Maxim Storchak [Sun, 14 Apr 2024 12:27:28 +0000 (15:27 +0300)]
rsync: support xxhash and lz4
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Rui Salvaterra [Fri, 19 Apr 2024 11:36:32 +0000 (12:36 +0100)]
Merge pull request #23943 from rsalvaterra/tor-bump
tor: update to 0.4.8.11 stable
Jo-Philipp Wich [Fri, 19 Apr 2024 11:16:39 +0000 (13:16 +0200)]
Merge pull request #23821 from friendly-bits/add_geoip-shell
geoip-shell: add package
Alexandru Ardelean [Fri, 19 Apr 2024 09:32:13 +0000 (12:32 +0300)]
Merge pull request #23939 from commodo/python-updates1
django,django-restframework: bump versions
Michael Heimpold [Fri, 19 Apr 2024 04:27:36 +0000 (06:27 +0200)]
Merge pull request #23955 from mhei/php8-update-to-8.3.6
php8: update to 8.3.6
Tianling Shen [Mon, 15 Apr 2024 07:18:04 +0000 (15:18 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 15 Apr 2024 07:20:07 +0000 (15:20 +0800)]
v2ray-geodata: make PKG_RELEASE numeric again
According to the documentation[1] 'PKG_RELEASE' should be a number,
so polulate the APK-style 'r' via 'VERSION' instead.
1. https://openwrt.org/docs/guide-developer/packages#buildpackage_variables
Fixes: 30796c59485b ("v2ray-geodata: use APK compatible version schema")
Reported-by: Sean Khan <datapronix@protonmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Felix Fietkau [Thu, 18 Apr 2024 19:58:13 +0000 (21:58 +0200)]
curl: fix SSL init with mbedtls 3.6
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 18 Apr 2024 19:46:11 +0000 (21:46 +0200)]
libssh: update to version 0.10.6, fix build with mbedtls 3.6
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Josef Schlehofer [Thu, 18 Apr 2024 17:38:19 +0000 (19:38 +0200)]
Merge pull request #23953 from commodo/cython-update1
python-cython: bump to version 3.0.10
Marcus Folkesson [Mon, 12 Feb 2024 14:57:30 +0000 (15:57 +0100)]
python-jinja2: create /host target
Make the python-jinja2/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Marcus Folkesson [Mon, 12 Feb 2024 15:04:09 +0000 (16:04 +0100)]
python-yaml: create /host target
Make the python-yaml/host target available for the build environment
to be used with e.g. the PKG_BUILD_DEPENDS list.
This is needed for an upcoming package (libcamera).
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Sean Khan [Fri, 12 Apr 2024 18:03:04 +0000 (14:03 -0400)]
nginx: Use zst + APK style packaging for modules
Generates git tarballs in the new APK style format:
Note that `SOURCE_DATE` was added and need to be updated
as the commit date of the commit hash
Before:
```
nginx-mod-geoip2-
1cabd8a1f68ea3998f94e9f3504431970f848fbf.tar.xz
nginx-mod-headers-more-
bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0.tar.xz
nginx-mod-brotli-
25f86f0bac1101b6512135eac5f93c49c63609e3.tar.xz
nginx-mod-rtmp-
f0ea62342a4eca504b311cd5df910d026c3ea4cf.tar.xz
nginx-mod-ts-
ef2f874d95cc75747eb625a292524a702aefb0fd.tar.xz
nginx-mod-naxsi-
d714f1636ea49a9a9f4f06dba14aee003e970834.tar.xz
nginx-mod-lua-
c89469e920713d17d703a5f3736c9335edac22bf.tar.xz
nginx-mod-lua-resty-core-
2e2b2adaa61719972fe4275fa4c3585daa0dcd84.tar.xz
nginx-mod-lua-resty-lrucache-
52f5d00403c8b7aa8a4d4f3779681976b10a18c1.tar.xz
nginx-mod-dav-ext-
f5e30888a256136d9c550bf1ada77d6ea78a48af.tar.xz
nginx-mod-ubus-
b2d7260dcb428b2fb65540edb28d7538602b4a26.tar.xz
```
After:
```
nginx-mod-geoip2-2020.01.22~
1cabd8a1.tar.zst
nginx-mod-headers-more-2022.07.17~
bea1be3b.tar.zst
nginx-mod-brotli-2020.04.23~
25f86f0b.tar.zst
nginx-mod-rtmp-2018.12.07~
f0ea6234.tar.zst
nginx-mod-ts-2017.12.04~
ef2f874d.tar.zst
nginx-mod-naxsi-2022.09.14~
d714f163.tar.zst
nginx-mod-lua-2023.08.19~
c89469e9.tar.zst
nginx-mod-lua-resty-core-2023.09.09~
2e2b2ada.tar.zst
nginx-mod-lua-resty-lrucache-2023.08.06~
52f5d004.tar.zst
nginx-mod-dav-ext-2018.12.17~
f5e30888.tar.zst
nginx-mod-ubus-2020.09.06~
b2d7260d.tar.zst
```
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Sean Khan [Fri, 12 Apr 2024 22:05:30 +0000 (18:05 -0400)]
nginx: autoload dynamic modules
In current setup, dynamic modules are not autoloaded, requiring users
to create and load additional config files.
We should assume that if a user installs additional modules, they want
them 'on' by default.
This commit does the following:
1.) generates a module load config in '/etc/nginx/modules.d' with the
format '${module_name}'.module
(i.e. /etc/nginx/modules.d/ngx_http_geoip2.module)
2.) deletes previous module conf for 'luci'
/etc/nginx/modules.d/luci.module if it exists, this will prevent
'module already loaded' errors.
The following is a portion of the final output when using the
default uci template `/etc/nginx/uci.conf.template` (via nginx-util):
```
nginx -T -c '/etc/nginx/uci.conf'
load_module /usr/lib/nginx/modules/ngx_http_brotli_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_brotli_static_module.so;
load_module /usr/lib/nginx/modules/ngx_http_dav_ext_module.so;
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_http_lua_module.so;
load_module /usr/lib/nginx/modules/ngx_http_naxsi_module.so;
load_module /usr/lib/nginx/modules/ngx_http_ts_module.so;
load_module /usr/lib/nginx/modules/ngx_http_ubus_module.so;
load_module /usr/lib/nginx/modules/ngx_rtmp_module.so;
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
load_module /usr/lib/nginx/modules/ngx_stream_geoip2_module.so;
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Sean Khan [Fri, 12 Apr 2024 22:40:13 +0000 (18:40 -0400)]
nginx: fix geoip2 dependency on mod ngx_stream
Since the geoip2 package contains both `http` and `stream` versions. It
requires the module `ngx_stream` be installed and loaded and produces
the error:
```
2024/04/12 18:38:18 [emerg] 4402#0: dlopen()
"/usr/lib/nginx/modules/ngx_stream_geoip2_module.so" failed (Error
relocating /usr/lib/nginx/modules/ngx_stream_geoip2_module.so:
ngx_stream_complex_value: symbol not found) in
/etc/nginx/module.d/ngx_stream_geoip2.module:1 nginx: configuration file
/etc/nginx/uci.conf test failed
```
Add dependency so it's built at build time and installed automatically
by `opkg`
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Michael Heimpold [Mon, 15 Apr 2024 19:44:25 +0000 (21:44 +0200)]
php8: update to 8.3.6
This fixes:
- CVE-2024-1874
- CVE-2024-2756
- CVE-2024-2757
- CVE-2024-3096
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Alexandru Ardelean [Tue, 16 Apr 2024 07:31:53 +0000 (10:31 +0300)]
python-cython: bump to version 3.0.10
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Anton Khazan [Tue, 16 Apr 2024 11:08:27 +0000 (14:08 +0300)]
geoip-shell: add package
Adds the geoip-shell package to OpenWrt.
geoip-shell is a flexible geoip blocker for Linux with a user-friendly command-line interface.
Signed-off-by: Anton Khazan <antonk.d3v@gmail.com>
Alexandru Ardelean [Mon, 15 Apr 2024 16:44:02 +0000 (19:44 +0300)]
django-restframework: bump to version 3.15.1
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Alexandru Ardelean [Mon, 15 Apr 2024 16:41:54 +0000 (19:41 +0300)]
django: bump to version 5.0.4
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Rui Salvaterra [Mon, 15 Apr 2024 12:45:27 +0000 (13:45 +0100)]
tor: update to 0.4.8.11 stable
Minor release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.11/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Florian Eckert [Tue, 16 Apr 2024 06:45:17 +0000 (08:45 +0200)]
Merge pull request #23879 from TDT-AG/pr/
20240411-ucitrack
keepalived: remove file sync handling for ucitrack
Florian Eckert [Thu, 11 Apr 2024 14:18:51 +0000 (16:18 +0200)]
keepalived: remove file sync handling for ucitrack
The ucitrack file hanlding was converted to json. Therefore this is not
needed anymore.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Stan Grishin [Mon, 15 Apr 2024 21:43:13 +0000 (14:43 -0700)]
Merge pull request #23925 from stangri/master-pbr
pbr: bugfix: fix IPv6 interface errors
Stan Grishin [Sat, 13 Apr 2024 22:31:52 +0000 (22:31 +0000)]
pbr: bugfix: fix IPv6 interface errors
* update license to AGPL-3.0-or-later
* rename pbr_get_gateway to pbr_get_gateway4 for better readability
* improve IPv6 "gateway" detection/display on start
* prevent IPv6 interface errors on start
* revert release format
Signed-off-by: Stan Grishin <stangri@melmac.ca>
krant [Mon, 15 Apr 2024 05:05:24 +0000 (08:05 +0300)]
squid: update to 6.9
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Tianling Shen [Mon, 15 Apr 2024 05:22:56 +0000 (13:22 +0800)]
cloudflared: Update to 2024.4.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 15 Apr 2024 05:22:09 +0000 (13:22 +0800)]
dnsproxy: Update to 0.69.2
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
krant [Sun, 14 Apr 2024 07:03:37 +0000 (10:03 +0300)]
erlang: update to 26.2.4
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
dracode [Wed, 3 Apr 2024 04:14:40 +0000 (00:14 -0400)]
hcxdumptool: Update to 6.3.4
Version 6.3.4 has some important fixes for the OpenWrt community.
This version properly supports Big-Endian systems (which are many); the previous OpenWrt packaged version crashed on such systems.
Signed-off-by: dracode <github@dragonbyte.org>
Paul Spooren [Thu, 11 Apr 2024 20:29:55 +0000 (22:29 +0200)]
mtd-rw: drop PKG_VERSION definition in Makefile
By default Kernel modules follow the version schema from openwrt.git,
which happens to be APK compatible. Instead of defining a entirely
custom format, use what's already out there.
This patch drops the individual PKG_VERSION definition.
Right now, the version becomes 6.1.82.0~
7e856206-r2.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Shi JiaYang [Sat, 6 Apr 2024 02:38:58 +0000 (10:38 +0800)]
adguardhome: update to 0.107.48
View the release notes for more information:
https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.48
Signed-off-by: Shi JiaYang <shi05275@163.com>
John Audia [Fri, 12 Apr 2024 11:42:34 +0000 (07:42 -0400)]
snort3: update to 3.1.84.0
1. Update to latest version
2. Remove redundant section in Makefile
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.84.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.84.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-04-10
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
John Audia [Mon, 8 Apr 2024 15:07:09 +0000 (11:07 -0400)]
rsync: update to 3.3.0
Changelog: https://download.samba.org/pub/rsync/NEWS#3.3.0
$ rsync --version
rsync version 3.3.0 protocol version 31
Copyright (C) 1996-2024 by Andrew Tridgell, Wayne Davison, and others.
Web site: https://rsync.samba.org/
Capabilities:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
no socketpairs, symlinks, symtimes, hardlinks, no hardlink-specials,
no hardlink-symlinks, IPv6, atimes, batchfiles, inplace, append, no ACLs,
no xattrs, optional secluded-args, no iconv, prealloc, stop-at,
no crtimes
Optimizations:
no SIMD-roll, no asm-roll, no openssl-crypto, asm-MD5
Checksum list:
md5 md4 none
Compress list:
zlibx zlib none
Daemon auth list:
md5 md4
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
David Andreoletti [Fri, 12 Apr 2024 09:39:53 +0000 (17:39 +0800)]
mosquitto: bump PKG_RELEASE since missing in PR #23863
Signed-off-by: David Andreoletti <david@andreoletti.net>
krant [Fri, 12 Apr 2024 04:26:06 +0000 (07:26 +0300)]
fontconfig: update to 2.15.0
- Use up-to-date project URLs
- Remove obsoleted patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 12 Apr 2024 04:09:50 +0000 (07:09 +0300)]
mtdev: update to 1.1.7
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Peter van Dijk [Thu, 11 Apr 2024 13:56:37 +0000 (15:56 +0200)]
pdns: unbreak bigendian builds
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Wesley Gimenes [Thu, 11 Apr 2024 04:27:03 +0000 (01:27 -0300)]
netbird: update to 0.27.3
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Paul Spooren [Thu, 11 Apr 2024 13:03:43 +0000 (15:03 +0200)]
macremapper: drop VERSION definition in Makefile
By default Kernel modules follow the version schema from openwrt.git,
which happens to be APK compatible. Instead of defining a entirely
custom format, use what's already out there.
This patch drops the individual VERSION definition.
Right now, the version becomes 6.1.82.1.1.0-r2
Signed-off-by: Paul Spooren <mail@aparcar.org>
krant [Thu, 11 Apr 2024 19:27:13 +0000 (22:27 +0300)]
gptfdisk: update to 1.0.10
- Delete upstreamed patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 12 Apr 2024 03:10:24 +0000 (06:10 +0300)]
socat: update to 1.8.0.0
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 12 Apr 2024 03:01:01 +0000 (06:01 +0300)]
stress-ng: update to 0.17.07
- Refresh the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 11 Apr 2024 19:33:53 +0000 (22:33 +0300)]
moreutils: update to 0.69
- Refresh patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 11 Apr 2024 19:21:57 +0000 (22:21 +0300)]
mc: update to 4.8.31
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 11 Apr 2024 18:59:52 +0000 (21:59 +0300)]
mpg123: update to 1.32.6
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Fri, 12 Apr 2024 02:41:08 +0000 (05:41 +0300)]
wget: update to 1.24.5
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Eric Fahlgren [Fri, 12 Apr 2024 21:21:15 +0000 (14:21 -0700)]
snort3: fix issue caused by ucode semantics change
A recent change in the ucode interpeter caused a failure when using
the 'in' operator.
https://github.com/jow-/ucode/commit/
be767ae197babd656d4f5d9c2d5013e39ddbe656
Reported in a forum post by @graysky2.
https://forum.openwrt.org/t/194218/28
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Hirokazu MORIKAWA [Wed, 10 Apr 2024 03:55:02 +0000 (12:55 +0900)]
nghttp2: fix CVE-2024-28182
update to v1.61.0
CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Stan Grishin [Fri, 12 Apr 2024 20:57:44 +0000 (13:57 -0700)]
Merge pull request #23880 from stangri/master-pbr
pbr: update to 1.1.4-r15
Stan Grishin [Thu, 11 Apr 2024 16:21:28 +0000 (16:21 +0000)]
pbr: update to 1.1.4-r15
* delete obsolete files/etc/init.d/pbr.init
* add files/etc/uci-defaults/91-pbr-iptables to help update from older OpenWrt
* add files/etc/uci-defaults/91-pbr-nft to help update from older OpenWrt
* update files/etc/uci-defaults/91-pbr-netifd to only add tables to supported ifaces
* re-organize variants in the Makefile so that they hopefull work this time
* update prerm for all variants for better user experience
* update the -netifd prerm to remove leftofver entries from network and rt_tables file
In the init script:
* add decorations for netifd-interfaces related operations (blue ticks)
* add rtTablesFile variables instead of hard-coding the rt_tables file
* add function to check if the table is netifd-derived
* add error messages/hints for failed interface setup and failed WAN discovery
* make cleanup_rt_tables the netifd-compatible
* streamline interface_process function with a clearer case statement
* rename the interface_process `pre-init` option to `pre_init` to conform to the other
functions options naming style
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Fri, 12 Apr 2024 20:39:51 +0000 (13:39 -0700)]
Merge pull request #23872 from stangri/master-adblock-fast
adblock-fast: improve Makefile's prerm
krant [Fri, 12 Apr 2024 03:54:15 +0000 (06:54 +0300)]
minicom: update to 2.9
- Refresh the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Stijn Tintel [Fri, 12 Apr 2024 08:36:20 +0000 (11:36 +0300)]
Merge pull request #23832 from chommik/softflowd_add_b_option
softflowd: add '-b' option to config
krant [Fri, 12 Apr 2024 02:54:50 +0000 (05:54 +0300)]
whois: update to 5.5.22
- Don't override PKG_BUILD_DIR since tarball is now properly constructed
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 11 Apr 2024 19:17:21 +0000 (22:17 +0300)]
libevdev: update to 1.13.1
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Thu, 11 Apr 2024 19:13:44 +0000 (22:13 +0300)]
libdeflate: update to 1.20
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Rafal Macyszyn [Mon, 1 Apr 2024 18:50:49 +0000 (20:50 +0200)]
softflowd: add '-b' option to config
- add '-b' option to enable bidirectional flow probing
Signed-off-by: Rafal Macyszyn <rafal@v92.pl>
Christian Marangi [Thu, 11 Apr 2024 10:54:28 +0000 (12:54 +0200)]
devel: gcc: refresh patches
Refresh patches with make package/gcc/refresh by tweaking the
GCC_VERSION to refresh every supported version.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Sat, 6 Apr 2024 23:28:22 +0000 (01:28 +0200)]
devel: gcc: add support for GCC 13
Add support for GCC 13 and take patches from openwrt main repo.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Sat, 6 Apr 2024 23:26:37 +0000 (01:26 +0200)]
devel: gcc: add missing RISCV patches for GCC 12
Add missing RISCV patches for GCC 12 from openwrt toolchain GCC.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Sat, 6 Apr 2024 23:24:13 +0000 (01:24 +0200)]
devel: gcc: align patches structure to openwrt toolchain GCC
Align patches structure to openwrt toolchain GCC to make it easier to
maintain them and reduce patch delta on GCC update.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Yousong Zhou [Tue, 9 Apr 2024 00:08:33 +0000 (00:08 +0000)]
pppossh: add option peer_pppd_options
This can be useful for things like making the interface on the peer side
fixed with value like `ifname xx`
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Stan Grishin [Wed, 10 Apr 2024 23:56:43 +0000 (23:56 +0000)]
adblock-fast: improve Makefile's prerm
* improve output of Makefile's prerm routines
Signed-off-by: Stan Grishin <stangri@melmac.ca>
krant [Wed, 10 Apr 2024 08:49:25 +0000 (11:49 +0300)]
libdrm: update to 2.4.120
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 10 Apr 2024 09:09:00 +0000 (12:09 +0300)]
pixman: update to 0.43.4
- Use HTTPS for project URL
- Drop obsolete patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 10 Apr 2024 12:40:27 +0000 (15:40 +0300)]
qemu: update to 8.2.2
- Use HTTPS for URLs
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 10 Apr 2024 12:33:32 +0000 (15:33 +0300)]
imagemagick: update to 7.1.1.30
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 10 Apr 2024 08:46:08 +0000 (11:46 +0300)]
libpciaccess: update to 0.18.1
- Use Meson build system
- Drop upstreamed patch
- Update project URL
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 7 Apr 2024 21:06:07 +0000 (00:06 +0300)]
pciutils: update to 3.12.0
- Refresh patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 7 Apr 2024 14:26:05 +0000 (17:26 +0300)]
c-ares: update to 1.28.1
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Wed, 10 Apr 2024 12:36:47 +0000 (15:36 +0300)]
libarchive: update to 3.7.3
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
David Andreoletti [Wed, 10 Apr 2024 08:33:31 +0000 (16:33 +0800)]
mosquitto: support anonymous user per listener
Signed-off-by: David Andreoletti <david@andreoletti.net>
Peter van Dijk [Fri, 5 Apr 2024 11:16:30 +0000 (13:16 +0200)]
dnsdist: update to 1.9.3
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Alexandru Ardelean [Tue, 9 Apr 2024 05:28:18 +0000 (08:28 +0300)]
Merge pull request #23838 from krant/openblas
openblas: update to 0.3.27
Alexandru Ardelean [Tue, 9 Apr 2024 05:27:46 +0000 (08:27 +0300)]
Merge pull request #23837 from krant/numpy
numpy: update to 1.26.4
krant [Mon, 8 Apr 2024 07:48:08 +0000 (10:48 +0300)]
graphicsmagick: update to 1.3.43
- Set project URL to HTTP since HTTPS one is broken
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Josef Schlehofer [Mon, 8 Apr 2024 12:27:55 +0000 (14:27 +0200)]
Merge pull request #23824 from JiaY-shi/go
golang: update to 1.22.2
Florian Eckert [Mon, 8 Apr 2024 08:43:09 +0000 (10:43 +0200)]
Merge pull request #23723 from findlayfeng/fix_proto-bonding
proto-bonding: Modify ipaddr as optional
Rosen Penev [Sun, 7 Apr 2024 23:14:28 +0000 (16:14 -0700)]
acpica-unix: update to
20240321
Remove PKG_CAT. No need for it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 8 Apr 2024 03:59:42 +0000 (20:59 -0700)]
ola: update to 0.10.9
Use local tarballs instead of codeload. Smaller size.
Patch ola.m4 to support statically linked protobuf. Avoids rpath hacks.
Remove upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 8 Apr 2024 03:48:32 +0000 (20:48 -0700)]
protobuf: don't use shared libraries for host
Avoids needing to handle rpath.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Robert Marko [Sun, 7 Apr 2024 22:03:57 +0000 (00:03 +0200)]
treewide: refresh missed hashes after move to use ZSTD as default
This is a follow-up on the previous treewide refresh of hashes after move
to ZSTD by default for compressing tarballs, as it seems that somehow
CHECK_ALL missed couple of packages.
Fixes: 272f55e87f07 ("treewide: refresh hashes after move to use ZSTD as default")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Adam Duskett [Thu, 4 Apr 2024 20:31:54 +0000 (14:31 -0600)]
ovpn-dco: bump version to 0.2.
20240320
Fixes builds against kernel 6.6
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
Daniel Golle [Thu, 4 Apr 2024 02:36:39 +0000 (03:36 +0100)]
exim: update to 4.97.1
IPv6 has accidentally been disabled in all Exim builds since the
package was introduced in OpenWrt due to a faulty `sed` script. This
has now been fixed, so beware that IPv6 is now enabled when updating
from previous releases.
Upstream changes since version 4.96.2 (bottom up):
JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
LF-only mode (as detected from the first header line). Previously we did
accept that in (normal) CRLF mode; this has been raised as a possible
attack scenario (under the name "smtp smuggling", CVE-2023-51766).
JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
SMTP connection" log lines.
JH/02 Option default value updates:
- queue_fast_ramp (main) true (was false)
- remote_max_parallel (main) 4 (was 2)
JH/03 Cache static regex pattern compilations, for use by ACLs.
JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/05 Follow symlinks for placing a watch on TLS creds files. This means
(under Linux) we watch the dir containing the final file; previously
it would be the dir with the first symlink. We still do not monitor
the entire path.
JH/06 Check for bad chars in rDNS for sender_host_name. The OpenBSD (at least)
dn_expand() is happy to pass them through.
JH/07 OpenSSL Fix auto-reload of changed server OCSP proof. Previously, if
the file with the proof had an unchanged name, the new proof(s) were
loaded on top of the old ones (and nover used; the old ones were stapled).
JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
more than one message arrived in a single connection a reference from
the earlier message could be re-used. Often a sigsegv resulted.
These variables were introduced in Exim 4.87.
Debug help from Graeme Fowler.
JH/09 Fix ${filter } for conditions that modify $value. Previously the
modified version would be used in construction the result, and a memory
error would occur.
JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
Find and fix by Jasen Betts.
JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
than TLSv1,2, Previously, more-recent versions of OpenSSL were permitting
the systemwide configuration to override the Exim config.
HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
API changes in libopendmarc.
JH/12 Bug 2930: Fix daemon startup. When started from any process apart from
pid 1, in the normal "background daemon" mode, having to drop process-
group leadership also lost track of needing to create listener sockets.
JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
resulted in the variable appearing empty. Find and fix by Ruben Jenster.
JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
a capture group which obtained no text (eg. "(abc)*" matching zero
occurrences) could cause a segfault if the corresponding $<n> was
expanded.
JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
included a close-brace character (eg. it itself used an expansion) an
error occurred.
JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
starting TLS. Previously it was after, meaning that attackers on such
ports had to be screened using the host_reject_connection main config
option. The new sequence aligns better with the STARTTLS behaviour, and
permits defences against crypto-processing load attacks, even though it
is strictly an incompatible change.
Also, avoid sending any SMTP fail response for either the connect ACL
or host_reject_connection, for TLS-on-connect ports.
JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
Previously this was not permitted, but it makes reasonable sense.
While there, restore a restriction on using it from a connect ACL; given
the change JH/16 it could only return false (and before 4.91 was not
permitted).
JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line
was exactly sized compared to the log buffer, a crash occurred with the
misleading message "bad memory reference; pool not found".
Found and traced by Jasen Betts.
JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
dns_again_means_nonexist included an element causing a DNS lookup which
itself returned DNS_AGAIN, unbounded recursion occurred. Possible results
included (though probably not limited to) a process crash from stack
memory limit, or from excessive open files. Replace this with a paniclog
whine (as this is likely a configuration error), and returning
DNS_NOMATCH.
JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously
this always failed, probably leading to the usual downgrade to in-clear
connections.
JH/21 Fix TLSA lookups. Previously dns_again_means_nonexist would affect
SERVFAIL results, which breaks the downgrade resistance of DANE. Change
to not checking that list for these lookups.
JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
closure log lines.
JH/23 Fix crash in string expansions. Previously, if an empty variable was
immediately followed by an expansion operator, a null-indirection read
was done, killing the process.
JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
include an SMTP response string which is longer than that supported
by the delivering transport. Alleviate by wrapping such lines before
column 80.
JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
chars (RFC limit). Previously a limit of 12 items was made, which with
a not-impossible References: in the message being bounced could still
be over-large and get stopped in the transport.
JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
close. Previously a bare socket close was done.
JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day
every 1024 days.
JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the
message being considered for delivery was already being handled by
another process, and having an SMTP connection already open, the function
to close it tried to use an uninitialized variable. This would afftect
high-volume sites more, especially when running mailing-list-style loads.
Pollution of logs was the major effect, as the other process delivered
the message. Found and partly investigated by Graeme Fowler.
JH/29 Change format of the internal ID used for message identification. The old
version only supported 31 bits for a PID element; the new 64 (on systems
which can use Base-62 encoding, which is all currently supported ones
but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
and must use Base-36). The new ID is 23 characters rather than 16, and is
visible in various places - notably logs, message headers, and spool file
names. Various of the ancillary utilities also have to know the format.
As well as the expanded PID portion, the sub-second part of the time
recorded in the ID is expanded to support finer precision. Theoretically
this permits a receive rate from a single comms channel of better than the
previous 2000/sec.
The major timestamp part of the ID is not changed; at 6 characters it is
usable until about year 3700.
Updating from previously releases is fully supported: old-format spool
files are still usable, and the utilities support both formats. New
message will use the new format. The one hints-DB file type which uses
message-IDs (the transport wait- DB) will be discarded if an old-format ID
is seen; new ones will be built with only new-format IDs.
Optionally, a utility can be used to convert spool files from old to new,
but this is only an efficiency measure not a requirement for operation
Downgrading from new to old requires running a provided utility, having
first stopped all operations. This will convert any spool files from new
back to old (losing time-precision and PID information) and remove any
wait- hints databases.
JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
we treated them as item separators when parsing for a list item, but they
need to be protected by the doublequotes. While there, add handling for
backslashes.
JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
Found and fixed by Jasen Betts. No testcase for this as my usual text
editor insists on emitting only valid UTF-8.
JH/32 Fix "tls_dhparam = none" under GnuTLS. At least with 3.7.9 this gave
a null-indirection SIGSEGV for the receive process.
JH/33 Fix free for live variable $value created by a ${run ...} expansion during
-bh use. Internal checking would spot this and take a panic.
JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
In 4.96 this would expand to empty.
JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
certificate. Find and fix by Andreas Metzler.
JH/36 Add ARC info to DMARC hostory records.
JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
or fakedefer. Previously the sender could discover that the message
had in fact been accepted.
JH/38 Taint-track intermediate values from the peer in multi-stage authentation
sequences. Previously the input was not noted as being tainted; notably
this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
bad coding of authenticators.
JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
and ${tr...}. Found and diagnosed by Heiko Schlichting.
JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
krant [Sun, 7 Apr 2024 15:01:18 +0000 (18:01 +0300)]
hwdata: update to 0.381
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
源 文雨 [Sun, 7 Apr 2024 15:37:22 +0000 (15:37 +0000)]
base16384: bump to version 2.3.1
Signed-off-by: 源 文雨 <fumiama@foxmail.com>
Tan Zien [Sat, 6 Apr 2024 15:05:17 +0000 (23:05 +0800)]
glib2: link libiconv when building host pkg
some compile error happens when building.
Linking to libiconv-full fixes this.
refer to: https://github.com/openwrt/openwrt/commit/
63dd14b906e9eb27bc878b95ac6777a3624b1135
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
krant [Sun, 7 Apr 2024 14:17:43 +0000 (17:17 +0300)]
libpng: update to 1.6.43
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 7 Apr 2024 20:34:38 +0000 (23:34 +0300)]
openblas: update to 0.3.27
- Add ONLY_CBLAS make flag to skip tests (fixes x86 builds)
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
krant [Sun, 7 Apr 2024 14:04:37 +0000 (17:04 +0300)]
numpy: update to 1.26.4
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Robert Marko [Sat, 6 Apr 2024 10:47:54 +0000 (12:47 +0200)]
treewide: refresh hashes after move to use ZSTD as default
With the recent move to using ZSTD as the default compression format
for packaging git repo clones we must refresh all of the hashes for
the packages feed as well.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Hirokazu MORIKAWA [Sun, 7 Apr 2024 02:34:45 +0000 (11:34 +0900)]
node: April 3, 2024 Security Releases
This is a security release
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Josef Schlehofer [Sun, 7 Apr 2024 07:41:44 +0000 (09:41 +0200)]
Merge pull request #23831 from jonasjelonek/croc-9.6.15
croc: update to 9.6.15
Rosen Penev [Fri, 29 Mar 2024 22:29:28 +0000 (15:29 -0700)]
libmad: fix PKG_VERSION after apk change
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jonas Jelonek [Sat, 6 Apr 2024 20:33:58 +0000 (22:33 +0200)]
croc: update to 9.6.15
changelogs:
9.6.13: https://github.com/schollz/croc/releases/tag/v9.6.13
9.6.14: https://github.com/schollz/croc/releases/tag/v9.6.14
9.6.15: https://github.com/schollz/croc/releases/tag/v9.6.15
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Hannu Nyman [Sat, 6 Apr 2024 18:35:15 +0000 (21:35 +0300)]
ttymidi-sysex: refresh dirty patch
CI in PR #23827 noticed a dirty patch in ttymidi-sysex.
Refresh the patch.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Andrea Pesaresi [Sat, 6 Apr 2024 12:18:32 +0000 (14:18 +0200)]
ksmbd-tools: update to version 3.5.2
Major changes are:
- Add durable handles parameter to ksmbd.conf.
- Add payload_sz in ksmbd_share_config_response to validate ipc
response.
- Fix UAF and cleanups.
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Christian Marangi [Sat, 6 Apr 2024 15:01:10 +0000 (17:01 +0200)]
nginx: add patch to fix compilation error on mips targets
Add patch to fix compilation error on mips targets. This was triggered
after enabling LTO. It was discovered that -fPIC is enabled on building
dynamic modules in CFLAGS but was missing on linking them. This patch
adds the missing -fPIC also on linking.
Fixes: 3b13b08ad98d ("nginx: Fix compilation with LTO")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
projects / feed / packages.git / log