Michael Heimpold [Sat, 5 Oct 2024 14:41:02 +0000 (16:41 +0200)]
php8: update to 8.1.30
This fixes:
- CVE-2024-8925
- CVE-2024-8926
- CVE-2024-8927
- CVE-2024-9026
Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.1.30
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Paul Donald [Sun, 31 Mar 2024 18:25:17 +0000 (20:25 +0200)]
p910nd: set bidi only if not already set
Closes #23774
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
(cherry picked from commit
4628b6bd43ac1c212363535fe4d32739c5f7e622)
Karol Kolacinski [Sat, 6 Jul 2024 16:12:01 +0000 (18:12 +0200)]
transmission: update to version 4.0.6
Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.6
Remove temporary patch included in 4.0.6 release.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
(cherry picked from commit
c32139757cf13b78a114fbd900aadba8ae1b94b7)
Seo Suchan [Sat, 11 May 2024 19:20:50 +0000 (04:20 +0900)]
transmission: fix compile with MbedTLS 3.X
Backport pending patch, which was submitted to upstream via GitHub
to use renamed function to compile it against MbedTLS 3.x.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
(cherry picked from commit
42140c67e04392898e8372c4619a9c7ebfa876ca)
Denis Shulyaka [Tue, 16 Jul 2024 10:54:54 +0000 (13:54 +0300)]
ddns-scripts: Update knot resolver regexp
The output format of `khost` has changed. This commit fixes the regexp
for IPv4. It fixes the issue of using a custom DNS to resolve current
address.
```bash
root@localhost:~# khost ns2.afraid.org
ns2.afraid.org. has IPv4 address 69.65.50.223
ns2.afraid.org. has IPv6 address 2001:1850:1:5:800::6b
Host ns2.afraid.org. has no MX record
root@localhost:~# khost --version
khost (Knot DNS), version 3.3.5
```
Signed-off-by: Denis Shulyaka <Shulyaka@gmail.com>
(cherry picked from commit
ebeae334d9ff39d81898a7d8b5275151518318f1)
Dengfeng Liu [Wed, 10 Jul 2024 09:05:37 +0000 (17:05 +0800)]
apfree-wifidog: Update to 7.07.2018
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
b6431127400f2858216c72c3175de9643620e11c)
Dengfeng Liu [Wed, 10 Jul 2024 09:02:46 +0000 (17:02 +0800)]
apfree-wifidog: support wildcard domain
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
ca8fe51fd8b6067bf671d627c57911d299ab940c)
John Audia [Mon, 1 Jul 2024 10:20:33 +0000 (06:20 -0400)]
openssh: bump to 9.8p1
Release notes: https://www.openssh.com/txt/release-9.8
* 9.8p1 fixes CVE-2024-6387
* Adjusted Makefile to provide /usr/lib/sshd-session
* Given the troubles with -fzero-call-used-regs and all the
broken checks, makes sense to skip it
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
75674f0439ee497bc6b77222a23e3974d150be89)
Milinda Brantini [Thu, 20 Jun 2024 06:46:08 +0000 (14:46 +0800)]
powertop: update to 2.15
Release mainly focuses on bug fixes and patching compatibility issues.
Also, adds support to multiple platforms.
Removed obsolete patch as upstream has fixed.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
153984a8fb36134b410939f24c6425c785a66105)
[Remove $(AUTORELEASE) to avoid
frequent conflicts during cherry-pick updates.]
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Philip Prindeville [Mon, 6 May 2024 20:14:55 +0000 (14:14 -0600)]
strongswan: Add missing declarations in swanctl
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
d95f6625e3fbb25f3f42401864268ae722a6c410)
Signed-off-by: Richard Muzik <richard.muzik@nic.cz>
Philip Prindeville [Sun, 26 Mar 2023 19:27:02 +0000 (13:27 -0600)]
strongswan: Fix indent for hw_offload, interface, priority
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
03eab9b63b8e813108b3e7f0db50a3041515472e)
Signed-off-by: Richard Muzik <richard.muzik@nic.cz>
Philip Prindeville [Wed, 9 Nov 2022 03:07:48 +0000 (20:07 -0700)]
strongswan: Fix PSK's when using multiple connections
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
796443267f797ddd2a219a5699097a9b215680a4)
Signed-off-by: Richard Muzik <richard.muzik@nic.cz>
Robert Marko [Sat, 2 Sep 2023 15:46:46 +0000 (17:46 +0200)]
mhz: respect CC and CFLAGS passed by buildsystem
It seems that the Makefile has both CC and CFLAGS hardcoded and does not
allow overriding them by ones being passed by the buildsystem.
This works fine until CONFIG_PKG_ASLR_PIE_ALL is selected, then building
will fail with:
arm-openwrt-linux-muslgnueabi/bin/ld.bfd: mhz.o: relocation R_ARM_MOVW_ABS_NC against `a local symbol' can not be used when making a shared object; recompile with -fPIC
arm-openwrt-linux-muslgnueabi/bin/ld.bfd: mhz.o(.text+0x75c): unresolvable R_ARM_CALL relocation against symbol `__aeabi_l2d@@GCC_3.5
So, lets add a patch pending upstream that allows both CC and CFLAGS to be
overriden so that ones passed by the buildsystem are actually respected.
Fixes: 89123b308f98 ("mhz: add new package")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit
6c28f46f37d35dce06c320d9ac7f256c113aea22)
Signed-off-by: Richard Muzik <richard.muzik@nic.cz>
Milinda Brantini [Thu, 20 Jun 2024 07:44:41 +0000 (15:44 +0800)]
natmap: reset PKG_RELEASE to 1
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
1d542b8919a0e98836055bdd251e0345b80a0bc6)
Milinda Brantini [Mon, 3 Jun 2024 16:36:36 +0000 (00:36 +0800)]
natmap: update to
20240603
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
(cherry picked from commit
b0a4fd300f23f99bc678162165c23e93bb1e24e8)
Glenn Strauss [Sun, 12 May 2024 07:11:32 +0000 (03:11 -0400)]
lighttpd: fix missing dependency for OpenSSL crypto library
This change will provide the necessary dependency resolution, fixing:
Package lighttpd is missing dependencies for the following libraries:
libcrypto.so.3
Fixes: #23794
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a300185d49e87848f9b8027393196631841b32f6)
Petr Štetiar [Wed, 24 Apr 2024 19:28:40 +0000 (19:28 +0000)]
lighttpd: add option to use OpenSSL crypto library
Currently, it is not feasible to configure lighttpd to use OpenSSL as
its internal crypto library. Instead, one must rely on alternative
crypto libraries such as Nettle or mbedTLS. This setup is not ideal in
scenarios where a single crypto library is preferred. To address this
issue, lets propose introducing OpenSSL as an additional configuration
option. Similarly, propose GnuTLS as additional configuration option.
Closes: #24004
Co-developed-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
8c9597f1dcb0ab5965a5ecdb506e234c5da61a3e)
Dengfeng Liu [Thu, 13 Jun 2024 07:59:50 +0000 (15:59 +0800)]
apfree-wifidog: update to 7.06.2008
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
a1b1bd87bf87643e8a3b9235c3b21a3099722658)
Dengfeng Liu [Thu, 13 Jun 2024 07:57:58 +0000 (15:57 +0800)]
apfree-wifidog: support rule group and websocket&dns proxy flag
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
a34f47e7bb067f98419c217d132e529549d2ecc5)
Michael Heimpold [Mon, 10 Jun 2024 04:52:26 +0000 (06:52 +0200)]
Merge pull request #24342 from mhei/22.03-php8-update-to-8.1.29
[22.03] php8: update to 8.1.29
Christian Marangi [Sun, 29 Oct 2023 15:15:02 +0000 (16:15 +0100)]
fdm: update to 2.2 release and switch to PCRE2
Update to release 2.2 and switch to PCRE2. New release switched from
PCRE to PCRE2 and is now required.
Drop patch merged upstream and backport 2 additional patch that fix a
user-after-free and a PCRE2 bug.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
13982c13d09803b8979f7934c6048db9ad240338)
Christian Marangi [Thu, 14 Dec 2023 15:14:58 +0000 (16:14 +0100)]
wifidog: make it compile again with recent version of WolfSSL
Recent version of WolfSSL dropped CyaSSL shims and made the package not
compilable. Converting it to the WolfSSL library is simple enough as the
API used are very basic and can be converted directly. Add patch that
fully convert the package to WolfSSL and doesn't use the compat shim
anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b38e3cd257b3db79897d7ae7c9976af1d57f29b3)
Christian Marangi [Tue, 19 Mar 2024 10:40:36 +0000 (11:40 +0100)]
libpfring: backport patch fixing compilation error for sa_data
Backport patch fixing compilation error for sa_data not well defined.
This is triggered only on platform that makes use of fortify string and
cause compilation error due to the fact that sa_data is not well defined
and his size is arbitrary.
Patch has been accepted in the PF_RING project and this is just a
backport.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
c3a50a9fac8f9d8665f8b012abd85bb9e461e865)
John Thomson [Fri, 21 Oct 2022 04:01:24 +0000 (14:01 +1000)]
libpfring: update to 8.4.0
Release notes:
https://github.com/ntop/PF_RING/releases/tag/8.4.0
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit
534bd518f3fff6c31656a1edcd7e10922f3e06e5)
Christian Marangi [Sun, 14 May 2023 13:56:08 +0000 (15:56 +0200)]
libpfring: fix compilation warning
Fix simple compilation warning with checking statically allocated
variables and missing fallthrough.
Fix compilation warning:
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'ring_release':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:5489:6: error: the comparison will always evaluate as 'true' for the address of 'name' will never be NULL [-Werror=address]
5489 | && pfr->zc_device_entry->zc_dev.dev->name) {
| ^~
In file included from ./include/linux/rtnetlink.h:7,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:84:
./include/linux/netdevice.h:1986:33: note: 'name' declared here
1986 | char name[IFNAMSIZ];
| ^~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'ring_bind':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:5620:18: error: the comparison will always evaluate as 'false' for the address of 'sa_data' will never be NULL [-Werror=address]
5620 | if(sa->sa_data == NULL)
| ^~
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:82:
./include/linux/socket.h:34:25: note: 'sa_data' declared here
34 | char sa_data[14]; /* 14 bytes of protocol address */
| ^~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'hash_pkt_cluster':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:3937:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
3937 | if(l3_proto == IPPROTO_TCP)
| ^
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:3944:3: note: here
3944 | case cluster_per_flow_2_tuple:
| ^~~~
cc1: all warnings being treated as errors
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
2f86385ff56c4e204133dfeef9e0ec1cada6ba56)
John Audia [Tue, 12 Mar 2024 12:13:02 +0000 (08:13 -0400)]
openssh: bump to 9.7p1
Release notes: https://www.openssh.com/txt/release-9.7
Removed upstreamed patch: 010-better_fzero-call-detection.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
6be0617c00bdf5e9309ad3738d09fe498cb9fb0a)
Michael Heimpold [Sat, 8 Jun 2024 05:32:11 +0000 (07:32 +0200)]
php8: update to 8.1.29
This fixes:
- CVE-2024-4577
- CVE-2024-5458
- CVE-2024-5585
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Jeffery To [Mon, 7 Aug 2023 06:39:56 +0000 (14:39 +0800)]
python-jmespath: Update to 1.0.1
This also updates the Python dependency from python3 to python3-light.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
cde28d04e67a522bc7b6ecce90a3664d0c1a6f03)
Jeffery To [Thu, 20 Jul 2023 09:50:18 +0000 (17:50 +0800)]
python-botocore: Update to 1.31.7, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
3d83c5c8d6c83e8d3ad571b9aeb0c8bef3592cb6)
Jeffery To [Thu, 20 Jul 2023 09:52:12 +0000 (17:52 +0800)]
python-s3transfer: Update to 0.6.1, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
1ac094d012ece0621f62dae37916cbc730b25cbc)
Jeffery To [Thu, 20 Jul 2023 09:54:47 +0000 (17:54 +0800)]
python-boto3: Update to 1.28.7, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
182eaed42d4172fbe7ebd6bfe8f3ff0b4599ddbc)
Jeffery To [Thu, 20 Jul 2023 09:57:49 +0000 (17:57 +0800)]
python-awscli: Update to 1.29.7, update dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
211724c3fc0ed3c1a96c1e6be547c085bd340cae)
Dengfeng Liu [Mon, 27 May 2024 11:03:39 +0000 (19:03 +0800)]
xfrpc: update to 3.05.661
This version is compatible with FRPS 0.58.0
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
d5c22612a90e9a0fd09d4307e567240562a10287)
Dengfeng Liu [Mon, 27 May 2024 11:01:22 +0000 (19:01 +0800)]
xfrpc: Revised the config file and adjusted the corresponding init file
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
e39af317532bd67580e6d12d4b4c9590cafa574e)
Olivier Poitrey [Fri, 24 May 2024 11:36:01 +0000 (11:36 +0000)]
nextdns: Update to version 1.43.5
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Christian Lachner [Sun, 19 May 2024 08:44:43 +0000 (10:44 +0200)]
haproxy: update to v2.4.26
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.4.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0
Update nano editor to version 8.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
69166dbbb709625a848f327c9822c667db39744f)
Olivier Poitrey [Mon, 29 Apr 2024 21:54:18 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5
Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
19a424aede70ddaedb1153144216db6423fa09e2)
Jeffery To [Tue, 7 Nov 2023 09:40:15 +0000 (17:40 +0800)]
CI: Update sdk action, always upload artifacts
The updated version of gh-action-sdk will return compiled packages and
build logs for both build success and build errors.
This ensures these artifacts are always uploaded. This also sets the V
environment variable to enable verbose build output.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
aca4330c0427a7a2d1cdc23b14207a95a15b292c)
Jeffery To [Wed, 10 May 2023 06:10:37 +0000 (14:10 +0800)]
CI: Do package run-tests only if target packages were built
Currently, the package run-test phase will fail for PRs that only
add/update host-only packages, as no target packages (*.ipk) are built.
This checks if any target packages are built before attempting the
run-tests.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
5ce254fd8e4136fbb3d385f4e55e2cdae0d6eb39)
Jeffery To [Wed, 10 May 2023 05:51:59 +0000 (13:51 +0800)]
CI: Run "apt-get update" before installing signify-openbsd
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
955a90944b2ebfbd66a6149d14126d6d9ced6c5e)
Jeffery To [Wed, 22 Mar 2023 07:46:13 +0000 (15:46 +0800)]
CI: Add local feed for CI-built packages
To test each package, the CI-built target package (ipk) file is
installed, but currently the target package's dependencies are installed
from the standard opkg feeds.
There are cases when the CI-built target packages should be
installed/tested together:
* If a pull request contains several new packages that depend on each
other, the test step will fail as the new dependencies cannot be found
in the current packages feed.
* If a pull request upgrades a source package that builds several target
packages that depend on each other, the test step may fail due to the
version/ABI mismatch between a newer target package and the older
dependencies installed from the packages feed.
This sets up a local feed for the CI-built packages so that dependencies
are also installed from the same set of packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
e9bb94840288d35b90ca43574b698c43403a7ec4)
Paul Spooren [Thu, 14 Mar 2024 13:46:15 +0000 (14:46 +0100)]
ci: set correct arch for rootfs tests
With the commit
01e5cfc "CI: Add target/arch tags (no suffix) for
snapshot images"[1] the os/platform is set for all images, which is usually
different from what the GitHub action runner uses (x86). The Docker
deamon still tries to fetch the x86 version and fails.
This commit explicitly sets the fitting arch.
[1]: https://github.com/openwrt/docker/commit/
01e5cfccd73a72ecab730496607c7c22b904f366
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
d359fa04eda29638b9326c194490685c1177fd49)
Stan Grishin [Mon, 29 Apr 2024 00:33:55 +0000 (17:33 -0700)]
Merge pull request #24024 from rs/nextdns-1.43.0-openwrt-22.03
[22.03] nextdns: Update to version 1.43.0
Sibren Vasse [Wed, 20 Dec 2023 16:01:50 +0000 (17:01 +0100)]
openssh: fix build failure on powerpc_8548
https://github.com/openssh/openssh-portable/commit/
1036d77b34a5fa15e56f516b81b9928006848cbd
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
a79c49578ca136556bd10d8990aa52ef4eb0664b)
Rucke Teg [Wed, 3 Jan 2024 22:11:05 +0000 (23:11 +0100)]
openssh: bump to 9.6p1
Release notes: https://www.openssh.com/txt/release-9.6
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
(cherry picked from commit
e8dfc6abbee88f35887c66ec785b081252d6d07d)
John Audia [Wed, 4 Oct 2023 19:35:03 +0000 (15:35 -0400)]
openssh: bump to 9.5p1
Changelog: https://www.openssh.com/txt/release-9.5
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
6dc86d46da18d573971b7e7a2d625b2498dbe249)
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Marius Dinu [Wed, 30 Nov 2022 09:45:13 +0000 (11:45 +0200)]
tvheadend: Fix github warning about AUTORELEASE
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
091681e1523d2943e665c392b09f79d6959fe632)
Marius Dinu [Wed, 30 Nov 2022 09:21:39 +0000 (11:21 +0200)]
tvheadend: add conditions for -O3 and LTO optimizations
Building for arc, mips and powerpc platforms fails if -O3 and LTO optimizations are enabled. This patch removes that option for everything other than arm and x86_64. These are known to work.
Fixes issue #19923.
Also fixes a typo in the description.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit
149053198146a8821e8c12d7c7fce8c3a175c5b7)
Ivan Pavlov [Fri, 4 Nov 2022 21:22:12 +0000 (00:22 +0300)]
openvpn: update to 2.5.8
Mostly bugfix release
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.5.8/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit
f49645d24c2bf0a920dbb9b84621f1f26bf0b22e)
Martin Schiller [Tue, 14 Jan 2020 14:20:14 +0000 (15:20 +0100)]
openvpn: add possibility to set param "compress" without algorithm
In some situations you need to set the compress param without an
algorithm. Compression will be turned off, but the packet framing for
compression will still be enabled, allowing a different setting to be
pushed later.
As it is not possible to have options with optional values at the
moment, I've introduced a pseudo value "frames_only" which will be
removed in the init script.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit
5ce5220eb23ffdfcce74541f07cff4fb3a3ade08)
Sibren Vasse [Fri, 11 Aug 2023 15:14:55 +0000 (17:14 +0200)]
openssh: update to 9.4p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
7fb8e823b977c6d95225cc98fdb1f31455b5e179)
Philip Prindeville [Mon, 7 Aug 2023 21:21:26 +0000 (15:21 -0600)]
openssh: add server config subdirectory
Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit
ead95a26b68f4145937034d84abdf9e0f7fe1eb7)
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description
This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.
Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
(cherry picked from commit
06ea66c55866aa409ab567a593a22bd24e727f04)
Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate
Make the daemon reload after the tls certificate is updated
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit
fd1d506fff9462b3329585bdd148a6fd78cbd27a)
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1
Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1
Also bump version in the config file to avoid warning
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now
The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
26c101edc3e918be4fbfe76b3514d1c8398f7d31)
Jeffery To [Wed, 11 May 2022 08:40:55 +0000 (16:40 +0800)]
CircleCI: Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
dce83a50225774f9dfcb0c27415dd3fea528a878)
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options
Introduce `log_stdout` and `log_stderr` options for managing logging output.
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
5abbd3bcb2362963a2cc49c0a9de78dd5c5af185)
Josef Schlehofer [Tue, 23 Apr 2024 14:37:21 +0000 (16:37 +0200)]
modemmanager: drop backported patches
These patches were included in 1.18.8, thus it can be removed.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Aleksander Morgado [Fri, 4 Nov 2022 13:52:04 +0000 (14:52 +0100)]
modemmanager: fix unquoted strings when launching pppd
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
eb283ea8a3d0ff573b04242b045934541a460f06)
Arkadiusz Drabczyk [Wed, 13 Jul 2022 12:35:34 +0000 (14:35 +0200)]
modemmanager: fix mm_log() invocations in 25-modemmanager* files
Definition of mm_log() was changed in
45a56a889943b437f78fa2bfca3d5d8ac555c77e but 25-modemmanager* weren't
changed.
Signed-off-by: Arkadiusz Drabczyk <arkadiusz@drabczyk.org>
(cherry picked from commit
cdbc7a67fc17e6472ef9a1344d85f0137e8c2c59)
Aleksander Morgado [Mon, 13 Jun 2022 10:24:43 +0000 (12:24 +0200)]
modemmanager: explicitly disconnect even if no bearers found
A network restart where netifd is cleanly restarted involves bringing
the network interfaces down. The 'modemmanager' protocol handler will
run a mmcli --simple-disconnect in this case, but only if there are
bearer objects found.
If the network restart happened *during* the connection attempt
procedure, while the modem is e.g. being registered in the network, no
bearer objects exist yet, and so, we would skip doing anything during
the interface teardown operation. This would lead to the original
connection attempt succeeding, so leaving the modem in ModemManager
in connected state, while the associated interface in netifd is
reported down.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
c15e94f6c5fbbaedd41fd74b930a2a205f80afc0)
Aleksander Morgado [Wed, 4 May 2022 12:01:57 +0000 (14:01 +0200)]
modemmanager: report network initiated disconnections to netifd
The new connection dispatcher scripts support integrated in
ModemManager 1.18.8 allows us to provide a openwrt-specific dispatcher
script used to report netifd that the underlying network connection is
down.
See also https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/775
Fixes https://github.com/openwrt/openwrt/issues/8368
Fixes https://github.com/openwrt/packages/issues/14096
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
bc754f31cfdb004eefa43038f8f0827922107fc6)
Aleksander Morgado [Tue, 29 Mar 2022 11:12:43 +0000 (13:12 +0200)]
modemmanager: install available FCC unlock scripts
The FCC unlock scripts are installed but not enabled by default.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
(cherry picked from commit
e430420aa176af672e913a2e50c5911e3ea70ef3)
Maxim Anisimov [Mon, 12 Sep 2022 07:01:33 +0000 (10:01 +0300)]
modemmanager: bump to 1.18.12
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
(cherry picked from commit
c588b92d517fa015d5ca54cce26d29e35f8bfa97)
Jan Klos [Mon, 18 Mar 2024 20:26:51 +0000 (21:26 +0100)]
unbound: update to 1.19.3
Signed-off-by: Jan Klos <jan@klos.xyz>
(cherry picked from commit
558cbcac4698d58b11be23f954a7f64a296ab593)
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
ee8b29de2c42ffc7796cd825f38b19e56f838cd4)
Andrew Sim [Sun, 22 Oct 2023 06:12:44 +0000 (08:12 +0200)]
transmission: update to 4.0.4
Update Transamission to 4.0.4 stable release
Changelog: https://github.com/transmission/transmission/releases/tag/4.0.4
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit
45170d9b672b6e017f51c7ac2cdae9b636f2c0b2)
Michael Heimpold [Tue, 16 Apr 2024 19:10:07 +0000 (21:10 +0200)]
Merge pull request #23940 from mhei/22.03-php8-update-to-8.1.28
[22.03] php8: update to 8.1.28
Michael Heimpold [Mon, 15 Apr 2024 20:05:53 +0000 (22:05 +0200)]
php8: update to 8.1.28
This fixes:
- CVE-2024-1874
- CVE-2024-2756
- CVE-2024-3096
While at, switch to https download URL.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a5557a2a47f57c651dd5dc97eac40de26617de91)
Josef Schlehofer [Tue, 5 Mar 2024 17:03:13 +0000 (18:03 +0100)]
lualanes: update to version 3.16.3 and use tarball
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
8b7040b6de0d485fa3867ff315cd30f873c49a55)
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
(cherry picked from commit
08e51ab50a452d1c6217f3a6767f66146814878b)
krant [Wed, 7 Feb 2024 13:35:30 +0000 (15:35 +0200)]
hwdata: update to 0.379
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
9f45bfd3d5233284095a7bbe789c1f947138048c)
Jo-Philipp Wich [Thu, 4 Apr 2024 23:33:50 +0000 (01:33 +0200)]
nano: fix syntax highlighting for raw ucode scripts
Text between interpreter line and start of first directive should only
highlighted as uninterpreted when running in template mode, so adjust
the match rule accordingly.
Fixes: #23761
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
8f9564387d136c2a09c763b4c4ac7e4aa16baeb5)
Jo-Philipp Wich [Wed, 8 Nov 2023 13:53:37 +0000 (14:53 +0100)]
nano: add syntax highlighting for ucode scripts
Introduce local syntax highlighting support for ucode scripts, like
it is done already for uci configuration files.
Ref: https://github.com/jow-/ucode/issues/178
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d8a574f7f0eb2f5970119a2b0527048583054180)
Peca Nesovanovic [Wed, 20 Mar 2024 20:21:36 +0000 (21:21 +0100)]
p910nd: fix running multiple instances
Compile tested: (ramips, rb760igs, 23.05 snapshot)
Run tested: (ramips, rb760igs, 23.05 snapshot, tests done)
Description:
In case we have multiple device defined in /etc/config/p910nd then init script will try to start multiple instance with same instance name
drop instance name as resolution
tested on 23.05 snapshot with 2 USB printers
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
(cherry picked from commit
152d80ce1326d0b1fee8e324ec8e68dd9f44cf4a)
Josef Schlehofer [Tue, 5 Mar 2024 19:44:47 +0000 (20:44 +0100)]
syslog-ng: enable http module based on zlib support in curl
Since version 4.4.0, syslog-ng added compression to http() destination
using zlib from curl. [1] However, zlib is currently disabled in curl [2]
and it prevented syslog-ng to start.
This commit changes the configuration opinion to enable http module only if
zlib support is enabled for curl and as well it adds dependency for zlib (in that case).
If the zlib is disabled, then it disables http module, so syslog-ng can start
and thus zlib dependency is not required.
[1] https://gitlab.nic.cz/turris/os/packages/-/issues/932
[2] https://github.com/openwrt/packages/blob/
93cbaacbfb13048ad378520a7afea7c9027dd1d6/net/curl/Config.in#L134
Fixes: 4dd49d7c3cd571107958154f1ed1ec8d8dba7464 ("syslog-ng: update to version 4.4.0")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1e14d95d78d03ab163653166652972ca3e8c366e)
Michal Hrusecky [Tue, 13 Feb 2024 13:17:31 +0000 (14:17 +0100)]
knot-resolver: Update to version 5.7.1
- Fixes CVE-2023-50868 and CVE-2023-50387
- Also, the resolver has not been called 'Knot DNS Resolver' for quite
some time, so fix that, too.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit
1131acf57fb07c0fa3e47c71bdca172f9d2f2e43)
Šimon Bořek [Fri, 6 May 2022 11:18:08 +0000 (13:18 +0200)]
knot-resolver: enable dnstap module build by default
'dnstap' module will be built but not loaded by default at runtime
(configuration must be provided for it to be loaded). It is still possible to
disable dnstap build manually using menuconfig.
"The dnstap module supports logging DNS requests and responses to a unix socket
in dnstap format using fstrm framing library. This logging is useful if you need
effectively log all DNS traffic."[^1]
Adds dependency on 'protobuf', 'protobuf-c', 'libfstrm'. Listed packages are
available from OpenWrt packages, have uncomplicated manifests and
while 'protobuf-c' doesn't have a maintainer since spring 2020, all the
packages (including 'protobuf-c') seem to be maintained - the last
updates of all of them in autumn 2021.
As stated by Vladimír Čunát from Knot Resolver team they build dnstap
while packaging for majority of standard Linux distributions.
Therefore this change brings us closer to expected default.
[^1]: https://knot-resolver.readthedocs.io/en/stable/modules-dnstap.html
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
a68397ff778db68bd4e78ac26880dda959aaaf18)
Šimon Bořek [Thu, 5 May 2022 15:53:30 +0000 (17:53 +0200)]
knot-resolver: do not overwrite -Ddnstap=enabled configuration
It was possible to enable dnstap in menuconfig, but the configuration
only added dependencies while leaving dnstap module build disabled.
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
(cherry picked from commit
af521478f832639fa08a763c3182125e5cac1a80)
Glenn Strauss [Thu, 14 Mar 2024 04:31:23 +0000 (00:31 -0400)]
lighttpd: update to lighttpd 1.4.75 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a60a0d0730886ff23c75de1f9b88a039097aed37)
Fabrice Fontaine [Fri, 2 Feb 2024 17:37:33 +0000 (18:37 +0100)]
treewide: assign PKG_CPE_ID
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit
5afe5c9031190844f267357c68efe3c9c3cbe51d)
Paul Donald [Tue, 5 Mar 2024 13:59:49 +0000 (14:59 +0100)]
p910nd: restart daemon even if no driver file is needed
Not all USB printers need a blob loading; restart the daemon
independently of driver loading.
Closes openwrt/packages#23588
Signed-off-by: Paul Donald <newtwen@gmail.com>
Tested-by: minicx <minicx@disroot.org>
(cherry picked from commit
685ef7d97b345c09edd428250794dd9fce07a174)
Jan Hák [Wed, 6 Mar 2024 13:30:16 +0000 (14:30 +0100)]
knot: update to version 3.3.5
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
d660dc6e7ca497bf83b09865570d5c3b37b2609e)
Paul Donald [Fri, 1 Mar 2024 20:28:43 +0000 (21:28 +0100)]
ntpclient: remove
ntp sources are dead and gone. The most important functionality is now
provided by ntpd.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
2cd10d81134b5ff4b6350c477da3c9196e1b7489)
Josef Schlehofer [Tue, 5 Mar 2024 19:24:19 +0000 (20:24 +0100)]
syslog-ng: update to version 4.6.0
1. Bump version config to 4.6
2. Updated to 4.6.0 version
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.6.0
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.5.0
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
cf4df28d06e3ffa9ce0971fb29f9212cb97cfbee)
Sergey Ponomarev [Sun, 26 Nov 2023 08:50:56 +0000 (10:50 +0200)]
syslog-ng: conf: fix deprecated stats_freq
The deprecated stats_freq() replaced with stats(freq(0)).
Also make comments shorter.
Fix tabs.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit
37d2d69595e2e454c2562c3d963dc8065a24db70)
Dengfeng Liu [Wed, 28 Feb 2024 05:05:26 +0000 (13:05 +0800)]
apfree-wifidog: update to 7.02.1977
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Dengfeng Liu [Wed, 28 Feb 2024 04:43:29 +0000 (12:43 +0800)]
apfree-wifidog: fix some bugs in the wifidogx.init file
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
Stan Grishin [Mon, 4 Mar 2024 20:58:32 +0000 (13:58 -0700)]
Merge pull request #23572 from stangri/openwrt-22.03-https-dns-proxy
[23.05] https-dns-proxy: update to upstream 2023-11-19
Ray Wang [Sun, 3 Mar 2024 10:23:39 +0000 (18:23 +0800)]
natmap: update to
20240303
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
7bbd9156cc478ab133d142f05f243eb3061d0c8d)
Tianling Shen [Tue, 27 Feb 2024 16:39:15 +0000 (00:39 +0800)]
rclone: add fuse3-utils as dependency
rclone has switched to use fuse3 since v1.62.0.
Reported-by: qiuzi <gxfclql@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
df9d076d600a3d02da198af4a625980ed0633d2a)
Stan Grishin [Sat, 2 Mar 2024 00:13:49 +0000 (00:13 +0000)]
https-dns-proxy: update to upstream 2023-11-19
* update to upstream 2023-11-19
(changes: https://github.com/aarond10/https_dns_proxy/commit/
489c57efd46983e688579974a2ab7aeaa7df8d83)
* bugfix: include resolveip dependency in Makefile
(fixes https://github.com/openwrt/packages/issues/23567)
* minor update for failed healthcheck logging
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
bd501dd89c65857c060ca1ac034bc2fe7846b4e7)
Rui Salvaterra [Sun, 3 Sep 2023 17:22:55 +0000 (18:22 +0100)]
tor: update to 0.4.8.7 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.7/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
5cb304e2b3484691b9f60a3a47a707dfcf5fa34b)
ValdikSS ValdikSS [Sun, 22 Oct 2023 16:30:04 +0000 (19:30 +0300)]
tor: fix daemon reloading
procd requires init script name, not the path to executable
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
(cherry picked from commit
af58942738c13c431f531e78f368d18a0d2dd84d)
Rui Salvaterra [Wed, 26 Jul 2023 22:32:34 +0000 (23:32 +0100)]
tor: update to 0.4.8.4 stable
First release of the 0.4.8.x series, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.4/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
1b2c1ddbb2a693aca87fae96beff3b1741951c90)