Michael Heimpold [Sat, 8 Jun 2024 05:32:11 +0000 (07:32 +0200)]
php8: update to 8.1.29
This fixes:
- CVE-2024-4577
- CVE-2024-5458
- CVE-2024-5585
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Jeffery To [Mon, 7 Aug 2023 06:39:56 +0000 (14:39 +0800)]
python-jmespath: Update to 1.0.1
This also updates the Python dependency from python3 to python3-light.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
cde28d04e67a522bc7b6ecce90a3664d0c1a6f03)
Jeffery To [Thu, 20 Jul 2023 09:50:18 +0000 (17:50 +0800)]
python-botocore: Update to 1.31.7, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
3d83c5c8d6c83e8d3ad571b9aeb0c8bef3592cb6)
Jeffery To [Thu, 20 Jul 2023 09:52:12 +0000 (17:52 +0800)]
python-s3transfer: Update to 0.6.1, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
1ac094d012ece0621f62dae37916cbc730b25cbc)
Jeffery To [Thu, 20 Jul 2023 09:54:47 +0000 (17:54 +0800)]
python-boto3: Update to 1.28.7, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
182eaed42d4172fbe7ebd6bfe8f3ff0b4599ddbc)
Jeffery To [Thu, 20 Jul 2023 09:57:49 +0000 (17:57 +0800)]
python-awscli: Update to 1.29.7, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
211724c3fc0ed3c1a96c1e6be547c085bd340cae)
Dengfeng Liu [Mon, 27 May 2024 11:03:39 +0000 (19:03 +0800)]
xfrpc: update to 3.05.661
This version is compatible with FRPS 0.58.0
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
d5c22612a90e9a0fd09d4307e567240562a10287)
Dengfeng Liu [Mon, 27 May 2024 11:01:22 +0000 (19:01 +0800)]
xfrpc: Revised the config file and adjusted the corresponding init file
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
e39af317532bd67580e6d12d4b4c9590cafa574e)
Olivier Poitrey [Fri, 24 May 2024 11:36:01 +0000 (11:36 +0000)]
nextdns: Update to version 1.43.5
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Christian Lachner [Sun, 19 May 2024 08:44:43 +0000 (10:44 +0200)]
haproxy: update to v2.4.26
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.4.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0
Update nano editor to version 8.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
69166dbbb709625a848f327c9822c667db39744f)
Olivier Poitrey [Mon, 29 Apr 2024 21:54:18 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5
Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
19a424aede70ddaedb1153144216db6423fa09e2)
Jeffery To [Tue, 7 Nov 2023 09:40:15 +0000 (17:40 +0800)]
CI: Update sdk action, always upload artifacts
The updated version of gh-action-sdk will return compiled packages and
build logs for both build success and build errors.
This ensures these artifacts are always uploaded. This also sets the V
environment variable to enable verbose build output.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
aca4330c0427a7a2d1cdc23b14207a95a15b292c)
Jeffery To [Wed, 10 May 2023 06:10:37 +0000 (14:10 +0800)]
CI: Do package run-tests only if target packages were built
Currently, the package run-test phase will fail for PRs that only
add/update host-only packages, as no target packages (*.ipk) are built.
This checks if any target packages are built before attempting the
run-tests.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
5ce254fd8e4136fbb3d385f4e55e2cdae0d6eb39)
Jeffery To [Wed, 10 May 2023 05:51:59 +0000 (13:51 +0800)]
CI: Run "apt-get update" before installing signify-openbsd
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
955a90944b2ebfbd66a6149d14126d6d9ced6c5e)
Jeffery To [Wed, 22 Mar 2023 07:46:13 +0000 (15:46 +0800)]
CI: Add local feed for CI-built packages
To test each package, the CI-built target package (ipk) file is
installed, but currently the target package's dependencies are installed
from the standard opkg feeds.
There are cases when the CI-built target packages should be
installed/tested together:
* If a pull request contains several new packages that depend on each
other, the test step will fail as the new dependencies cannot be found
in the current packages feed.
* If a pull request upgrades a source package that builds several target
packages that depend on each other, the test step may fail due to the
version/ABI mismatch between a newer target package and the older
dependencies installed from the packages feed.
This sets up a local feed for the CI-built packages so that dependencies
are also installed from the same set of packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
e9bb94840288d35b90ca43574b698c43403a7ec4)
Paul Spooren [Thu, 14 Mar 2024 13:46:15 +0000 (14:46 +0100)]
ci: set correct arch for rootfs tests
With the commit
01e5cfc "CI: Add target/arch tags (no suffix) for
snapshot images"[1] the os/platform is set for all images, which is usually
different from what the GitHub action runner uses (x86). The Docker
deamon still tries to fetch the x86 version and fails.
This commit explicitly sets the fitting arch.
[1]: https://github.com/openwrt/docker/commit/
01e5cfccd73a72ecab730496607c7c22b904f366
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
d359fa04eda29638b9326c194490685c1177fd49)
Stan Grishin [Mon, 29 Apr 2024 00:33:55 +0000 (17:33 -0700)]
Merge pull request #24024 from rs/nextdns-1.43.0-openwrt-22.03
[22.03] nextdns: Update to version 1.43.0
Sibren Vasse [Wed, 20 Dec 2023 16:01:50 +0000 (17:01 +0100)]
openssh: fix build failure on powerpc_8548
https://github.com/openssh/openssh-portable/commit/
1036d77b34a5fa15e56f516b81b9928006848cbd
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
a79c49578ca136556bd10d8990aa52ef4eb0664b)
Rucke Teg [Wed, 3 Jan 2024 22:11:05 +0000 (23:11 +0100)]
openssh: bump to 9.6p1
Release notes: https://www.openssh.com/txt/release-9.6
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
(cherry picked from commit
e8dfc6abbee88f35887c66ec785b081252d6d07d)
John Audia [Wed, 4 Oct 2023 19:35:03 +0000 (15:35 -0400)]
openssh: bump to 9.5p1
Changelog: https://www.openssh.com/txt/release-9.5
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
6dc86d46da18d573971b7e7a2d625b2498dbe249)
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Marius Dinu [Wed, 30 Nov 2022 09:45:13 +0000 (11:45 +0200)]
tvheadend: Fix github warning about AUTORELEASE
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
091681e1523d2943e665c392b09f79d6959fe632)
Marius Dinu [Wed, 30 Nov 2022 09:21:39 +0000 (11:21 +0200)]
tvheadend: add conditions for -O3 and LTO optimizations
Building for arc, mips and powerpc platforms fails if -O3 and LTO optimizations are enabled. This patch removes that option for everything other than arm and x86_64. These are known to work.
Fixes issue #19923.
Also fixes a typo in the description.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
149053198146a8821e8c12d7c7fce8c3a175c5b7)
Ivan Pavlov [Fri, 4 Nov 2022 21:22:12 +0000 (00:22 +0300)]
openvpn: update to 2.5.8
Mostly bugfix release
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.5.8/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
f49645d24c2bf0a920dbb9b84621f1f26bf0b22e)
Martin Schiller [Tue, 14 Jan 2020 14:20:14 +0000 (15:20 +0100)]
openvpn: add possibility to set param "compress" without algorithm
In some situations you need to set the compress param without an
algorithm. Compression will be turned off, but the packet framing for
compression will still be enabled, allowing a different setting to be
pushed later.
As it is not possible to have options with optional values at the
moment, I've introduced a pseudo value "frames_only" which will be
removed in the init script.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit
5ce5220eb23ffdfcce74541f07cff4fb3a3ade08)
Sibren Vasse [Fri, 11 Aug 2023 15:14:55 +0000 (17:14 +0200)]
openssh: update to 9.4p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
7fb8e823b977c6d95225cc98fdb1f31455b5e179)
Philip Prindeville [Mon, 7 Aug 2023 21:21:26 +0000 (15:21 -0600)]
openssh: add server config subdirectory
Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
ead95a26b68f4145937034d84abdf9e0f7fe1eb7)
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description
This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.
Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
(cherry picked from commit
06ea66c55866aa409ab567a593a22bd24e727f04)
Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate
Make the daemon reload after the tls certificate is updated
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit
fd1d506fff9462b3329585bdd148a6fd78cbd27a)
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1
Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1
Also bump version in the config file to avoid warning
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now
The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
26c101edc3e918be4fbfe76b3514d1c8398f7d31)
Jeffery To [Wed, 11 May 2022 08:40:55 +0000 (16:40 +0800)]
CircleCI: Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
dce83a50225774f9dfcb0c27415dd3fea528a878)
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options
Introduce `log_stdout` and `log_stderr` options for managing logging output.
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
5abbd3bcb2362963a2cc49c0a9de78dd5c5af185)
Josef Schlehofer [Tue, 23 Apr 2024 14:37:21 +0000 (16:37 +0200)]
modemmanager: drop backported patches
These patches were included in 1.18.8, thus it can be removed.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Aleksander Morgado [Fri, 4 Nov 2022 13:52:04 +0000 (14:52 +0100)]
modemmanager: fix unquoted strings when launching pppd
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
eb283ea8a3d0ff573b04242b045934541a460f06)
Arkadiusz Drabczyk [Wed, 13 Jul 2022 12:35:34 +0000 (14:35 +0200)]
modemmanager: fix mm_log() invocations in 25-modemmanager* files
Definition of mm_log() was changed in
45a56a889943b437f78fa2bfca3d5d8ac555c77e but 25-modemmanager* weren't
changed.
Signed-off-by: Arkadiusz Drabczyk <arkadiusz@drabczyk.org>
(cherry picked from commit
cdbc7a67fc17e6472ef9a1344d85f0137e8c2c59)
Aleksander Morgado [Mon, 13 Jun 2022 10:24:43 +0000 (12:24 +0200)]
modemmanager: explicitly disconnect even if no bearers found
A network restart where netifd is cleanly restarted involves bringing
the network interfaces down. The 'modemmanager' protocol handler will
run a mmcli --simple-disconnect in this case, but only if there are
bearer objects found.
If the network restart happened *during* the connection attempt
procedure, while the modem is e.g. being registered in the network, no
bearer objects exist yet, and so, we would skip doing anything during
the interface teardown operation. This would lead to the original
connection attempt succeeding, so leaving the modem in ModemManager
in connected state, while the associated interface in netifd is
reported down.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
c15e94f6c5fbbaedd41fd74b930a2a205f80afc0)
Aleksander Morgado [Wed, 4 May 2022 12:01:57 +0000 (14:01 +0200)]
modemmanager: report network initiated disconnections to netifd
The new connection dispatcher scripts support integrated in
ModemManager 1.18.8 allows us to provide a openwrt-specific dispatcher
script used to report netifd that the underlying network connection is
down.
See also https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/775
Fixes https://github.com/openwrt/openwrt/issues/8368
Fixes https://github.com/openwrt/packages/issues/14096
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
bc754f31cfdb004eefa43038f8f0827922107fc6)
Aleksander Morgado [Tue, 29 Mar 2022 11:12:43 +0000 (13:12 +0200)]
modemmanager: install available FCC unlock scripts
The FCC unlock scripts are installed but not enabled by default.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
e430420aa176af672e913a2e50c5911e3ea70ef3)
Maxim Anisimov [Mon, 12 Sep 2022 07:01:33 +0000 (10:01 +0300)]
modemmanager: bump to 1.18.12
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
(cherry picked from commit
c588b92d517fa015d5ca54cce26d29e35f8bfa97)
Jan Klos [Mon, 18 Mar 2024 20:26:51 +0000 (21:26 +0100)]
unbound: update to 1.19.3
Signed-off-by: Jan Klos <jan@klos.xyz>
(cherry picked from commit
558cbcac4698d58b11be23f954a7f64a296ab593)
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
ee8b29de2c42ffc7796cd825f38b19e56f838cd4)
Andrew Sim [Sun, 22 Oct 2023 06:12:44 +0000 (08:12 +0200)]
transmission: update to 4.0.4
Update Transamission to 4.0.4 stable release
Changelog: https://github.com/transmission/transmission/releases/tag/4.0.4
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit
45170d9b672b6e017f51c7ac2cdae9b636f2c0b2)
Michael Heimpold [Tue, 16 Apr 2024 19:10:07 +0000 (21:10 +0200)]
Merge pull request #23940 from mhei/22.03-php8-update-to-8.1.28
[22.03] php8: update to 8.1.28
Michael Heimpold [Mon, 15 Apr 2024 20:05:53 +0000 (22:05 +0200)]
php8: update to 8.1.28
This fixes:
- CVE-2024-1874
- CVE-2024-2756
- CVE-2024-3096
While at, switch to https download URL.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a5557a2a47f57c651dd5dc97eac40de26617de91)
Josef Schlehofer [Tue, 5 Mar 2024 17:03:13 +0000 (18:03 +0100)]
lualanes: update to version 3.16.3 and use tarball
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
8b7040b6de0d485fa3867ff315cd30f873c49a55)
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
(cherry picked from commit
08e51ab50a452d1c6217f3a6767f66146814878b)
krant [Wed, 7 Feb 2024 13:35:30 +0000 (15:35 +0200)]
hwdata: update to 0.379
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
9f45bfd3d5233284095a7bbe789c1f947138048c)
Jo-Philipp Wich [Thu, 4 Apr 2024 23:33:50 +0000 (01:33 +0200)]
nano: fix syntax highlighting for raw ucode scripts
Text between interpreter line and start of first directive should only
highlighted as uninterpreted when running in template mode, so adjust
the match rule accordingly.
Fixes: #23761
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
8f9564387d136c2a09c763b4c4ac7e4aa16baeb5)
Jo-Philipp Wich [Wed, 8 Nov 2023 13:53:37 +0000 (14:53 +0100)]
nano: add syntax highlighting for ucode scripts
Introduce local syntax highlighting support for ucode scripts, like
it is done already for uci configuration files.
Ref: https://github.com/jow-/ucode/issues/178
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d8a574f7f0eb2f5970119a2b0527048583054180)
Peca Nesovanovic [Wed, 20 Mar 2024 20:21:36 +0000 (21:21 +0100)]
p910nd: fix running multiple instances
Compile tested: (ramips, rb760igs, 23.05 snapshot)
Run tested: (ramips, rb760igs, 23.05 snapshot, tests done)
Description:
In case we have multiple device defined in /etc/config/p910nd then init script will try to start multiple instance with same instance name
drop instance name as resolution
tested on 23.05 snapshot with 2 USB printers
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
(cherry picked from commit
152d80ce1326d0b1fee8e324ec8e68dd9f44cf4a)
Josef Schlehofer [Tue, 5 Mar 2024 19:44:47 +0000 (20:44 +0100)]
syslog-ng: enable http module based on zlib support in curl
Since version 4.4.0, syslog-ng added compression to http() destination
using zlib from curl. [1] However, zlib is currently disabled in curl [2]
and it prevented syslog-ng to start.
This commit changes the configuration opinion to enable http module only if
zlib support is enabled for curl and as well it adds dependency for zlib (in that case).
If the zlib is disabled, then it disables http module, so syslog-ng can start
and thus zlib dependency is not required.
[1] https://gitlab.nic.cz/turris/os/packages/-/issues/932
[2] https://github.com/openwrt/packages/blob/
93cbaacbfb13048ad378520a7afea7c9027dd1d6/net/curl/Config.in#L134
Fixes: 4dd49d7c3cd571107958154f1ed1ec8d8dba7464 ("syslog-ng: update to version 4.4.0")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1e14d95d78d03ab163653166652972ca3e8c366e)
Michal Hrusecky [Tue, 13 Feb 2024 13:17:31 +0000 (14:17 +0100)]
knot-resolver: Update to version 5.7.1
- Fixes CVE-2023-50868 and CVE-2023-50387
- Also, the resolver has not been called 'Knot DNS Resolver' for quite
some time, so fix that, too.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit
1131acf57fb07c0fa3e47c71bdca172f9d2f2e43)
Šimon Bořek [Fri, 6 May 2022 11:18:08 +0000 (13:18 +0200)]
knot-resolver: enable dnstap module build by default
'dnstap' module will be built but not loaded by default at runtime
(configuration must be provided for it to be loaded). It is still possible to
disable dnstap build manually using menuconfig.
"The dnstap module supports logging DNS requests and responses to a unix socket
in dnstap format using fstrm framing library. This logging is useful if you need
effectively log all DNS traffic."[^1]
Adds dependency on 'protobuf', 'protobuf-c', 'libfstrm'. Listed packages are
available from OpenWrt packages, have uncomplicated manifests and
while 'protobuf-c' doesn't have a maintainer since spring 2020, all the
packages (including 'protobuf-c') seem to be maintained - the last
updates of all of them in autumn 2021.
As stated by VladimÃr ÄŒunát from Knot Resolver team they build dnstap
while packaging for majority of standard Linux distributions.
Therefore this change brings us closer to expected default.
[^1]: https://knot-resolver.readthedocs.io/en/stable/modules-dnstap.html
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
a68397ff778db68bd4e78ac26880dda959aaaf18)
Šimon Bořek [Thu, 5 May 2022 15:53:30 +0000 (17:53 +0200)]
knot-resolver: do not overwrite -Ddnstap=enabled configuration
It was possible to enable dnstap in menuconfig, but the configuration
only added dependencies while leaving dnstap module build disabled.
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
af521478f832639fa08a763c3182125e5cac1a80)
Glenn Strauss [Thu, 14 Mar 2024 04:31:23 +0000 (00:31 -0400)]
lighttpd: update to lighttpd 1.4.75 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a60a0d0730886ff23c75de1f9b88a039097aed37)
Fabrice Fontaine [Fri, 2 Feb 2024 17:37:33 +0000 (18:37 +0100)]
treewide: assign PKG_CPE_ID
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit
5afe5c9031190844f267357c68efe3c9c3cbe51d)
Paul Donald [Tue, 5 Mar 2024 13:59:49 +0000 (14:59 +0100)]
p910nd: restart daemon even if no driver file is needed
Not all USB printers need a blob loading; restart the daemon
independently of driver loading.
Closes openwrt/packages#23588
Signed-off-by: Paul Donald <newtwen@gmail.com>
Tested-by: minicx <minicx@disroot.org>
(cherry picked from commit
685ef7d97b345c09edd428250794dd9fce07a174)
Jan Hák [Wed, 6 Mar 2024 13:30:16 +0000 (14:30 +0100)]
knot: update to version 3.3.5
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
d660dc6e7ca497bf83b09865570d5c3b37b2609e)
Paul Donald [Fri, 1 Mar 2024 20:28:43 +0000 (21:28 +0100)]
ntpclient: remove
ntp sources are dead and gone. The most important functionality is now
provided by ntpd.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
2cd10d81134b5ff4b6350c477da3c9196e1b7489)
Josef Schlehofer [Tue, 5 Mar 2024 19:24:19 +0000 (20:24 +0100)]
syslog-ng: update to version 4.6.0
1. Bump version config to 4.6
2. Updated to 4.6.0 version
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.6.0
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.5.0
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
cf4df28d06e3ffa9ce0971fb29f9212cb97cfbee)
Sergey Ponomarev [Sun, 26 Nov 2023 08:50:56 +0000 (10:50 +0200)]
syslog-ng: conf: fix deprecated stats_freq
The deprecated stats_freq() replaced with stats(freq(0)).
Also make comments shorter.
Fix tabs.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit
37d2d69595e2e454c2562c3d963dc8065a24db70)
Dengfeng Liu [Wed, 28 Feb 2024 05:05:26 +0000 (13:05 +0800)]
apfree-wifidog: update to 7.02.1977
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Dengfeng Liu [Wed, 28 Feb 2024 04:43:29 +0000 (12:43 +0800)]
apfree-wifidog: fix some bugs in the wifidogx.init file
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Stan Grishin [Mon, 4 Mar 2024 20:58:32 +0000 (13:58 -0700)]
Merge pull request #23572 from stangri/openwrt-22.03-https-dns-proxy
[23.05] https-dns-proxy: update to upstream 2023-11-19
Ray Wang [Sun, 3 Mar 2024 10:23:39 +0000 (18:23 +0800)]
natmap: update to
20240303
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
7bbd9156cc478ab133d142f05f243eb3061d0c8d)
Tianling Shen [Tue, 27 Feb 2024 16:39:15 +0000 (00:39 +0800)]
rclone: add fuse3-utils as dependency
rclone has switched to use fuse3 since v1.62.0.
Reported-by: qiuzi <gxfclql@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
df9d076d600a3d02da198af4a625980ed0633d2a)
Stan Grishin [Sat, 2 Mar 2024 00:13:49 +0000 (00:13 +0000)]
https-dns-proxy: update to upstream 2023-11-19
* update to upstream 2023-11-19
(changes: https://github.com/aarond10/https_dns_proxy/commit/
489c57efd46983e688579974a2ab7aeaa7df8d83)
* bugfix: include resolveip dependency in Makefile
(fixes https://github.com/openwrt/packages/issues/23567)
* minor update for failed healthcheck logging
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
bd501dd89c65857c060ca1ac034bc2fe7846b4e7)
Rui Salvaterra [Sun, 3 Sep 2023 17:22:55 +0000 (18:22 +0100)]
tor: update to 0.4.8.7 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.7/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
5cb304e2b3484691b9f60a3a47a707dfcf5fa34b)
ValdikSS ValdikSS [Sun, 22 Oct 2023 16:30:04 +0000 (19:30 +0300)]
tor: fix daemon reloading
procd requires init script name, not the path to executable
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
(cherry picked from commit
af58942738c13c431f531e78f368d18a0d2dd84d)
Rui Salvaterra [Wed, 26 Jul 2023 22:32:34 +0000 (23:32 +0100)]
tor: update to 0.4.8.4 stable
First release of the 0.4.8.x series, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.4/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
1b2c1ddbb2a693aca87fae96beff3b1741951c90)
Daniel Bermond [Sun, 19 Feb 2023 14:20:37 +0000 (11:20 -0300)]
tor: update to version 0.4.7.13
Maintainers : @hauke (Hauke Mehrtens) and @tripolar (Peter Wagner)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-
01262c921c)
Run tested : r7800 OpenWrt git master (r22104-
01262c921c)
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
(cherry picked from commit
5f0a9ec722266a15739786aed12e2c33e9da7acd)
Rui Salvaterra [Thu, 8 Dec 2022 18:40:05 +0000 (18:40 +0000)]
tor: bump to 0.4.7.12 stable
Quoting the changelog:
Changes in version 0.4.7.12 - 2022-12-06
This version contains a major change that is a new key for moria1. Also, new
metrics are exported on the MetricsPort for the congestion control
subsystem.
o Directory authority changes (moria1):
- Rotate the relay identity key and v3 identity key for moria1. They
have been online for more than a decade and refreshing keys
periodically is good practice. Advertise new ports too, to avoid
confusion. Closes ticket 40722.
o Minor feature (Congestion control metrics):
- Add additional metricsport relay metrics for congestion control.
Closes ticket 40724.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 06, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/12/06.
o Minor bugfixes (cpuworker, relay):
- Fix an off by one overload calculation on the number of CPUs being
used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
3fd37a234c61146f6f6e921f7e3c7adfb19f4623)
Rui Salvaterra [Wed, 23 Nov 2022 19:10:06 +0000 (19:10 +0000)]
tor: bump to 0.4.7.11 stable
Quoting the changelog:
Changes in version 0.4.7.11 - 2022-11-10
This version contains several major fixes aimed at helping defend against
network denial of service. It is also extending drastically the MetricsPort
for relays to help us gather more internal data to investigate performance
and attacks.
We strongly recommend to upgrade to this version especially for Exit relays
in order to help the network defend against this ongoing DDoS.
o Directory authority changes (dizum, Faravahar):
- Change dizum IP address. Closes ticket 40687.
- Remove Faravahar until its operator, Sina, set it back up online
outside of Team Cymru network. Closes ticket 40688.
o Major bugfixes (geoip data):
- IPFire informed us on August 12th that databases generated after
(including) August 10th did not have proper ARIN network
allocations. We are updating the database to use the one generated
on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13.
o Major bugfixes (onion service):
- Set a much higher circuit build timeout for opened client rendezvous
circuit. Before this, tor would time them out very quickly leading to
unnecessary retries meaning more load on the network. Fixes bug 40694;
bugfix on 0.3.5.1-alpha.
o Major bugfixes (OSX):
- Fix coarse-time computation on Apple platforms (like Mac M1) where
the Mach absolute time ticks do not correspond directly to
nanoseconds. Previously, we computed our shift value wrong, which
led us to give incorrect timing results. Fixes bug 40684; bugfix
on 0.3.3.1-alpha.
o Major bugfixes (relay):
- Improve security of our DNS cache by randomly clipping the TTL
value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.
o Minor feature (Mac and iOS build):
- Change how combine_libs works on Darwin like platforms to make
sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
symbols on the archive before we repack and run ${RANLIB} on the
archive. This fixes a build issue with recent Xcode versions on
Mac Silicon and iOS. Closes ticket 40683.
o Minor feature (metrics):
- Add various congestion control counters to the MetricsPort. Closes
ticket 40708.
o Minor feature (performance):
- Bump the maximum amount of CPU that can be used from 16 to 128. Note
that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug
40703; bugfix on 0.3.5.1-alpha.
o Minor feature (relay):
- Make an hardcoded value for the maximum of per CPU tasks into a
consensus parameter.
- Two new consensus parameters are added to control the wait time in
queue of the onionskins. One of them is the torrc
MaxOnionQueueDelay options which supersedes the consensus
parameter. Closes ticket 40704.
o Minor feature (relay, DoS):
- Apply circuit creation anti-DoS defenses if the outbound circuit
max cell queue size is reached too many times. This introduces two
new consensus parameters to control the queue size limit and
number of times allowed to go over that limit. Closes ticket 40680.
o Minor feature (relay, metrics):
- Add DoS defenses counter to MetricsPort.
- Add congestion control RTT reset counter to MetricsPort.
- Add counters to the MetricsPort how many connections, per type,
are currently opened and how many were created.
- Add relay flags from the consensus to the MetricsPort.
- Add total number of opened circuits to MetricsPort.
- Add total number of streams seen by an Exit to the MetricsPort.
- Add traffic stats as in number of read/written bytes in total.
- Related to ticket 40194.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 10, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/11/10.
o Minor bugfixes (authorities, sandbox):
- Allow to write file my-consensus-<flavor-name> to disk when
sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (dirauth):
- Directory authorities stop voting a consensus "Measured" weight
for relays with the Authority flag. Now these relays will be
considered unmeasured, which should reserve their bandwidth for
their dir auth role and minimize distractions from other roles. In
place of the "Measured" weight, they now include a
"MeasuredButAuthority" weight (not used by anything) so the
bandwidth authority's opinion on this relay can be recorded for
posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth
torrc option which never worked right. Fixes bugs 40698 and 40700;
bugfix on 0.4.7.2-alpha.
o Minor bugfixes (onion service client):
- A collapsing onion service circuit should be seen as an
"unreachable" error so it can be retried. Fixes bug 40692; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (onion service):
- Make the service retry a rendezvous if the circuit is being
repurposed for measurements. Fixes bug 40696; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (relay overload statistics):
- Count total create cells vs dropped create cells properly, when
assessing if our fraction of dropped cells is too high. We only
count non-client circuits in the denominator, but we would include
client circuits in the numerator, leading to surprising log lines
claiming that we had dropped more than 100% of incoming create
cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha.
o Code simplification and refactoring (bridges):
- Remove unused code related to ExtPort connection ID. Fixes bug
40648; bugfix on 0.3.5.1-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
9136ff153249eac852b71e18107c68d78fd47215)
Glenn Strauss [Thu, 22 Feb 2024 18:03:24 +0000 (13:03 -0500)]
lighttpd: update to lighttpd 1.4.74 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
4d8bb07b734391d11318cb319548a17273820685)
krant [Fri, 9 Feb 2024 20:44:43 +0000 (22:44 +0200)]
squid: fix configure options
- Remove non-existing 'dlmalloc' option
- Use 'with-cap' instead of 'with-libcap'
- Use 'with-xml2' instead of 'with-libxml2'
- Patch configure.ac to properly handle 'with-nettle'
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
f58be51721fb0e2c5aa0747bce36a19deb7392dd)
krant [Thu, 8 Feb 2024 13:01:10 +0000 (15:01 +0200)]
squid: update to 6.7
- Switch URL to HTTPS
- Remove default/obsolete configure options
- Fix and refresh the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
4007a08529a86b600b4ce6476cf6367de577a645)
S. Brusch [Wed, 14 Feb 2024 12:37:59 +0000 (13:37 +0100)]
unbound: update to latest upstream release version 1.19.1
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
(cherry picked from commit
35ba14e50c6c90b3cc32538573d02a3b4f5b9184)
Sebastian Kemper [Tue, 7 Mar 2023 21:31:41 +0000 (22:31 +0100)]
tiff: force libdeflate support to off
Commit
81d2b72 added a package providing libdeflate. Tiff by default
links to it, causing a build error.
Package libtiff is missing dependencies for the following libraries:
libdeflate.so.0
This commit forces libdeflate use off to avoid this. No revision bump is
done because the package is currently not compiling anyway.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
e3c6da4e25a96eae0cf249393af8599659a04b09)
Daniel Golle [Sun, 19 Feb 2023 04:41:08 +0000 (04:41 +0000)]
libb64: add package
Add generic base64 encode/decode (static) library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6993b5d9456f4747583082106e889eacc4d8ab08)
Tianling Shen [Wed, 17 May 2023 13:34:02 +0000 (21:34 +0800)]
libdeflate: Update to 1.18
Release note:
https://github.com/ebiggers/libdeflate/blob/master/NEWS.md#version-118
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
8591e8fb3f0400b25793543600ba4e9a6f93abe0)
Daniel Golle [Sun, 19 Feb 2023 04:41:44 +0000 (04:41 +0000)]
libdeflate: add package
Add package for libdeflate which is a library for fast, whole-buffer
DEFLATE-based compression and decompression.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
81d2b7262e510b9a4746656712d9f5a2b6521249)
Daniel Golle [Sun, 19 Feb 2023 04:43:43 +0000 (04:43 +0000)]
libdht: add package
Add Kademlia Distributed Hash Table (DHT) library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a281a8af9f7b74960a52a3e102fc636c0722b92c)
Daniel Golle [Sun, 19 Feb 2023 04:44:16 +0000 (04:44 +0000)]
libutp: add package
Add Transmission version of the uTorrent Transport Protocol library.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
1ecef46f1cb00aeac717710e6a25b82b68a2970b)
Liangbin Lian [Mon, 10 Jul 2023 07:53:33 +0000 (15:53 +0800)]
transmission: fix depends on libmbedtls
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit
2311e7921893453094bd065e1a94ffa8d850c8b7)
Tianling Shen [Tue, 20 Feb 2024 05:47:37 +0000 (13:47 +0800)]
Merge pull request #23416 from systemcrash/p910nd_22_picks
P910nd v22.03 picks
Rosen Penev [Mon, 25 Dec 2023 06:01:33 +0000 (22:01 -0800)]
openconnect: update to 9.12
Remove upstream backport and fix libxml 1.12 compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Vladislav Grigoryev [Sat, 14 Oct 2023 09:25:34 +0000 (12:25 +0300)]
openconnect: add support for option --pfs
Add support for the OpenConnect option `--pfs`.
Designed to require perfect forward secrecy.
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
John Audia [Fri, 28 Jul 2023 21:52:17 +0000 (17:52 -0400)]
lxc: update to 5.0.3
Bump to latest upstream release.
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
1b5ee689f3f8fa68580206274b5b67c06db3ec91)
Jeffery To [Fri, 24 Nov 2023 07:21:26 +0000 (15:21 +0800)]
fail2ban: Fix compatibility with Python 3.11
This backports 2 commits from upstream[1]; the other 3 are not strictly
necessary. One of the patches has been updated to remove a change to a
regex that does not exist in 0.11.2.
[1]: https://github.com/fail2ban/fail2ban/pull/3267
Fixes: https://github.com/openwrt/packages/issues/22736
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
0d9cc4aed202c9126966f7a9e73eaa7f48d51b6b)
Marius Dinu [Sun, 23 Jul 2023 17:36:02 +0000 (20:36 +0300)]
transmission: add copy_file_range syscall to seccomp
Fixes this crash:
root@RPi3OpenWrt:/# grep -i seccomp /var/log/audit/audit.log
type=SECCOMP msg=audit(
1689503903.597:16): auid=
4294967295 uid=224 gid=1012 ses=
4294967295 pid=1752 comm="transmission-da" exe="/usr/bin/transmission-daemon" sig=31 arch=
c00000b7 syscall=285 compat=0 ip=0x7fa3b0eefc code=0x80000000
root@RPi3OpenWrt:/# ausyscall 285
copy_file_range
root@RPi3OpenWrt:/#
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
f0926b44f48fa04401c660b0818e74f6b654e5bc)
Marius Dinu [Sun, 16 Jul 2023 13:43:25 +0000 (16:43 +0300)]
transmission: add ftruncate syscall to seccomp
Fixes many crashes.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
a0372545887a2f16329be56949465e13af0d04c7)
Leonid Bogdanov [Sat, 10 Jun 2023 13:06:31 +0000 (23:06 +1000)]
transmission: Fix env variables passing
It's not possible to configure custom Transmission web home as corresponding
env var gets overwritten by the command that sets CA bundle env var.
Signed-off-by: Leonid Bogdanov <leonidbogdanov86@gmail.com>
(cherry picked from commit
c662aefd9aaa15b3a1f7570ccd1d5fe33aeb2a45)
Marius Dinu [Sat, 20 May 2023 16:41:57 +0000 (19:41 +0300)]
transmission: add missing nls.mk include
Fixes issue #21016.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
f66bcdd1b6f8534c0e366a13ee2750820a13e3bb)
Daniel Golle [Fri, 19 May 2023 01:53:53 +0000 (02:53 +0100)]
transmission: add missing ftruncate64 syscall
Transmission 4.0.3 started using the ftruncate64 syscall.
Add it to the list of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
142bbc77f1aa8a81cd1ffb1ebad3ce4f2ef24b8a)
Daniel Golle [Thu, 18 May 2023 02:15:52 +0000 (03:15 +0100)]
transmission: add new syscall needed with musl 1.2.4
Apparently the "revcmsg" syscall is now needed, add it to the list
of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6afcc1bc88a960a9ce5b0d5ed1e8cce87647d5fa)
Andrew Sim [Mon, 15 May 2023 05:12:06 +0000 (07:12 +0200)]
transmission: Update to v4.03
Update transmission to latest stable v4.0.3 release
Changelog: https://github.com/transmission/transmission/releases/tag/4.0.3
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit
f6c43e7c5ad86685f6e5c892b0b412fbd8831200)