Stan Grishin [Fri, 6 Dec 2024 03:10:08 +0000 (03:10 +0000)]
adblock-fast: bugfix: dnsmasq instances confdir hack
* temporary hack until https://github.com/openwrt/openwrt/pull/16806 is merged
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Rosen Penev [Wed, 20 Nov 2024 23:21:43 +0000 (15:21 -0800)]
iperf3: fix crashing with musl
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
9c9f4dd08875c77e145e834b939d0c40c043db60)
Aleksey Vasilenko [Mon, 23 Sep 2024 20:13:51 +0000 (23:13 +0300)]
iperf3: explicitly disable SCTP
Since https://github.com/openwrt/openwrt/commit/
3fa5ee0b28b736c5d06af34ed5c3e80f78235fe8
OpenWrt no longer disables SCTP support by default.
It caused the leak of libsctp dependency to iperf3.
Here we disable it explicitly to fix the build.
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit
6c1ce8ccc78f1b34ade513aa134962eb143826f9)
Luiz Angelo Daros de Luca [Sun, 1 Dec 2024 20:18:01 +0000 (17:18 -0300)]
ruby: update to 3.2.6
Ruby 3.2.6 is a minor bug fix release.
Link: https://github.com/ruby/ruby/releases/tag/v3_2_6
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Michael Heimpold [Sat, 30 Nov 2024 20:11:22 +0000 (21:11 +0100)]
php8: update to 8.2.26
This fixes:
- CVE-2024-8929
- CVE-2024-8932
- CVE-2024-11233
- CVE-2024-11234
- CVE-2024-11236
Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.26
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
George Iv [Sun, 24 Nov 2024 20:49:27 +0000 (15:49 -0500)]
yggdrasil: bump to 0.5.10
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit
4ee4b22e431ca3c27c1ab26dc0daba5ca6198443)
Dirk Brenken [Tue, 26 Nov 2024 06:00:22 +0000 (07:00 +0100)]
adblock: update 4.2.3-2
* correctly parse json objects with hyphens in the autodetection functions
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
823633c0e60ad9efb3afe9c4e63b34c93fa55f7c)
Dirk Brenken [Sat, 23 Nov 2024 21:15:00 +0000 (22:15 +0100)]
adblock: release 4.2.3-1
* optimized procd settings for better performance
* reworked autodetection functions (still broken in master due to apk migration)
* made the tld function optional, set 'adb_tld' accordingly (enabled by default)
* reworked count function
* various code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
8afc26fafbd913d829734ab22fc09abaf8874ae8)
Dirk Brenken [Tue, 26 Nov 2024 06:05:24 +0000 (07:05 +0100)]
banIP: update 1.0.1-2
* correctly parse json objects with hyphens in the autodetection function
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
3140259fc68952355b62a364a97527003adaf1fe)
Dirk Brenken [Sun, 24 Nov 2024 14:44:20 +0000 (15:44 +0100)]
banIP: release 1.0.1-1
* optimized procd settings for better performance
* made the log monitor working again (even on master with apk migration issues)
* reworked the fetch autodetection function (still broken in master due to apk migration)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
8609a5bbe5b999045dcd9a10714d9e47e4359599)
Dirk Brenken [Sat, 16 Nov 2024 11:45:12 +0000 (12:45 +0100)]
banIP: update to 1.0.0-10
* minimal fix to support all download utilities in currently broken apk snapshots
(see https://github.com/openwrt/openwrt/issues/16907 for details)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
4f00d8f0ee66effd40ec7c56a5a9a7395a7a8d54)
Alexandru Ardelean [Tue, 26 Nov 2024 16:05:39 +0000 (18:05 +0200)]
django: bump to 4.2.16
Fixes a bunch of CVEs.
CVE-2024-45230
https://nvd.nist.gov/vuln/detail/CVE-2024-45230
CVE-2024-45231
https://nvd.nist.gov/vuln/detail/CVE-2024-45231
(And maybe a few more).
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Hirokazu MORIKAWA [Mon, 25 Nov 2024 07:11:08 +0000 (16:11 +0900)]
node: bump to v18.20.5
Notable Changes
esm: mark import attributes and JSON module as stable (Nicolò Ribaudo)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Gagan Deep [Thu, 21 Nov 2024 19:33:59 +0000 (01:03 +0530)]
openwisp-monitoring: align PKG_SOURCE_VERSION with PKG_VERSION
Previously, `PKG_SOURCE_VERSION` in the Makefile was incorrectly
set to `0.1.1` instead of tracking `PKG_VERSION`. This mismatch
caused compilation issues for the package.
This fix ensures `PKG_SOURCE_VERSION` dynamically aligns with
`PKG_VERSION` to prevent future discrepancies.
Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
Christian Marangi [Fri, 8 Nov 2024 18:36:52 +0000 (19:36 +0100)]
CI: multi-arch-test-build: move to shared workflow
Move multi-arch-test-build to shared workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
2a35a9cab226a43d5521b6356cb5e64a5b174df2)
Gagan Deep [Tue, 29 Oct 2024 15:51:55 +0000 (21:21 +0530)]
openwisp-monitoring: allow not depending on rpcd-mod-iwinfo
Add option to exclude rpcd-mod-iwinfo from dependency.
Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit
ca503cc4054d9a13558c7b552886a6dba359a0eb)
Gagan Deep [Tue, 22 Oct 2024 16:58:46 +0000 (22:28 +0530)]
openwisp-monitoring: fix Makefile for 0.2.0 update
Commit
5e69da4ccb760da66f00f91e6cb2248ddcdabe5d upgraded openwisp-monitoring
to version 0.2.0 but missed necessary Makefile adjustments, causing the
package to break in OpenWrt feeds.
This patch updates the Makefile to ensure proper functionality of
openwisp-monitoring with the 0.2.0 release.
Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit
886b3fa36d0b82071b10d0169d6950b0aaa6f16c)
Gagan Deep [Tue, 22 Oct 2024 11:25:23 +0000 (16:55 +0530)]
openwisp-config: fix Makefile for 1.1.0
Update configuration in Makefile to fix #25168.
Add "/etc/openwisp/" to conf files.
Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit
67d4fa3b05e0a8ee0724bc245d6eec318351876a)
Aleksey Vasilenko [Sat, 7 Sep 2024 16:50:23 +0000 (19:50 +0300)]
rust: update to 1.81.0
- Automatically refresh one patch
- Other patch is unchanged
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit
541060ee563a57ff5acbad4e55285ef86c5a9172)
Yanase Yuki [Thu, 7 Mar 2024 08:15:22 +0000 (17:15 +0900)]
zabbix: zabbix-agentd: depend on libevent2-pthreads
zabbix-agentd requires libevent2-pthreads to build
correctly, so add it to DEPENDS.
Signed-off-by: Yanase Yuki <dev@zpc.st>
(cherry picked from commit
e61c3ea01cba8e29f6fef232b049c224255501ad)
Florian Eckert [Mon, 29 Jul 2024 07:23:35 +0000 (09:23 +0200)]
mwan3: close flock fd when starting mwan3.user scripts
Fixes deadlock with multiple init script calls
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
619629ce85991fbb5aa8677ea076ab2de1043ba4)
Dirk Brenken [Sun, 27 Oct 2024 14:24:16 +0000 (15:24 +0100)]
adblock: update to 4.2.2-8
* get rid of remaining opkg calls and static adblock versioning
* fixed bind autodetection
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
e3217b54edd17a71edc3f8992ccb87b13222c84c)
Dirk Brenken [Sat, 26 Oct 2024 21:21:26 +0000 (23:21 +0200)]
travelmate: update to 2.1.3-2
* fixed gathering/printing of system information in travelmate status
* make use of a central command selector function
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
5af7612c515460ed5fa4903a580ccc8427e3163e)
Dirk Brenken [Sat, 26 Oct 2024 19:54:31 +0000 (21:54 +0200)]
adblock: update to 4.2.2-7
* fixed gathering/printing of system information in adblock status
* added missing hagezi category (samsung tracker)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
bbaa72d739368ef2131d4d7aca8ab626be6658b3)
Dirk Brenken [Sat, 26 Oct 2024 19:24:52 +0000 (21:24 +0200)]
banIP: update to 1.0.0-9
* fixed gathering/printing of system information in banIP status
* removed broken iblocklist.com feeds
* updated readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
fb19c1469654f39b3904accfb398bb88b884562b)
R4SAS I2P [Mon, 14 Oct 2024 18:12:02 +0000 (18:12 +0000)]
i2pd: Update to 2.54.0
* Updating package to 2.54.0
* Changed Makefile to install binary to /usr/bin (as in upstream)
* Updated init.rc script with new path
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
(cherry picked from commit
f28940ddedc6f9cd39b0825e56422c13b93e4c39)
Peter van Dijk [Tue, 8 Oct 2024 11:10:00 +0000 (13:10 +0200)]
pdns-recursor: update to 4.9.9
fixes CVE-2024-25590
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Gagan Deep [Thu, 26 Sep 2024 21:49:58 +0000 (03:19 +0530)]
openwisp-monitoring: update to 0.2.0
Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit
4540a0abf8debf995bac9b76502909dc5f06647b)
Gagan Deep [Thu, 26 Sep 2024 21:40:02 +0000 (03:10 +0530)]
openwisp-config: update to 1.1.0
Signed-off-by: Gagan Deep <pandafy.dev@gmail.com>
(cherry picked from commit
af4a89482cff4fbdcb1281b6677c7a74e51c95ec)
Milinda Brantini [Mon, 7 Oct 2024 15:21:27 +0000 (23:21 +0800)]
sing-box: Update to 1.9.7
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
91639e2e5dd129e4805f1ff801c4a7eb411a6ee0)
Milinda Brantini [Thu, 3 Oct 2024 08:25:58 +0000 (16:25 +0800)]
xray-core: update to 24.9.30
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
caa09e5377050794be23af8e4bd079bbad137150)
Dirk Brenken [Fri, 11 Oct 2024 17:46:16 +0000 (19:46 +0200)]
banIP: update to 1.0.0-8
* supports comments (introduced with a #), for MAC addresses
in the allow and block list, e.g. 26:5e:a0:6a:9c:da # Test
* added hagezi threat ip feed
* added an adguard logterm to the readme
* removed the broken talos feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
270e6f12644eb0ba3b1596cb73e267edf3980570)
Dirk Brenken [Thu, 10 Oct 2024 17:00:14 +0000 (19:00 +0200)]
adblock: update to 4.2.2-6
* fixed adblock status reporting
* optimized the mail template
* removed unanswered DNS requests from reporting
* various small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
1294b54471e4bd17d1b3de9fc777ffa0ae9e429d)
Milinda Brantini [Tue, 1 Oct 2024 09:24:56 +0000 (17:24 +0800)]
dockerd: Update to 27.3.1
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
ade186898684bfe40beb3e7f3fab59ae5fe7938a)
Joe Zheng [Fri, 13 Sep 2024 09:01:31 +0000 (17:01 +0800)]
dockerd: fix typo in config for no_proxy
the "http_proxy" here should be "no_proxy"
Signed-off-by: Joe Zheng <joe.zheng@intel.com>
(cherry picked from commit
dcea616c6134c0d1630174d2fff6a95ffcf60fe6)
Tianling Shen [Fri, 13 Sep 2024 05:03:19 +0000 (13:03 +0800)]
dockerd: increase PKG_RELEASE for http proxy update
Fixes: e795bab25325 ("dockerd: add config options for http proxy")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
9ec663013beba8fe6800d8bfbd5b75c33e8f804a)
Joe Zheng [Fri, 6 Sep 2024 15:14:14 +0000 (23:14 +0800)]
dockerd: add config options for http proxy
add config options to set http porxy for dockerd, refer to
https://docs.docker.com/engine/daemon/proxy/ for details
use the *_proxy environment variable as the default value, so in most
cases, dockerd can use the system proxy settings just like opkg.
Signed-off-by: Joe Zheng <joe.zheng@intel.com>
(cherry picked from commit
e795bab253253e260b61e156d5e5c00e8189cb98)
Milinda Brantini [Tue, 1 Oct 2024 10:12:50 +0000 (18:12 +0800)]
runc: Update to 1.1.14
This is the fourteenth patch release in the 1.1.z release branch of
runc. It includes a fix for a low severity security issue
(CVE-2024-45310) as well as some minor build-related fixes (including Go
1.23 support).
Fix CVE-2024-45310, a low-severity attack that allowed
maliciously configured containers to create empty files and directories on
the host.
Add support for Go 1.23.
Revert "allow overriding VERSION value in Makefile" and add EXTRA_VERSION.
rootfs: consolidate mountpoint creation logic.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
c1e6edfa862e065caa6f8b3e9fd50d38d7ed57f5)
Milinda Brantini [Tue, 1 Oct 2024 09:24:00 +0000 (17:24 +0800)]
containerd: Update to 1.7.22
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
f49b8252e62885960261ffa07a1e8058bb1eb6a4)
Milinda Brantini [Tue, 1 Oct 2024 09:21:08 +0000 (17:21 +0800)]
docker: Update to 27.3.1
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
605fb1af62be3cf251749d58483087fde8e5c849)
Milinda Brantini [Fri, 16 Aug 2024 15:21:20 +0000 (23:21 +0800)]
dockerd: Update to 27.1.2
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
a58474e8381d405357247b20e944f3a3318ea173)
Milinda Brantini [Fri, 16 Aug 2024 15:18:21 +0000 (23:18 +0800)]
docker: Update to 27.1.2
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
e0258ed7ea5be1200dad4826d5d6913db79c59e7)
Michael Heimpold [Sat, 5 Oct 2024 14:40:23 +0000 (16:40 +0200)]
php8: update to 8.2.24
This fixes:
- CVE-2024-8925
- CVE-2024-8926
- CVE-2024-8927
- CVE-2024-9026
Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.24
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Matthias Schiffer [Wed, 9 Oct 2024 16:09:58 +0000 (18:09 +0200)]
ecdsautils: update to 0.4.2
1b53b726f3dc ecdsautils 0.4.2
554e2585efd9 sha256: fix misaligned buffer read in ecdsa_sha256_update()
8c17b073647f sha256: remove burnStack function
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
d57306298e55f372954856a7f49fd2294d6fae46)
Ray Wang [Sun, 6 Oct 2024 02:12:40 +0000 (10:12 +0800)]
hev-socks5-server: update to 2.6.8
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
c99669e0887f0fac94c804bb7fd348ed9339d9eb)
Stan Grishin [Sun, 6 Oct 2024 16:45:43 +0000 (16:45 +0000)]
pbr: bugfix for dns & tor policies
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Tianling Shen [Thu, 3 Oct 2024 08:55:47 +0000 (16:55 +0800)]
rclone: Update to 1.68.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
86179f138a4c2f078d5412253aebc0578b8ab1e0)
Tianling Shen [Thu, 3 Oct 2024 08:55:20 +0000 (16:55 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
5fc567d198ac0ba8e821f1eb4e4c3b89b38e9fba)
Tianling Shen [Sat, 28 Sep 2024 07:46:14 +0000 (15:46 +0800)]
btop: Update to 1.4.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
7e9ef57819a4adb2b17ee253569052e91f539600)
Milinda Brantini [Mon, 23 Sep 2024 13:10:04 +0000 (21:10 +0800)]
sing-box: Update to 1.9.6
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
06eb251067537d576fee86f8471377239b5254fe)
Milinda Brantini [Mon, 23 Sep 2024 13:09:09 +0000 (21:09 +0800)]
sing-box: Update to 1.9.5
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
500a8ab995a020a336948f058e7755efafff80e7)
Aleksey Kolosov [Tue, 24 Sep 2024 08:44:50 +0000 (11:44 +0300)]
delve: update to 1.23.1
Signed-off-by: Aleksey Kolosov <softovick@gmail.com>
Stan Grishin [Thu, 19 Sep 2024 16:14:35 +0000 (16:14 +0000)]
adblock-fast: bugfixes and shellcheck update
* BUGFIX: correctly identify available RAM
* BUGFIX: properly store remote list filesize in config
* shellcheck updates
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
4bdaea90d63ed12af4b513d833de64bac5f0f2b8)
Dirk Brenken [Fri, 20 Sep 2024 08:04:09 +0000 (10:04 +0200)]
banIP: update to 1.0.0-7
* fixed auto allow-/blocklist-issue with IPv6 addresses in CIDR notation
* removed edrop feed from readme (had been removed from feeds for a while)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
aeda25086e7797b403a4307d88716e66f3239504)
Rafal Macyszyn [Mon, 1 Apr 2024 18:50:49 +0000 (20:50 +0200)]
softflowd: add '-b' option to config
- add '-b' option to enable bidirectional flow probing
Signed-off-by: Rafal Macyszyn <rafal@v92.pl>
(cherry picked from commit
80b15f0b9e6135978a7d17543d4be5fd13481b1a)
Stijn Tintel [Sat, 15 Jul 2023 16:03:30 +0000 (19:03 +0300)]
softflowd: bump to 1.1.0
The tag is now prefixed with v; update PKG_SOURCE_URL and PKG_BUILD_DIR
to reflect this.
Drop upstreamed patches. Refresh leftover patch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
4bdf55d35248500efd41e5f7b61c428d3a22db85)
Dirk Brenken [Fri, 20 Sep 2024 03:57:24 +0000 (05:57 +0200)]
adblock: update to 4.2.2-5
* filter out unrelated multicast traffic from reporting
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
3474adc309cf77fd9e461e964965cbcfc3c51620)
Dirk Brenken [Tue, 17 Sep 2024 19:31:46 +0000 (21:31 +0200)]
adblock: update to 4.2.2-4
* fixed wrongly detected NX domains in adblock reporting
* remove existing pcap files when restarting/stopping adblock
to prevent problems when changing tcpdump parameters
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
180ee1321934cfd27d1245426f8fed3053a1cc66)
Tianling Shen [Thu, 19 Sep 2024 06:10:00 +0000 (14:10 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
fecdb92b3ffa6c30a551bb4cbc79cc417f05be8e)
Tianling Shen [Thu, 19 Sep 2024 06:09:39 +0000 (14:09 +0800)]
v2ray-core: Update to 5.18.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
7eef7e36e91b4e39a226a479a9702b22f3880b39)
Tianling Shen [Sat, 31 Aug 2024 03:08:25 +0000 (11:08 +0800)]
v2ray-core: Update to 5.17.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
a2d87d2658161d0fd265986a0bc9922fe908f3dc)
Tianling Shen [Thu, 9 May 2024 08:15:08 +0000 (16:15 +0800)]
v2ray-core: update to 5.16.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
0c645cb6a6d643aabde2e4027b5bcf6802b6df66)
Tianling Shen [Tue, 10 Sep 2024 13:01:35 +0000 (21:01 +0800)]
rclone: Update to 1.68.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
59986cf970e5e5fdff1c579996ebb7eec7e05dbe)
Dirk Brenken [Sat, 14 Sep 2024 11:48:27 +0000 (13:48 +0200)]
travelmate: update to 2.1.3-1
* fixed STA connection issues / restart the travelmate interface on new connections via ubus
* fixed NTP hotplug issues / trigger the NTP hotplug event via ubus
* fixed minor log issues (mail/hotplug)
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
7f976e1602254ee4ae793b611abd596e607d26b3)
Michael Heimpold [Thu, 5 Sep 2024 05:22:02 +0000 (07:22 +0200)]
php8: update to 8.2.23
Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.23
A minor adaption to a single patch is required.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Dirk Brenken [Mon, 9 Sep 2024 19:07:22 +0000 (21:07 +0200)]
banip: update 1.0.0-6
* automatic blocking of IP ranges via RDAP request now supports multiple CIDRs
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
b157e03e8024a2a32993688b0450cda9497deedd)
Tianling Shen [Tue, 3 Sep 2024 12:02:07 +0000 (20:02 +0800)]
gg: Update to 0.2.19
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
7ba22665d75f87083dc15a4dfe4abe4b1fd6ab99)
Tianling Shen [Sat, 31 Aug 2024 13:53:39 +0000 (21:53 +0800)]
cloudflared: reload service if wan inferface has (re)connected
Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
52037eb625a864c7e9b2b4e30b975bc5a8092192)
[based upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Hannu Nyman [Thu, 5 Sep 2024 17:16:21 +0000 (20:16 +0300)]
nano: update to 8.2
Update nano editor to version 8.2
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
14a80bff16bcbc5768fee7eaf6eff7b445b78a19)
Petr Štetiar [Thu, 22 Aug 2024 19:04:12 +0000 (19:04 +0000)]
glib2: update to 2.74.7 to fix several CVEs
Bump glib2 to 2.74.7 which fixes CVE-2023-29499, CVE-2023-32611,
CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 and on top of that
backport CVE-2024-34397 fix from Debian Bookworm glib2 package
2.74.6-2+deb12u2. While at it refresh the patches so they apply cleanly.
References: https://security-tracker.debian.org/tracker/source-package/glib2.0
Fixes: CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665, CVE-2024-34397
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Luca Barbato [Tue, 13 Aug 2024 07:21:47 +0000 (07:21 +0000)]
rust: update to 1.80.1
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit
d4416c2e6399a2c715d684c7b439a0ac4ff93e96)
Aleksey Vasilenko [Thu, 25 Jul 2024 13:25:01 +0000 (16:25 +0300)]
rust: update to 1.80.0
- Remove two upstreamed patches
- Manually refresh one patch
- Automatically refresh another patch
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
(cherry picked from commit
8d68f0b0dbb0d3f3929144507e28a449c67ea3ca)
Tianling Shen [Sat, 31 Aug 2024 03:06:36 +0000 (11:06 +0800)]
yq: Update to 4.44.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Fri, 24 May 2024 14:05:55 +0000 (22:05 +0800)]
yq: Update to 4.44.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
78d0e1662961145b03c88e7181aeb93b855c9142)
Tianling Shen [Mon, 1 Apr 2024 07:59:34 +0000 (15:59 +0800)]
yq: Update to 4.43.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ab21adbbff2fa0376d454e52630def0c15db5320)
Tianling Shen [Sat, 31 Aug 2024 03:06:28 +0000 (11:06 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
b9de33f106c61d150ca6c335e1d3a74bd150f769)
Milinda Brantini [Fri, 30 Aug 2024 09:54:29 +0000 (17:54 +0800)]
xray-core: update to 1.8.24
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
1c7bd8ba1d116466aba9192e8b589a40a3632df3)
Dengfeng Liu [Tue, 27 Aug 2024 11:09:58 +0000 (19:09 +0800)]
apfree-wifidog: update to 7.08.2035
https://github.com/liudf0716/apfree-wifidog/releases/tag/7.08.2035
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
632d4ea93d2a3e9dd5c842bbbf1ffa7290987a5f)
Dengfeng Liu [Tue, 27 Aug 2024 11:06:07 +0000 (19:06 +0800)]
apfree-wifidog: modify wifidogx.init
1. to address the isssue of incomplement firwall rules
2. added support for gateway settings
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
d552c5733a3459466e5f2509f2ce681d413e0ede)
Moritz Warning [Tue, 6 Aug 2024 21:28:40 +0000 (23:28 +0200)]
dhtd: udpate to 1.0.2
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit
3934cfdbdcda4d2a7508a2d3220e2088f889bb25)
Moritz Warning [Mon, 1 Jan 2024 15:37:10 +0000 (16:37 +0100)]
dhtd: update to 1.0.1
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit
ed5e79644dbf5668558f28c980b2f10c52e8bce4)
S. Brusch [Mon, 22 Jul 2024 16:20:39 +0000 (16:20 +0000)]
crowdsec-firewall-bouncer: new upstream release version 0.0.29
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.4
Description:
- updated to new upstream release version 0.0.29
- added retry_initial_commit option to init script (by Quba1)
- aligned namings in script with crowdsec-firewall-bouncer
Co-authored-by: Quba1 <22771850+Quba1@users.noreply.github.com>
(cherry picked from commit
5988abae10d9c20d87efe23a6ac5d8645aee51af)
Milinda Brantini [Mon, 19 Aug 2024 09:05:46 +0000 (17:05 +0800)]
sing-box: update to 1.9.4
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
b788651e272ab7459ac9ea4298ada4cfe6d8aad0)
Petr Štetiar [Mon, 29 Jul 2024 18:04:06 +0000 (18:04 +0000)]
lxc: fix huge binary sizes by backporting upstream Meson dynlink fixes
LXC after the switch to the Meson build system increased the binary sizes
significantly as each binary is basically static so shipping complete
liblxc which should be linked dynamically.
Upstream later fixed it with series of 10 commits and this fixes are
available in LXC release v6.0.0. Since we can't upstep to that release,
lets fix it by backporting those fixes only, basically making libxlc a
shared library again.
Package sizes before:
384K lxc-user-nic_5.0.3-1_aarch64_cortex-a53.ipk
383K lxc-ls_5.0.3-1_aarch64_cortex-a53.ipk
382K lxc-top_5.0.3-1_aarch64_cortex-a53.ipk
382K lxc-copy_5.0.3-1_aarch64_cortex-a53.ipk
381K lxc-unshare_5.0.3-1_aarch64_cortex-a53.ipk
380K lxc-start_5.0.3-1_aarch64_cortex-a53.ipk
380K lxc-monitor_5.0.3-1_aarch64_cortex-a53.ipk
380K lxc-info_5.0.3-1_aarch64_cortex-a53.ipk
380K lxc-create_5.0.3-1_aarch64_cortex-a53.ipk
380K lxc-autostart_5.0.3-1_aarch64_cortex-a53.ipk
380K lxc-attach_5.0.3-1_aarch64_cortex-a53.ipk
379K lxc-execute_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-wait_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-usernsexec_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-unfreeze_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-stop_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-freeze_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-device_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-destroy_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-console_5.0.3-1_aarch64_cortex-a53.ipk
378K lxc-cgroup_5.0.3-1_aarch64_cortex-a53.ipk
376K liblxc_5.0.3-1_aarch64_cortex-a53.ipk
375K lxc-config_5.0.3-1_aarch64_cortex-a53.ipk
12K lxc-hooks_5.0.3-1_aarch64_cortex-a53.ipk
11K lxc-templates_5.0.3-1_aarch64_cortex-a53.ipk
3.7K lxc-checkconfig_5.0.3-1_aarch64_cortex-a53.ipk
2.4K lxc-configs_5.0.3-1_aarch64_cortex-a53.ipk
1.9K lxc-auto_5.0.3-1_aarch64_cortex-a53.ipk
1.6K lxc-common_5.0.3-1_aarch64_cortex-a53.ipk
1.2K lxc-unprivileged_5.0.3-1_aarch64_cortex-a53.ipk
978 lxc_5.0.3-1_aarch64_cortex-a53.ipk
Sizes after:
378K liblxc_5.0.3-2_aarch64_cortex-a53.ipk
27K lxc-user-nic_5.0.3-2_aarch64_cortex-a53.ipk
24K lxc-ls_5.0.3-2_aarch64_cortex-a53.ipk
21K lxc-usernsexec_5.0.3-2_aarch64_cortex-a53.ipk
21K lxc-top_5.0.3-2_aarch64_cortex-a53.ipk
20K lxc-unshare_5.0.3-2_aarch64_cortex-a53.ipk
20K lxc-copy_5.0.3-2_aarch64_cortex-a53.ipk
20K lxc-attach_5.0.3-2_aarch64_cortex-a53.ipk
18K lxc-start_5.0.3-2_aarch64_cortex-a53.ipk
18K lxc-info_5.0.3-2_aarch64_cortex-a53.ipk
18K lxc-execute_5.0.3-2_aarch64_cortex-a53.ipk
18K lxc-device_5.0.3-2_aarch64_cortex-a53.ipk
18K lxc-create_5.0.3-2_aarch64_cortex-a53.ipk
18K lxc-autostart_5.0.3-2_aarch64_cortex-a53.ipk
17K lxc-destroy_5.0.3-2_aarch64_cortex-a53.ipk
16K lxc-wait_5.0.3-2_aarch64_cortex-a53.ipk
16K lxc-unfreeze_5.0.3-2_aarch64_cortex-a53.ipk
16K lxc-stop_5.0.3-2_aarch64_cortex-a53.ipk
16K lxc-freeze_5.0.3-2_aarch64_cortex-a53.ipk
16K lxc-console_5.0.3-2_aarch64_cortex-a53.ipk
16K lxc-cgroup_5.0.3-2_aarch64_cortex-a53.ipk
15K lxc-monitor_5.0.3-2_aarch64_cortex-a53.ipk
13K lxc-config_5.0.3-2_aarch64_cortex-a53.ipk
12K lxc-hooks_5.0.3-2_aarch64_cortex-a53.ipk
11K lxc-templates_5.0.3-2_aarch64_cortex-a53.ipk
3.7K lxc-checkconfig_5.0.3-2_aarch64_cortex-a53.ipk
2.4K lxc-configs_5.0.3-2_aarch64_cortex-a53.ipk
1.9K lxc-auto_5.0.3-2_aarch64_cortex-a53.ipk
1.6K lxc-common_5.0.3-2_aarch64_cortex-a53.ipk
1.1K lxc-unprivileged_5.0.3-2_aarch64_cortex-a53.ipk
944 lxc_5.0.3-2_aarch64_cortex-a53.ipk
Sum of Package Sizes:
Before: 8758.78K
After: 814.64K
The total package size has decreased by approximately 90% after the fix.
References: https://github.com/lxc/lxc/pull/4401
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Dirk Brenken [Tue, 20 Aug 2024 21:05:59 +0000 (23:05 +0200)]
adblock: update to 4.2.2-3
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
4803143a91a9d7d80e4ba584dbb4a5e5d4c4567f)
Dirk Brenken [Tue, 20 Aug 2024 14:02:26 +0000 (16:02 +0200)]
adblock: update to 4.2.2-2
* removal of a superfluous opkg code block (missed in the last commit)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
9428ef4320919c66dc0759c97033f84c6bb9adb2)
Dirk Brenken [Sun, 18 Aug 2024 08:43:03 +0000 (10:43 +0200)]
adblock: update to 4.2.2
* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
34db79bcd584f2da9a64dd4c1e84f138e3e4f70b)
Noah Meyerhans [Fri, 16 Aug 2024 18:26:08 +0000 (14:26 -0400)]
bind: bump to 9.18.28
Fixes CVEs:
- CVE-2024-1975: remove sig 0 support
- CVE-2024-4076: qctx-zversion was not being cleared when it should have been
leading to an assertion failure if it needed to be reused.
- CVE-2024-1737: An excessively large number of rrtypes per owner can slow
down database query processing, so a limit has been placed on the number of
rrtypes that can be stored per owner (node) in a cache or zone database. This
is configured with the new "max-rrtypes-per-name" option, and defaults to 100.
- CVE-2024-1737: Excessively large rdatasets can slow down database query
processing, so a limit has been placed on the number of records that can be
stored per rdataset in a cache or zone database. This is configured with the
new "max-records-per-type" option, and defaults to 100.
- CVE-2024-0760: Malicious DNS client that sends many queries over TCP but
never reads responses can cause server to respond slowly or not respond at
all for other clients.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Ray Wang [Fri, 16 Aug 2024 14:40:45 +0000 (22:40 +0800)]
natmap: allow binding to a port or port range
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
5a33fe052479f1ac7f607fc098c5154aa571eb2a)
Ray Wang [Tue, 13 Aug 2024 15:21:49 +0000 (23:21 +0800)]
hev-socks5-server: update to 2.6.7
This commit follows the upstream project's change of license from GPLv3
to MIT.
Link: https://github.com/heiher/hev-socks5-server/commit/3175713e779a98f1d53fc4463b3e83944155ddbc
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
003b4e3696a661a74f112fdd84646b303ea8500d)
Ray Wang [Tue, 13 Aug 2024 15:15:01 +0000 (23:15 +0800)]
natmap: update to
20240813
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
7e52cafc1655c8b5c678a4e2d95ce72a1acff6cf)
Luiz Angelo Daros de Luca [Fri, 2 Aug 2024 19:46:38 +0000 (16:46 -0300)]
mjpg-streamer: fix option enabled check in init.d
[ "$enabled" ] returns true whatever non-empty value enabled has,
including 0.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit
20ea1d9812fe8d6f693e21004d0eaeb5a5128718)
Stan Grishin [Thu, 15 Aug 2024 13:31:36 +0000 (06:31 -0700)]
Merge pull request #24789 from stangri/openwrt-23.05-pbr
[23.05] pbr: cherry-pick commits from snapshots to update to 1.1.6-20
Stan Grishin [Sat, 3 Aug 2024 23:17:13 +0000 (23:17 +0000)]
pbr: update to 1.1.6-20
This version is the final version supporting iptables and:
* it separates the old iptables/nft-capable init script from the new nft-only init script
* the new nft-script is a significant rewrite of the old recursive calls/policy parsing
and tries to create inline nft sets which offers performance improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
920d64734aeacbc00738b3529b1fb0b6c631d187)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Sat, 13 Apr 2024 22:31:52 +0000 (22:31 +0000)]
pbr: bugfix: fix IPv6 interface errors
* update license to AGPL-3.0-or-later
* rename pbr_get_gateway to pbr_get_gateway4 for better readability
* improve IPv6 "gateway" detection/display on start
* prevent IPv6 interface errors on start
* revert release format
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
717a800ec519bd14458c4b5de0e8705eebc6071c)
Stan Grishin [Thu, 11 Apr 2024 16:21:28 +0000 (16:21 +0000)]
pbr: update to 1.1.4-r15
* delete obsolete files/etc/init.d/pbr.init
* add files/etc/uci-defaults/91-pbr-iptables to help update from older OpenWrt
* add files/etc/uci-defaults/91-pbr-nft to help update from older OpenWrt
* update files/etc/uci-defaults/91-pbr-netifd to only add tables to supported ifaces
* re-organize variants in the Makefile so that they hopefull work this time
* update prerm for all variants for better user experience
* update the -netifd prerm to remove leftofver entries from network and rt_tables file
In the init script:
* add decorations for netifd-interfaces related operations (blue ticks)
* add rtTablesFile variables instead of hard-coding the rt_tables file
* add function to check if the table is netifd-derived
* add error messages/hints for failed interface setup and failed WAN discovery
* make cleanup_rt_tables the netifd-compatible
* streamline interface_process function with a clearer case statement
* rename the interface_process `pre-init` option to `pre_init` to conform to the other
functions options naming style
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
bb5de23743b46864ba6992ed130b2d2452df72db)
Stan Grishin [Sat, 23 Mar 2024 01:03:22 +0000 (01:03 +0000)]
pbr: prepare migration to APK
* remove dependencies/references to opkg
* simplify wan/wan6 discovery
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
44f1f1184a59354618383a81f003bd877fcd793d)
Stan Grishin [Mon, 18 Mar 2024 01:43:50 +0000 (01:43 +0000)]
pbr: update to 1.1.4-5
This update includes the following changes:
1. Makefile
* update copyright
* attempt to implement the proper variants to avoid luci-app dependency on both variants
* quietly stop service on uninstall
2. Config-file
* add the list of dnsmasq instances to target in supported dnsmasq modes
* for default pbr variant, set the `resolver_set` to `dnsmasq.nftset`
* for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset`
* add the `nft_file_support` (disabled by default)
* introduce `procd_boot_delay` to delay service start on boot
* introduce the following nft set creation options:
* nft_set_auto_merge
* nft_set_counter
* nft_set_flags_interval
* nft_set_flags_timeout
* nft_set_gc_interval
* nft_set_policy
* nft_set_timeout
* add the pbr.user.wg_server_and_client custom user script to allow running wg server and
client at the same time
* add the "Ignore Local Requests" sample policy
3. Hotplug firewall/interface scripts
* better logged messages
4. The pbr and pbr-iptables uci defaults script
* use functions from the init script
* improve vpn-policy-routing migration
5. The pbr-netifd uci defaults script
* use functions from the init script
* improve uci operations
6. Introduce the firewall.include file
7. Improve pbr.user.aws custom user script
8. Improve pbr.user.netflix custom user script
9. Introduce pbr.user.wg_server_and_client custom user script
10. Update the init file:
* refactor some code to allow the init script file to be sourced by the uci defaults scripts
and the luci rpcd script for shared functions
* add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include
file for faster operations on service reload
* improve Tor support (nft mode only)
* implement support for nft set options
* update validation functions for new options/parameters
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
790753f6a65c1805e6de817fba009aa8fc6402dc)
Stan Grishin [Wed, 14 Aug 2024 07:24:25 +0000 (00:24 -0700)]
Merge pull request #24737 from stangri/openwrt-23.05-https-dns-proxy
[23.05] https-dns-proxy: update to 2023.12.26-1
Richard Muzik [Mon, 22 Jul 2024 11:31:38 +0000 (13:31 +0200)]
boost: update GCC options in Makefile
Update the options to match the master branch. This drops options of no
longer supported GCC versions.
Signed-off-by: Richard Muzik <richard.muzik@nic.cz>