feed/packages.git
20 months agoisc-dhcp: Fix isc-dhcp-dyndns meta package
Philip Prindeville [Mon, 27 Mar 2023 06:03:41 +0000 (00:03 -0600)]
isc-dhcp: Fix isc-dhcp-dyndns meta package

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
21 months agoopenssh: update to 9.3p1
Sibren Vasse [Fri, 17 Mar 2023 16:19:27 +0000 (17:19 +0100)]
openssh: update to 9.3p1

Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
21 months agoMerge pull request #20656 from pprindeville/strongwan-update-5.9.10
Philip Prindeville [Sat, 18 Mar 2023 01:51:21 +0000 (19:51 -0600)]
Merge pull request #20656 from pprindeville/strongwan-update-5.9.10

strongswan: Update to 5.9.10

21 months agorclone: Update to 1.62.2
Tianling Shen [Fri, 17 Mar 2023 05:17:38 +0000 (13:17 +0800)]
rclone: Update to 1.62.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agogit: update to 2.39.2
Michal Vasilek [Thu, 16 Feb 2023 09:20:13 +0000 (10:20 +0100)]
git: update to 2.39.2

GITWEB_* variable values don't work as they should since 2.38, so let's
remove them and add a workaround. This issue was reported in
https://lore.kernel.org/git/80eb3972-4960-5727-ce86-acc3a4425fd4@nic.cz/T/#u

* refresh patches

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agoMerge pull request #20665 from mhei/php8-update-8.2.3
Michael Heimpold [Thu, 16 Mar 2023 06:30:05 +0000 (07:30 +0100)]
Merge pull request #20665 from mhei/php8-update-8.2.3

php8: update to 8.2.3

21 months agolibndpi: Update to 4.6
Toni Uhlig [Wed, 22 Feb 2023 12:23:33 +0000 (13:23 +0100)]
libndpi: Update to 4.6

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
21 months agoliburcu: update to version 0.14.0
Jan Hák [Wed, 15 Mar 2023 13:01:56 +0000 (14:01 +0100)]
liburcu: update to version 0.14.0

Signed-off-by: Jan Hák <jan.hak@nic.cz>
21 months agoudpspeeder: bump to 20230206.0
Toni Uhlig [Wed, 15 Mar 2023 16:34:17 +0000 (17:34 +0100)]
udpspeeder: bump to 20230206.0

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
21 months agoMerge pull request #20661 from jefferyto/golang-1.19.7
Tianling Shen [Wed, 15 Mar 2023 17:32:03 +0000 (01:32 +0800)]
Merge pull request #20661 from jefferyto/golang-1.19.7

golang: Update to 1.19.7

21 months agozerotier: do not allow executable stack
Oskari Rauta [Sun, 12 Mar 2023 16:30:35 +0000 (18:30 +0200)]
zerotier: do not allow executable stack

zerotier as default has executable stack.
[   11.343143] process '/usr/bin/zerotier-one' started with executable stack

executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.

Stack is executable on x86_64, but not on all archs, such as ramips.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agolibjpeg-turbo: enable static library
Oskari Rauta [Sun, 12 Mar 2023 16:42:26 +0000 (18:42 +0200)]
libjpeg-turbo: enable static library

Allow build of libjpeg as a static library as well;
one is provided for libpng and possibly for other
formats as well.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agophp8: update to 8.2.3
Michael Heimpold [Tue, 14 Mar 2023 20:47:06 +0000 (21:47 +0100)]
php8: update to 8.2.3

This fixes:
    - CVE-2023-0567
    - CVE-2023-0568
    - CVE-2023-0662

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agoMerge pull request #20653 from mhei/mmc-utils-update
Michael Heimpold [Tue, 14 Mar 2023 20:24:31 +0000 (21:24 +0100)]
Merge pull request #20653 from mhei/mmc-utils-update

mmc-utils: update to latest upstream revision

21 months agosnort3: update to 3.1.57.0
John Audia [Mon, 13 Mar 2023 13:41:01 +0000 (09:41 -0400)]
snort3: update to 3.1.57.0

Upstream bump

Signed-off-by: John Audia <therealgraysky@proton.me>
21 months agosqlite3: Update to 3.41.1
Tianling Shen [Sun, 12 Mar 2023 09:19:14 +0000 (17:19 +0800)]
sqlite3: Update to 3.41.1

Removed `SQLITE3_JSON1` option as it was dropped by upstream.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agoMerge pull request #20621 from banburybill/ddns-mythic-v2
Florian Eckert [Tue, 14 Mar 2023 07:34:07 +0000 (08:34 +0100)]
Merge pull request #20621 from banburybill/ddns-mythic-v2

ddns-scripts: Add v2 API for mythic-beasts.com provider

21 months agogolang: Update to 1.19.7
Jeffery To [Tue, 14 Mar 2023 06:23:35 +0000 (14:23 +0800)]
golang: Update to 1.19.7

Includes fix for CVE-2023-2453 (crypto/elliptic: specific unreduced
P-256 scalars produce incorrect results).

This also includes makefile updates for Go 1.19.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
21 months agodockerd: Disabled MIPS
Gerard Ryan [Sun, 12 Mar 2023 04:43:36 +0000 (14:43 +1000)]
dockerd: Disabled MIPS
* Buildkit doesn't appear to compile

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
21 months agodockerd: Update to 23.0.1
Gerard Ryan [Thu, 2 Mar 2023 12:18:12 +0000 (22:18 +1000)]
dockerd: Update to 23.0.1

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
21 months agodocker: Update to 23.0.1
Gerard Ryan [Thu, 2 Mar 2023 12:15:43 +0000 (22:15 +1000)]
docker: Update to 23.0.1

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
21 months agocontainerd: Update to 1.6.16 for dockerd
Gerard Ryan [Thu, 2 Mar 2023 12:13:36 +0000 (22:13 +1000)]
containerd: Update to 1.6.16 for dockerd

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
21 months agolibnetwork: Remove unused package
Gerard Ryan [Thu, 2 Mar 2023 11:54:46 +0000 (21:54 +1000)]
libnetwork: Remove unused package

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
21 months agozerotier: update to 1.10.4
Moritz Warning [Mon, 13 Mar 2023 18:16:05 +0000 (19:16 +0100)]
zerotier: update to 1.10.4

Signed-off-by: Moritz Warning <moritzwarning@web.de>
21 months agorust-lang: update to 1.68.0
Luca Barbato [Fri, 10 Mar 2023 16:49:01 +0000 (16:49 +0000)]
rust-lang: update to 1.68.0

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
21 months agonetbird: update to 0.14.3
Oskari Rauta [Sun, 12 Mar 2023 23:16:25 +0000 (01:16 +0200)]
netbird: update to 0.14.3

Bug fixes & refactor

Release notes:
 - Fix: send remote agents updates when peer re-authenticates

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agoCI: update build architectures
Tianling Shen [Thu, 9 Mar 2023 06:17:35 +0000 (14:17 +0800)]
CI: update build architectures

Removed arc_archs - archs38 was marked as source-only [1].
Renamed powerpc_8540 to powerpc_8548 [2].

1. https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c01641bcc7236d2e2de3ea65444b0cf2898df351
2. https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=2cad88b99fdae9766de84e6c1cb56f111eb53748

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agov2ray-geodata: Update to latest version
Tianling Shen [Mon, 13 Mar 2023 08:40:57 +0000 (16:40 +0800)]
v2ray-geodata: Update to latest version

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agoxray-core: Update to 1.8.0
Tianling Shen [Mon, 13 Mar 2023 08:39:10 +0000 (16:39 +0800)]
xray-core: Update to 1.8.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agostrongswan: Update to 5.9.10
Philip Prindeville [Sun, 12 Mar 2023 20:04:39 +0000 (14:04 -0600)]
strongswan: Update to 5.9.10

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
21 months agoMerge pull request #20261 from pprindeville/strongswan-update-5.9.9
Philip Prindeville [Mon, 13 Mar 2023 00:27:50 +0000 (18:27 -0600)]
Merge pull request #20261 from pprindeville/strongswan-update-5.9.9

strongswan: Update to 5.9.9

21 months agostrongswan: Update to 5.9.9
Philip Prindeville [Wed, 11 Jan 2023 05:28:53 +0000 (22:28 -0700)]
strongswan: Update to 5.9.9

Add patch to remove definition of RNG leaking in from wolfssl.h.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
21 months agommc-utils: update to latest upstream revision
Michael Heimpold [Sun, 12 Mar 2023 16:47:46 +0000 (17:47 +0100)]
mmc-utils: update to latest upstream revision

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agolibdaq3: update to 3.0.11
John Audia [Fri, 24 Feb 2023 17:10:24 +0000 (12:10 -0500)]
libdaq3: update to 3.0.11

Upstream bump

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
21 months agosnort3: update to 3.1.56.0
John Audia [Fri, 24 Feb 2023 17:16:36 +0000 (12:16 -0500)]
snort3: update to 3.1.56.0

Upstream bump

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
21 months agololcat: update to version 1.4
Rui Salvaterra [Mon, 28 Nov 2022 07:52:13 +0000 (07:52 +0000)]
lolcat: update to version 1.4

Bump to the latest stable release.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
21 months agoMerge pull request #20645 from stangri/master-simple-adblock
Stan Grishin [Sat, 11 Mar 2023 22:59:17 +0000 (15:59 -0700)]
Merge pull request #20645 from stangri/master-simple-adblock

simple-adblock: update init file and config

21 months agoMerge pull request #20648 from champtar/mv88e6xxx_dump_update
Etienne Champetier [Sat, 11 Mar 2023 19:52:40 +0000 (20:52 +0100)]
Merge pull request #20648 from champtar/mv88e6xxx_dump_update

mv88e6xxx_dump: update to 2023.03.08

21 months agomv88e6xxx_dump: update to 2023.03.08
Etienne Champetier [Sat, 11 Mar 2023 19:17:19 +0000 (14:17 -0500)]
mv88e6xxx_dump: update to 2023.03.08

This fixes 2 issues where mv88e6xxx_dump was displaying
data incorrectly for --vtu and --global2

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
21 months agosimple-adblock: update init file and config
Stan Grishin [Sat, 11 Mar 2023 10:43:48 +0000 (10:43 +0000)]
simple-adblock: update init file and config

* move network.sh and jshn.sh includes into load_validate_config function
  to prevent errors when adding the package to image with the Image Builder
* add @bongochong compressed domains block-list to the config

Signed-off-by: Stan Grishin <stangri@melmac.ca>
21 months agonetifyd: update to v4.4.1
Darryl Sokoloski [Fri, 3 Mar 2023 01:44:09 +0000 (01:44 +0000)]
netifyd: update to v4.4.1

- Explicitly request the C++11 standard (codebase is not C++17 compliant).
- Removed categories.json from conffiles -- it's not a configuration
  file.
- Removed commented-out convenience git hash place-holder -- for some
  reason it irritates people.
- Added radix header file to devel files.
- Removed redundant call to Build/Configure (not needed).

Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
21 months agoprotobuf-c: update to 1.4.1
Rosen Penev [Sat, 11 Mar 2023 00:16:47 +0000 (16:16 -0800)]
protobuf-c: update to 1.4.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
21 months agoksmbd-tools: update to 3.4.7
Rosen Penev [Wed, 1 Feb 2023 22:58:23 +0000 (14:58 -0800)]
ksmbd-tools: update to 3.4.7

Remove upstreamed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
21 months agoicu: fix ccache issue
Hirokazu MORIKAWA [Fri, 10 Mar 2023 04:01:22 +0000 (13:01 +0900)]
icu: fix ccache issue

build error with ccache:
https://github.com/openwrt/packages/issues/20618

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
21 months agoRevert "libgpiod: update to 2.0"
Michael Heimpold [Fri, 10 Mar 2023 21:01:03 +0000 (22:01 +0100)]
Revert "libgpiod: update to 2.0"

This reverts commit 983835afe6fad074b347a8ff1dc8986d40773de5.

I merged the library update to v2.0 to fast, it breaks openocd build
due to API change.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agoRevert "libgpiod: introduce libgpiodcxx package for C++ binding"
Michael Heimpold [Fri, 10 Mar 2023 20:59:18 +0000 (21:59 +0100)]
Revert "libgpiod: introduce libgpiodcxx package for C++ binding"

This reverts commit 82ea104b978dcd84919dfe5d1ee630791d85df10.

I merged the library update to v2.0 to fast, it breaks openocd build
due to API change.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agoMerge pull request #20609 from mhei/libgpiod-update-2.0
Michael Heimpold [Fri, 10 Mar 2023 20:46:34 +0000 (21:46 +0100)]
Merge pull request #20609 from mhei/libgpiod-update-2.0

libgpiod: update to 2.0 and introduce C++ binding

21 months agobanip: update 0.8.2-2
Dirk Brenken [Fri, 10 Mar 2023 18:42:19 +0000 (19:42 +0100)]
banip: update 0.8.2-2

* fix the auto-detection for pppoe and 6in4 tunnel interfaces
* add the new 'ban_nftpolicy' option to expose the nft set policy, values: memory (default), performance
* add the new 'ban_nftlogevel' option to expose the nft syslog level, values: emerg, alert, crit, err, warn (default),
  notice, info, debug, audit
* status optimizations
* logging optimizations
* update the readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agorust-lang: Add an Host/Compile helper as well
Luca Barbato [Thu, 9 Mar 2023 07:49:57 +0000 (08:49 +0100)]
rust-lang: Add an Host/Compile helper as well

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
21 months agorust-lang: Apply suggestions from code review
Luca Barbato [Thu, 9 Mar 2023 07:58:16 +0000 (08:58 +0100)]
rust-lang: Apply suggestions from code review

Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Signed-off-by: Luca Barbato <luca.barbato@gmail.com>
21 months agomaturin: Add package
Luca Barbato [Wed, 8 Feb 2023 14:20:26 +0000 (15:20 +0100)]
maturin: Add package

Build tool for rust-python packages.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
21 months agoripgrep: Add the package
Luca Barbato [Wed, 8 Feb 2023 14:19:22 +0000 (15:19 +0100)]
ripgrep: Add the package

Based on work from Donald Hoskins <grommish@gmail.com>.
Testcase for the rust language support.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
21 months agorust-lang: Add the rust language support
Luca Barbato [Wed, 8 Feb 2023 14:18:41 +0000 (15:18 +0100)]
rust-lang: Add the rust language support

Based on work from Donald Hoskins <grommish@gmail.com>.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
21 months agolua-eco: update to 2.2.0
Jianhui Zhao [Thu, 9 Mar 2023 13:38:04 +0000 (21:38 +0800)]
lua-eco: update to 2.2.0

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
21 months agoMerge pull request #20594 from stintel/miniupnpd
Stijn Tintel [Fri, 10 Mar 2023 01:24:17 +0000 (03:24 +0200)]
Merge pull request #20594 from stintel/miniupnpd

miniupnpd: bump to 2.3.3

21 months agominiupnpd: bump to 2.3.3
Stijn Tintel [Sun, 5 Mar 2023 16:04:31 +0000 (18:04 +0200)]
miniupnpd: bump to 2.3.3

Fixes: #19637
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
21 months agoopenblas: don't allow ccache use
Alexandru Ardelean [Thu, 9 Mar 2023 15:28:31 +0000 (17:28 +0200)]
openblas: don't allow ccache use

Fixes https://github.com/openwrt/packages/issues/20596

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
21 months agoddns-scripts: Add v2 API for mythic-beasts.com provider
Jim Hague [Thu, 9 Mar 2023 13:06:06 +0000 (13:06 +0000)]
ddns-scripts: Add v2 API for mythic-beasts.com provider

Use USERNAME as the key, PASSWORD as the secret.

Signed-off-by: Jim Hague <jim.hague@acm.org>
21 months agoudp-broadcast-relay-redux-openwrt: add cgroupsns to jail
BackSlasher [Thu, 9 Mar 2023 08:13:39 +0000 (10:13 +0200)]
udp-broadcast-relay-redux-openwrt: add cgroupsns to jail

Added `cgroupsns` to jail, otherwise you get this failure:
```
Mon Mar  6 14:46:05 2023 user.err : jail: Not using namespaces, capabilities or seccomp !!!
```
Error is here, seems to indicate that we're running a jail without using any capability.
https://lxr.openwrt.org/source/procd/jail/jail.c#L2847

Decided to use minimal effort approach

Signed-off-by: BackSlasher <nitz.raz@gmail.com>
21 months agocni-protocol: new package
Oskari Rauta [Fri, 17 Feb 2023 07:25:08 +0000 (07:25 +0000)]
cni-protocol: new package

simple protocol support script for netifd.

netifd protocol support for cni networks makes
defining network for podman and other similar
systems using cni networking much easier and simpler.

with cni protocol support, on a cni network, where firewall
and portmapper is disabled, you may control firewalling
with openwrt's standard firewall configuration.

for example, create a container that hosts web content on
port 80 with static ip on your cni network, if your
network is 10.88.0.0/16, use for eg. 10.88.0.101 as
your containers static ip address. Create a zone, cni
to your firewall and add your interface to it.

Now you can easily set up redirectiong to 10.88.0.101:80
to expose it's port 80 to wan for serving your website.

Protocol has only one setting: device, on podman this
often is cni-podman0. This protocol may also be used
on other equillavents, such as netavark (cni replacement
in podman), where device as default is podman0.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agopdns-recursor: update to 4.8.3
Peter van Dijk [Tue, 7 Mar 2023 09:53:43 +0000 (10:53 +0100)]
pdns-recursor: update to 4.8.3

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
21 months agoMerge pull request #20584 from mpeleshenko/samba4-4.17.5
Tianling Shen [Thu, 9 Mar 2023 06:58:15 +0000 (14:58 +0800)]
Merge pull request #20584 from mpeleshenko/samba4-4.17.5

samba4: update to 4.17.5

21 months agolibgpiod: introduce libgpiodcxx package for C++ binding
Michael Heimpold [Thu, 9 Mar 2023 06:54:48 +0000 (07:54 +0100)]
libgpiod: introduce libgpiodcxx package for C++ binding

This adds a new package for the C++ binding.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agolibgpiod: update to 2.0
Michael Heimpold [Tue, 7 Mar 2023 21:51:09 +0000 (22:51 +0100)]
libgpiod: update to 2.0

This updates this library to the latest major version.

Since the Python binding build changed in this version,
let's switch to the Py3Package infrastructure.

Also the older v1 kernel interface is not used anymore,
so we can drop this part of the kernel configuration.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
21 months agomodemmanager: bump to 1.20.6
Kuan-Yi Li [Tue, 7 Mar 2023 10:34:38 +0000 (18:34 +0800)]
modemmanager: bump to 1.20.6

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
21 months agolibqmi: bump to 1.32.4
Kuan-Yi Li [Tue, 7 Mar 2023 10:34:22 +0000 (18:34 +0800)]
libqmi: bump to 1.32.4

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
21 months agolibmbim: bump to 1.28.4
Kuan-Yi Li [Tue, 7 Mar 2023 10:34:10 +0000 (18:34 +0800)]
libmbim: bump to 1.28.4

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
21 months agofrp: update to 0.48.0
Van Waholtz [Wed, 8 Mar 2023 07:47:26 +0000 (15:47 +0800)]
frp: update to 0.48.0

Changelog: https://github.com/fatedier/frp/releases/tag/v0.48.0

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
21 months agofrp: update to 0.47.0
Van Waholtz [Thu, 16 Feb 2023 02:21:20 +0000 (10:21 +0800)]
frp: update to 0.47.0

A restart is only required if `$conf_file` has been modified.

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
21 months agosamba4: update to 4.17.5
Michael Peleshenko [Wed, 1 Mar 2023 15:14:14 +0000 (10:14 -0500)]
samba4: update to 4.17.5

* update to 4.17.5
* changelog: https://www.samba.org/samba/history/samba-4.17.5
* refresh patch

* CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
 https://www.samba.org/samba/security/CVE-2022-42898.html

* CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.

  A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher.

  On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
  https://www.samba.org/samba/security/CVE-2022-37966.html

* CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.

  A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
  https://www.samba.org/samba/security/CVE-2022-37967.html

* CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
  https://www.samba.org/samba/security/CVE-2022-38023.html

* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
  This resolves errors logged during macOS TimeMachine backups.
  https://bugzilla.samba.org/show_bug.cgi?id=15210

Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
21 months agolua-eco: update to 2.1.0
Jianhui Zhao [Wed, 8 Mar 2023 13:14:07 +0000 (21:14 +0800)]
lua-eco: update to 2.1.0

* updated description
* switched default SSL engine to mbedtls
* added new network module

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
21 months agotmate-ssh-server: fix build against msgpack-c 6.0
Tianling Shen [Tue, 7 Mar 2023 07:44:29 +0000 (15:44 +0800)]
tmate-ssh-server: fix build against msgpack-c 6.0

This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=f923597f4bdea424dc28b1d026269df060596fac

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agotmate: fix build against msgpack-c 6.0
Tianling Shen [Tue, 7 Mar 2023 02:52:37 +0000 (10:52 +0800)]
tmate: fix build against msgpack-c 6.0

This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=f923597f4bdea424dc28b1d026269df060596fac

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agomsgpack-c: Update to 6.0.0
Tianling Shen [Tue, 7 Mar 2023 02:50:02 +0000 (10:50 +0800)]
msgpack-c: Update to 6.0.0

Removed 010-no-gtest.patch as upstream no longer detects it.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agobanip: release 0.8.2-1
Dirk Brenken [Wed, 8 Mar 2023 20:02:05 +0000 (21:02 +0100)]
banip: release 0.8.2-1

* major performance improvements: clean-up/optimize all nft calls
* add a new "ban_reportelements" option,
  to disable the (time consuming) Set element count in the report (enabled by default)
* update the readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agoyt-dlp: update to 2023.3.4
Michal Vasilek [Wed, 8 Mar 2023 11:34:53 +0000 (12:34 +0100)]
yt-dlp: update to 2023.3.4

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
21 months agoadguardhome: bump to 0.107.25
Dobroslaw Kijowski [Tue, 7 Mar 2023 23:27:40 +0000 (00:27 +0100)]
adguardhome: bump to 0.107.25

* Full changelog available at:
  * https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.25

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
21 months agoadguardhome: enable legacy openssl provider for nodejs
Dobroslaw Kijowski [Wed, 8 Mar 2023 08:46:14 +0000 (09:46 +0100)]
adguardhome: enable legacy openssl provider for nodejs

Currently compilation fails because of:
```
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
```

What's interesting package gets built but when trying to access UI there's
`404: page not found` error.

It has been reported in multiple places:
* https://github.com/AdguardTeam/AdGuardHome/issues/5559
* https://github.com/AdguardTeam/AdGuardHome/issues/4595

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
21 months agoMerge pull request #20608 from micmac1/tiff-no-deflate
Jiri Slachta [Wed, 8 Mar 2023 13:35:04 +0000 (14:35 +0100)]
Merge pull request #20608 from micmac1/tiff-no-deflate

tiff: force libdeflate support to off

21 months agov2raya: switch to use nftables
Tianling Shen [Fri, 3 Mar 2023 03:50:29 +0000 (11:50 +0800)]
v2raya: switch to use nftables

Backport a pending PR to add nftables support.
Upstream PR: https://github.com/v2rayA/v2rayA/pull/805

As nftables merged ipv4/ipv6 support into a single command, so simply
enable ipv6 support by default.

While at it, backport a upstreamed fix for simple-obfs plugin.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
21 months agoperl-ack: Update to 3.7.0
Tianling Shen [Mon, 6 Mar 2023 05:17:51 +0000 (13:17 +0800)]
perl-ack: Update to 3.7.0

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 26b92db22c9a051447ee445acaa11a795fb35a4e)

21 months agotiff: force libdeflate support to off
Sebastian Kemper [Tue, 7 Mar 2023 21:31:41 +0000 (22:31 +0100)]
tiff: force libdeflate support to off

Commit 81d2b72 added a package providing libdeflate. Tiff by default
links to it, causing a build error.

Package libtiff is missing dependencies for the following libraries:
libdeflate.so.0

This commit forces libdeflate use off to avoid this. No revision bump is
done because the package is currently not compiling anyway.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
21 months agonetbird: update to 0.14.2
Oskari Rauta [Mon, 6 Mar 2023 10:56:34 +0000 (10:56 +0000)]
netbird: update to 0.14.2

Update from 0.12.0 -> 0.14.2
Release notes: https://github.com/netbirdio/netbird/releases

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agoconmon: update to 2.1.7
Oskari Rauta [Mon, 6 Mar 2023 11:04:17 +0000 (11:04 +0000)]
conmon: update to 2.1.7

 - Fix leaking symbolic links in the opt_socket_path directory
 - cgroup: Stumble on if we can't set up oom handling

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agocoremark: bump to 2023-01-25
Aleksander Jan Bajkowski [Sun, 5 Mar 2023 16:25:37 +0000 (17:25 +0100)]
coremark: bump to 2023-01-25

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
21 months agotransmission: update to version 4.0.1
Daniel Golle [Sun, 19 Feb 2023 04:44:50 +0000 (04:44 +0000)]
transmission: update to version 4.0.1

This is a major release, both in numbering and in effort! It's been in
active development for over a year and has a huge list of changes --
over a thousand commits -- since Transmission 3.00.

For more information about the release see
https://github.com/transmission/transmission/releases/tag/4.0.0
https://github.com/transmission/transmission/releases/tag/4.0.1

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
21 months agolibutp: add package
Daniel Golle [Sun, 19 Feb 2023 04:44:16 +0000 (04:44 +0000)]
libutp: add package

Add Transmission version of the uTorrent Transport Protocol library.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
21 months agolibdht: add package
Daniel Golle [Sun, 19 Feb 2023 04:43:43 +0000 (04:43 +0000)]
libdht: add package

Add Kademlia Distributed Hash Table (DHT) library.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
21 months agolibdeflate: add package
Daniel Golle [Sun, 19 Feb 2023 04:41:44 +0000 (04:41 +0000)]
libdeflate: add package

Add package for libdeflate which is a library for fast, whole-buffer
DEFLATE-based compression and decompression.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
21 months agolibb64: add package
Daniel Golle [Sun, 19 Feb 2023 04:41:08 +0000 (04:41 +0000)]
libb64: add package

Add generic base64 encode/decode (static) library.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
21 months agobanip: update 0.8.1-3
Dirk Brenken [Mon, 6 Mar 2023 13:19:27 +0000 (14:19 +0100)]
banip: update 0.8.1-3

* finalized the LuCI frontend preparation (this is the minmal version to use the forthcoming LuCI frontend)
* added a Set survey, to list all elements of a certain set
* changed the default logterm for asterisk
* update the readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
21 months agosing-box: update to 1.1.6
Van Waholtz [Sun, 5 Mar 2023 12:37:37 +0000 (20:37 +0800)]
sing-box: update to 1.1.6

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
21 months agosing-box: add necessary dependencies and cleanup Makefile
Van Waholtz [Sun, 5 Mar 2023 12:31:39 +0000 (20:31 +0800)]
sing-box: add necessary dependencies and cleanup Makefile

1. Add `kmod-inet-diag` as a dependency since it is needed for https://sing-box.sagernet.org/configuration/dns/rule/#process_name
2. Remove redundant `default n` (https://github.com/openwrt/openwrt/commit/8bc72ea7be3976711dacc09f0fdab061d6e5152a)

Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
21 months agohaproxy: update to v2.6.9
Christian Lachner [Sat, 18 Feb 2023 06:50:27 +0000 (07:50 +0100)]
haproxy: update to v2.6.9

- Update haproxy download URL and hash
- This release fixes a critial flaw known as CVE-2023-25725. See:
  http://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8

Signed-off-by: Christian Lachner <gladiac@gmail.com>
21 months agoMerge pull request #20570 from pprindeville/isc-dhcp-allow-no-default-route
Philip Prindeville [Sun, 5 Mar 2023 01:08:07 +0000 (18:08 -0700)]
Merge pull request #20570 from pprindeville/isc-dhcp-allow-no-default-route

isc-dhcp: allow no default route

21 months agonetbird: new package
Oskari Rauta [Thu, 2 Feb 2023 13:06:08 +0000 (13:06 +0000)]
netbird: new package

Netbird is similar vpn service as tailscale and zerotier.

Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agoopen-vm-tools: update to 12.1.5
Oskari Rauta [Wed, 22 Feb 2023 17:19:19 +0000 (17:19 +0000)]
open-vm-tools: update to 12.1.5

added also --disable-glibc-check to configure args to allow building
on hosts that use musl.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
21 months agoacme: fix incompatibilty with image builder
Glen Huang [Fri, 3 Mar 2023 03:08:32 +0000 (11:08 +0800)]
acme: fix incompatibilty with image builder

Signed-off-by: Glen Huang <i@glenhuang.com>
21 months agoMerge pull request #20563 from paper42/clamav-0.104.4
Josef Schlehofer [Fri, 3 Mar 2023 06:55:05 +0000 (07:55 +0100)]
Merge pull request #20563 from paper42/clamav-0.104.4

clamav: update to 0.104.4

21 months agov2raya: drop wrong patches
Tianling Shen [Fri, 3 Mar 2023 03:52:58 +0000 (11:52 +0800)]
v2raya: drop wrong patches

These patches should not be backported to OpenWrt, otherwise tproxy
won't work for devices connected to br-lan (bypassed by the fw rules).

We have introduced a new compile-time flag for new version (which
is not released yet), but it's unnecessray to backport redudant
patches as here is still at the old version.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>