feed/packages.git
14 months agomg: bump to 7.3
Hirokazu MORIKAWA [Thu, 27 Jul 2023 01:39:44 +0000 (10:39 +0900)]
mg: bump to 7.3

Description:
Sync to OpenBSD 7.3

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit e25f57b60273a6fa4515367e82b379c09c483e55)

14 months agowget: Update to 1.21.4
Tianling Shen [Wed, 4 Oct 2023 02:31:50 +0000 (10:31 +0800)]
wget: Update to 1.21.4

Removed upstreamed patches and unneeded autoreconf.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 54593c0ba9a52ca72c69a1041b11bc9ef558db77)

14 months agoknot: update to version 3.2.10
Josef Schlehofer [Wed, 4 Oct 2023 16:22:22 +0000 (18:22 +0200)]
knot: update to version 3.2.10

Release notes:
https://www.knot-dns.cz/2023-09-10-version-3210.html
https://www.knot-dns.cz/2023-07-27-version-329.html
https://www.knot-dns.cz/2023-06-26-version-328.html
https://www.knot-dns.cz/2023-06-06-version-327.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
14 months agoatftp: move to PCRE2
Christian Marangi [Wed, 27 Sep 2023 17:10:39 +0000 (19:10 +0200)]
atftp: move to PCRE2

Move atftp to PCRE2 as PCRE is flagged as EOL and won't receive security
updates anymore.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f81a1a1212c17f460721fe6f4d4497e66ee418c6)

14 months agoatftp: bump to release 0.8.0
Christian Marangi [Wed, 27 Sep 2023 17:09:56 +0000 (19:09 +0200)]
atftp: bump to release 0.8.0

Bump to release 0.8.0. Autorecong is now needed to correctly compile the
package.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 364fe00b17ddfeb9f2bdf16298eda84866d58d27)

14 months agoatftp: update to 0.7.5
Rosen Penev [Thu, 16 Dec 2021 00:31:48 +0000 (16:31 -0800)]
atftp: update to 0.7.5

Remove upstreamed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0ad6384b5f8e2211cce72cc185f2756131929c4a)

14 months agoatftpd: fix conffiles
Huangbin Zhan [Sun, 24 Oct 2021 10:30:49 +0000 (18:30 +0800)]
atftpd: fix conffiles

Add missing conffiles
Fix conffile permission

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
(cherry picked from commit 3d66be420301bebd9cf7ee1ec26a1d08abe4a6b7)

14 months agoffmpeg: Add avi muxer
Jan Kratochvil [Tue, 3 Oct 2023 04:46:43 +0000 (12:46 +0800)]
ffmpeg: Add avi muxer

Otherwise one cannot produce *.avi containers needed for some H.264
camera codecs.

Signed-off-by: Jan Kratochvil <jan@jankratochvil.net>
(cherry picked from commit 62f01d7b36ca621f3b9e2e01c78a64e897dbf4e8)

14 months agobtrfs-progs: Update to version 6.0.1
Hauke Mehrtens [Sun, 6 Nov 2022 15:41:40 +0000 (16:41 +0100)]
btrfs-progs: Update to version 6.0.1

This fixes compilation problems with glibc 2.36.

Full Changelog:
btrfs-progs-6.0 (2022-10-11)
-----------------------------
   * fi usage: in tabular output, print total size and slack size
   * mkfs:
      * option -O now accepts values from -R to unify the interface (-R will
continue to work)
      * zone reset and discard is done in parallel on all devices
      * removed option --leafsize, deprecated long time ago
   * corrupt-block: recalculate checksum when changing generation
   * fixes:
      * convert: fix reserved range detection and overlaps
      * mkfs: fix creating files with reserved inode numbers with --rootdir
      * receive: escape filenames in command attributes
      * fix extent buffer leaks after transaction abort
   * experimental:
      * mkfs: support for block-group-tree (kernel 6.1)
      * fsverity in send (protocol v3, WIP)
      * btrfstune -b converts to block-group-tree
   * other:
      * cleanups, refactoring
      * new and updated tests
      * update documentation

btrfs-progs-6.0.1 (2022-11-04)
""""""""""""""""""""""""""""""
   * send: minor speed up for v2 due to increased buffer size
   * resize: invalid command line options fail with error code
   * quota rescan:
      * add long options --status and --wait
      * new option to wait but don't start rescan
   * qgroup show: print path by default, updated format
   * qgroup: new subcommand clear-stale, remove qgroups without their subvolumes
   * experimental:
      * add warnings to commands that have it enabled (mkfs, image, btrfstune)
   * other:
      * documentation, help text, error message updates

btrfs-progs-5.19 (2022-08-16)
-----------------------------
   * send: support protocol version 2
   * fi show: print all missing devices
   * device stats: add tabular output
   * replace: add alias to device group (device replace)
   * check: validate free space tree items
   * fixes:
      * convert: support large filesystems (block count > 32bit)
      * recognize filesystems with verity enabled
      * mkfs and DUP could write out of order, fix it for zoned mode
   * build:
      * optional support for LZO and ZSTD in receive
      * compatibility with glibc 2.36 (mount.h)
      * add fallbacks for new GCC builtins
   * other:
      * corrupt-block: target specific items, offsets
      * documentation updates, new pages from wiki
      * new tests

btrfs-progs-5.19.1 (2022-09-12)
"""""""""""""""""""""""""""""""
   * fix memory leaks (extent buffer, path)
   * check: verify block device size vs item
   * rescue fix-device-size: allow to shrink device item
   * receive: fix crash on wrong pinter free()
   * other:
      * experimental: support for block-group-tree
      * documentation updates
      * new tests

btrfs-progs-5.18 (2022-05-25)
-----------------------------
   * fixes:
      * dump-tree: don't print traling zeros in checksums
      * recognize paused balance as exclusive operation state, allow to start
        device add
      * convert: properly initialize target filesystem label
      * mkfs: don't create free space bitmaps for empty filesystem
   * restore: make lzo support build-time configurable, print supported
     compression in help text
   * update kernel-lib sources
   * other:
      * documentation updates, finish conversion to RST, CHANGES and INSTALL
        could be included into RST
      * fix build detection of experimental mode
      * new tests

btrfs-progs-5.18.1 (2022-06-06)
"""""""""""""""""""""""""""""""
   * fixes:
      * convert: fix self reference of toplevel directory
      * build: make kernel lib headers compatible with C++
   * zoned mode: verify minimum zone size 4MiB
   * libbtrfs: cleanups, merge headers and remove declarations of unexported
     symbols
   * other: documentation updates

btrfs-progs-5.17 (2022-04-26)
-----------------------------
   * check:
      * repair wrong num_devices in superblock
      * recognize overly long xattr names
      * fix wrong total bytes check for seed device
   * auto-repair on read on RAID56
   * property set: unify handling of empty value to mean default, changed meaning
     for property 'compression' to allow reset to default and to set NOCOMPRESS,
     since kernel 5.14
   * fixes:
       * dump-tree: print fs-verity items
       * fix location of system chunk on zoned filesystem
       * do not allow setting seeding flag on a filesystem with dirty log
       * mkfs and subpage support: use sectorsize as nodesize fallback for mixed
 profiles
   * preparatory work for extent tree v2, global roots
   * experimental feature (unstable interface, not built by default,
       do not use for production)
       * btrfstune: option --csum to switch checksum algorithm
   * other:
       * cleanups, refactoring
       * update documentation build, remove asciidocs leftovers
       * update fssum to consider xattrs
       * add fsstress

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 99f5604905da0ba931f3dfa5119bb9823036475b)
(cherry picked from commit 12bc0789a17d8f88c6e1fa6077da05e362acaf57)

14 months agobtrfs-progs: update to 5.16.1
Rosen Penev [Sun, 30 Jan 2022 01:21:46 +0000 (17:21 -0800)]
btrfs-progs: update to 5.16.1

Disable libudev to avoid dependency.

Backport patch to fix 64-bit int types under ppc64 and mips64.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 06de9e9958b3864e3f93a49aeb31a59c27bf2796)

14 months agosyslog-ng: update to version 4.4.0
Josef Schlehofer [Wed, 4 Oct 2023 10:26:54 +0000 (12:26 +0200)]
syslog-ng: update to version 4.4.0

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.4.0

- Bump version in config file

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 4dd49d7c3cd571107958154f1ed1ec8d8dba7464)

14 months agoexim: apply hotfix for some ZDI reported vulnerabilities
Daniel Golle [Sun, 1 Oct 2023 17:28:53 +0000 (18:28 +0100)]
exim: apply hotfix for some ZDI reported vulnerabilities

Apply preliminary hotfix for some (three?) of the 0-day
vulnerabilities reported by ZDI.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit db85d9ead6c3258757e199ad1fbd5bd20c9aac5f)

14 months agolibuecc: update repository URL
Matthias Schiffer [Wed, 20 Sep 2023 19:00:32 +0000 (21:00 +0200)]
libuecc: update repository URL

I've changed my username to neocturne.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 1df594bc01b0c7be34cd6eb477ebd1621959d15d)

14 months agoapache: move to PCRE2
Christian Marangi [Wed, 27 Sep 2023 14:28:14 +0000 (16:28 +0200)]
apache: move to PCRE2

Move apache to PCRE2 now that PCRE is flagged EOL and won't receive any
security update.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit d14fe0c51c0be8d66772b83a165c7fb3c4850af0)

14 months agoapache: bump to release 2.4.57
Christian Marangi [Wed, 27 Sep 2023 14:27:44 +0000 (16:27 +0200)]
apache: bump to release 2.4.57

Bump apache to release 2.4.57 and refresh patch automatically.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 86f9af41c1cb8670e56be5d0fec8b64daf7c7499)

14 months agowget: use pcre2
Leon M. Busch-George [Sun, 11 Jun 2023 18:39:06 +0000 (20:39 +0200)]
wget: use pcre2

Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 379946951c22ea774e4e22b4379571da604ded4b)

14 months agowget: apply upstream fix to avoid nettle linking in nossl
Hannu Nyman [Sun, 11 Dec 2022 14:10:15 +0000 (16:10 +0200)]
wget: apply upstream fix to avoid nettle linking in nossl

Replace my own patch with the upstream solution, which they issued
in response to my bug report.
(Two patches as they overlooked something on the first try.
Reference to https://savannah.gnu.org/bugs/index.php?63431 )

The nettle lib evaluation is now conditional to not having "--disable-ntlm".

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit fd7da3333e98c0d2ef1ed9d7997fe78000474caf)

14 months agowget: update to 1.21.3
Hannu Nyman [Tue, 29 Nov 2022 18:03:26 +0000 (20:03 +0200)]
wget: update to 1.21.3

Update wget to 1.21.3

* Remove patch 100-fix-hsts-time.patch as upstream has issued
  its own version on the fixes

* Add a hack (and fixup autoreconf) to fix an upstream bug that
  forces the nettle library into nossl even if NTLM is disabled.
  Upstream bug filed: https://savannah.gnu.org/bugs/?63431

* Remove old maintainer who has not been active

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a694130993d9d9eed8689ecdc1d6044dca3dc40e)

14 months agowget: update to 1.21.2
Huangbin Zhan [Tue, 19 Oct 2021 16:12:23 +0000 (00:12 +0800)]
wget: update to 1.21.2

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
(cherry picked from commit 9ac16d452845f8ef9922e9fddc0f44f1d5e2554e)

14 months agowget: fix hsts time
Huangbin Zhan [Mon, 8 Nov 2021 20:16:56 +0000 (04:16 +0800)]
wget: fix hsts time

`time_t` on musl 1.2 is 64bit, while `long` is 32 bit. we will always get zero time with the original source on mips big endian.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
(cherry picked from commit 09076512680b742ad369d6496bf9b6819a37af24)

14 months agoczmq: drop libpcre dependency
Josef Schlehofer [Tue, 19 Sep 2023 23:48:12 +0000 (01:48 +0200)]
czmq: drop libpcre dependency

It seems like the libpcre dependency was added by mistake.
While checking in the source code of czmq (Makefile.am, CMakeLists.txt),
I see there are several dependencies, but there isn't PCRE.

Fixes: 936a48a ("czmq: add new package")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e3ab95185cb67e6d5753b2d7380bac74c4ef4acd)

14 months agomsmtp: update to version 1.8.24
Josef Schlehofer [Tue, 19 Sep 2023 21:59:29 +0000 (23:59 +0200)]
msmtp: update to version 1.8.24

Release notes:
https://github.com/marlam/msmtp-mirror/commit/ef62463e4d0dc1f8e7f1db4f8dd35650999c13f9X

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 29a9a6a4a7b797097992eb7ff2cfd84d11920b25)

14 months agolibdrm: install all headers
Bernd Kuhls [Sat, 27 Feb 2021 18:11:11 +0000 (19:11 +0100)]
libdrm: install all headers

include/libdrm/drm.h and others headers are needed to build libva.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
(cherry picked from commit cb8c0ba6c0867604622873df96d5be164d747fc8)

14 months agorclone: Update to 1.63.1
Tianling Shen [Fri, 21 Jul 2023 19:01:19 +0000 (03:01 +0800)]
rclone: Update to 1.63.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 34d1c310b36ce0473a457ee1f82414ff994cd92c)

14 months agolibreswan: update to 4.9
Lucian Cristian [Thu, 20 Oct 2022 12:13:55 +0000 (12:13 +0000)]
libreswan: update to 4.9

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit a707fcc88da8ee5adcb4619aab4180e18eac5645)

14 months agolibreswan: update to 4.7
Lucian Cristian [Mon, 30 May 2022 17:26:40 +0000 (20:26 +0300)]
libreswan: update to 4.7

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit 8cf8518a0886e82ae3b3ad905af914bc63f4cce3)

14 months agolibreswan: fix build on macos
Sergey V. Lobanov [Thu, 20 Jan 2022 20:57:23 +0000 (23:57 +0300)]
libreswan: fix build on macos

libreswan makefile detects macos (darwin) and changes build logic
but OpenWrt is always Linux so it is required to specify linux as
target platfrom

This patch specifies Linux as a target platfrom

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 270e8eabc3c953ea22e545a33ce12af3700748aa)

15 months agopython-sentry-sdk: update to 1.5.4
Šimon Bořek [Fri, 4 Feb 2022 17:45:12 +0000 (18:45 +0100)]
python-sentry-sdk: update to 1.5.4

changelog: https://github.com/getsentry/sentry-python/blob/f6d3adcb3d7017a55c1b06e5253d08dc5121db07/CHANGELOG.md#154

Signed-off-by: Šimon Bořek <borek@autobakterie.cz>
(cherry picked from commit 32e2a2fa2ae20e9b1248753d65705c5a8d3bdfbc)

15 months agonextdns: Update to version 1.40.1
Olivier Poitrey [Thu, 14 Sep 2023 11:56:55 +0000 (11:56 +0000)]
nextdns: Update to version 1.40.1

Signed-off-by: Olivier Poitrey <rs@nextdns.io>
15 months agosyslog-ng: update to version 4.3.1
Josef Schlehofer [Sun, 3 Sep 2023 08:26:21 +0000 (10:26 +0200)]
syslog-ng: update to version 4.3.1

Makefile changes:
- Since version 4.3.0, there is required to use pcre2 instead of pcre
Reference: https://github.com/syslog-ng/syslog-ng/pull/4537

- Disable c++ support by default to avoid picking libstdcpp dependency
Reference: https://github.com/syslog-ng/syslog-ng/pull/4484

Config changes:
- Bump version in config file

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit c43599b0c885bbb3b6aae2cac34aa8d526fb8274)

15 months agopython3: Update to 3.9.18
Jeffery To [Tue, 5 Sep 2023 04:16:02 +0000 (12:16 +0800)]
python3: Update to 3.9.18

Includes fix for CVE-2023-40217 (Bypass TLS handshake on closed
sockets).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
15 months agozerotier: update to 1.12.1
Moritz Warning [Sun, 27 Aug 2023 21:00:10 +0000 (23:00 +0200)]
zerotier: update to 1.12.1

* split up "fix makefile" patch logical distinct parts
* add libatomic dependency needed for prometheus-cpp-lite-1.0
* refresh patch series
* improve warning message in init script

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 6cf39ba626e35474b5b3c59754610f20c240d202)

15 months agozerotier: do not allow executable stack
Oskari Rauta [Sun, 12 Mar 2023 16:30:35 +0000 (18:30 +0200)]
zerotier: do not allow executable stack

zerotier as default has executable stack.
[   11.343143] process '/usr/bin/zerotier-one' started with executable stack

executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.

Stack is executable on x86_64, but not on all archs, such as ramips.

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 56f30520f2413f9f1434def5b533a265912aea1c)

15 months agozerotier: update to 1.10.4
Moritz Warning [Mon, 13 Mar 2023 18:16:05 +0000 (19:16 +0100)]
zerotier: update to 1.10.4

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit b5cde91594a858b823270e50fed27bb7985ddebe)

15 months agozerotier: update to 1.10.3
Moritz Warning [Wed, 22 Feb 2023 21:48:00 +0000 (22:48 +0100)]
zerotier: update to 1.10.3

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 1af4a404a5e3755f22c1ef76968f7b9ff93b038c)

15 months agoknot-resolver: update to version 5.7.0
Josef Schlehofer [Sat, 2 Sep 2023 15:23:37 +0000 (17:23 +0200)]
knot-resolver: update to version 5.7.0

Changelog:
https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit a5314681149259827c1eec074ae11fe6b7a80961)

15 months agotcl: fix build on macos
Sergey V. Lobanov [Mon, 24 Jan 2022 15:19:51 +0000 (18:19 +0300)]
tcl: fix build on macos

configure script detects Darwin and uses flags incompatible with
Linux target build.

This patch uses fakeuname tool if host OS is MacOS to avoid Darwin
detection on target build.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 6e9c7010501df5bb03ebc7e61c96a842d8843783)

15 months agostress-ng: fix build on macos
Sergey V. Lobanov [Mon, 24 Jan 2022 22:41:09 +0000 (01:41 +0300)]
stress-ng: fix build on macos

This patch adds KERNEL=Linux to MAKE_FLAGS to avod Darwin detection.
If Makefile detects Darwin, it removes -lbsd from build flags, but
this flag is required due to target is always Linux, not bsd-like.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 53a51fb3d1cbf7fed94aad3a84aa36a19c54a55a)

15 months agosyslog-ng: fix build on macos
Sergey V. Lobanov [Tue, 25 Jan 2022 00:02:32 +0000 (03:02 +0300)]
syslog-ng: fix build on macos

configure script detects Darwin and uses flags incompatible with
Linux target build.

This patch uses fakeuname tool if host OS is MacOS to avoid Darwin
detection on target build.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 0a9a52ee77ce826f03b2a198e735df71ee2b55ad)

15 months agofakeuname: add package
Sergey V. Lobanov [Wed, 26 Jan 2022 12:32:00 +0000 (15:32 +0300)]
fakeuname: add package

This package provides fakeuname host tool to avoid build platform
detection for invalid configure/build scripts that are not
friendly to cross-platform build.

This fake uname tool returns Linux as OS name and target Linux
version as OS version.

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 4b6fc857bee8a58e011a4526114e13ae78064fc9)

16 months agoMerge pull request #21815 from mhei/21.02-php8-update-to-8.0.30
Michael Heimpold [Tue, 15 Aug 2023 05:40:22 +0000 (07:40 +0200)]
Merge pull request #21815 from mhei/21.02-php8-update-to-8.0.30

[21.02] php8: update to 8.0.30

16 months agophp8: update to 8.0.30
Michael Heimpold [Sun, 13 Aug 2023 09:47:04 +0000 (11:47 +0200)]
php8: update to 8.0.30

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
17 months agoyq: Update to 4.34.2
Tianling Shen [Fri, 14 Jul 2023 06:13:46 +0000 (14:13 +0800)]
yq: Update to 4.34.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1cb2590c1743eeb4c357b1f0d7e3fb47b3640ae6)

17 months agoyq: Update to 4.34.1
Tianling Shen [Thu, 1 Jun 2023 07:59:28 +0000 (15:59 +0800)]
yq: Update to 4.34.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 2ecf76e27dbcc0a5d64db6d9b30269de56b2bd1e)

17 months agorclone: Update to 1.63.0
Tianling Shen [Tue, 4 Jul 2023 08:04:54 +0000 (16:04 +0800)]
rclone: Update to 1.63.0

While at it fixed a typo error of license files variable.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 952844c976bae289c603f9c93662a08f6ff49290)

17 months agorclone: Update to 1.62.2
Tianling Shen [Fri, 17 Mar 2023 05:17:38 +0000 (13:17 +0800)]
rclone: Update to 1.62.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 392a68e24774294590abf9c08ea1832f2cee190d)

17 months agobind: bump to 9.18.16
Noah Meyerhans [Mon, 26 Jun 2023 03:02:35 +0000 (20:02 -0700)]
bind: bump to 9.18.16

Fixes CVEs:

- CVE-2023-2828: The overmem cleaning process has been improved, to
  prevent the cache from significantly exceeding the configured
  max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
  triggers a fetch to refresh the stale data in cache. If the fetch is
  aborted for exceeding the recursion quota, it was possible for named
  to enter an infinite callback loop and crash due to stack overflow.

The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 9ac79ad46966908d2ceb64c0e0d8a0bff435767a)

17 months agoMerge pull request #21397 from mhei/21.02-php8-update-to-8.0.29
Michael Heimpold [Tue, 20 Jun 2023 06:01:29 +0000 (08:01 +0200)]
Merge pull request #21397 from mhei/21.02-php8-update-to-8.0.29

[21.02] php8: update to 8.0.29

18 months agophp8: update to 8.0.29
Michael Heimpold [Thu, 15 Jun 2023 19:27:59 +0000 (21:27 +0200)]
php8: update to 8.0.29

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
18 months agoMerge pull request #21347 from jefferyto/python-3.9.17-openwrt-21.02
Tianling Shen [Tue, 13 Jun 2023 03:00:45 +0000 (11:00 +0800)]
Merge pull request #21347 from jefferyto/python-3.9.17-openwrt-21.02

[openwrt-21.02] python3: Update to 3.9.17

18 months agopython3: Update to 3.9.17
Jeffery To [Mon, 12 Jun 2023 08:17:50 +0000 (16:17 +0800)]
python3: Update to 3.9.17

This includes an updated patch for pip, as the bundled pip was also
updated with this release.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
18 months agoavahi: Import patches for security fixes
Hirokazu MORIKAWA [Thu, 8 Jun 2023 05:37:38 +0000 (14:37 +0900)]
avahi: Import patches for security fixes

Imported patches included in debian and other package.

* 200-Fix-NULL-pointer-crashes-from-175.patch
  CVE-2021-3502
   A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.

* 201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
  CVE-2021-3468
   A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.

* 202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
   avahi_dns_packet_consume_uint32 left shifts uint8_t values by 8, 16 and 24 bits to combine them into a 32-bit value. This produces an undefined behavior warning with gcc -fsanitize when fed input values of 128 or 255 however in testing no actual unexpected behavior occurs in practice and the 32-bit uint32_t is always correctly produced as the final value is immediately stored into a uint32_t and the compiler appears to handle this "correctly".
Cast the intermediate values to uint32_t to prevent this warning and ensure the intended result is explicit.

* 203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
   This was causing timeouts to never be removed from the linked list that tracks them, resulting in both memory and CPU usage to grow larger over time.

* 204-Emit-error-if-requested-service-is-not-found.patch
   It currently just crashes instead of replying with error. Check return
value and emit error instead of passing NULL pointer to reply.

* 205-conf-file-line-lengths.patch
   Allow avahi-daemon.conf file to have lines longer than 256 characters (new limit 1024).

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 779af4d40ccdc0f2a798ee6b6849abb37d202f1b)

18 months agonet/acme: Bump acme.sh to v3.0.6
Toke Høiland-Jørgensen [Fri, 9 Jun 2023 13:23:45 +0000 (15:23 +0200)]
net/acme: Bump acme.sh to v3.0.6

Important security fix.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
18 months agolighttpd: update to lighttpd 1.4.71 release hash
Glenn Strauss [Sat, 27 May 2023 22:03:56 +0000 (18:03 -0400)]
lighttpd: update to lighttpd 1.4.71 release hash

remove patches included upstream

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 19291ee1951a79776c1b67c10fd67af5d346abc5)

18 months agosyslog-ng: update to 4.2.0
W. Michael Petullo [Fri, 19 May 2023 16:40:28 +0000 (11:40 -0500)]
syslog-ng: update to 4.2.0

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit 1fcea0798110cca216676d065dd66a17d1a1f447)

18 months agoMerge pull request #21185 from commodo/django-update-21.09
Alexandru Ardelean [Sat, 27 May 2023 18:15:32 +0000 (21:15 +0300)]
Merge pull request #21185 from commodo/django-update-21.09

[21.02] django: bump to version 3.2.19

18 months agodjango: bump to version 3.2.19
Alexandru Ardelean [Fri, 26 May 2023 10:17:53 +0000 (13:17 +0300)]
django: bump to version 3.2.19

Fixes CVE-2023-31047
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-31047
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
18 months agowsdd2: fix stopping service
Rafał Miłecki [Thu, 11 May 2023 11:27:32 +0000 (13:27 +0200)]
wsdd2: fix stopping service

Function start_service() is called whenever service may need reloading.
If SMB server is not running it could be simply because it has been
stopped. Reloading service in such case is not an error so:
1. Don't log error as it isn't one
2. Don't exit with error code as it was confusing procd

This change fixes scenario like:
/etc/init.d/ksmbd stop
/etc/init.d/wsdd2 reload
(previously above wasn't stopping wsdd2)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6020ca52bf5d7b2869ef1ff8a966d15281aa56ab)

18 months agowsdd2: Remove extra comma, which breaks the key-value pair of the '-b' parameter
Li Zhang [Mon, 25 Apr 2022 14:18:31 +0000 (22:18 +0800)]
wsdd2: Remove extra comma, which breaks the key-value pair of the '-b' parameter

Signed-off-by: Li Zhang <starsunyzl@gmail.com>
(cherry picked from commit 5fc06d939fb9a37752b7665eca1355e23aa4e85f)

18 months agowsdd2: dont use fqdn
Fritz D. Ansel [Thu, 12 Aug 2021 04:56:43 +0000 (06:56 +0200)]
wsdd2: dont use fqdn

workgroups use the name of the host without domain

Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
(cherry picked from commit 3953ff956da6d9d0f335ddba3fc347bfef4fabb2)

19 months agolxc: set --with-runtime-path to the /var/run path
Rafał Miłecki [Sat, 8 Apr 2023 16:18:55 +0000 (18:18 +0200)]
lxc: set --with-runtime-path to the /var/run path

The default runtime directory used by LXC is /run which doesn't exist
in OpenWrt. It causes errors like:

Failed to create lock for foo
lxc-create: foo: tools/lxc_create.c: main: 260 Failed to create lxc container

There has been workaround for that in the lxc-auto.init but it requires
installing "lxc-auto" package. Replacing that "ln -s" workaround with
Makefile specifying --with-runtime-path allows using pure "lxc" in
OpenWrt (without the "lxc-auto").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 90fef036fe465262d5915489d45f430b313f22ab)

19 months agolxc-auto: made init script compatible with image builder
Marc Benoit [Mon, 5 Sep 2022 19:15:14 +0000 (15:15 -0400)]
lxc-auto: made init script compatible with image builder

Signed-off-by: Marc Benoit <marcb62185@gmail.com>
(cherry picked from commit e70844a9ca327b98eb33d1c9a3cce987cc91a190)

19 months agolxc: update to 4.10.12
John Audia [Thu, 3 Feb 2022 20:19:05 +0000 (15:19 -0500)]
lxc: update to 4.10.12

Bump to latest upstream release and rebase:
  010-Remove-distro-check.patch
  025-remove-unsupported-option.patch

After updating ran `make package/lxc/refresh` to clean dirty patches

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit 115bf07f6c449a17bf12a3e7e065ff252a772e6f)

19 months agolxc-auto: step by 1 sec up to $max_timeout
John Audia [Sun, 19 Sep 2021 18:35:09 +0000 (14:35 -0400)]
lxc-auto: step by 1 sec up to $max_timeout

If the user defines a $max_timeout of 30, the service will wait 30 seconds
before it considers lxc-stop complete even though lxc-stop might actually
finish much sooner.  This introduces an unneeded delay.

This commit changes the behavior to check once per second to see when lxc-stop
actually stops doing so up to $max_timeout.  It also slightly simplifies the
code with logic to append the -t $max_timeout to the script.

Signed-off-by: John Audia <graysky@archlinux.us>
(cherry picked from commit 7984d2d74a2fd83f036310888ad7486bff655c5a)

19 months agoknot: update to version 3.2.6
Jan Hák [Wed, 12 Apr 2023 09:16:04 +0000 (11:16 +0200)]
knot: update to version 3.2.6

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit bb946a19cd3203e288f99db666e123c92f7e3d0d)

19 months agoknot: update to version 3.2.5
Jan Hák [Mon, 13 Feb 2023 14:35:42 +0000 (15:35 +0100)]
knot: update to version 3.2.5

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 94512aba16e9bf4bc4a6dbc18bf67cbd97e035a6)

19 months agosyslog-ng: update to version 4.1.1
Josef Schlehofer [Sat, 1 Apr 2023 09:15:13 +0000 (11:15 +0200)]
syslog-ng: update to version 4.1.1

- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.1.1

- Updated version in config

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 7de98324c73c8c680d05ef06bf2bf313d54bda83)

19 months agolighttpd: QUILT patches; fix build patches
Glenn Strauss [Mon, 15 May 2023 03:41:28 +0000 (23:41 -0400)]
lighttpd: QUILT patches; fix build patches

QUILT patches; fix build patches to re-merge deprecated modules

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
19 months agolighttpd: include mod_h2 in base package
Glenn Strauss [Thu, 11 May 2023 00:52:05 +0000 (20:52 -0400)]
lighttpd: include mod_h2 in base package

The next version of lighttpd will move HTTP/2 support from the lighttpd
base executable into a separate module: mod_h2

Include patch to do so now, and update packaging to handle it.

HTTP/2 support is enabled by default since lighttpd 1.4.59, but if
HTTP/2 support is explicitly disabled in the configuration, then mod_h2
will not be loaded, thereby reducing lighttpd memory use.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit f4152fccadc021b016b341526ddf83ddcf593ca1)

19 months agolighttpd: update to lighttpd 1.4.70 release hash
Glenn Strauss [Thu, 11 May 2023 00:49:24 +0000 (20:49 -0400)]
lighttpd: update to lighttpd 1.4.70 release hash

remove patches included upstream

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 0d5b110077d4c51a12d797a844495ce63071a205)

19 months agolighttpd: adjust packages for built-in modules
Glenn Strauss [Wed, 12 Apr 2023 17:15:49 +0000 (13:15 -0400)]
lighttpd: adjust packages for built-in modules

(.so is no longer built, but package still contains config files)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 7fda9563de92e58f0ae5c388e66de1d66e3df7f0)

19 months agolighttpd: fix package DEPENDS syntax
Glenn Strauss [Fri, 14 Apr 2023 19:19:36 +0000 (15:19 -0400)]
lighttpd: fix package DEPENDS syntax

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Co-authored-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ae5135a9139425455e39b1030928786b5c0e37a9)

19 months agolibrespeed-go: update file permissions for ujail
Tianling Shen [Wed, 26 Apr 2023 03:35:19 +0000 (11:35 +0800)]
librespeed-go: update file permissions for ujail

This fixes "permission denied" error when access files as a normal user.

Reported-by: Anya Lin <hukk1996@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 42d340bce0106538888f9e942dc3dd6f7f9e62ff)

20 months agobind: disable geoip
Javier Marcet [Mon, 9 Jan 2023 15:29:47 +0000 (17:29 +0200)]
bind: disable geoip

Signed-off-by: Javier Marcet <javier@marcet.info>
[modified also PKG_RELEASE]
(cherry picked from commit 073ee02500ca5bd0b5b530efcc662690c55ca2ac)

20 months agoMerge pull request #20799 from gstrauss/lighttpd-1.4.69-1-openwrt-21.02
Tianling Shen [Sat, 15 Apr 2023 20:08:06 +0000 (04:08 +0800)]
Merge pull request #20799 from gstrauss/lighttpd-1.4.69-1-openwrt-21.02

lighttpd: update to lighttpd 1.4.69 release hash - backport to openwrt 21.02

20 months agolighttpd: patch to restore removed modules
Glenn Strauss [Fri, 14 Apr 2023 06:28:45 +0000 (02:28 -0400)]
lighttpd: patch to restore removed modules

patch to restore removed modules to preserve state for 21.02

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
20 months agoocserv: disable libmaxminddb detection
Hannu Nyman [Mon, 9 Jan 2023 20:02:44 +0000 (22:02 +0200)]
ocserv: disable libmaxminddb detection

Disable libmaxminddb detection to fix a build error
due to missing dependency.
(the libmaxminddb library is now detected, but is unncessary.)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 508c4548dc7c73d6e824bd5a9b1dcb8fb7132ab3)

20 months agoknot: disable libmaxminddb detection
Hannu Nyman [Mon, 9 Jan 2023 20:01:32 +0000 (22:01 +0200)]
knot: disable libmaxminddb detection

Disable libmaxminddb detection to fix a build error due to
missing dependency.
(the libmaxminddb library is now detected, but is unncessary.)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit ce46bf8a4307ae2e0ec6d3f517cad05666eb7a22)

20 months agolighttpd: fix package DEPENDS syntax
Glenn Strauss [Fri, 14 Apr 2023 19:19:36 +0000 (15:19 -0400)]
lighttpd: fix package DEPENDS syntax

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Co-authored-by: Tianling Shen <cnsztl@immortalwrt.org>
20 months agolibmaxminddb: install pkgconfig file
Rosen Penev [Wed, 4 Jan 2023 00:15:16 +0000 (16:15 -0800)]
libmaxminddb: install pkgconfig file

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fe018482f83d51b9005c44d25652ea323aa338a2)

(cherry pick reduced for backport)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
20 months agolighttpd: update to lighttpd 1.4.69 release hash
Glenn Strauss [Sun, 12 Feb 2023 05:29:06 +0000 (00:29 -0500)]
lighttpd: update to lighttpd 1.4.69 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 8f2fbf093a42040dcc226dee4fcd493a215645ed)

20 months agolighttpd: add lighttpd-mod-webdav_min package
Glenn Strauss [Sat, 21 Jan 2023 01:07:36 +0000 (20:07 -0500)]
lighttpd: add lighttpd-mod-webdav_min package

add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav

lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit ed6fe528c1efc549891144967eefe51a73999511)

20 months agolighttpd: collect mods now built into lighttpd exe
Glenn Strauss [Wed, 4 Jan 2023 02:19:46 +0000 (21:19 -0500)]
lighttpd: collect mods now built into lighttpd exe

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 85279b49ceeb411f98623e6febef48b83f04813b)

20 months agolighttpd: remove patch included upstream
Glenn Strauss [Tue, 3 Jan 2023 18:09:52 +0000 (13:09 -0500)]
lighttpd: remove patch included upstream

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 66001d5a91087dec6ff9e620b995beaff60506d7)

20 months agolighttpd: update to lighttpd 1.4.68 release hash
Glenn Strauss [Tue, 3 Jan 2023 17:52:02 +0000 (12:52 -0500)]
lighttpd: update to lighttpd 1.4.68 release hash

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 6383ae9407280df7f2ac29065bfe22d7bca73ed7)

20 months agolighttpd: modify build cmd for type: feature opts
Glenn Strauss [Thu, 24 Nov 2022 07:18:09 +0000 (02:18 -0500)]
lighttpd: modify build cmd for type: feature opts

modify build command for meson type: feature options

remove -Dwith_libev=disabled (option no longer has any effect)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 4a3b62a92ab21bb6ae373dbbbfc1c5eb16ebc3f5)

20 months agolighttpd: add lighttpd-mod-rrdtool dep on rrdtool1
Glenn Strauss [Wed, 30 Nov 2022 05:21:49 +0000 (00:21 -0500)]
lighttpd: add lighttpd-mod-rrdtool dep on rrdtool1

add lighttpd-mod-rrdtool dependency on rrdtool1

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 9f299e881ba7ae665d5251d1e4c8a9585b039911)

20 months agolighttpd: lighttpd-1.4.67-4
Glenn Strauss [Wed, 30 Nov 2022 04:32:44 +0000 (23:32 -0500)]
lighttpd: lighttpd-1.4.67-4

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a09dbfcf976f8d0c0247f068945dbd321e314bf8)

20 months agolighttpd: document crypto lib options in Makefile
Glenn Strauss [Thu, 6 Oct 2022 08:32:04 +0000 (04:32 -0400)]
lighttpd: document crypto lib options in Makefile

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 43741e748f8569be4aaf3ba3a99867eef32c74e4)

20 months agov2raya: Update to 2.0.5
Tianling Shen [Sun, 9 Apr 2023 19:48:23 +0000 (03:48 +0800)]
v2raya: Update to 2.0.5

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 23e134816688793d42cc52ad78a9fc65f4e6d3bc)

20 months agorrdtool: update PKG_SOURCE_URL
Ryan Shi [Mon, 10 Apr 2023 18:16:10 +0000 (21:16 +0300)]
rrdtool: update PKG_SOURCE_URL

Signed-off-by: Ryan Shi <qweaszxcdf@users.noreply.github.com>
(cherry picked from commit 164e0257e7c079b06e5d862cbc31e1f11ac651cb)

20 months agoyq: Update to 4.33.2
Tianling Shen [Mon, 3 Apr 2023 10:29:41 +0000 (18:29 +0800)]
yq: Update to 4.33.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0b255830e9b33c4848c4ee65419ca3755baf883f)

20 months agoyq: Update to 4.33.1
Tianling Shen [Mon, 27 Mar 2023 11:43:11 +0000 (19:43 +0800)]
yq: Update to 4.33.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e2cf4fa9a119076d23f26e3803247b5d83c71547)

20 months agonano: make nanorc world readable
Hannu Nyman [Wed, 5 Apr 2023 17:41:25 +0000 (20:41 +0300)]
nano: make nanorc world readable

If file /etc/nanorc is readable by everyone, "default" settings
are available for users as well without necessarily requiring
their own customized .nanorc in their home directory. Or if
they want one, but want it to be based on system's default
nanorc, they can copy it from /etc - without chmodding
file, it is in-accessible for users.

Suggested-by: Oskari Rauta <oskari.rauta@gmail.com>
[switched approach to use INSTALL_DATA]
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 76d02f933f006fb854c03fa1738ed795acc32e50)

20 months agozoneinfo: Updated to the latest release
Vladimir Ulrich [Sat, 25 Sep 2021 19:17:18 +0000 (22:17 +0300)]
zoneinfo: Updated to the latest release

Signed-off-by: Vladimir Ulrich <admin@evl.su>
(cherry picked from commit 7259eea63fcbeb0955c8f390562c88590a3e1ae7)
(cherry picked from commit 00f1c78a647c5b1ddc8347d0bacbfdec3c743536)
(cherry picked from commit 453be8f179e78a00048deff746e74244b39f7ad8)
(cherry picked from commit 3185feda499ab68ca463696c0e673d8056ec4429)
(cherry picked from commit b15721d6d64686933cf982c9fe303845565a1bc0)
(cherry picked from commit cb5bf2b007940c14825dc734814bfe5ceae5b09f)
(cherry picked from commit 89c2fa9d9b5cd8f6e1cf9859965de04b3707fa5a)
(cherry picked from commit 8d693a79bedd8a4bf00c2e14f43b0c95ec950155)
(cherry picked from commit 5a9e8698c94fcfa14ab6a0c314881eb4be1d47c7)

Updated zoneinfo-all meta-package to fix warnings on build
Removed zoneinfo-simple from dependencies of zoneinfo-all as its contents are included in other packages.
(cherry picked from commit 1d88250815b5efe623bb01a591c4ca651c8f5600)

(cherry picked from commit 23e6200e4d0a435915ab4ef9700a7297e89b68b3)
(cherry picked from commit 0ff1a8666be7cc3ebde5838c4b166a2438f87567)

20 months agounbound: update to version 1.17.1
Josef Schlehofer [Tue, 17 Jan 2023 23:01:42 +0000 (00:01 +0100)]
unbound: update to version 1.17.1

- Refreshed one patch

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 97e69ec89c8bdb1c6d092eb5e8491467a06a9963)
[Use AUTORELEASE]

20 months agoffmpeg: update to version 4.3.5
Josef Schlehofer [Mon, 13 Feb 2023 08:52:43 +0000 (09:52 +0100)]
ffmpeg: update to version 4.3.5

Fixes: CVE-2020-21041
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
20 months agov2raya: Update to 2.0.4
Tianling Shen [Sat, 18 Mar 2023 15:13:26 +0000 (23:13 +0800)]
v2raya: Update to 2.0.4

- Added TproxyNotSkipBr flag for OpenWrt.
- Removed all upstreamed patches.
- Removed deprecated option.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5062779dc79091d63929d44b6354e1cbefa2e8f5)
[removed nftables-related changes]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
20 months agoyq: Update to 4.32.2
Tianling Shen [Mon, 20 Mar 2023 07:25:35 +0000 (15:25 +0800)]
yq: Update to 4.32.2

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 65dc683efe329a13afdc632150f886b88d7f5edf)

21 months agoMerge pull request #20671 from TDT-AG/pr/20220415-openwrt-21.2-strongswan-cves
Florian Eckert [Fri, 17 Mar 2023 15:29:32 +0000 (16:29 +0100)]
Merge pull request #20671 from TDT-AG/pr/20220415-openwrt-21.2-strongswan-cves

strongswan: backport CVE fixes