
tiff: force libdeflate support to off

Commit 81d2b72 added a package providing libdeflate. Tiff by default
links to it, causing a build error.

Package libtiff is missing dependencies for the following libraries:
libdeflate.so.0

This commit forces libdeflate use off to avoid this. No revision bump is
done because the package is currently not compiling anyway.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit e3c6da4e25a96eae0cf249393af8599659a04b09)

9 months agolibb64: add package
Daniel Golle [Sun, 19 Feb 2023 04:41:08 +0000 (04:41 +0000)]
libb64: add package

Add generic base64 encode/decode (static) library.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6993b5d9456f4747583082106e889eacc4d8ab08)

9 months agolibdeflate: Update to 1.18
Tianling Shen [Wed, 17 May 2023 13:34:02 +0000 (21:34 +0800)]
libdeflate: Update to 1.18

Release note:
https://github.com/ebiggers/libdeflate/blob/master/NEWS.md#version-118

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 8591e8fb3f0400b25793543600ba4e9a6f93abe0)

9 months agolibdeflate: add package
Daniel Golle [Sun, 19 Feb 2023 04:41:44 +0000 (04:41 +0000)]
libdeflate: add package

Add package for libdeflate which is a library for fast, whole-buffer
DEFLATE-based compression and decompression.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 81d2b7262e510b9a4746656712d9f5a2b6521249)

9 months agolibdht: add package
Daniel Golle [Sun, 19 Feb 2023 04:43:43 +0000 (04:43 +0000)]
libdht: add package

Add Kademlia Distributed Hash Table (DHT) library.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a281a8af9f7b74960a52a3e102fc636c0722b92c)

9 months agolibutp: add package
Daniel Golle [Sun, 19 Feb 2023 04:44:16 +0000 (04:44 +0000)]
libutp: add package

Add Transmission version of the uTorrent Transport Protocol library.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1ecef46f1cb00aeac717710e6a25b82b68a2970b)

9 months agotransmission: fix depends on libmbedtls
Liangbin Lian [Mon, 10 Jul 2023 07:53:33 +0000 (15:53 +0800)]
transmission: fix depends on libmbedtls

If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 2311e7921893453094bd065e1a94ffa8d850c8b7)

9 months agoMerge pull request #23416 from systemcrash/p910nd_22_picks
Tianling Shen [Tue, 20 Feb 2024 05:47:37 +0000 (13:47 +0800)]
Merge pull request #23416 from systemcrash/p910nd_22_picks

P910nd v22.03 picks

9 months agoopenconnect: update to 9.12
Rosen Penev [Mon, 25 Dec 2023 06:01:33 +0000 (22:01 -0800)]
openconnect: update to 9.12

Remove upstream backport and fix libxml 1.12 compilation.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
9 months agoopenconnect: add support for option --pfs
Vladislav Grigoryev [Sat, 14 Oct 2023 09:25:34 +0000 (12:25 +0300)]
openconnect: add support for option --pfs

Add support for the OpenConnect option `--pfs`.
Designed to require perfect forward secrecy.

Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
9 months agolxc: update to 5.0.3
John Audia [Fri, 28 Jul 2023 21:52:17 +0000 (17:52 -0400)]
lxc: update to 5.0.3

Bump to latest upstream release.

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 1b5ee689f3f8fa68580206274b5b67c06db3ec91)

9 months agofail2ban: Fix compatibility with Python 3.11
Jeffery To [Fri, 24 Nov 2023 07:21:26 +0000 (15:21 +0800)]
fail2ban: Fix compatibility with Python 3.11

This backports 2 commits from upstream[1]; the other 3 are not strictly
necessary. One of the patches has been updated to remove a change to a
regex that does not exist in 0.11.2.

[1]: https://github.com/fail2ban/fail2ban/pull/3267

Fixes: https://github.com/openwrt/packages/issues/22736
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 0d9cc4aed202c9126966f7a9e73eaa7f48d51b6b)

9 months agotransmission: add copy_file_range syscall to seccomp
Marius Dinu [Sun, 23 Jul 2023 17:36:02 +0000 (20:36 +0300)]
transmission: add copy_file_range syscall to seccomp

Fixes this crash:

root@RPi3OpenWrt:/# grep -i seccomp /var/log/audit/audit.log
type=SECCOMP msg=audit(1689503903.597:16): auid=4294967295 uid=224 gid=1012 ses=4294967295 pid=1752 comm="transmission-da" exe="/usr/bin/transmission-daemon" sig=31 arch=c00000b7 syscall=285 compat=0 ip=0x7fa3b0eefc code=0x80000000
root@RPi3OpenWrt:/# ausyscall 285
copy_file_range
root@RPi3OpenWrt:/#

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit f0926b44f48fa04401c660b0818e74f6b654e5bc)

9 months agotransmission: add ftruncate syscall to seccomp
Marius Dinu [Sun, 16 Jul 2023 13:43:25 +0000 (16:43 +0300)]
transmission: add ftruncate syscall to seccomp

Fixes many crashes.

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit a0372545887a2f16329be56949465e13af0d04c7)

9 months agotransmission: Fix env variables passing
Leonid Bogdanov [Sat, 10 Jun 2023 13:06:31 +0000 (23:06 +1000)]
transmission: Fix env variables passing

It's not possible to configure custom Transmission web home as corresponding
env var gets overwritten by the command that sets CA bundle env var.

Signed-off-by: Leonid Bogdanov <leonidbogdanov86@gmail.com>
(cherry picked from commit c662aefd9aaa15b3a1f7570ccd1d5fe33aeb2a45)

9 months agotransmission: add missing nls.mk include
Marius Dinu [Sat, 20 May 2023 16:41:57 +0000 (19:41 +0300)]
transmission: add missing nls.mk include

Fixes issue #21016.

Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit f66bcdd1b6f8534c0e366a13ee2750820a13e3bb)

9 months agotransmission: add missing ftruncate64 syscall
Daniel Golle [Fri, 19 May 2023 01:53:53 +0000 (02:53 +0100)]
transmission: add missing ftruncate64 syscall

Transmission 4.0.3 started using the ftruncate64 syscall.
Add it to the list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 142bbc77f1aa8a81cd1ffb1ebad3ce4f2ef24b8a)

9 months agotransmission: add new syscall needed with musl 1.2.4
Daniel Golle [Thu, 18 May 2023 02:15:52 +0000 (03:15 +0100)]
transmission: add new syscall needed with musl 1.2.4

Apparently the "revcmsg" syscall is now needed, add it to the list
of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6afcc1bc88a960a9ce5b0d5ed1e8cce87647d5fa)

9 months agotransmission: Update to v4.03
Andrew Sim [Mon, 15 May 2023 05:12:06 +0000 (07:12 +0200)]
transmission: Update to v4.03

Update transmission to latest stable v4.0.3 release

Changelog: https://github.com/transmission/transmission/releases/tag/4.0.3

Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit f6c43e7c5ad86685f6e5c892b0b412fbd8831200)