feed/packages.git
2 years agonode: bump to v14.20.1
Hirokazu MORIKAWA [Fri, 7 Oct 2022 07:18:29 +0000 (16:18 +0900)]
node: bump to v14.20.1

The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* CVE-2022-32213: bypass via obs-fold mechanic (Medium)
* CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium)
More detailed information on each of the vulnerabilities can be found in September 22nd 2022 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2 years agoMerge pull request #19548 from ynezz/ynezz/openwrt-21.02-fix-broken-libcurl
Stan Grishin [Sat, 8 Oct 2022 00:33:43 +0000 (17:33 -0700)]
Merge pull request #19548 from ynezz/ynezz/openwrt-21.02-fix-broken-libcurl

[21.02] fix broken libcurl by backporting curl: fix compilation with wolfSSL

2 years agocurl: fix compilation with wolfSSL
Rosen Penev [Wed, 20 Jul 2022 02:24:19 +0000 (19:24 -0700)]
curl: fix compilation with wolfSSL

options.h header is needed after bump of libwolfssl to version 5.5.1,
otherwise libcurl autodetection for libwolfssl availability fails and
libcurl is then compiled without https support.

Fixes: #19547
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 317575755a83fe21888439f1fd9adccca9e0f36e)
(cherry picked from commit ef545e0317e06cb388eec33c9dc4292f09473fdb)
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit verbosity]
2 years agoMerge pull request #19536 from ynezz/ynezz/openwrt-21.02-wolfssl-CVE-2022-39173
Petr Štetiar [Thu, 6 Oct 2022 11:34:38 +0000 (13:34 +0200)]
Merge pull request #19536 from ynezz/ynezz/openwrt-21.02-wolfssl-CVE-2022-39173

[21.02] treewide: fix security issues by bumping all packages using libwolfssl

2 years agolibgd: avoid recursive and redundant dependencies
Eneas U de Queiroz [Wed, 14 Sep 2022 21:32:47 +0000 (18:32 -0300)]
libgd: avoid recursive and redundant dependencies

Change the CONFLICTS line from the libgd-full to libgd to fix a
recursive dependency.

While at it, remove the redundant +LIBGD_TIFF:libtiff
+LIBGD_FREETYPE:libfreetype dependencies from Package/libgd/default.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 085eb34fbf7c7aaa20da35ebe2f493601c5f19b2)

2 years agotor: update to 0.4.7.10
Nick Hainke [Sat, 24 Sep 2022 15:59:40 +0000 (17:59 +0200)]
tor: update to 0.4.7.10

Release Notes:
https://forum.torproject.net/t/urgent-stable-release-0-4-5-14-0-4-6-12-and-0-4-7-10

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit b9cf0cdce6ee56778a0b7ecd3d5ed520b3e2dbac)
[fix commit title]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2 years agotreewide: fix security issues by bumping all packages using libwolfssl
Petr Štetiar [Mon, 3 Oct 2022 17:03:15 +0000 (19:03 +0200)]
treewide: fix security issues by bumping all packages using libwolfssl

As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.

Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
(cherry picked from commit f624e41f38e82e3b2df83e309e7bb00b68ad0091)

2 years agoMerge pull request #19518 from mhei/21.02-php8-update-8.0.24
Michael Heimpold [Tue, 4 Oct 2022 15:35:32 +0000 (17:35 +0200)]
Merge pull request #19518 from mhei/21.02-php8-update-8.0.24

[21.02] php8: update to 8.0.24

2 years agoMerge pull request #19517 from mhei/21.02-php7-update-7.4.32
Michael Heimpold [Tue, 4 Oct 2022 15:35:16 +0000 (17:35 +0200)]
Merge pull request #19517 from mhei/21.02-php7-update-7.4.32

[21.02] php7: update to 7.4.32

2 years agophp8: update to 8.0.24
Michael Heimpold [Tue, 4 Oct 2022 05:45:10 +0000 (07:45 +0200)]
php8: update to 8.0.24

This fixes:
    - CVE-2022-31629
    - CVE-2022-31628

Also refresh patch to apply cleanly.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 years agophp7: update to 7.4.32
Michael Heimpold [Tue, 4 Oct 2022 05:41:38 +0000 (07:41 +0200)]
php7: update to 7.4.32

This fixes:
    - CVE-2022-31628
    - CVE-2022-31629

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2 years agolibs/cjson: bump to 1.7.15
Karl Palsson [Fri, 23 Sep 2022 12:01:25 +0000 (12:01 +0000)]
libs/cjson: bump to 1.7.15

This is a bugfix release.
Full release notes available at: https://github.com/DaveGamble/cJSON/releases/tag/v1.7.15

Signed-off-by: Karl Palsson <karlp@etactica.com>
2 years agomosquitto: bump to 2.0.15
Karl Palsson [Mon, 19 Sep 2022 11:45:13 +0000 (11:45 +0000)]
mosquitto: bump to 2.0.15

Changelog: https://mosquitto.org/blog/2022/08/version-2-0-15-released/
Changelog: https://mosquitto.org/blog/2021/11/version-2-0-14-released/

2.0.15 is bigger security and bugfix release.  2.0.14 had a couple of
  minor changes and was skipped for OpenWrt.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2 years agomosquitto: add missing 'persistence' section in config
Ptilopsis Leucotis [Sun, 15 May 2022 04:02:40 +0000 (07:02 +0300)]
mosquitto: add missing 'persistence' section in config

Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.

Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
2 years agobind: bump to 9.18.7
Noah Meyerhans [Wed, 21 Sep 2022 18:57:50 +0000 (11:57 -0700)]
bind: bump to 9.18.7

Fixes multiple security issues:

CVE-2022-38178 - Fix memory leak in EdDSA verify processing

CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query

CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected

CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer

CVE-2022-2795 - Prevent excessive resource use while processing large
delegations

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 58bcd3fad37eaf56d4dbeecc0c73abe464e7e987)

2 years agoyq: Update to 4.27.5
Tianling Shen [Mon, 19 Sep 2022 02:33:32 +0000 (10:33 +0800)]
yq: Update to 4.27.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fca4f1b8301917cb4eb64d0f5e9bfb4836d3d8e8)

2 years agolighttpd: update to lighttpd 1.4.67 release hash
Glenn Strauss [Sun, 18 Sep 2022 07:02:40 +0000 (03:02 -0400)]
lighttpd: update to lighttpd 1.4.67 release hash

* update to lighttpd 1.4.67 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit f750089d26422557280ddfda1788f2491d15f701)

2 years agolighttpd: update to lighttpd 1.4.66 release hash
Glenn Strauss [Mon, 8 Aug 2022 06:04:22 +0000 (02:04 -0400)]
lighttpd: update to lighttpd 1.4.66 release hash

* update to lighttpd 1.4.66 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 5eaf000c837612df72c9207e225a2911a190f86f)

2 years agoknot-resolver: update to 5.5.3
Michal Vasilek [Thu, 22 Sep 2022 17:47:41 +0000 (19:47 +0200)]
knot-resolver: update to 5.5.3

* fixes CVE-2022-40188

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 5d2fd886930a95d14df02ca8fbaf6f3814df3c01)

2 years agolibtorrent-rasterbar: Update to 2.0.7
Tianling Shen [Sat, 3 Sep 2022 09:34:58 +0000 (17:34 +0800)]
libtorrent-rasterbar: Update to 2.0.7

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c741bf64cdac2ac1059c0e545e1afd842820c8c1)

2 years agoMerge pull request #19408 from paper42/knot-3.2.1-21
Josef Schlehofer [Wed, 21 Sep 2022 07:38:56 +0000 (09:38 +0200)]
Merge pull request #19408 from paper42/knot-3.2.1-21

[21.02] knot: update to version 3.2.1

2 years agoknot: update to version 3.2.1
Jan Hák [Tue, 13 Sep 2022 12:46:11 +0000 (14:46 +0200)]
knot: update to version 3.2.1

Signed-off-by: Jan Hák <jan.hak@nic.cz>
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 023df0992a8b3fff97eb9dd8c36708114ac0f1a7)

2 years agopython-flask-socketio: update to 5.3.1
Michal Vasilek [Fri, 16 Sep 2022 10:48:19 +0000 (12:48 +0200)]
python-flask-socketio: update to 5.3.1

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 7fd9d010a29173705241e2ade2172a28429234ca)

2 years agoksmbd-tools: add package with hotplug.d script for auto sharing
Rafał Miłecki [Wed, 10 Aug 2022 12:23:44 +0000 (14:23 +0200)]
ksmbd-tools: add package with hotplug.d script for auto sharing

One of common use cases for SMB3 server in routers is sharing hotplugged
drives. Users make many attempts setting that up which often are not
optimal.

This script handles it in the cleanest way by using:
1. hotplug.d mount subsystem
2. runtime config in the /var/run/config/

It provides a working basic solution that can be later adjusted by
modifying provided hotplug script.

A pretty much idential solution was part of the samba36 package. It was
added in the OpenWrt commit ef1efa756e0d0 ("samba36: add package with
hotplug.d script for auto sharing") as an answer for feature required by
the Rosinson company.

Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d0406d4c956e92f979802640832180eedd1a6efe)

2 years agoksmbd-tools: append config from /var/run/config/ for runtime shares
Rafał Miłecki [Wed, 10 Aug 2022 12:23:40 +0000 (14:23 +0200)]
ksmbd-tools: append config from /var/run/config/ for runtime shares

Dynamically created shares shouldn't be stored in the /etc/config/
because of:
1. Flash wearing
2. Risk of inconsistent state on reboots

With this change all automation/hotplug.d scripts can store runtime in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.

Also: automated scripts should never call "uci [foo] commit" as that
could flush incomplete config. This problem also gets solved.

Identical feature was added to samba36 in the OpenWrt commit
5a59e2c059866 ("samba36: append config from /var/run/config/ for runtime
shares") but wasn't ported to ksmbd until now.

Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c9cba619898d7bf87fc8277e57b473923d912c32)

2 years agosyslog-ng: update to version 3.38.1
Josef Schlehofer [Wed, 7 Sep 2022 10:00:59 +0000 (12:00 +0200)]
syslog-ng: update to version 3.38.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1

- Update the configuration file to use version 4.0 as mentioned in the
  release notes to try the latest changes

Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 34b7af9e0859418bb85e7d3ca131101dd912ae53)

2 years agoyq: Update to 4.27.3
Tianling Shen [Tue, 30 Aug 2022 06:48:07 +0000 (14:48 +0800)]
yq: Update to 4.27.3

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 90a76f6467c85157fabf1b614958f873b2169690)

2 years agoMerge pull request #19219 from ErwanMAS/backport_modifications_master
Josef Schlehofer [Tue, 30 Aug 2022 14:17:20 +0000 (16:17 +0200)]
Merge pull request #19219 from ErwanMAS/backport_modifications_master

tinc: backport  from master modifications

2 years agotinc: add creation of hosts directory for each network configuration
Erwan MAS [Sat, 5 Mar 2022 21:00:21 +0000 (16:00 -0500)]
tinc: add creation  of hosts directory for each network configuration

Signed-off-by: Erwan MAS <erwan@mas.nom.fr>
(cherry picked from commit fb99d50c1edd4be765bef6d55bee26bfb90576b6)

2 years agotinc: use 'uci_get_state' instead of 'uci -P /var/state get'
Etienne Champetier [Thu, 12 Aug 2021 20:41:05 +0000 (16:41 -0400)]
tinc: use 'uci_get_state' instead of 'uci -P /var/state get'

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 440d3c04505719df09e39706e6af7c470a49d458)

2 years agosyslog-ng: fix OOM issues by adding support for logrotate
Petr Štetiar [Tue, 9 Aug 2022 08:28:43 +0000 (10:28 +0200)]
syslog-ng: fix OOM issues by adding support for logrotate

With heavy system logging which goes by default into `/var/log/messages`
log file which is usually placed in tmpfs/RAM one can trigger OOM killer
fairly easily, thus killing random processes and in some cases making
system unusable.

This is likely happening due to the fact, that Linux by default uses 1/2
of available RAM for tmpfs, which might be for example an issue on low
RAM devices with ath10k wireless.

So let's fix it by adding logrotate functionality which should limit the
size of `/var/log/messages` log file to 1M by default, but could be
tweaked by config knob if needed be.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 660fa63faf2881d69f903a589568b72fbd4d61f5)

2 years agopython-uci: update to version 0.9.0
Josef Schlehofer [Thu, 25 Aug 2022 14:45:53 +0000 (16:45 +0200)]
python-uci: update to version 0.9.0

- Release notes:
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.9.0
- Update copyright while at it.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e340fe8a124d1dcda2768ce3dfbcbaaf30fac44e)

2 years agoMerge pull request #19223 from commodo/django-21.02
Alexandru Ardelean [Wed, 24 Aug 2022 09:27:40 +0000 (12:27 +0300)]
Merge pull request #19223 from commodo/django-21.02

[21.02] django: bump to version 3.2.15

2 years agolibgd: add conflicts to each other
Josef Schlehofer [Mon, 22 Aug 2022 12:58:19 +0000 (14:58 +0200)]
libgd: add conflicts to each other

The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 42b36b7180a1859502d72a42dcd6e9ef80519c55)

2 years agovim: variants conflict with each other
Karel Kočí [Mon, 22 Aug 2022 12:31:21 +0000 (14:31 +0200)]
vim: variants conflict with each other

This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.

Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.

Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468aeaf7747c2e94e579020aa7f595c649)

2 years agopciutils: backport patch to fix compilation with older binutils
Josef Schlehofer [Sun, 21 Aug 2022 08:44:33 +0000 (10:44 +0200)]
pciutils: backport patch to fix compilation with older binutils

While building pciutils 3.8.0 for OpenWrt 21.02 includes target
mvebu/cortex-a9, mvebu/cortex-a53 and powerpc/8540, it fails because of
this error:

-I<turris1x/ws/build/staging_dir/toolchain-powerpc_8548_gcc-8.4.0_musl/include>   -c -o filter.o filter.c
{standard input}: Assembler messages:
{standard input}:6: Error: multiple versions [`pci_filter_init@@LIBPCI_3.8'|`pci_filter_init@LIBPCI_3.3'] for symbol `pci_filter_init_v38'
{standard input}:8: Error: multiple versions [`pci_filter_parse_slot@@LIBPCI_3.8'|`pci_filter_parse_slot@LIBPCI_3.3'] for symbol `pci_filter_parse_slot_v38'
{standard input}:10: Error: multiple versions [`pci_filter_parse_id@@LIBPCI_3.8'|`pci_filter_parse_id@LIBPCI_3.3'] for symbol `pci_filter_parse_id_v38'
{standard input}:12: Error: multiple versions [`pci_filter_match@@LIBPCI_3.8'|`pci_filter_match@LIBPCI_3.3'] for symbol `pci_filter_match_v38'
make[4]: *** [<builtin>: filter.o] Error 1
make[4]: Leaving directory '<turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0/lib'>
make[3]: *** [Makefile:70: lib/libpci.so.3.8.0] Error 2
make[3]: Leaving directory '<turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0'>
make[2]: *** [Makefile:88: <turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0/.built]> Error 2
make[2]: Leaving directory '<turris1x/ws/build/feeds/packages/utils/pciutils'>

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f08dadd517e4ecd5c15d4016dd6261d9fee3d41b)

2 years agoliburcu: update to version 0.13.2
Jan Hák [Mon, 22 Aug 2022 08:51:40 +0000 (10:51 +0200)]
liburcu: update to version 0.13.2

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 754ba8920b1d5a61250897e146d1ad50778a7567)

2 years agoknot: update to version 3.2.0
Jan Hák [Mon, 22 Aug 2022 08:56:18 +0000 (10:56 +0200)]
knot: update to version 3.2.0

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 74e2bfdd27bbf3625498ede40e357c8d409fbe91)

2 years agodjango: bump to version 3.2.15
Alexandru Ardelean [Mon, 22 Aug 2022 06:27:39 +0000 (09:27 +0300)]
django: bump to version 3.2.15

Fixes: https://nvd.nist.gov/vuln/detail/CVE-2022-36359
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2 years agoCI: checkout HEAD commit rather than merge commit
Paul Spooren [Fri, 5 Mar 2021 09:16:00 +0000 (23:16 -1000)]
CI: checkout HEAD commit rather than merge commit

GitHub CI actions/checkout uses a merge commit which isn't compatible
with our formality checks. Instead checkout the pull request HEAD.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 13c1f2bcda33ab8fc17ede1f43f60e0aac8b7cab)

2 years agoCI: migrate formal checks from CircleCI to GitHub
Paul Spooren [Fri, 5 Mar 2021 02:52:35 +0000 (16:52 -1000)]
CI: migrate formal checks from CircleCI to GitHub

Run the formal checks like SoB message via the GitHub CI.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 1b46af0e594858c7df17f00ee8c3a42e32a76215)

2 years agosquid: bump to 4.17
Marko Ratkaj [Wed, 30 Mar 2022 13:29:13 +0000 (15:29 +0200)]
squid: bump to 4.17

Signed-off-by: Marko Ratkaj <markoratkaj@gmail.com>
(cherry picked from commit 15132b85b76409108c441470998c79d1b8d37814)

2 years agosquid: update to 4.16
Rosen Penev [Wed, 7 Jul 2021 03:37:25 +0000 (20:37 -0700)]
squid: update to 4.16

Fixes compilation with GCC11.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ad4c04283ec55f307db5fa5931157385315cafb7)

2 years agodnscrypt-proxy2: update to version 2.1.2
Fabian Lipken [Tue, 16 Aug 2022 07:34:23 +0000 (09:34 +0200)]
dnscrypt-proxy2: update to version 2.1.2

Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
(cherry picked from commit 2c617bbe224ab2e6878e86c5cd61dbfa59440500)

2 years agopciutils: update to 3.8.0
Lucian Cristian [Wed, 1 Jun 2022 14:55:00 +0000 (14:55 +0000)]
pciutils: update to 3.8.0

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit c5ec5c70b3bcb053fea8441f028dfac0c3a18d56)

2 years agorclone: Update to 1.59.1
Tianling Shen [Wed, 10 Aug 2022 09:03:25 +0000 (17:03 +0800)]
rclone: Update to 1.59.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5c4b54de567847f05d25260d4991bfa4ebe97c6e)

2 years agotelegraf: Update to version 1.23.4
Jonathan Pagel [Thu, 18 Aug 2022 05:14:35 +0000 (07:14 +0200)]
telegraf: Update to version 1.23.4

Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit e4555e03ee86ef62cf09ce1436c865d5eb472960)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
2 years agotelegraf: Add influxdb2 output plugin to package version small
Jonathan Pagel [Tue, 9 Aug 2022 05:27:45 +0000 (07:27 +0200)]
telegraf: Add influxdb2 output plugin to package version small

Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit a5e96189c3dadabb3e20d8139638bbb6da6773bf)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
2 years agoknot: update to 3.1.9
Jan Hák [Mon, 15 Aug 2022 12:50:23 +0000 (14:50 +0200)]
knot: update to 3.1.9

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 39a08a7aaf18a7b4a4a12f46006238336bd5dba3)

2 years agonumpy: bump to version 1.20.2
Alexandru Ardelean [Mon, 29 Mar 2021 06:51:56 +0000 (09:51 +0300)]
numpy: bump to version 1.20.2

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit 731bb0265da381b49e23fff9b1879a0a1d40f47e)

2 years agorclone: fix init script on CIDR format ipaddr
Liangbin Lian [Fri, 5 Aug 2022 08:20:32 +0000 (16:20 +0800)]
rclone: fix init script on CIDR format ipaddr

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 7af716f12d7aeaef48ccc3f025927808af0bf461)

2 years agoMerge pull request #19140 from BKPepe/gcc-21.02
Josef Schlehofer [Sat, 13 Aug 2022 08:08:32 +0000 (10:08 +0200)]
Merge pull request #19140 from BKPepe/gcc-21.02

gcc: update to allow compiling different versions

2 years agopython-websockets: update to version 10.3
Josef Schlehofer [Fri, 12 Aug 2022 19:35:25 +0000 (21:35 +0200)]
python-websockets: update to version 10.3

- Update copyright

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ce1679a07fab643b85217b35f8c7857a9e3199c1)

2 years agolibreswan: update to 4.6
Lucian Cristian [Tue, 18 Jan 2022 03:20:34 +0000 (05:20 +0200)]
libreswan: update to 4.6

this update also fixes a CVE

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit ec252c20cc635fb65f972facfcdc8756099a21dd)

2 years agolibreswan: update to 4.5
Lucian Cristian [Sun, 12 Sep 2021 10:00:42 +0000 (13:00 +0300)]
libreswan: update to 4.5

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit b2efa063d2c244fcf4f1defb635ece6e6460a8b3)

2 years agonss: update to 3.67
Rosen Penev [Wed, 7 Jul 2021 03:02:49 +0000 (20:02 -0700)]
nss: update to 3.67

Switch to AUTORELEASE for simplicity.

Disable parallel compilation as there's something wrong with NSS' build
system. Reliably fails with make -j 12 on a ryzen 3600.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1b9e2047007b675d8f40565f3586589f3bedc29c)

2 years agonss: update to 3.65
Lucian Cristian [Thu, 20 May 2021 21:06:23 +0000 (00:06 +0300)]
nss: update to 3.65

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 0f5eadf362ab3cbd3c89a5aa6828265bcc3bc1cd)

2 years agocgi-io: update to latest Git HEAD
Jo-Philipp Wich [Wed, 10 Aug 2022 21:52:19 +0000 (23:52 +0200)]
cgi-io: update to latest Git HEAD

901b0f0 main: fix two one-byte overreads in header_value()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 443c6c1c17e29466cc81f44504602d66d993bf86)

2 years agogcc: update to allow compiling different versions
W. Michael Petullo [Wed, 18 May 2022 22:06:25 +0000 (17:06 -0500)]
gcc: update to allow compiling different versions

This is based on the toolchain GCC, and aims to share as much of its
Makefile and patches with that definition. The package requires one
additional patch:

(1) 003-dont-choke-when-building-32bit-on-64bit.patch, which fixes the
`error: size of array 'test_real_width' is negative` error that occurs
when building a 32-bit GCC on a 64-bit host. (Search the Internet for
examples of this error appearing.)

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit ceaa6e840e0b57c1b47c784997187044e3311d23)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added gcc version 9.3.0, downgraded gcc to 10.2.0, removed gcc version
11.3.0 as it is now in sync with OpenWrt 21.02]

2 years agoyq: Update to 4.27.2
Tianling Shen [Sat, 6 Aug 2022 16:29:35 +0000 (00:29 +0800)]
yq: Update to 4.27.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 82a45b28b736642d263038e0b596c620fa5102e7)

2 years agogcc: enable parallel building
Eneas U de Queiroz [Thu, 23 Sep 2021 20:40:08 +0000 (17:40 -0300)]
gcc: enable parallel building

Even though PKG_BUILD_PARALLEL is set for the package, the package calls
$(MAKE) without $(PKG_JOBS), so it was always built with only one job.

Fix this by adding $(PKG_JOBS) to the $(MAKE) call, and calling make
install only after make all is finished.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1f91016ac35ee4ef007578b0d4bbe78eaeb9db67)

2 years agogcc: add cc symlink
Dirk Neukirchen [Thu, 4 Mar 2021 17:50:02 +0000 (18:50 +0100)]
gcc: add cc symlink

fixes #14755

Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
(cherry picked from commit 55cb4d1aee0055e26f19b968beaed83a2668ee51)

2 years agoPulseaudio: update to 14.2; avahi-variant: Restore Bluez functionality
Johnny Vogels [Tue, 2 Mar 2021 18:11:45 +0000 (19:11 +0100)]
Pulseaudio: update to 14.2; avahi-variant: Restore Bluez functionality

Signed-off-by: Johnny Vogels <35307256+jmv2009@users.noreply.github.com>
Pulseaudio: update to 14.2; avahi-variant: Restore Bluez functionality

Signed-off-by: Johnny Vogels <35307256+jmv2009@users.noreply.github.com>
2 years agoMerge pull request #19121 from autobakterie/libgpg-error_1-45
Josef Schlehofer [Sat, 6 Aug 2022 18:03:49 +0000 (20:03 +0200)]
Merge pull request #19121 from autobakterie/libgpg-error_1-45

libgpg-error: update to 1.45

2 years agoluajit: patch: PPC/e500 SPE: use soft float instead of failing
Šimon Bořek [Sat, 16 Jul 2022 16:56:32 +0000 (18:56 +0200)]
luajit: patch: PPC/e500 SPE: use soft float instead of failing

makes LuaJit builds for mpc85xx targets with SPE ISA extension
enabled possible

Quoting inner commit message:

This allows building LuaJit for systems with Power ISA SPE
extension[^1] support by using soft float on LuaJit side.

While e500 CPU cores support SPE instruction set extension
allowing them to perform floating point arithmetic natively,
this isn't required. They can function with software floating
point to integer arithmetic translation as well,
just like FPU-less PowerPC CPUs without SPE support.

Therefore I see no need to prevent them from running LuaJit
explicitly.

[^1]: https://www.nxp.com/docs/en/reference-manual/SPEPEM.pdf

Signed-off-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit a4a484fbca5c185456cf5ac26e6f47c03ca426e9)

2 years agolibgpg-error: update to 1.45
W. Michael Petullo [Tue, 10 May 2022 19:49:18 +0000 (14:49 -0500)]
libgpg-error: update to 1.45

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit c4842bdd2081748dbb8d12dd8856e870f73a3108)

2 years agolibgpg-error: update to 1.43
W. Michael Petullo [Sun, 12 Dec 2021 20:15:20 +0000 (14:15 -0600)]
libgpg-error: update to 1.43

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit d6000af907b9f517f27deef8b303e3474ee63f37)

2 years agorclone: update to 1.59.0
ZiMing Mo [Thu, 28 Jul 2022 07:54:34 +0000 (15:54 +0800)]
rclone: update to 1.59.0

Release note: https://rclone.org/changelog/#v1-59-0-2022-07-09

Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
(cherry picked from commit 05df1fe4f170342ffb0e8cbd5e1414ecf737469f)

2 years agonano: update to 6.4
Hannu Nyman [Tue, 2 Aug 2022 12:32:10 +0000 (15:32 +0300)]
nano: update to 6.4

Update nano editor to version 6.4.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 0aed2021800de9f567f2301716287f225220e1ba)

2 years agoksmbd: update to 3.4.5
Rosen Penev [Mon, 6 Jun 2022 02:54:57 +0000 (19:54 -0700)]
ksmbd: update to 3.4.5

Major changes are:

Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agoksmbd-tools: update to 3.4.5
Rosen Penev [Fri, 3 Jun 2022 23:48:12 +0000 (16:48 -0700)]
ksmbd-tools: update to 3.4.5

Major changes are:

Add support for Heimdal as the Kerberos 5 implementation.
Add smbd max io size parameter.
Accept global share options.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agoksmbd-tools: update to 3.4.4
Rosen Penev [Tue, 15 Feb 2022 02:31:34 +0000 (18:31 -0800)]
ksmbd-tools: update to 3.4.4

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2 years agoksmbd: set stoplevel
Fritz D. Ansel [Thu, 12 Aug 2021 05:01:30 +0000 (07:01 +0200)]
ksmbd: set stoplevel

to allow graceful stop of the daemon

Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
(cherry picked from commit 28ed2b82c5f6f73f2e41357b39a89714959d2a82)

2 years agotelegraf: Update to version 1.23.3
Jonathan Pagel [Mon, 25 Jul 2022 18:11:36 +0000 (20:11 +0200)]
telegraf: Update to version 1.23.3

Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 281d156a35830003e3844af6f195958715731dfb)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
2 years agoknot: update to 3.1.8
Jan Hák [Fri, 29 Apr 2022 12:27:07 +0000 (14:27 +0200)]
knot: update to 3.1.8

- Release notes:
https://www.knot-dns.cz/2022-04-28-version-318.html

- Refreshed patch to avoid offset

Signed-off-by: Jan Hák <jan.hak@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added commit message, refresh patch]
(cherry picked from commit db12181940e0136adaa20edb8923e90166847e3a)

2 years agodockerd: Update to v20.10.17
Gerard Ryan [Sun, 24 Jul 2022 05:31:43 +0000 (15:31 +1000)]
dockerd: Update to v20.10.17

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agodocker: Update to v20.10.17
Gerard Ryan [Sun, 24 Jul 2022 05:29:28 +0000 (15:29 +1000)]
docker: Update to v20.10.17

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agolibnetwork: Update to f6ccccb for Docker v20.10.17
Gerard Ryan [Sun, 24 Jul 2022 05:25:00 +0000 (15:25 +1000)]
libnetwork: Update to f6ccccb for Docker v20.10.17

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agocontainerd: Update to v1.6.6 for Docker v20.10.17
Gerard Ryan [Sun, 24 Jul 2022 05:17:03 +0000 (15:17 +1000)]
containerd: Update to v1.6.6 for Docker v20.10.17

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agorunc: Update to v1.1.2 for Docker v20.10.17
Gerard Ryan [Sun, 24 Jul 2022 05:10:50 +0000 (15:10 +1000)]
runc: Update to v1.1.2 for Docker v20.10.17

Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
2 years agodawn: update to 2022-07-24
Nick Hainke [Sun, 24 Jul 2022 10:52:26 +0000 (12:52 +0200)]
dawn: update to 2022-07-24

edca4d2 network: rework network status callbacks

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 28ca76d29bc0703474fd44815ceca6bd7b28efe6)

2 years agodawn: update to 2022-07-22
Nick Hainke [Fri, 22 Jul 2022 19:21:32 +0000 (21:21 +0200)]
dawn: update to 2022-07-22

10fb043 network: dump detail on ping pong received

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 1f60c232966b12b2f6e35a2705dc63883eec61c2)

2 years agoMerge pull request #18965 from commodo/django-update-21-02
Alexandru Ardelean [Fri, 22 Jul 2022 11:44:32 +0000 (14:44 +0300)]
Merge pull request #18965 from commodo/django-update-21-02

[21.02] django: bump to version 3.2.14

2 years agodawn: update to 2022-07-21
Nick Hainke [Thu, 21 Jul 2022 15:02:49 +0000 (17:02 +0200)]
dawn: update to 2022-07-21

bb362db datastorage: fix ap_array_unlink_entry always returns NULL
47e98ef network: ping pong keepalive for tcp connections
eba0354 network: add timeout for client connections

In the dawn config the con_timeout needs to be added:
  option con_timeout '60'

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 204fd77bbc810e64602bbd758af4bef6c76844b1)

2 years agogolang: Update to 1.17.12
Jeffery To [Mon, 18 Jul 2022 12:16:34 +0000 (20:16 +0800)]
golang: Update to 1.17.12

Includes fixes for:

* CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding
  header
* CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions
* CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip
* CVE-2022-30630: io/fs: stack exhaustion in Glob
* CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read
* CVE-2022-30632: path/filepath: stack exhaustion in Glob
* CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal
* CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode
* CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit
  X-Forwarded-For not working

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2 years agoyq: Update to 4.26.1
Tianling Shen [Mon, 18 Jul 2022 03:42:39 +0000 (11:42 +0800)]
yq: Update to 4.26.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 4df4b8eae7f65960ca18c364b37f089b018a8dce)

2 years agoxray-core: Update to 1.5.9
Tianling Shen [Mon, 18 Jul 2022 03:46:10 +0000 (11:46 +0800)]
xray-core: Update to 1.5.9

Updated geodata to latest version while at it.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 25922c6afdc344e2e402e482d3318219006451c5)

2 years agodawn: update to 2022-07-18
Nick Hainke [Mon, 18 Jul 2022 15:54:27 +0000 (17:54 +0200)]
dawn: update to 2022-07-18

e596ff1 ubus.c: only add nr entries matching our own SSID

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit bb0d45ed355264ca606d01699ca59edaf6848eab)

2 years agodjango: bump to version 3.2.14
Alexandru Ardelean [Mon, 18 Jul 2022 14:42:44 +0000 (17:42 +0300)]
django: bump to version 3.2.14

Fixes https://nvd.nist.gov/vuln/detail/CVE-2022-34265

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2 years agopostfix: fix download failure
Michal Vasilek [Sat, 16 Jul 2022 20:43:08 +0000 (22:43 +0200)]
postfix: fix download failure

cdn.postfix.johnriley.me serves a certificate for a different domain
name.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit d4feef97e6ee7b6477d53c28c9b151ae0c8974d8)

2 years agodawn: update to 2022-07-16
Nick Hainke [Sat, 16 Jul 2022 17:36:32 +0000 (19:36 +0200)]
dawn: update to 2022-07-16

0689b5e ubus: add missing lock for ubus hearing_map
4b7db09 CONFIGURE.md: fix typo
b3f61d4 CONFIGURE.md: adjust documentation about log levels

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit eef9ee0b83afe45bdf83f966e9532f83acf08ef0)

2 years agolibuwsc: fix compiltation with wolfSSL
Eneas U de Queiroz [Fri, 15 Jul 2022 18:00:20 +0000 (15:00 -0300)]
libuwsc: fix compiltation with wolfSSL

wolfssl/options.h needs to be included before the other wolfssl headers
to enable OpenSSL API required to build the package.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 8fb3fd3dac586ccb38a3a30aa4d0e1656aea2dc3)

2 years agotelegraf: Update to version 1.23.2
Jonathan Pagel [Wed, 13 Jul 2022 10:37:18 +0000 (12:37 +0200)]
telegraf: Update to version 1.23.2

Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 591f8cad333b36962aefbeccc6b0fa77e5826429)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
2 years agotelegraf: Update to version 1.23.1
Jonathan Pagel [Mon, 11 Jul 2022 06:56:51 +0000 (08:56 +0200)]
telegraf: Update to version 1.23.1

Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 9b1cdb7b52a29d8923a68234dd6ca068e245c6d0)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
2 years agoxr_usb_serial_common: bump to 2022-03-30
Eneas U de Queiroz [Thu, 5 May 2022 13:25:10 +0000 (10:25 -0300)]
xr_usb_serial_common: bump to 2022-03-30

This is the latest commit that touches the xr_usb_serial_common-1a dir.
The changes are restricted to whitespace fixes and kernel version
adaptations:
ecc6ebe xr_usb: Use tty_driver_kref_put for kernel 5.15 and above
caf6d25 xr_usb: Use tty_alloc_driver for kernel 5.15 and above
a42b7e6 xr_usb: Compilation fixes for kernel 5.14
497adb7 #39 fix compilation for newer linux kernels
9103471 xr_usb: fix some whitespace errors

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eadab32450857dcb98ceb55fbddc8b2a30660a7c)

2 years agofio: update to 3.29
Rosen Penev [Mon, 28 Mar 2022 21:25:29 +0000 (14:25 -0700)]
fio: update to 3.29

Fixes compilation with kernel 5.15

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d1edd7677a8af4c286cc47ca6ffc37e573ef15fc)

2 years agolibarchive: fix ext2fs build race error condition
Petr Štetiar [Thu, 16 Jun 2022 11:38:11 +0000 (13:38 +0200)]
libarchive: fix ext2fs build race error condition

libarchive looks for ext2fs headers during configure, and if it finds
them it will expect to find them during compile, or on the rare occasion
when they aren't it will fail:

 libarchive/archive_entry.c:59:55: fatal error: ext2fs/ext2_fs.h: No such file or directory

As we just need headers for some type constants, let's re-use headers
from tools/e2fsprogs package which are always available.

Reported-by: Adam Dov <adov@maxlinear.com>
Suggested-by: Paul Eggleton <paul.eggleton@linux.intel.com>
References: https://git.yoctoproject.org/poky/commit/?id=f0b9a7cf9f80be1917e45266fa201f464a28c1e5
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 797945dfaa0e7de8d6b0ada472bda63bb27f0cdc)

2 years agonode: July 7th 2022 Security Releases
Hirokazu MORIKAWA [Sat, 9 Jul 2022 07:15:56 +0000 (16:15 +0900)]
node: July 7th 2022 Security Releases

Update to v14.20.0

Release for the following issues:
HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)(CVE-2022-32213)
HTTP Request Smuggling - Improper Delimiting of Header Fields (Medium)(CVE-2022-32214)
HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)(CVE-2022-32215)
DNS rebinding in --inspect via invalid IP addresses (High)(CVE-2022-32212)

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2 years agopython-cryptography: Fix failing build
Jeffery To [Thu, 7 Jul 2022 09:35:41 +0000 (17:35 +0800)]
python-cryptography: Fix failing build

Fixes https://github.com/openwrt/packages/issues/18876.
Fixes https://github.com/openwrt/packages/issues/18879.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 9e3b7d78837b7181b859472894aa243a2eae595b)

2 years agonft-qos: simplify ifname retrieval
Etienne Champetier [Thu, 12 Aug 2021 21:35:44 +0000 (17:35 -0400)]
nft-qos: simplify ifname retrieval

network_get_device should be enough, and since https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=4b9a67362d70c544b85078b8d5c661f43f7472d9
uci network config interface sections use 'device' instead of 'ifname',
rendering the fallback useless

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 76b750d7201e953b99b5f2600d2f616acf226405)