feed/packages.git
6 days agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 14 Nov 2024 08:59:55 +0000 (16:59 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d76d51a4b826588e09404515fbaf19f3f4442a62)

6 days agov2ray-geodata: Update to latest version
Tianling Shen [Sat, 2 Nov 2024 11:19:10 +0000 (19:19 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5fb541f00f0ef9dd10793c40d0418809647105ba)

6 days agoxray-core: Update to 24.11.21
Tianling Shen [Thu, 28 Nov 2024 07:02:17 +0000 (15:02 +0800)]
xray-core: Update to 24.11.21

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3d05b2c1a9f3f631670e292f494c3525eba0c61a)

6 days agoxray-core: Update to 24.11.11
Tianling Shen [Thu, 14 Nov 2024 08:59:29 +0000 (16:59 +0800)]
xray-core: Update to 24.11.11

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 41457908b83d32c4b1037ab99a82f59456fc0e22)

6 days agomicrosocks: backport upstream fixes
Tianling Shen [Wed, 4 Dec 2024 05:33:13 +0000 (13:33 +0800)]
microsocks: backport upstream fixes

Fix segmentation fault with newer musl and improve throughput.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 77a7324de54e175029fa7ad051a3a17d1806e03e)

6 days agomicrosocks: update to 1.0.4
Ozan Göktan [Sun, 10 Mar 2024 13:39:46 +0000 (14:39 +0100)]
microsocks: update to 1.0.4

Signed-off-by: Ozan Göktan <ozan@goktan.site>
(cherry picked from commit 544e4a90619bc6bf39a6845d8e5b7b3c0b2e160a)

8 days agoksmbd-tools: update to version 3.5.3
Andrea Pesaresi [Sat, 7 Dec 2024 09:29:09 +0000 (10:29 +0100)]
ksmbd-tools: update to version 3.5.3

- manually refresh patch 030-glib.patch

Major changes are:
    fix adduser / addshare prompting on musl libc
    fix use of veto files as global share parameter
    lookup primary group and don't recurse in ksmbd.conf @group handling
    fix a leak and an intermittent auth failure in Kerberos 5
    add global parameter kerberos support

detailed changelog here: https://github.com/cifsd-team/ksmbd-tools/releases/tag/3.5.3

Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
(cherry picked from commit 5b058c9949b3e3adcbc35347aa1acc40c3442e2c)

8 days agoksmbd-tools: update to version 3.5.2
Andrea Pesaresi [Sat, 6 Apr 2024 12:18:32 +0000 (14:18 +0200)]
ksmbd-tools: update to version 3.5.2

Major changes are:
 - Add durable handles parameter to ksmbd.conf.
 - Add payload_sz in ksmbd_share_config_response to validate ipc
   response.
 - Fix UAF and cleanups.

Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
(cherry picked from commit 9cf0eae9bca7447354bcb96759f213ae407c9532)

8 days agolibdeflate: update to 1.22
Gábor Deé [Mon, 28 Oct 2024 13:49:40 +0000 (14:49 +0100)]
libdeflate: update to 1.22

Release note:
https://github.com/ebiggers/libdeflate/blob/master/NEWS.md#version-122

Signed-off-by: Gábor Deé <dee.gabor@gmail.com>
9 days agozerotier: update to 1.14.1
Moritz Warning [Wed, 18 Sep 2024 09:59:52 +0000 (11:59 +0200)]
zerotier: update to 1.14.1

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 660b10f0dc9ca81ec2f7b9f7d30ba1a745925d77)

9 days agozerotier: split configuration
Óscar García Amor [Mon, 12 Aug 2024 19:20:56 +0000 (21:20 +0200)]
zerotier: split configuration

Split configuration in global and per-network sections.
This change breaks existing configurations.

The following per-network settings are available:

* allow_managed
* allow_global
* allow_default
* allow_dns

See  https://docs.zerotier.com/config/#network-specific-configuration

Signed-off-by: Óscar García Amor <contact@ogarcia.me>
Reviewed-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 5af81638787a1dd1f057bc238bc243225110607f)

9 days agozerotier: update to 1.14.0
Moritz Warning [Mon, 6 May 2024 20:50:36 +0000 (22:50 +0200)]
zerotier: update to 1.14.0

Includes refreshed patches.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit cf6fef36b44de2c9d1b7910f6afd43e0c6ee946c)

10 days agoadblock-fast: bugfix: dnsmasq instances confdir hack
Stan Grishin [Fri, 6 Dec 2024 03:10:08 +0000 (03:10 +0000)]
adblock-fast: bugfix: dnsmasq instances confdir hack

* temporary hack until https://github.com/openwrt/openwrt/pull/16806 is merged

Signed-off-by: Stan Grishin <stangri@melmac.ca>
12 days agoiperf3: fix crashing with musl
Rosen Penev [Wed, 20 Nov 2024 23:21:43 +0000 (15:21 -0800)]
iperf3: fix crashing with musl

Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 9c9f4dd08875c77e145e834b939d0c40c043db60)

12 days agoiperf3: explicitly disable SCTP
Aleksey Vasilenko [Mon, 23 Sep 2024 20:13:51 +0000 (23:13 +0300)]
iperf3: explicitly disable SCTP

Since https://github.com/openwrt/openwrt/commit/3fa5ee0b28b736c5d06af34ed5c3e80f78235fe8
OpenWrt no longer disables SCTP support by default.
It caused the leak of libsctp dependency to iperf3.
Here we disable it explicitly to fix the build.

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit 6c1ce8ccc78f1b34ade513aa134962eb143826f9)

2 weeks agoruby: update to 3.2.6
Luiz Angelo Daros de Luca [Sun, 1 Dec 2024 20:18:01 +0000 (17:18 -0300)]
ruby: update to 3.2.6

Ruby 3.2.6 is a minor bug fix release.

Link: https://github.com/ruby/ruby/releases/tag/v3_2_6
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2 weeks agophp8: update to 8.2.26
Michael Heimpold [Sat, 30 Nov 2024 20:11:22 +0000 (21:11 +0100)]
php8: update to 8.2.26

This fixes:
    - CVE-2024-8929
    - CVE-2024-8932
    - CVE-2024-11233
    - CVE-2024-11234
    - CVE-2024-11236

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.26

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 weeks agoyggdrasil: bump to 0.5.10
George Iv [Sun, 24 Nov 2024 20:49:27 +0000 (15:49 -0500)]
yggdrasil: bump to 0.5.10

Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit 4ee4b22e431ca3c27c1ab26dc0daba5ca6198443)

2 weeks agoadblock: update 4.2.3-2
Dirk Brenken [Tue, 26 Nov 2024 06:00:22 +0000 (07:00 +0100)]
adblock: update 4.2.3-2

* correctly parse json objects with hyphens in the autodetection functions

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 823633c0e60ad9efb3afe9c4e63b34c93fa55f7c)

2 weeks agoadblock: release 4.2.3-1
Dirk Brenken [Sat, 23 Nov 2024 21:15:00 +0000 (22:15 +0100)]
adblock: release 4.2.3-1

* optimized procd settings for better performance
* reworked autodetection functions (still broken in master due to apk migration)
* made the tld function optional, set 'adb_tld' accordingly (enabled by default)
* reworked count function
* various code improvements

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 8afc26fafbd913d829734ab22fc09abaf8874ae8)

2 weeks agobanIP: update 1.0.1-2
Dirk Brenken [Tue, 26 Nov 2024 06:05:24 +0000 (07:05 +0100)]
banIP: update 1.0.1-2

* correctly parse json objects with hyphens in the autodetection function

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3140259fc68952355b62a364a97527003adaf1fe)

2 weeks agobanIP: release 1.0.1-1
Dirk Brenken [Sun, 24 Nov 2024 14:44:20 +0000 (15:44 +0100)]
banIP: release 1.0.1-1

* optimized procd settings for better performance
* made the log monitor working again (even on master with apk migration issues)
* reworked the fetch autodetection function (still broken in master due to apk migration)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 8609a5bbe5b999045dcd9a10714d9e47e4359599)

2 weeks agobanIP: update to 1.0.0-10
Dirk Brenken [Sat, 16 Nov 2024 11:45:12 +0000 (12:45 +0100)]
banIP: update to 1.0.0-10

* minimal fix to support all download utilities in currently broken apk snapshots
  (see https://github.com/openwrt/openwrt/issues/16907 for details)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4f00d8f0ee66effd40ec7c56a5a9a7395a7a8d54)

2 weeks agodjango: bump to 4.2.16
Alexandru Ardelean [Tue, 26 Nov 2024 16:05:39 +0000 (18:05 +0200)]
django: bump to 4.2.16

Fixes a bunch of CVEs.
CVE-2024-45230
  https://nvd.nist.gov/vuln/detail/CVE-2024-45230

CVE-2024-45231
  https://nvd.nist.gov/vuln/detail/CVE-2024-45231

(And maybe a few more).

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
3 weeks agonode: bump to v18.20.5
Hirokazu MORIKAWA [Mon, 25 Nov 2024 07:11:08 +0000 (16:11 +0900)]
node: bump to v18.20.5

Notable Changes
  esm: mark import attributes and JSON module as stable (Nicolò Ribaudo)

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
3 weeks agoopenwisp-monitoring: align PKG_SOURCE_VERSION with PKG_VERSION
Gagan Deep [Thu, 21 Nov 2024 19:33:59 +0000 (01:03 +0530)]
openwisp-monitoring: align PKG_SOURCE_VERSION with PKG_VERSION

Previously, `PKG_SOURCE_VERSION` in the Makefile was incorrectly
set to `0.1.1` instead of tracking `PKG_VERSION`. This mismatch
caused compilation issues for the package.

This fix ensures `PKG_SOURCE_VERSION` dynamically aligns with
`PKG_VERSION` to prevent future discrepancies.

Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
3 weeks agoCI: multi-arch-test-build: move to shared workflow
Christian Marangi [Fri, 8 Nov 2024 18:36:52 +0000 (19:36 +0100)]
CI: multi-arch-test-build: move to shared workflow

Move multi-arch-test-build to shared workflow.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2a35a9cab226a43d5521b6356cb5e64a5b174df2)

4 weeks agoopenwisp-monitoring: allow not depending on rpcd-mod-iwinfo
Gagan Deep [Tue, 29 Oct 2024 15:51:55 +0000 (21:21 +0530)]
openwisp-monitoring: allow not depending on rpcd-mod-iwinfo

Add option to exclude rpcd-mod-iwinfo from dependency.

Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit ca503cc4054d9a13558c7b552886a6dba359a0eb)

4 weeks agoopenwisp-monitoring: fix Makefile for 0.2.0 update
Gagan Deep [Tue, 22 Oct 2024 16:58:46 +0000 (22:28 +0530)]
openwisp-monitoring: fix Makefile for 0.2.0 update

Commit 5e69da4ccb760da66f00f91e6cb2248ddcdabe5d upgraded openwisp-monitoring
to version 0.2.0 but missed necessary Makefile adjustments, causing the
package to break in OpenWrt feeds.

This patch updates the Makefile to ensure proper functionality of
openwisp-monitoring with the 0.2.0 release.

Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit 886b3fa36d0b82071b10d0169d6950b0aaa6f16c)

4 weeks agoopenwisp-config: fix Makefile for 1.1.0
Gagan Deep [Tue, 22 Oct 2024 11:25:23 +0000 (16:55 +0530)]
openwisp-config: fix Makefile for 1.1.0

Update configuration in Makefile to fix #25168.
Add "/etc/openwisp/" to conf files.

Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit 67d4fa3b05e0a8ee0724bc245d6eec318351876a)

5 weeks agorust: update to 1.81.0
Aleksey Vasilenko [Sat, 7 Sep 2024 16:50:23 +0000 (19:50 +0300)]
rust: update to 1.81.0

- Automatically refresh one patch
- Other patch is unchanged

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit 541060ee563a57ff5acbad4e55285ef86c5a9172)

7 weeks agozabbix: zabbix-agentd: depend on libevent2-pthreads
Yanase Yuki [Thu, 7 Mar 2024 08:15:22 +0000 (17:15 +0900)]
zabbix: zabbix-agentd: depend on libevent2-pthreads

zabbix-agentd requires libevent2-pthreads to build
correctly, so add it to DEPENDS.

Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit e61c3ea01cba8e29f6fef232b049c224255501ad)

7 weeks agomwan3: close flock fd when starting mwan3.user scripts
Florian Eckert [Mon, 29 Jul 2024 07:23:35 +0000 (09:23 +0200)]
mwan3: close flock fd when starting mwan3.user scripts

Fixes deadlock with multiple init script calls

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 619629ce85991fbb5aa8677ea076ab2de1043ba4)

7 weeks agoadblock: update to 4.2.2-8
Dirk Brenken [Sun, 27 Oct 2024 14:24:16 +0000 (15:24 +0100)]
adblock: update to 4.2.2-8

* get rid of remaining opkg calls and static adblock versioning
* fixed bind autodetection

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit e3217b54edd17a71edc3f8992ccb87b13222c84c)

7 weeks agotravelmate: update to 2.1.3-2
Dirk Brenken [Sat, 26 Oct 2024 21:21:26 +0000 (23:21 +0200)]
travelmate: update to 2.1.3-2

* fixed gathering/printing of system information in travelmate status
* make use of a central command selector function

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5af7612c515460ed5fa4903a580ccc8427e3163e)

7 weeks agoadblock: update to 4.2.2-7
Dirk Brenken [Sat, 26 Oct 2024 19:54:31 +0000 (21:54 +0200)]
adblock: update to 4.2.2-7

* fixed gathering/printing of system information in adblock status
* added missing hagezi category (samsung tracker)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit bbaa72d739368ef2131d4d7aca8ab626be6658b3)

7 weeks agobanIP: update to 1.0.0-9
Dirk Brenken [Sat, 26 Oct 2024 19:24:52 +0000 (21:24 +0200)]
banIP: update to 1.0.0-9

* fixed gathering/printing of system information in banIP status
* removed broken iblocklist.com feeds
* updated readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit fb19c1469654f39b3904accfb398bb88b884562b)

7 weeks agoi2pd: Update to 2.54.0
R4SAS I2P [Mon, 14 Oct 2024 18:12:02 +0000 (18:12 +0000)]
i2pd: Update to 2.54.0

* Updating package to 2.54.0
* Changed Makefile to install binary to /usr/bin (as in upstream)
* Updated init.rc script with new path

Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
(cherry picked from commit f28940ddedc6f9cd39b0825e56422c13b93e4c39)

2 months agopdns-recursor: update to 4.9.9
Peter van Dijk [Tue, 8 Oct 2024 11:10:00 +0000 (13:10 +0200)]
pdns-recursor: update to 4.9.9

fixes CVE-2024-25590

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
2 months agoopenwisp-monitoring: update to 0.2.0
Gagan Deep [Thu, 26 Sep 2024 21:49:58 +0000 (03:19 +0530)]
openwisp-monitoring: update to 0.2.0

Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit 4540a0abf8debf995bac9b76502909dc5f06647b)

2 months agoopenwisp-config: update to 1.1.0
Gagan Deep [Thu, 26 Sep 2024 21:40:02 +0000 (03:10 +0530)]
openwisp-config: update to 1.1.0

Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit af4a89482cff4fbdcb1281b6677c7a74e51c95ec)

2 months agosing-box: Update to 1.9.7
Milinda Brantini [Mon, 7 Oct 2024 15:21:27 +0000 (23:21 +0800)]
sing-box: Update to 1.9.7

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 91639e2e5dd129e4805f1ff801c4a7eb411a6ee0)

2 months agoxray-core: update to 24.9.30
Milinda Brantini [Thu, 3 Oct 2024 08:25:58 +0000 (16:25 +0800)]
xray-core: update to 24.9.30

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit caa09e5377050794be23af8e4bd079bbad137150)

2 months agobanIP: update to 1.0.0-8
Dirk Brenken [Fri, 11 Oct 2024 17:46:16 +0000 (19:46 +0200)]
banIP: update to 1.0.0-8

* supports comments (introduced with a #), for MAC addresses
  in the allow and block list, e.g. 26:5e:a0:6a:9c:da # Test
* added hagezi threat ip feed
* added an adguard logterm to the readme
* removed the broken talos feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 270e6f12644eb0ba3b1596cb73e267edf3980570)

2 months agoadblock: update to 4.2.2-6
Dirk Brenken [Thu, 10 Oct 2024 17:00:14 +0000 (19:00 +0200)]
adblock: update to 4.2.2-6

* fixed adblock status reporting
* optimized the mail template
* removed unanswered DNS requests from reporting
* various small fixes

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1294b54471e4bd17d1b3de9fc777ffa0ae9e429d)

2 months agodockerd: Update to 27.3.1
Milinda Brantini [Tue, 1 Oct 2024 09:24:56 +0000 (17:24 +0800)]
dockerd: Update to 27.3.1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit ade186898684bfe40beb3e7f3fab59ae5fe7938a)

2 months agodockerd: fix typo in config for no_proxy
Joe Zheng [Fri, 13 Sep 2024 09:01:31 +0000 (17:01 +0800)]
dockerd: fix typo in config for no_proxy

the "http_proxy" here should be "no_proxy"

Signed-off-by: Joe Zheng <joe.zheng@intel.com>
(cherry picked from commit dcea616c6134c0d1630174d2fff6a95ffcf60fe6)

2 months agodockerd: increase PKG_RELEASE for http proxy update
Tianling Shen [Fri, 13 Sep 2024 05:03:19 +0000 (13:03 +0800)]
dockerd: increase PKG_RELEASE for http proxy update

Fixes: e795bab25325 ("dockerd: add config options for http proxy")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 9ec663013beba8fe6800d8bfbd5b75c33e8f804a)

2 months agodockerd: add config options for http proxy
Joe Zheng [Fri, 6 Sep 2024 15:14:14 +0000 (23:14 +0800)]
dockerd: add config options for http proxy

add config options to set http porxy for dockerd, refer to
https://docs.docker.com/engine/daemon/proxy/ for details

use the *_proxy environment variable as the default value, so in most
cases, dockerd can use the system proxy settings just like opkg.

Signed-off-by: Joe Zheng <joe.zheng@intel.com>
(cherry picked from commit e795bab253253e260b61e156d5e5c00e8189cb98)

2 months agorunc: Update to 1.1.14
Milinda Brantini [Tue, 1 Oct 2024 10:12:50 +0000 (18:12 +0800)]
runc: Update to 1.1.14

This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
Add support for Go 1.23.
Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION.
rootfs: consolidate mountpoint creation logic.

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit c1e6edfa862e065caa6f8b3e9fd50d38d7ed57f5)

2 months agocontainerd: Update to 1.7.22
Milinda Brantini [Tue, 1 Oct 2024 09:24:00 +0000 (17:24 +0800)]
containerd: Update to 1.7.22

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit f49b8252e62885960261ffa07a1e8058bb1eb6a4)

2 months agodocker: Update to 27.3.1
Milinda Brantini [Tue, 1 Oct 2024 09:21:08 +0000 (17:21 +0800)]
docker: Update to 27.3.1

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 605fb1af62be3cf251749d58483087fde8e5c849)

2 months agodockerd: Update to 27.1.2
Milinda Brantini [Fri, 16 Aug 2024 15:21:20 +0000 (23:21 +0800)]
dockerd: Update to 27.1.2

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit a58474e8381d405357247b20e944f3a3318ea173)

2 months agodocker: Update to 27.1.2
Milinda Brantini [Fri, 16 Aug 2024 15:18:21 +0000 (23:18 +0800)]
docker: Update to 27.1.2

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit e0258ed7ea5be1200dad4826d5d6913db79c59e7)

2 months agophp8: update to 8.2.24
Michael Heimpold [Sat, 5 Oct 2024 14:40:23 +0000 (16:40 +0200)]
php8: update to 8.2.24

This fixes:
    - CVE-2024-8925
    - CVE-2024-8926
    - CVE-2024-8927
    - CVE-2024-9026

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.24

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 months agoecdsautils: update to 0.4.2
Matthias Schiffer [Wed, 9 Oct 2024 16:09:58 +0000 (18:09 +0200)]
ecdsautils: update to 0.4.2

1b53b726f3dc ecdsautils 0.4.2
554e2585efd9 sha256: fix misaligned buffer read in ecdsa_sha256_update()
8c17b073647f sha256: remove burnStack function

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit d57306298e55f372954856a7f49fd2294d6fae46)

2 months agohev-socks5-server: update to 2.6.8
Ray Wang [Sun, 6 Oct 2024 02:12:40 +0000 (10:12 +0800)]
hev-socks5-server: update to 2.6.8

Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit c99669e0887f0fac94c804bb7fd348ed9339d9eb)

2 months agopbr: bugfix for dns & tor policies
Stan Grishin [Sun, 6 Oct 2024 16:45:43 +0000 (16:45 +0000)]
pbr: bugfix for dns & tor policies

Signed-off-by: Stan Grishin <stangri@melmac.ca>
2 months agorclone: Update to 1.68.1
Tianling Shen [Thu, 3 Oct 2024 08:55:47 +0000 (16:55 +0800)]
rclone: Update to 1.68.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 86179f138a4c2f078d5412253aebc0578b8ab1e0)

2 months agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 3 Oct 2024 08:55:20 +0000 (16:55 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5fc567d198ac0ba8e821f1eb4e4c3b89b38e9fba)

2 months agobtop: Update to 1.4.0
Tianling Shen [Sat, 28 Sep 2024 07:46:14 +0000 (15:46 +0800)]
btop: Update to 1.4.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7e9ef57819a4adb2b17ee253569052e91f539600)

2 months agosing-box: Update to 1.9.6
Milinda Brantini [Mon, 23 Sep 2024 13:10:04 +0000 (21:10 +0800)]
sing-box: Update to 1.9.6

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 06eb251067537d576fee86f8471377239b5254fe)

2 months agosing-box: Update to 1.9.5
Milinda Brantini [Mon, 23 Sep 2024 13:09:09 +0000 (21:09 +0800)]
sing-box: Update to 1.9.5

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 500a8ab995a020a336948f058e7755efafff80e7)

2 months agodelve: update to 1.23.1
Aleksey Kolosov [Tue, 24 Sep 2024 08:44:50 +0000 (11:44 +0300)]
delve: update to 1.23.1

Signed-off-by: Aleksey Kolosov <softovick@gmail.com>
2 months agoadblock-fast: bugfixes and shellcheck update
Stan Grishin [Thu, 19 Sep 2024 16:14:35 +0000 (16:14 +0000)]
adblock-fast: bugfixes and shellcheck update

* BUGFIX: correctly identify available RAM
* BUGFIX: properly store remote list filesize in config
* shellcheck updates

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 4bdaea90d63ed12af4b513d833de64bac5f0f2b8)

2 months agobanIP: update to 1.0.0-7
Dirk Brenken [Fri, 20 Sep 2024 08:04:09 +0000 (10:04 +0200)]
banIP: update to 1.0.0-7

* fixed auto allow-/blocklist-issue with IPv6 addresses in CIDR notation
* removed edrop feed from readme (had been removed from feeds for a while)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit aeda25086e7797b403a4307d88716e66f3239504)

2 months agosoftflowd: add '-b' option to config
Rafal Macyszyn [Mon, 1 Apr 2024 18:50:49 +0000 (20:50 +0200)]
softflowd: add '-b' option to config

- add '-b' option to enable bidirectional flow probing

Signed-off-by: Rafal Macyszyn <rafal@v92.pl>
(cherry picked from commit 80b15f0b9e6135978a7d17543d4be5fd13481b1a)

2 months agosoftflowd: bump to 1.1.0
Stijn Tintel [Sat, 15 Jul 2023 16:03:30 +0000 (19:03 +0300)]
softflowd: bump to 1.1.0

The tag is now prefixed with v; update PKG_SOURCE_URL and PKG_BUILD_DIR
to reflect this.
Drop upstreamed patches. Refresh leftover patch.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 4bdf55d35248500efd41e5f7b61c428d3a22db85)

2 months agoadblock: update to 4.2.2-5
Dirk Brenken [Fri, 20 Sep 2024 03:57:24 +0000 (05:57 +0200)]
adblock: update to 4.2.2-5

* filter out unrelated multicast traffic from reporting

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3474adc309cf77fd9e461e964965cbcfc3c51620)

2 months agoadblock: update to 4.2.2-4
Dirk Brenken [Tue, 17 Sep 2024 19:31:46 +0000 (21:31 +0200)]
adblock: update to 4.2.2-4

* fixed wrongly detected NX domains in adblock reporting
* remove existing pcap files when restarting/stopping adblock
   to prevent problems when changing tcpdump parameters

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 180ee1321934cfd27d1245426f8fed3053a1cc66)

2 months agov2ray-geodata: Update to latest version
Tianling Shen [Thu, 19 Sep 2024 06:10:00 +0000 (14:10 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fecdb92b3ffa6c30a551bb4cbc79cc417f05be8e)

2 months agov2ray-core: Update to 5.18.0
Tianling Shen [Thu, 19 Sep 2024 06:09:39 +0000 (14:09 +0800)]
v2ray-core: Update to 5.18.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7eef7e36e91b4e39a226a479a9702b22f3880b39)

2 months agov2ray-core: Update to 5.17.1
Tianling Shen [Sat, 31 Aug 2024 03:08:25 +0000 (11:08 +0800)]
v2ray-core: Update to 5.17.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a2d87d2658161d0fd265986a0bc9922fe908f3dc)

2 months agov2ray-core: update to 5.16.1
Tianling Shen [Thu, 9 May 2024 08:15:08 +0000 (16:15 +0800)]
v2ray-core: update to 5.16.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0c645cb6a6d643aabde2e4027b5bcf6802b6df66)

3 months agorclone: Update to 1.68.0
Tianling Shen [Tue, 10 Sep 2024 13:01:35 +0000 (21:01 +0800)]
rclone: Update to 1.68.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 59986cf970e5e5fdff1c579996ebb7eec7e05dbe)

3 months agotravelmate: update to 2.1.3-1
Dirk Brenken [Sat, 14 Sep 2024 11:48:27 +0000 (13:48 +0200)]
travelmate: update to 2.1.3-1

* fixed STA connection issues / restart the travelmate interface on new connections via ubus
* fixed NTP hotplug issues / trigger the NTP hotplug event via ubus
* fixed minor log issues (mail/hotplug)
* readme update

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 7f976e1602254ee4ae793b611abd596e607d26b3)

3 months agophp8: update to 8.2.23
Michael Heimpold [Thu, 5 Sep 2024 05:22:02 +0000 (07:22 +0200)]
php8: update to 8.2.23

Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.23

A minor adaption to a single patch is required.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
3 months agobanip: update 1.0.0-6
Dirk Brenken [Mon, 9 Sep 2024 19:07:22 +0000 (21:07 +0200)]
banip: update 1.0.0-6

* automatic blocking of IP ranges via RDAP request now supports multiple CIDRs
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b157e03e8024a2a32993688b0450cda9497deedd)

3 months agogg: Update to 0.2.19
Tianling Shen [Tue, 3 Sep 2024 12:02:07 +0000 (20:02 +0800)]
gg: Update to 0.2.19

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7ba22665d75f87083dc15a4dfe4abe4b1fd6ab99)

3 months agocloudflared: reload service if wan inferface has (re)connected
Tianling Shen [Sat, 31 Aug 2024 13:53:39 +0000 (21:53 +0800)]
cloudflared: reload service if wan inferface has (re)connected

Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 52037eb625a864c7e9b2b4e30b975bc5a8092192)
[based upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
3 months agonano: update to 8.2
Hannu Nyman [Thu, 5 Sep 2024 17:16:21 +0000 (20:16 +0300)]
nano: update to 8.2

Update nano editor to version 8.2

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 14a80bff16bcbc5768fee7eaf6eff7b445b78a19)

3 months agoglib2: update to 2.74.7 to fix several CVEs
Petr Štetiar [Thu, 22 Aug 2024 19:04:12 +0000 (19:04 +0000)]
glib2: update to 2.74.7 to fix several CVEs

Bump glib2 to 2.74.7 which fixes CVE-2023-29499, CVE-2023-32611,
CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 and on top of that
backport CVE-2024-34397 fix from Debian Bookworm glib2 package
2.74.6-2+deb12u2. While at it refresh the patches so they apply cleanly.

References: https://security-tracker.debian.org/tracker/source-package/glib2.0
Fixes: CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2024-34397
Signed-off-by: Petr Štetiar <ynezz@true.cz>
3 months agorust: update to 1.80.1
Luca Barbato [Tue, 13 Aug 2024 07:21:47 +0000 (07:21 +0000)]
rust: update to 1.80.1

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit d4416c2e6399a2c715d684c7b439a0ac4ff93e96)

3 months agorust: update to 1.80.0
Aleksey Vasilenko [Thu, 25 Jul 2024 13:25:01 +0000 (16:25 +0300)]
rust: update to 1.80.0

- Remove two upstreamed patches
- Manually refresh one patch
- Automatically refresh another patch

Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit 8d68f0b0dbb0d3f3929144507e28a449c67ea3ca)

3 months agoyq: Update to 4.44.3
Tianling Shen [Sat, 31 Aug 2024 03:06:36 +0000 (11:06 +0800)]
yq: Update to 4.44.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
3 months agoyq: Update to 4.44.1
Tianling Shen [Fri, 24 May 2024 14:05:55 +0000 (22:05 +0800)]
yq: Update to 4.44.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 78d0e1662961145b03c88e7181aeb93b855c9142)

3 months agoyq: Update to 4.43.1
Tianling Shen [Mon, 1 Apr 2024 07:59:34 +0000 (15:59 +0800)]
yq: Update to 4.43.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab21adbbff2fa0376d454e52630def0c15db5320)

3 months agov2ray-geodata: Update to latest version
Tianling Shen [Sat, 31 Aug 2024 03:06:28 +0000 (11:06 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b9de33f106c61d150ca6c335e1d3a74bd150f769)

3 months agoxray-core: update to 1.8.24
Milinda Brantini [Fri, 30 Aug 2024 09:54:29 +0000 (17:54 +0800)]
xray-core: update to 1.8.24

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit 1c7bd8ba1d116466aba9192e8b589a40a3632df3)

3 months agoapfree-wifidog: update to 7.08.2035
Dengfeng Liu [Tue, 27 Aug 2024 11:09:58 +0000 (19:09 +0800)]
apfree-wifidog: update to 7.08.2035

https://github.com/liudf0716/apfree-wifidog/releases/tag/7.08.2035

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit 632d4ea93d2a3e9dd5c842bbbf1ffa7290987a5f)

3 months agoapfree-wifidog: modify wifidogx.init
Dengfeng Liu [Tue, 27 Aug 2024 11:06:07 +0000 (19:06 +0800)]
apfree-wifidog: modify wifidogx.init
1. to address the isssue of incomplement firwall rules
2. added support for gateway settings

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit d552c5733a3459466e5f2509f2ce681d413e0ede)

3 months agodhtd: udpate to 1.0.2
Moritz Warning [Tue, 6 Aug 2024 21:28:40 +0000 (23:28 +0200)]
dhtd: udpate to 1.0.2

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 3934cfdbdcda4d2a7508a2d3220e2088f889bb25)

3 months agodhtd: update to 1.0.1
Moritz Warning [Mon, 1 Jan 2024 15:37:10 +0000 (16:37 +0100)]
dhtd: update to 1.0.1

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit ed5e79644dbf5668558f28c980b2f10c52e8bce4)

3 months agocrowdsec-firewall-bouncer: new upstream release version 0.0.29
S. Brusch [Mon, 22 Jul 2024 16:20:39 +0000 (16:20 +0000)]
crowdsec-firewall-bouncer: new upstream release version 0.0.29

Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.4

Description:
 - updated to new upstream release version 0.0.29
 - added retry_initial_commit option to init script (by Quba1)
 - aligned namings in script with crowdsec-firewall-bouncer

Co-authored-by: Quba1 <22771850+Quba1@users.noreply.github.com>
(cherry picked from commit 5988abae10d9c20d87efe23a6ac5d8645aee51af)

3 months agosing-box: update to 1.9.4
Milinda Brantini [Mon, 19 Aug 2024 09:05:46 +0000 (17:05 +0800)]
sing-box: update to 1.9.4

Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit b788651e272ab7459ac9ea4298ada4cfe6d8aad0)

3 months agolxc: fix huge binary sizes by backporting upstream Meson dynlink fixes
Petr Štetiar [Mon, 29 Jul 2024 18:04:06 +0000 (18:04 +0000)]
lxc: fix huge binary sizes by backporting upstream Meson dynlink fixes

LXC after the switch to the Meson build system increased the binary sizes
significantly as each binary is basically static so shipping complete
liblxc which should be linked dynamically.

Upstream later fixed it with series of 10 commits and this fixes are
available in LXC release v6.0.0. Since we can't upstep to that release,
lets fix it by backporting those fixes only, basically making libxlc a
shared library again.

Package sizes before:

 384K lxc-user-nic_5.0.3-1_aarch64_cortex-a53.ipk
 383K lxc-ls_5.0.3-1_aarch64_cortex-a53.ipk
 382K lxc-top_5.0.3-1_aarch64_cortex-a53.ipk
 382K lxc-copy_5.0.3-1_aarch64_cortex-a53.ipk
 381K lxc-unshare_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-start_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-monitor_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-info_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-create_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-autostart_5.0.3-1_aarch64_cortex-a53.ipk
 380K lxc-attach_5.0.3-1_aarch64_cortex-a53.ipk
 379K lxc-execute_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-wait_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-usernsexec_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-unfreeze_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-stop_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-freeze_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-device_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-destroy_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-console_5.0.3-1_aarch64_cortex-a53.ipk
 378K lxc-cgroup_5.0.3-1_aarch64_cortex-a53.ipk
 376K liblxc_5.0.3-1_aarch64_cortex-a53.ipk
 375K lxc-config_5.0.3-1_aarch64_cortex-a53.ipk
 12K lxc-hooks_5.0.3-1_aarch64_cortex-a53.ipk
 11K lxc-templates_5.0.3-1_aarch64_cortex-a53.ipk
 3.7K lxc-checkconfig_5.0.3-1_aarch64_cortex-a53.ipk
 2.4K lxc-configs_5.0.3-1_aarch64_cortex-a53.ipk
 1.9K lxc-auto_5.0.3-1_aarch64_cortex-a53.ipk
 1.6K lxc-common_5.0.3-1_aarch64_cortex-a53.ipk
 1.2K lxc-unprivileged_5.0.3-1_aarch64_cortex-a53.ipk
 978 lxc_5.0.3-1_aarch64_cortex-a53.ipk

Sizes after:

 378K liblxc_5.0.3-2_aarch64_cortex-a53.ipk
 27K lxc-user-nic_5.0.3-2_aarch64_cortex-a53.ipk
 24K lxc-ls_5.0.3-2_aarch64_cortex-a53.ipk
 21K lxc-usernsexec_5.0.3-2_aarch64_cortex-a53.ipk
 21K lxc-top_5.0.3-2_aarch64_cortex-a53.ipk
 20K lxc-unshare_5.0.3-2_aarch64_cortex-a53.ipk
 20K lxc-copy_5.0.3-2_aarch64_cortex-a53.ipk
 20K lxc-attach_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-start_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-info_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-execute_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-device_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-create_5.0.3-2_aarch64_cortex-a53.ipk
 18K lxc-autostart_5.0.3-2_aarch64_cortex-a53.ipk
 17K lxc-destroy_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-wait_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-unfreeze_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-stop_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-freeze_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-console_5.0.3-2_aarch64_cortex-a53.ipk
 16K lxc-cgroup_5.0.3-2_aarch64_cortex-a53.ipk
 15K lxc-monitor_5.0.3-2_aarch64_cortex-a53.ipk
 13K lxc-config_5.0.3-2_aarch64_cortex-a53.ipk
 12K lxc-hooks_5.0.3-2_aarch64_cortex-a53.ipk
 11K lxc-templates_5.0.3-2_aarch64_cortex-a53.ipk
 3.7K lxc-checkconfig_5.0.3-2_aarch64_cortex-a53.ipk
 2.4K lxc-configs_5.0.3-2_aarch64_cortex-a53.ipk
 1.9K lxc-auto_5.0.3-2_aarch64_cortex-a53.ipk
 1.6K lxc-common_5.0.3-2_aarch64_cortex-a53.ipk
 1.1K lxc-unprivileged_5.0.3-2_aarch64_cortex-a53.ipk
 944 lxc_5.0.3-2_aarch64_cortex-a53.ipk

Sum of Package Sizes:

 Before: 8758.78K
 After:   814.64K

The total package size has decreased by approximately 90% after the fix.

References: https://github.com/lxc/lxc/pull/4401
Signed-off-by: Petr Štetiar <ynezz@true.cz>
3 months agoadblock: update to 4.2.2-3
Dirk Brenken [Tue, 20 Aug 2024 21:05:59 +0000 (23:05 +0200)]
adblock: update to 4.2.2-3

* bugfix: users reported unexpected side effects with  the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4803143a91a9d7d80e4ba584dbb4a5e5d4c4567f)

3 months agoadblock: update to 4.2.2-2
Dirk Brenken [Tue, 20 Aug 2024 14:02:26 +0000 (16:02 +0200)]
adblock: update to 4.2.2-2

* removal of a superfluous opkg code block (missed in the last commit)
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 9428ef4320919c66dc0759c97033f84c6bb9adb2)

3 months agoadblock: update to 4.2.2
Dirk Brenken [Sun, 18 Aug 2024 08:43:03 +0000 (10:43 +0200)]
adblock: update to 4.2.2

* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 34db79bcd584f2da9a64dd4c1e84f138e3e4f70b)

4 months agobind: bump to 9.18.28
Noah Meyerhans [Fri, 16 Aug 2024 18:26:08 +0000 (14:26 -0400)]
bind: bump to 9.18.28

Fixes CVEs:
- CVE-2024-1975: remove sig 0 support
- CVE-2024-4076: qctx-zversion was not being cleared when it should have been
  leading to an assertion failure if it needed to be reused.
- CVE-2024-1737: An excessively large number of rrtypes per owner can slow
  down database query processing, so a limit has been placed on the number of
  rrtypes that can be stored per owner (node) in a cache or zone database. This
  is configured with the new "max-rrtypes-per-name" option, and defaults to 100.
- CVE-2024-1737: Excessively large rdatasets can slow down database query
  processing, so a limit has been placed on the number of records that can be
  stored per rdataset in a cache or zone database. This is configured with the
  new "max-records-per-type" option, and defaults to 100.
- CVE-2024-0760: Malicious DNS client that sends many queries over TCP but
  never reads responses can cause server to respond slowly or not respond at
  all for other clients.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>