Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:18:44 +0000 (21:18 +0200)]
openconnect: introduced URI parameter
This allows specifying a camouflage string in ocserv.
Fixes: #23364
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Nikos Mavrogiannopoulos [Thu, 9 May 2024 19:00:31 +0000 (21:00 +0200)]
openconnect: backport fix for anyconnect compatibility
Fixes: #21135
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
krant [Thu, 11 Apr 2024 19:27:13 +0000 (22:27 +0300)]
gptfdisk: update to 1.0.10
- Delete upstreamed patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
ad6344d0455038e374f57a7fb15d3d1ace8d889b)
Tianling Shen [Sat, 11 May 2024 05:49:37 +0000 (13:49 +0800)]
golang: Update to 1.21.10
go1.21.10 (released 2024-05-07) includes security fixes to the go
command, as well as bug fixes to the net/http package.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Stan Grishin [Mon, 13 May 2024 23:03:32 +0000 (16:03 -0700)]
Merge pull request #24139 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: update to 1.1.2-1
Peter van Dijk [Tue, 30 Apr 2024 13:47:26 +0000 (15:47 +0200)]
pdns-recursor: update to 4.8.8
fixes CVE-2024-25583; also includes changes from 4.8.7 that
fix regressions introduced with the security fixes in 4.8.6
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Stan Grishin [Mon, 13 May 2024 04:30:55 +0000 (04:30 +0000)]
adblock-fast: update to 1.1.2-1
* move extra_command and EXTRA_HELP to the top of the init file
* add packageCompat variable for compatibility check with WebUI
* add OutputFilter variables for supported resolvers
* simplify adb_check with the use of OutputFilter variables
* add show_blocklist command to display currently blocked domains
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
fb151d5b8269f458cd54b75975d6a63ad8401b35)
Nikos Mavrogiannopoulos [Mon, 6 May 2024 06:30:19 +0000 (08:30 +0200)]
ocserv: updated to 1.3.0
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Dirk Brenken [Sun, 5 May 2024 19:57:28 +0000 (21:57 +0200)]
banip: update 0.9.5-5
* fix a processing race condition
* it's now possible to disable the icmp/syn/udp safeguards in pre-routing - set the threshold to '0'.
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
083554094b169ad79ce4d4054e227f0829722de7)
Gerard Ryan [Wed, 1 May 2024 11:51:07 +0000 (21:51 +1000)]
docker: Update to 26.1.0
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Wed, 1 May 2024 11:50:47 +0000 (21:50 +1000)]
dockerd: Update to 26.1.0
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Gerard Ryan [Wed, 1 May 2024 11:50:08 +0000 (21:50 +1000)]
containerd: Update to 1.7.15
* Explicitly list GO_PKG_INSTALL_EXTRA
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Thibaut VARÈNE [Sat, 4 May 2024 08:55:42 +0000 (10:55 +0200)]
uspot: update to Git HEAD (2024-05-03)
5e2d15a110bb treewide: remove tip_mode
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
ef0f5291365b uspot/uspotfilter: implement disconnect_delay
92d3356d3fb3 update README
Update the package Makefile to reflect the changes from the following
above-listed commit:
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
(cherry picked from commit
5181ce4a483711791329a13e07d29f9321d85178)
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Tianling Shen [Fri, 3 May 2024 05:42:35 +0000 (13:42 +0800)]
xray-core: Update to 1.8.11
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
0db33e866b108b9d0768f6b9f488c2d99c2363bf)
[added a patch to fix build with go 1.21]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Tianling Shen [Mon, 1 Apr 2024 07:59:40 +0000 (15:59 +0800)]
xray-core: Update to 1.8.10
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1b59556d06059cc87945ad52bdbccbfc06f93d9e)
Tianling Shen [Thu, 21 Mar 2024 07:02:50 +0000 (15:02 +0800)]
xray-core: Update to 1.8.9
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
09c4a4b1bab44a4d15a38907e4c48a9a09bb916d)
Tianling Shen [Fri, 3 May 2024 05:54:50 +0000 (13:54 +0800)]
v2ray-core: Update to 5.16.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c0608d93befc062e33fb7dc2adbb70abe262c8cf)
Tianling Shen [Fri, 3 May 2024 05:42:40 +0000 (13:42 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
3f7a3e4edfcd5c37abd68fdc19b25e7795589345)
Sergey Ponomarev [Wed, 28 Feb 2024 20:13:47 +0000 (22:13 +0200)]
acme-acmesh: use validation_method option instead of guessing
The new validation_method option can be: dns, webroot or standalone.
Previously we guessed the challenge type:
1. if the DNS provider is specified then it's dns
2. if standalone=1
3. fallback to webroot
The logic is preserved and if the validation_method wasn't set explicitly we'll guess it in old manner.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Ray Wang [Thu, 25 Apr 2024 13:36:14 +0000 (21:36 +0800)]
hev-socks5-server: add new package
HevSocks5Server is a high-performance socks5 server for Unix.
More details: https://github.com/heiher/hev-socks5-server
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
8d36908aead7a37416ff4ac74d7c6ff59ded505e)
Hannu Nyman [Fri, 3 May 2024 13:24:09 +0000 (16:24 +0300)]
nano: update to 8.0
Update nano editor to version 8.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
69166dbbb709625a848f327c9822c667db39744f)
Dirk Brenken [Wed, 1 May 2024 13:02:44 +0000 (15:02 +0200)]
banip: update 0.9.5-4
* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
4d7c38c7708110cb1d0290f50ef48129192dd76a)
Olivier Poitrey [Mon, 29 Apr 2024 21:54:23 +0000 (21:54 +0000)]
nextdns: Update to version 1.43.3
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Emily H. [Tue, 30 Apr 2024 11:03:38 +0000 (11:03 +0000)]
dnsproxy: add three new features
This commit adds the following features:
1. UCI support for local DNS over HTTPS/TLS/QUIC server.
2. UCI support for using private reverse DNS.
3. procd jail with CAP_NET_BIND_SERVICE, allowing
dnsproxy to serve on standard ports directly.
Signed-off-by: Emily H. <battery_tag708@simplelogin.com>
(cherry picked from commit
5df794e34303ed2d1832c0626291ad392a228e8c)
Josef Schlehofer [Fri, 26 Apr 2024 13:35:52 +0000 (15:35 +0200)]
msmtp: update to version 1.8.25
Release notes:
https://marlam.de/msmtp/news/msmtp-1-8-25/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
490866d752b41bc90661b10d2c9c41884575bf8b)
Josef Schlehofer [Fri, 26 Apr 2024 08:38:20 +0000 (10:38 +0200)]
transmission: update to version 4.0.5
Release notes:
https://github.com/transmission/transmission/releases/tag/4.0.5
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
19a424aede70ddaedb1153144216db6423fa09e2)
Van Waholtz [Mon, 29 Apr 2024 09:08:50 +0000 (17:08 +0800)]
sing-box: update to 1.8.12
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
3fefdbf34bbe2601fcd677fd887e4156214b37ac)
Stan Grishin [Mon, 29 Apr 2024 00:33:38 +0000 (17:33 -0700)]
Merge pull request #24023 from rs/nextdns-1.43.0-openwrt-23.05
[23.05] nextdns: Update to version 1.43.0
Olivier Poitrey [Sun, 28 Apr 2024 00:47:37 +0000 (00:47 +0000)]
nextdns: Update to version 1.43.0
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Christian Marangi [Wed, 1 Nov 2023 00:43:36 +0000 (01:43 +0100)]
libndpi: backport patch for PCRE2 support
Backport patch for PCRE2 support as PCRE is EOL and won't receive any
support updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
baa0d5127062929fd26671adb5388f9b30b61a36)
John Audia [Tue, 12 Mar 2024 12:13:02 +0000 (08:13 -0400)]
openssh: bump to 9.7p1
Release notes: https://www.openssh.com/txt/release-9.7
Removed upstreamed patch: 010-better_fzero-call-detection.patch
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
6be0617c00bdf5e9309ad3738d09fe498cb9fb0a)
Nathan Friedly [Thu, 25 Apr 2024 17:19:33 +0000 (13:19 -0400)]
librespeed-go: improve the description
This swaps the order of the lines in the description so that when LuCI displays only the first line, it still offers some helpful information.
Signed-off-by: Nathan Friedly <nathan@nfriedly.com>
(cherry picked from commit
06ea66c55866aa409ab567a593a22bd24e727f04)
Anya Lin [Tue, 10 Oct 2023 01:13:14 +0000 (09:13 +0800)]
librespeed-go: Reload the daemon after modifying the tls certificate
Make the daemon reload after the tls certificate is updated
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit
fd1d506fff9462b3329585bdd148a6fd78cbd27a)
Tianling Shen [Mon, 22 Apr 2024 07:26:22 +0000 (15:26 +0800)]
v2ray-core: Update to 5.15.3
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
ebed42fcb0e7e9bffee3c47b93244494377595ee)
Dirk Brenken [Fri, 26 Apr 2024 15:03:14 +0000 (17:03 +0200)]
banip: update 0.9.5-3
* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
2c6d5adac049a55ca067255da90dc938b5604249)
Dirk Brenken [Sun, 21 Apr 2024 19:57:17 +0000 (21:57 +0200)]
banip: update 0.9.5-2
* fixed possible Set search race condition (initiated from LuCI frontend)
* fixed the "no result" Set search problem in LuCI
* removed abandoned feeds: spamhaus edrop (was merged with spamhaus drop)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
ad755e0c4ddb63f8b8ed2204043ce750a4d4b928)
Dirk Brenken [Fri, 19 Apr 2024 20:09:29 +0000 (22:09 +0200)]
banip: release 0.9.5-1
* added a DDoS protection rules in a new pre-routing chain to prevent common ICMP, UDP and SYN flood attacks and drop spoofed tcp flags & invalid conntrack packets, flood tresholds are configured via 'ban_icmplimit' (default 10/s), 'ban_synlimit' (default 10/s) and 'ban_udplimit' (default 100/s)
* the new pre-routing rules are tracked via named nft counters and are part of the standard reporting, set 'ban_logprerouting' accordingly
* block countries dynamically by Regional Internet Registry (RIR)/regions, e.g. all countries related to ARIN. Supported service regions are: AFRINIC, ARIN, APNIC, LACNIC and RIPE, set 'ban_region' accordingly
* it's now possible to always allow certain protocols/destination ports in wan-input and wan-forward chains, set 'ban_allowflag' accordingly - e.g. ' tcp 80 443-445'
* filter/convert possible windows line endings of external feeds during processing
* the cpu core autodetection is now limited to max. 16 cores in parallel, set 'ban_cores' manually to overrule this limitation
* set the default nft priority to -100 for banIP input/forward chains (pre-routing is set to -150)
* update readme
* a couple of bugfixes & performance improvements
* removed abandoned feeds: darklist, ipblackhole
* added new feeds: becyber, ipsum, pallebone, debl (changed URL)
* requires a LuCI frontend update as well (separate PR/commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit
fa80fefe22d0c7ca1c1e34deb52683b54af1ed17)
Josef Schlehofer [Fri, 26 Apr 2024 09:24:57 +0000 (11:24 +0200)]
syslog-ng: update to version 4.7.1
Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1
Also bump version in the config file to avoid warning
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9d49df0dabcdd9135bf0b86374695b69cb4bf5b6)
Paul Spooren [Sat, 10 Oct 2020 01:31:01 +0000 (15:31 -1000)]
CI: remove CircleCI for now
The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
26c101edc3e918be4fbfe76b3514d1c8398f7d31)
Stan Grishin [Thu, 25 Apr 2024 22:09:43 +0000 (15:09 -0700)]
Merge pull request #24014 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: bugfix: unbound-related fixes
Stan Grishin [Sun, 21 Apr 2024 14:06:52 +0000 (14:06 +0000)]
adblock-fast: bugfix: unbound-related fixes
* include `server:` directive at the top of unbound file
* update unbound-related outputGzip variable to include full path
* return always_nxdomain for blocked domains
* also update copyright stamp/license
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
474587a1f44db8b66caca8bdde9c2dd64b480638)
Stan Grishin [Thu, 25 Apr 2024 21:33:12 +0000 (14:33 -0700)]
Merge pull request #24006 from stangri/openwrt-23.05-nebula
[23.05] nebula: Use APK style release number
Sean Khan [Fri, 12 Apr 2024 16:09:59 +0000 (12:09 -0400)]
nebula: Use APK style release number
Maintainer: Stan Grishin <stangri@melmac.ca>
Run tested: aarch64, Dynalink DL-WRX36, Master Branch
Signed-off-by: Sean Khan <datapronix@protonmail.com>
(cherry picked from commit
3cbb7474c3fad4b01f8ee065b1c045c4b7fb523f)
Ray Wang [Sat, 20 Apr 2024 14:53:03 +0000 (22:53 +0800)]
natmap: add log_std{out,err} options
Introduce `log_stdout` and `log_stderr` options for managing logging output.
Signed-off-by: Ray Wang <r@hev.cc>
(cherry picked from commit
5abbd3bcb2362963a2cc49c0a9de78dd5c5af185)
Hirokazu MORIKAWA [Wed, 24 Apr 2024 01:42:09 +0000 (10:42 +0900)]
node: bump to v18.20.2
This is a security release.
Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Paul Donald [Fri, 1 Mar 2024 20:49:30 +0000 (21:49 +0100)]
ntpd: update to version 4.2.8p17
Also some spell fixes for README.md
Drop patch-0001 - ntpd >= 4.2.8p16 patched this behaviour. See:
https://bugs.ntp.org/show_bug.cgi?id=3741 (and the linked diff there)
https://git.nwtime.org/websites/ntpwww/commit/
d2a7faef2fea5f10b28cc2ee1d842e4b241f414f
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit
b2742ed05d5404d1c2cada7c51607126d19fa3f6)
Christian Marangi [Sun, 21 Apr 2024 15:38:24 +0000 (17:38 +0200)]
uwsgi: bump to latest 2.0.25.1 release
Bump to latest 2.0.25.1 release
Drop upstream PCRE2 patch and alarm memory leak fix.
Rework and refresh patch due to release bump.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
a9371952c916423876d3d380837b7b47ef08eb69)
Christian Marangi [Fri, 22 Sep 2023 13:39:23 +0000 (15:39 +0200)]
uwsgi: add experimental pcre2 patch and drop pcre
Add experimental pcre2 patch and drop pcre in favor of pcre2 library.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
4374c3250f424f1e57b175961adb41f24489510d)
Christian Marangi [Fri, 22 Sep 2023 13:38:27 +0000 (15:38 +0200)]
uwsgi: bump to release 2.0.22
Bump to release 2.0.22 to make it easier to apply patch for pcre2
support.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
94ded8ff315be664a806153a94913e7fbdcd3a49)
Tianling Shen [Mon, 15 Apr 2024 07:18:04 +0000 (15:18 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c1e6fbbcb06786c7f78f7a12f9bf7337e94b2160)
Tianling Shen [Thu, 4 Apr 2024 04:17:22 +0000 (12:17 +0800)]
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
06332b022937714fe465c572d7ae0c7665e7552b)
Tianling Shen [Mon, 15 Apr 2024 05:22:56 +0000 (13:22 +0800)]
cloudflared: Update to 2024.4.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
d9419aeabd74f5d170483691d8a2ab0c68620fce)
Rui Salvaterra [Tue, 7 Nov 2023 12:27:24 +0000 (12:27 +0000)]
tor: update to 0.4.8.10 stable
Bugfix release, see the changelog [1] for what's new.
[1] https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.10/ChangeLog
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
ee8b29de2c42ffc7796cd825f38b19e56f838cd4)
Michael Heimpold [Wed, 17 Apr 2024 18:22:55 +0000 (20:22 +0200)]
Merge pull request #23947 from mhei/23.05-php8-update-to-8.2.18
[23.05] php8: update to 8.2.18
Josef Schlehofer [Wed, 17 Apr 2024 11:27:41 +0000 (13:27 +0200)]
Merge pull request #23871 from graysky2/snort-backport-fix
snort3 and libdaq3: sync with master and remove symbol @HAS_LUAJIT_ARCH
Daniel Golle [Thu, 4 Apr 2024 02:36:39 +0000 (03:36 +0100)]
exim: update to 4.97.1
IPv6 has accidentally been disabled in all Exim builds since the
package was introduced in OpenWrt due to a faulty `sed` script. This
has now been fixed, so beware that IPv6 is now enabled when updating
from previous releases.
Upstream changes since version 4.96.2 (bottom up):
JH/s1 Refuse to accept a line "dot, LF" as end-of-DATA unless operating in
LF-only mode (as detected from the first header line). Previously we did
accept that in (normal) CRLF mode; this has been raised as a possible
attack scenario (under the name "smtp smuggling", CVE-2023-51766).
JH/01 The hosts_connection_nolog main option now also controls "no MAIL in
SMTP connection" log lines.
JH/02 Option default value updates:
- queue_fast_ramp (main) true (was false)
- remote_max_parallel (main) 4 (was 2)
JH/03 Cache static regex pattern compilations, for use by ACLs.
JH/04 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/05 Follow symlinks for placing a watch on TLS creds files. This means
(under Linux) we watch the dir containing the final file; previously
it would be the dir with the first symlink. We still do not monitor
the entire path.
JH/06 Check for bad chars in rDNS for sender_host_name. The OpenBSD (at least)
dn_expand() is happy to pass them through.
JH/07 OpenSSL Fix auto-reload of changed server OCSP proof. Previously, if
the file with the proof had an unchanged name, the new proof(s) were
loaded on top of the old ones (and nover used; the old ones were stapled).
JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
more than one message arrived in a single connection a reference from
the earlier message could be re-used. Often a sigsegv resulted.
These variables were introduced in Exim 4.87.
Debug help from Graeme Fowler.
JH/09 Fix ${filter } for conditions that modify $value. Previously the
modified version would be used in construction the result, and a memory
error would occur.
JH/10 GnuTLS: fix for (IOT?) clients offering no TLS extensions at all.
Find and fix by Jasen Betts.
JH/11 OpenSSL: fix for ancient clients needing TLS support for versions earlier
than TLSv1,2, Previously, more-recent versions of OpenSSL were permitting
the systemwide configuration to override the Exim config.
HS/01 Bug 2728: Introduce EDITME option "DMARC_API" to work around incompatible
API changes in libopendmarc.
JH/12 Bug 2930: Fix daemon startup. When started from any process apart from
pid 1, in the normal "background daemon" mode, having to drop process-
group leadership also lost track of needing to create listener sockets.
JH/13 Bug 2929: Fix using $recipients after ${run...}. A change made for 4.96
resulted in the variable appearing empty. Find and fix by Ruben Jenster.
JH/14 Bug 2933: Fix regex substring match variables for null matches. Since 4.96
a capture group which obtained no text (eg. "(abc)*" matching zero
occurrences) could cause a segfault if the corresponding $<n> was
expanded.
JH/15 Fix argument parsing for ${run } expansion. Previously, when an argument
included a close-brace character (eg. it itself used an expansion) an
error occurred.
JH/16 Move running the smtp connect ACL to before, for TLS-on-connect ports,
starting TLS. Previously it was after, meaning that attackers on such
ports had to be screened using the host_reject_connection main config
option. The new sequence aligns better with the STARTTLS behaviour, and
permits defences against crypto-processing load attacks, even though it
is strictly an incompatible change.
Also, avoid sending any SMTP fail response for either the connect ACL
or host_reject_connection, for TLS-on-connect ports.
JH/17 Permit the ACL "encrypted" condition to be used in a HELO/EHLO ACL,
Previously this was not permitted, but it makes reasonable sense.
While there, restore a restriction on using it from a connect ACL; given
the change JH/16 it could only return false (and before 4.91 was not
permitted).
JH/18 Fix a fencepost error in logging. Previously (since 4.92) when a log line
was exactly sized compared to the log buffer, a crash occurred with the
misleading message "bad memory reference; pool not found".
Found and traced by Jasen Betts.
JH/19 Bug 2911: Fix a recursion in DNS lookups. Previously, if the main option
dns_again_means_nonexist included an element causing a DNS lookup which
itself returned DNS_AGAIN, unbounded recursion occurred. Possible results
included (though probably not limited to) a process crash from stack
memory limit, or from excessive open files. Replace this with a paniclog
whine (as this is likely a configuration error), and returning
DNS_NOMATCH.
JH/20 Bug 2954: (OpenSSL) Fix setting of explicit EC curve/group. Previously
this always failed, probably leading to the usual downgrade to in-clear
connections.
JH/21 Fix TLSA lookups. Previously dns_again_means_nonexist would affect
SERVFAIL results, which breaks the downgrade resistance of DANE. Change
to not checking that list for these lookups.
JH/22 Bug 2434: Add connection-elapsed "D=" element to more connection
closure log lines.
JH/23 Fix crash in string expansions. Previously, if an empty variable was
immediately followed by an expansion operator, a null-indirection read
was done, killing the process.
JH/24 Bug 2997: When built with EXPERIMENTAL_DSN_INFO, bounce messages can
include an SMTP response string which is longer than that supported
by the delivering transport. Alleviate by wrapping such lines before
column 80.
JH/25 Bug 2827: Restrict size of References: header in bounce messages to 998
chars (RFC limit). Previously a limit of 12 items was made, which with
a not-impossible References: in the message being bounced could still
be over-large and get stopped in the transport.
JH/26 For a ${readsocket } in TLS mode, send a TLS Close Alert before the TCP
close. Previously a bare socket close was done.
JH/27 Fix ${srs_encode ..}. Previously it would give a bad result for one day
every 1024 days.
JH/28 Bug 2996: Fix a crash in the smtp transport. When finding that the
message being considered for delivery was already being handled by
another process, and having an SMTP connection already open, the function
to close it tried to use an uninitialized variable. This would afftect
high-volume sites more, especially when running mailing-list-style loads.
Pollution of logs was the major effect, as the other process delivered
the message. Found and partly investigated by Graeme Fowler.
JH/29 Change format of the internal ID used for message identification. The old
version only supported 31 bits for a PID element; the new 64 (on systems
which can use Base-62 encoding, which is all currently supported ones
but not Darwin (MacOS) or Cygwin, which have case-insensitive filesystems
and must use Base-36). The new ID is 23 characters rather than 16, and is
visible in various places - notably logs, message headers, and spool file
names. Various of the ancillary utilities also have to know the format.
As well as the expanded PID portion, the sub-second part of the time
recorded in the ID is expanded to support finer precision. Theoretically
this permits a receive rate from a single comms channel of better than the
previous 2000/sec.
The major timestamp part of the ID is not changed; at 6 characters it is
usable until about year 3700.
Updating from previously releases is fully supported: old-format spool
files are still usable, and the utilities support both formats. New
message will use the new format. The one hints-DB file type which uses
message-IDs (the transport wait- DB) will be discarded if an old-format ID
is seen; new ones will be built with only new-format IDs.
Optionally, a utility can be used to convert spool files from old to new,
but this is only an efficiency measure not a requirement for operation
Downgrading from new to old requires running a provided utility, having
first stopped all operations. This will convert any spool files from new
back to old (losing time-precision and PID information) and remove any
wait- hints databases.
JH/30 Bug 3006: Fix handling of JSON strings having embedded commas. Previously
we treated them as item separators when parsing for a list item, but they
need to be protected by the doublequotes. While there, add handling for
backslashes.
JH/31 Bug 2998: Fix ${utf8clean:...} to disallow UTF-16 surrogate codepoints.
Found and fixed by Jasen Betts. No testcase for this as my usual text
editor insists on emitting only valid UTF-8.
JH/32 Fix "tls_dhparam = none" under GnuTLS. At least with 3.7.9 this gave
a null-indirection SIGSEGV for the receive process.
JH/33 Fix free for live variable $value created by a ${run ...} expansion during
-bh use. Internal checking would spot this and take a panic.
JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
In 4.96 this would expand to empty.
JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
certificate. Find and fix by Andreas Metzler.
JH/36 Add ARC info to DMARC hostory records.
JH/37 Bug 3016: Avoid sending DSN when message was accepted under fakereject
or fakedefer. Previously the sender could discover that the message
had in fact been accepted.
JH/38 Taint-track intermediate values from the peer in multi-stage authentation
sequences. Previously the input was not noted as being tainted; notably
this resulted in behaviour of LOGIN vs. PLAIN being inconsistent under
bad coding of authenticators.
JH/39 Bug 3023: Fix crash induced by some combinations of zero-length strings
and ${tr...}. Found and diagnosed by Heiko Schlichting.
JH/40 Bug 2999: Fix a possible OOB write in the external authenticator, which
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
JH/44 Bug 3033: Harden dnsdb lookups against crafted DNS responses.
CVE-2023-42219
could be triggered by externally-supplied input. Found by Trend Micro.
CVE-2023-42115
JH/41 Bug 3000: Fix a possible OOB write in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42116
JH/42 Bug 3001: Fix a possible OOB read in the SPA authenticator, which could
be triggered by externally-controlled input. Found by Trend Micro.
CVE-2023-42114
JH/43 Bug 2903: avoid exit on an attempt to rewrite a malformed address.
Make the rewrite never match and keep the logging. Trust the
admin to be using verify=header-syntax (to actually reject the message).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
e8600462c735db5d635b872db949f2b98337de95)
Daniel Golle [Thu, 4 Apr 2024 02:01:39 +0000 (03:01 +0100)]
cryptsetup: update to version 2.7.1
The most notable change is the introduction of (optional) support for
hardware OPAL disk encryption. However, as this requires Linux 6.4 or
later, support for OPAL is implicitely disabled until targets used for
the package build have been updated to Linux 6.6.
See release notes for 2.7.0 and 2.7.1 for more details:
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.1-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
54a2534cb2b7b7f53ea21d07d0c56a3e577bcf96)
Daniel Golle [Thu, 4 Apr 2024 01:59:17 +0000 (02:59 +0100)]
lvm2: update to LVM2 2.03.17 and libdm Version 1.02.187
LVM2 Version 2.03.17 - 10th November 2022
=========================================
Add new options (--fs, --fsmode) for FS handling when resizing LVs.
Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
Fix lv_active field type to binary so --select and --binary applies properly.
Switch to use mallinfo2 and use it only with glibc.
Error out in lvm shell if using a cmd argument not supported in the shell.
Fix lvm shell's lastlog command to report previous pre-command failures.
Extend VDO and VDOPOOL without flushing and locking fs.
Add --valuesonly option to lvmconfig to print only values without keys.
Updates configure with recent autoconf tooling.
Fix lvconvert --test --type vdo-pool execution.
Add json_std output format for more JSON standard compliant version of output.
Fix vdo_slab_size_mb value for converted VDO volume.
Fix many corner cases in device_id, including handling of S/N duplicates.
Fix various issues in lvmdbusd.
DM Version 1.02.187 - 10th November 2022
========================================
Add DM_REPORT_GROUP_JSON_STD for more JSON standard compliant output format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
20cc530004d84c631a6d11fde0cf3dd8f55d34a3)
Daniel Golle [Fri, 8 Mar 2024 23:26:56 +0000 (23:26 +0000)]
gnunet: update to version v0.21.0
This release marks a noteworthy milestone in that it includes a
completely new transport layer. It lays the groundwork for fixing some
major design issues and may also already alleviate a variety of issues
seen in previous releases related to connectivity. This change also
deprecates our testbed and ATS subsystem.
This is a new major release. It breaks protocol compatibility with the
0.20.x versions. Please be aware that Git master is thus henceforth
(and has been for a while) INCOMPATIBLE with the 0.20.x GNUnet
network, and interactions between old and new peers will result in
issues. In terms of usability, users should be aware that there are
still a number of known open issues in particular with respect to ease
of use, but also some critical privacy issues especially for mobile
users. Also, the nascent network is tiny and thus unlikely to provide
good anonymity or extensive amounts of interesting information. As a
result, the 0.21.0 release is still only suitable for early adopters
with some reasonable pain tolerance.
v0.21.0:
- Reworked PEERSTORE API
- Added record flag for maintenance records
- ensure traits can be generated with subsystem-specific prefixes for
the symbols
- libgnunettesting first major testing NG refactor towards getting
dependency structure streamlined
- Remove single-use API macro GNUNET_VA_ARG_ENUM
- major revision of blind signature API
- Introduced closure to hold store context when caling function to add
hello in peerstore.
- Added DDLs for handling GNUNET_PEERSTORE_StoreHelloContext
- Removed old hello functionality.
- Refactoring components under src/ into lib/, plugin/, cli/ and
service/
- add support for encoding/decoding double values as part of JSON to
libgnunetjson
- Changed method GNUNET_HELLO_builder_get_expiration_time to not need
parameter GNUNET_HELLO_Builder.
- Code moved to the core package to get rid of circular dependencies.
- Moved code to testing to have more generic test setup, which can be
used not only from within transport.
- The old hello design replaced by the new hello design.
- Added api to get notified when hellos are stored with peerstore
service.
- Added api to store hellos with peerstore service.
- Changed new hello uri api to allow to change the expiration time
- Moved start peer command to testing subsystem.
- Removed all usage of old transport api, beside peerinfo tool,
gnunet-transport cli and usage in transport layer itself.
- Added __attribute__((deprecated)) to the old transport API
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
31e9aea1b659b34f9cc4e11ef4811f9e773ac036)
Daniel Golle [Wed, 20 Dec 2023 05:01:15 +0000 (05:01 +0000)]
gnunet: update to version 0.20.0
v0.20.0:
- GNUNET_TESTING_get_testname_from_underscore renamed to GNUNET_STRINGS_get_suffix_from_binary_name and moved from libgnunettesting to libgnuneutil
- Move GNUNET_s into libgnunetutil.
- re-introduce compiler annotation for array size in signature
- function-signature adjustment due to compiler error
- GNUNET_PQ_get_oid removed, GNUNET_PQ_get_oid_by_name improved
- Added GNUNET_PQ_get_oid_by_name
- added GNUNET_PQ_get_oid()
- Added new CCA-secure KEM and use in IDENTITY encryption
- Add KEM API to avoid ephemeral private key management
- Add new GNUNET_PQ_event_do_poll() API to gnunet_pq_lib.h
- Added API to support arrays in query results
- Improve PQ API documentation.
- API for array types extended for times
- API extended for array query types
- relevant array-types in queries (not results) in postgresql added
- just style fixes, int to enum
- initial steps towards support of array-types in posgresql
- adds GNUNET_JSON_spec_object_const() and GNUNET_JSON_spec_array_const()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
dbae7f9493620c6047ac53a37a1690a6041e40f7)
Daniel Golle [Sat, 8 Jul 2023 11:29:30 +0000 (12:29 +0100)]
gnunet: update to version 0.19.4
v0.19.4:
- No changes
v0.19.3:
- We now detect MySQL's strange, version-dependent my_bool type on configure.
- Add pkg-config definitions for gnunet messenger.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
bef5da553f40eb406e84be6c2738943c0c80e461)
Daniel Golle [Thu, 4 Apr 2024 02:35:48 +0000 (03:35 +0100)]
libcurl-gnutls: update to verison 8.7.1
See https://curl.se/changes.html#8_7_1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
428e9da9df4358f6893012cd60d9bd267db43ae5)
Aleksey Vasilenko [Wed, 21 Feb 2024 07:34:19 +0000 (09:34 +0200)]
libcurl-gnutls: fix build
- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
30fe2d99ab0c4826b06890c18ea34415b6820b44)
Konstantin Demin [Thu, 1 Feb 2024 00:29:58 +0000 (03:29 +0300)]
libcurl-gnutls: update to version 8.6.0
https://curl.se/changes.html#8_6_0
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit
af748ea6915e16e91bcd8b5402e474cf745eea55)
Daniel Golle [Wed, 20 Dec 2023 03:42:41 +0000 (03:42 +0000)]
libcurl-gnutls: update to version 8.5.0
https://curl.se/changes.html#8_5_0
Pick upstream patch to fix build with gnuTLS and verbose strings removed.
The patch should be removed with the next version bump.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
cbdd619c23d4ccaf3bca229a659f70b2bcf7ab82)
Daniel Golle [Sat, 8 Jul 2023 11:29:13 +0000 (12:29 +0100)]
libcurl-gnutls: update to version 8.2.1
See cURL changes for details:
https://curl.se/changes.html
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
7eaa2cd28454a2ef82fad49f26c7207ecf3f7db7)
Michael Heimpold [Mon, 15 Apr 2024 20:05:44 +0000 (22:05 +0200)]
php8: update to 8.2.18
This fixes:
- CVE-2024-1874
- CVE-2024-2756
- CVE-2024-3096
While at, switch to https download URL.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Mon, 8 Apr 2024 13:12:57 +0000 (21:12 +0800)]
golang: Update to 1.21.9
go1.21.9 (released 2024-04-03) includes a security fix to the net/http
package, as well as bug fixes to the linker, and the go/types and
net/http packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Glenn Strauss [Sat, 13 Apr 2024 03:06:24 +0000 (23:06 -0400)]
lighttpd: update to lighttpd 1.4.76 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit
a5557a2a47f57c651dd5dc97eac40de26617de91)
Stan Grishin [Fri, 12 Apr 2024 20:39:55 +0000 (13:39 -0700)]
Merge pull request #23874 from stangri/openwrt-23.05-adblock-fast
[23.05] adblock-fast: improve Makefile's prerm
Stan Grishin [Fri, 12 Apr 2024 20:39:22 +0000 (13:39 -0700)]
Merge pull request #23815 from stangri/openwrt-23.05-curl
[23.05] curl: update to 8.7.1
Josef Schlehofer [Tue, 5 Mar 2024 17:03:13 +0000 (18:03 +0100)]
lualanes: update to version 3.16.3 and use tarball
1. Update it to version 3.16.3
Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3
2. Change to download tarball instead of checking out Git sources
In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release.
Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
8b7040b6de0d485fa3867ff315cd30f873c49a55)
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Signed-off-by: Mark Baker <mark@vpost.net>
(cherry picked from commit
08e51ab50a452d1c6217f3a6767f66146814878b)
krant [Wed, 7 Feb 2024 13:35:30 +0000 (15:35 +0200)]
hwdata: update to 0.379
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
9f45bfd3d5233284095a7bbe789c1f947138048c)
Fabrice Fontaine [Tue, 30 Jan 2024 20:13:59 +0000 (21:13 +0100)]
libs/libdaq3: assign PKG_LICENSE_FILES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit
b2c548975de4ab3d917c78d5d405a9993965b8ad)
John Audia [Thu, 18 Jan 2024 19:13:43 +0000 (14:13 -0500)]
libdaq3: update to 3.0.14
Update to latest version.
Changelog: https://github.com/snort3/libdaq/releases/tag/v3.0.14
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
651b7e1f92f0733c1d128a7fe3869def9f065954)
John Audia [Wed, 8 Nov 2023 21:09:27 +0000 (16:09 -0500)]
libdaq3: update to 3.0.13
Upstream bump
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
4c05ae5f6c4e64f404fa435a63e94de381504f42)
John Audia [Wed, 28 Jun 2023 16:30:13 +0000 (12:30 -0400)]
libdaq3: update to 3.0.11
Upstream bump
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
9f2d3c5bf855773d5e5756652b640e2c0565d1a9)
John Audia [Thu, 11 Apr 2024 18:10:31 +0000 (14:10 -0400)]
snort3: remove symbol @HAS_LUAJIT_ARCH
Remove symbol introduced in master to allow building.
Closes #23861
Signed-off-by: John Audia <therealgraysky@proton.me>
John Audia [Thu, 14 Mar 2024 19:14:45 +0000 (15:14 -0400)]
snort3: update to 3.1.82.0
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.82.0
Removed patches/010-gcc13.patch
,,_ -*> Snort++ <*-
o" )~ Version 3.1.82.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.13 30 Jan 2024
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3.1
Using Hyperscan version 5.4.2 2024-03-06
Using LZMA version 5.4.6
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
fdebb16619b84831c2624f8fd8b9b38d732bc6df)
Stan Grishin [Wed, 10 Apr 2024 23:56:43 +0000 (23:56 +0000)]
adblock-fast: improve Makefile's prerm
* improve output of Makefile's prerm routines
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9eb61fe02da9085f1c211919af38e3c504098f61)
Hirokazu MORIKAWA [Sun, 7 Apr 2024 02:47:53 +0000 (11:47 +0900)]
node: April 3, 2024 Security Releases
Notable Changes
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* llhttp version 9.2.1
* undici version 5.28.4
Changed to use gz according to main-snapshot
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Hannu Nyman [Fri, 5 Apr 2024 14:35:42 +0000 (17:35 +0300)]
irqbalance: update to version 1.9.4
Update irqbalance to version 1.9.4.
* refresh version in meson patch
* remove EINVAL handling patch as upstream seems to have silenced
the log spam for unmanageable IRQs
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit
b8d0049e7cb5ab5aaeb1c5517008dab4404faf6a)
krant [Fri, 5 Apr 2024 14:35:26 +0000 (17:35 +0300)]
irqbalance Update init script to remove duplicate spaces
I have some strange issues with irqbalance sometimes overwritin
smp_affinity values for banned/ignored IRQs. The issue is reproduceable
and is mitigated when I change theway how the irqbalance command line is
built. The only difference between the resulting command is that there
is only one space between the -t parameter and the first -i parameter
value.
Also see https://github.com/Irqbalance/irqbalance/issues/297
Signed-off-by: Carsten Schuette <schuettecarsten@googlemail.com>
(cherry picked from commit
41e5b979f583ed29a6cafa33ef9b5825f5165a43)
Jo-Philipp Wich [Thu, 4 Apr 2024 23:33:50 +0000 (01:33 +0200)]
nano: fix syntax highlighting for raw ucode scripts
Text between interpreter line and start of first directive should only
highlighted as uninterpreted when running in template mode, so adjust
the match rule accordingly.
Fixes: #23761
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
8f9564387d136c2a09c763b4c4ac7e4aa16baeb5)
Jo-Philipp Wich [Wed, 8 Nov 2023 13:53:37 +0000 (14:53 +0100)]
nano: add syntax highlighting for ucode scripts
Introduce local syntax highlighting support for ucode scripts, like
it is done already for uci configuration files.
Ref: https://github.com/jow-/ucode/issues/178
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d8a574f7f0eb2f5970119a2b0527048583054180)
Stan Grishin [Sun, 31 Mar 2024 16:36:19 +0000 (16:36 +0000)]
curl: update to 8.7.1
* update to 8.7.1: https://curl.se/changes.html#8_7_1
* use the new --disable-docs flag for configure
* update 200-no_docs_tests.patch
* switch to APK-compatible revision
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
227c8daa159acdc84aad9e06a6a33f7d07263130)
Andrea Pesaresi [Sat, 30 Mar 2024 08:41:35 +0000 (09:41 +0100)]
kmsbd-tools: switch to use tagged release
Instead of checking Git sources, we will use now tagged releases.
This solve the strange version 0~3.5.1-r1, now will be 3.5.2-r2
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
(cherry picked from commit
f8a7ee7f4757bc12e081deb3296ddbdbcd5f33b4)
Rosen Penev [Sat, 13 Jan 2024 03:13:29 +0000 (19:13 -0800)]
ksmbd-tools: update to 3.5.1
Various fixes for ksmbd, most notably a visibility fix for the latest
ksmbd code.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e9e1ae23862ceeaa95939b2a7cfa9156c5338f89)
Javier Marcet [Sat, 30 Mar 2024 15:59:10 +0000 (16:59 +0100)]
docker-compose: add PKG_NAME to PKG_SOURCE
Before this change, the tarball was downloaded as vVERSION.tar.gz.
For example, it was v2.26.1.tar.gz and that file was put into the dl folder
within the OpenWrt build system.
After this change, the tarball is properly downloaded as NAME-vVERSION.tar.gz.
In this case, it will look like this: docker-compose-v.2.26.1.tar.gz
The advantages of using this:
- Users, developers will know that what they downloaded (it has name and version)
- The tarball will not be overwritten by another package with the same version.
Signed-off-by: Javier Marcet <javier@marcet.info>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[added commit message]
(cherry picked from commit
261b38c14bed7865d244f24d0adb1bb33e963b88)
Glen Huang [Wed, 17 May 2023 09:53:51 +0000 (17:53 +0800)]
acme: standardize key_type
keylength, being an acme.sh value type, uses pure numbers for rsa keys.
This can be disorienting for other acme clients. This change introduces
a new option "key_type" that aims to remove this ambiguity, and makes
all key type names follow the same pattern, making acme-common more
client agnostic.
Signed-off-by: Glen Huang <me@glenhuang.com>
(cherry picked from commit
6d61014e51266f1cb083d9f31491f9c5fb73eeb0)
Van Waholtz [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: update to 1.8.10
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
1ca47e0ed4eecd56befc3516739b2cbcdb2aa702)
Van Waholtz [Mon, 25 Mar 2024 12:40:46 +0000 (20:40 +0800)]
sing-box: restart if the specified interfaces start up
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
da03a29cda0898e1a3e46e242b73a7795bbef492)
Van Waholtz [Wed, 28 Feb 2024 13:32:53 +0000 (21:32 +0800)]
sing-box: update to 1.8.7
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
(cherry picked from commit
3917a0af5878eb7ce76feff9affd06902806f370)
Toke Høiland-Jørgensen [Wed, 27 Mar 2024 20:51:49 +0000 (21:51 +0100)]
acme-common: backport config fixes from master
Backport config changes from commit
04ac8c177d9a ("acme-common: simplify config
example") from master, and apply the subsequent fixup. This should fix the issue
with ACME not working in Luci (resolving #23756).
Keep the version number bump as a bugfix (1.0.4) since we have not backported
all the ACME changes to 23.05.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
krant [Sun, 24 Mar 2024 09:47:43 +0000 (11:47 +0200)]
rust: update to 1.77.0
- Restore patch hunk mis-deleted in
dccb910
- Refresh patches
- Remove --enable-missing-tools configure option deleted in the upstream
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
7f01006f96190947a799621970bfdc719af732ec)
krant [Sat, 24 Feb 2024 16:47:34 +0000 (18:47 +0200)]
rust: update to 1.76.0
- Use .xz for source archive
- Refresh patches
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit
dccb910ae0cb3d654a6432f7b82cd44d46db75e2)
Thibaut VARÈNE [Mon, 25 Mar 2024 10:33:51 +0000 (11:33 +0100)]
uspot: update to Git HEAD (2024-03-25)
56eebdad085e uspot: wrap spotfilter device under tip_mode
1a96d57e5fe0 uspot: client_enable() wrap spotfilter data in tip_mode
fe12f9a7abde uspot: clear ratelimit state on startup/shutdown
976badc4d0b6 update README
53b8cb88a94a Makefile: require minimum ucode version
ff6163190d5a uspot/portal: report client_enable() failure
8601d9199233 include sample radcli dictionaries
c670f6c4b48f update README
094f0df88150 uspot: work around ucode#191 missing in 23.05
Update the package Makefile to reflect the changes from the following
above-listed commit:
53b8cb88a94a Makefile: require minimum ucode version
Fixes: https://github.com/f00b4r0/uspot/issues/4
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit
bc33522715342e04461000fc119ec71df12514a1)
Tianling Shen [Thu, 21 Mar 2024 07:03:35 +0000 (15:03 +0800)]
dnsproxy: Update to 0.66.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
4448d9f4a10bdfb3f86105f974f61db7e4f483fb)
Tianling Shen [Thu, 21 Mar 2024 07:03:30 +0000 (15:03 +0800)]
cloudflared: Update to 2024.3.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
bcb75533851c51bff4628d4273d2388d7007f6c8)