Christian Marangi [Wed, 27 Sep 2023 17:10:39 +0000 (19:10 +0200)]
atftp: move to PCRE2
Move atftp to PCRE2 as PCRE is flagged as EOL and won't receive security
updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f81a1a1212c17f460721fe6f4d4497e66ee418c6)
Christian Marangi [Wed, 27 Sep 2023 17:09:56 +0000 (19:09 +0200)]
atftp: bump to release 0.8.0
Bump to release 0.8.0. Autorecong is now needed to correctly compile the
package.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
364fe00b17ddfeb9f2bdf16298eda84866d58d27)
Jan Kratochvil [Tue, 3 Oct 2023 04:46:43 +0000 (12:46 +0800)]
ffmpeg: Add avi muxer
Otherwise one cannot produce *.avi containers needed for some H.264
camera codecs.
Signed-off-by: Jan Kratochvil <jan@jankratochvil.net>
(cherry picked from commit
62f01d7b36ca621f3b9e2e01c78a64e897dbf4e8)
Josef Schlehofer [Sun, 17 Sep 2023 11:06:48 +0000 (13:06 +0200)]
btrfs-progs: update to version 6.5.1
Release notes:
https://github.com/kdave/btrfs-progs/releases/tag/v6.5.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
16e484cad1d2e9686916c0cfcafd54cf3777378f)
(cherry picked from commit
c6656a6289d1335a229e4ddf11efbd0a1350b5f7)
Tianling Shen [Wed, 17 May 2023 05:33:38 +0000 (13:33 +0800)]
btrfs-progs: Update to 6.3
Fixed build issue with musl 1.2.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c2b8dbd08586d7fa225d8164c9a29e3d2aae1186)
Tianling Shen [Wed, 4 Oct 2023 02:31:50 +0000 (10:31 +0800)]
wget: Update to 1.21.4
Removed upstreamed patches and unneeded autoreconf.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
54593c0ba9a52ca72c69a1041b11bc9ef558db77)
Josef Schlehofer [Wed, 4 Oct 2023 10:26:54 +0000 (12:26 +0200)]
syslog-ng: update to version 4.4.0
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.4.0
- Bump version in config file
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
4dd49d7c3cd571107958154f1ed1ec8d8dba7464)
Josef Schlehofer [Fri, 29 Sep 2023 15:40:29 +0000 (17:40 +0200)]
prometheus-node-exporter-lua: drop bmx6 package
In the OpenWrt routing feed, package bmx6 and luci-app-bmx6 were removed because the LuCI app was vulnerable to several CVEs, as found by dependabot. It has been reporting it for a few months and has even created an issue. These two packages are not maintained in OpenWrt as well in upstream.
Users should switch to the bmx7 package.
Fixes: 9fb9d9343ea27d6dbb5008ece10c0c843dd2c781 ("bmx6: drop package") in the routing feed
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
9c2bf859005ada11c17835f74826b356cdb0fb7b)
Daniel Golle [Sun, 1 Oct 2023 17:28:53 +0000 (18:28 +0100)]
exim: apply hotfix for some ZDI reported vulnerabilities
Apply preliminary hotfix for some (three?) of the 0-day
vulnerabilities reported by ZDI.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
db85d9ead6c3258757e199ad1fbd5bd20c9aac5f)
Christian Marangi [Wed, 27 Sep 2023 14:27:44 +0000 (16:27 +0200)]
apache: bump to release 2.4.57
Bump apache to release 2.4.57 and refresh patch automatically.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
86f9af41c1cb8670e56be5d0fec8b64daf7c7499)
Christian Marangi [Wed, 27 Sep 2023 14:28:14 +0000 (16:28 +0200)]
apache: move to PCRE2
Move apache to PCRE2 now that PCRE is flagged EOL and won't receive any
security update.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
d14fe0c51c0be8d66772b83a165c7fb3c4850af0)
Noah Meyerhans [Wed, 27 Sep 2023 17:42:59 +0000 (10:42 -0700)]
bind: bump to 9.18.19
Fixes CVEs:
CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.
CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit
835b1051511b592d69bc0b8a7d5d993337f890da)
Matthias Schiffer [Sat, 23 Sep 2023 16:10:30 +0000 (18:10 +0200)]
openvswitch: disable groff manpage check
The openvswitch build trips over a number of warnings during the
manpage-check step if groff 1.23 is installed on the build host,
resulting in a failed build.
As this check is optional, and we don't even install the manpages, simply
override the groff configure check to never detect groff.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
db34f33cc712ef2c6c4ca2f7ace1f428e83f316c)
Matthias Schiffer [Tue, 26 Sep 2023 18:14:57 +0000 (20:14 +0200)]
tunneldigger: set PKG_SOURCE_DATE
opkg requires monotonically increasing version numbers to know which
version of a package is newer. As git commit IDs do not satisfy this
condition, PKG_SOURCE_DATE must be set to the date of the referenced
commit, resulting in the complete version number '2021-03-08-
4f72b305-1'.
As the source date also becomes part of the paths inside the download
archive, the source hash must be updated as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
0a3e5dd122abb92f215369eeb0a957114b61746f)
Matthias Schiffer [Tue, 26 Sep 2023 16:58:11 +0000 (18:58 +0200)]
tunneldigger: add group option to UCI config
The group can be used for policy routing and similar purposes.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
21dd77f6c48f5c59beee5dccc4aee9a2afa3e137)
Salem Huang [Sun, 25 Jun 2023 16:43:29 +0000 (00:43 +0800)]
netbird: update to 0.21.7
1. Release notes:
https://github.com/netbirdio/netbird/releases/tag/v0.21.2
https://github.com/netbirdio/netbird/releases/tag/v0.21.3
https://github.com/netbirdio/netbird/releases/tag/v0.21.4
https://github.com/netbirdio/netbird/releases/tag/v0.21.5
https://github.com/netbirdio/netbird/releases/tag/v0.21.6
https://github.com/netbirdio/netbird/releases/tag/v0.21.7
2. Update GO_PKG_LDFLAGS, because of https://github.com/netbirdio/netbird/commit/
292ee260ad564d1e65199b1cb3430b0cd7ba9646
3. Define the configuration file.
Signed-off-by: Salem Huang <solohoh@hotmail.com>
(cherry picked from commit
35b668b6ca432425e3b10b080f43344c15903380)
Oskari Rauta [Sun, 11 Jun 2023 09:44:54 +0000 (12:44 +0300)]
netbird: update to 0.21.1
Release notes: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
9bc2733f31fb9ef083d7b2ed8235ffef9dbc3b21)
Oskari Rauta [Sun, 26 Mar 2023 17:10:55 +0000 (20:10 +0300)]
netbird: update to 0.14.5
Release Notes
Management
- Introduce a new ACL engine based on Rego (Open Policy Agent) for firewall control
- Personal access tokens generation as a first iteration toward public API release
- Add Keycloak support as an IDP manager
Agent
- Introduce a Firewall interface to apply granular access control (e.g., connection direction, port, or protocol level)
- Make the agent run on Android (mobile support)
Changelog
- Feat rego default policy
- Don't drop Rules from file storage after migration to Policies
- Add version info command to signal server
- Feat firewall controller interface
- Adding Personal Access Token generation
- Exchange proxy mode via signal
- Fix connstate indication
- Mobile
- PAT persistence
- Add Keycloak Idp Manager
- Adjustments for the change server flow
- Disable peer expiration of peers added with setup keys
- Add JWT middleware validation failure log
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
12f8ebc4b1adf63989c366c36509b54da59ba426)
Oskari Rauta [Mon, 20 Mar 2023 17:34:08 +0000 (19:34 +0200)]
netbird: update to 0.14.4
Bug fixes & refactor
Fix: send remote agents updates when peer re-authenticates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
ab573bdb4d7b30d5dc46e70941cb025800d4cabd)
Oskari Rauta [Sun, 12 Mar 2023 23:16:25 +0000 (01:16 +0200)]
netbird: update to 0.14.3
Bug fixes & refactor
Release notes:
- Fix: send remote agents updates when peer re-authenticates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
f9e3af87f516b285daffc01636083f2db369c27b)
Oskari Rauta [Mon, 6 Mar 2023 10:56:34 +0000 (10:56 +0000)]
netbird: update to 0.14.2
Update from 0.12.0 -> 0.14.2
Release notes: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
58fcaf8fc4d56c929a43be14fcd5c10d349502ec)
Oskari Rauta [Thu, 2 Feb 2023 13:06:08 +0000 (13:06 +0000)]
netbird: new package
Netbird is similar vpn service as tailscale and zerotier.
Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
a4d8d2459aa4fc0de453b23c34355311366f8d3b)
S. Brusch [Tue, 19 Sep 2023 12:51:45 +0000 (14:51 +0200)]
crowdsec: new upstream release version 1.5.4
Update crowdsec to latest upstream release version 1.5.4
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space
Description: update to latest version of upstream
(cherry picked from commit
7528bf76821eb9234d4665752371c85496ca5b89)
Dengfeng Liu [Fri, 22 Sep 2023 02:00:21 +0000 (02:00 +0000)]
apfree-wifidog: Update to v6.08.1950
Fixed some memory leak bug
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
5b3e517be4a1d2674fc12ea81a60ba885423758a)
Dengfeng Liu [Fri, 22 Sep 2023 03:40:23 +0000 (03:40 +0000)]
xfrpc: update to version 2.9.644
Release notes:
https://github.com/liudf0716/xfrpc/releases/tag/2.9.644
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
(cherry picked from commit
6cd80e07273d7e7f291f15601f0cf77f88732351)
Josef Schlehofer [Tue, 19 Sep 2023 23:26:24 +0000 (01:26 +0200)]
git: update to version 2.34.8
Fixes CVE:
CVE-2023-25652
CVE-2023-25815
CVE-2023-29007
Release notes:
https://github.com/git/git/commit/
abcb63fb70a69956a892fa830f3866098797787c
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Hrusecky [Wed, 20 Sep 2023 11:22:18 +0000 (13:22 +0200)]
samba4: update to 4.18.6
Update to the version of samba4 from 23.05 as version 4.14 is no longer
supported by upstream since 2022-09-13:
https://wiki.samba.org/index.php/Samba_Release_Planning#General_information
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Josef Schlehofer [Tue, 19 Sep 2023 23:48:12 +0000 (01:48 +0200)]
czmq: drop libpcre dependency
It seems like the libpcre dependency was added by mistake.
While checking in the source code of czmq (Makefile.am, CMakeLists.txt),
I see there are several dependencies, but there isn't PCRE.
Fixes: 936a48a ("czmq: add new package")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
e3ab95185cb67e6d5753b2d7380bac74c4ef4acd)
Hirokazu MORIKAWA [Fri, 22 Sep 2023 01:36:43 +0000 (10:36 +0900)]
mg: switch pcre to pcre2
Switch pcre to pcre2
https://github.com/openwrt/packages/issues/22006
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit
3d11e5c197e250f0a32ca813ff07d480b59311d0)
Josef Schlehofer [Tue, 19 Sep 2023 21:59:29 +0000 (23:59 +0200)]
msmtp: update to version 1.8.24
Release notes:
https://github.com/marlam/msmtp-mirror/commit/ef62463e4d0dc1f8e7f1db4f8dd35650999c13f9X
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
29a9a6a4a7b797097992eb7ff2cfd84d11920b25)
Hauke Mehrtens [Sun, 18 Dec 2022 19:18:28 +0000 (20:18 +0100)]
postfix: Fix compile against glibc 2.36
This backports a change from postfix 3.8, I do not know exactly why it
detects Linux 6 here, but this is needed to fix compilation with glibc
2.36.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
33786efe661f8aef720914926c6f5ad2f0ba8187)
Jitao Lu [Sun, 11 Jun 2023 13:01:18 +0000 (21:01 +0800)]
glib2: disable gnulib printf
A compiler bug (suspiciously) blocks gnulib compilation for
mipsel_24kc_24kf. While we had this patch to disable gnulib, it was
accidentally removed by
5d27631d9fbca076eb6377fc8c10f474ce9f4fea. Add it
back to fix the long broken build for mipsel_24kc_24kf.
Fixes: #19511
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit
68f23a9c333671e9ea69e014824943e2e00aaa41)
Florian Eckert [Thu, 11 May 2023 09:43:20 +0000 (11:43 +0200)]
glib2: fix host build offline download
If buildsystem does not have a internet connection, then the build
fails. This is because of the fact, that glib2 is downloading and building
the missing dependencies during host compilation.
This cannot be allowed to happen. The package must also be built without
an internet connection.
Adding the missing host build dependency and removing the 'forcefallback'
fixes this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
c664b83535c24df35d6a1ec46440b4fb04d270ec)
Matthias Schiffer [Wed, 20 Sep 2023 19:01:01 +0000 (21:01 +0200)]
fastd: update repository URL
I've changed my username to neocturne.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
ac897e05dd6a30be498897494843962db4633436)
Matthias Schiffer [Wed, 20 Sep 2023 19:00:32 +0000 (21:00 +0200)]
libuecc: update repository URL
I've changed my username to neocturne.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
1df594bc01b0c7be34cd6eb477ebd1621959d15d)
Josef Schlehofer [Tue, 19 Sep 2023 23:01:48 +0000 (01:01 +0200)]
bind: update to version 9.18.18
Release notes:
https://downloads.isc.org/isc/bind9/9.18.18/doc/arm/html/notes.html#notes-for-bind-9-18-18
https://downloads.isc.org/isc/bind9/9.18.17/doc/arm/html/notes.html#notes-for-bind-9-18-17
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
6a8d3565f0a99fe22cac6db9a8bbf553b7dff5a5)
Tianling Shen [Tue, 19 Sep 2023 01:58:18 +0000 (09:58 +0800)]
rclone: Update to 1.64.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
1b75de7e5ca20280ba9e0b4672506abd1a7e2823)
Andrew Sim [Sat, 1 Oct 2022 10:09:32 +0000 (12:09 +0200)]
samba4: update to 4.14.14
* update to 4.14.14
* fixes: CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-32742
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
(cherry picked from commit
5cf95dbf051e1072833e9a3d770c51feaa140985)
Andy Walsh [Tue, 21 Jun 2022 11:19:30 +0000 (13:19 +0200)]
samba4: drop maintainership
drop maintainership:
* samba4
* ksmbd-tools
* perl-parse-yapp
* libtirpc
* softethervpn5
* wsdd2
* rpcsvc-proto
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(cherry picked from commit
cd49a8fb277f58d013b4bfc229aef6db18252146)
Sergey V. Lobanov [Tue, 15 Feb 2022 23:48:08 +0000 (02:48 +0300)]
samba4: fix build on macos
This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit
510d44d988282abef81011b7281591b1bca88c90)
Sergey Ponomarev [Tue, 6 Dec 2022 23:20:02 +0000 (01:20 +0200)]
emailrelay: update to v2.4.1
The patch seems not needed anymore.
Also remove deprecated PKG_RELEASE:=$(AUTORELEASE)
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit
735cba83ce3851e0a6fdf279a51683ed9bd00481)
Eneas U de Queiroz [Mon, 12 Jun 2023 11:31:25 +0000 (08:31 -0300)]
alpine: disable parallel build
Parallel build does not work because it may reach a point where OSTYPE
might be needed before it is actually built. They appear to run
parallel to each other:
echo slx > OSTYPE
[...]
cat: OSTYPE: No such file or directory
sh: line 1: test: too many arguments
cat: OSTYPE: No such file or directory
Already built for -- you must do "make clean" first
make[6]: *** [Makefile:706: rebuild] Error 1
make[6]: *** Waiting for unfinished jobs....
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
0e652e244928afd3ac9490589542de0263b89e44)
Rosen Penev [Sat, 14 Jan 2023 01:08:21 +0000 (17:08 -0800)]
alpine: fix old URL
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
40c685e616f5a83202da1c6e91744bd9c3e39e76)
Tianling Shen [Fri, 19 May 2023 13:14:13 +0000 (21:14 +0800)]
ipfs-http-client: remove package
This package lacks proper maintenance in both upstream and here.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
72c8977b3b4b3b8c905bd53db7557cf6bc8963db)
Alexandru Ardelean [Mon, 4 Sep 2023 07:04:09 +0000 (10:04 +0300)]
sudo: bump to verison 1.9.14p3
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
a1edb560836c4710b6f536b34df042ee4549fdf2)
Alexandru Ardelean [Sat, 15 Jul 2023 21:02:40 +0000 (00:02 +0300)]
sudo: bump to verison 1.9.14p1
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
7953466d7f78ba4ff28a9a4b705f09e46585e2eb)
Alexandru Ardelean [Thu, 23 Mar 2023 06:39:50 +0000 (08:39 +0200)]
sudo: bump to verison 1.9.13p3
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
2d9e475444a12240013c68dcfbf89776bdab5c4f)
Alexandru Ardelean [Sat, 4 Feb 2023 16:47:00 +0000 (18:47 +0200)]
sudo: bump to version 1.9.12p2
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit
18ce78753061e44b18e49513f352c25c5578f056)
Alexandru Ardelean [Mon, 7 Nov 2022 07:19:03 +0000 (09:19 +0200)]
sudo: bump to verison 1.9.12p1
Fixes: https://github.com/openwrt/packages/issues/19816
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
8e2091c6adc9b0dd78369f76e224867a40757ef1)
Alexandru Ardelean [Sun, 30 Oct 2022 18:52:57 +0000 (20:52 +0200)]
sudo: bump to version 1.9.12
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
b40372da41303711bcc6c5b7640f7a3c00c47d54)
Rosen Penev [Sat, 9 Jul 2022 05:17:03 +0000 (22:17 -0700)]
sudo: don't build with MIPS16
GCC12 doesn't implement some security flags used by sudo.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
97e986e5eda7de83e0c725586ef00f575d76b8be)
Alexandru Ardelean [Thu, 30 Jun 2022 12:21:44 +0000 (15:21 +0300)]
sudo: bump to verison 1.9.11p3
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit
b083d9b82bb89e3f27d3783dddd906f3fabeb693)
Jan Hák [Tue, 19 Sep 2023 08:51:30 +0000 (10:51 +0200)]
knot: update to version 3.3.1
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
2a6dc24882721b6c93623c8d55175de04c76852c)
Lucian Cristian [Thu, 31 Aug 2023 13:06:17 +0000 (13:06 +0000)]
libreswan: update to 4.12
fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
5a1b878010217c0404483099b52e3cd30319ced2)
Lucian Cristian [Tue, 16 May 2023 20:37:12 +0000 (20:37 +0000)]
libreswan: update to 4.11
Fixes https://libreswan.org/security/CVE-2023-30570
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(cherry picked from commit
a5c2eececb64037a96163c62d41135b893f36ba8)
Josef Schlehofer [Sat, 16 Sep 2023 10:36:17 +0000 (12:36 +0200)]
ffmpeg: update to version 5.1.3
Fixes CVEs:
CVE-2022-3964 [1]
CVE-2022-3965 [2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-3964
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-3965
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
87b2a2bb57c42b3c91393a387cd02367e59910f5)
Stan Grishin [Sun, 17 Sep 2023 01:59:27 +0000 (18:59 -0700)]
Merge pull request #22123 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: improve boot up startup
Stan Grishin [Sat, 16 Sep 2023 23:44:31 +0000 (23:44 +0000)]
https-dns-proxy: improve boot up startup
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
22d21e28a79a5246e4f6068cbc0be59e5226c486)
Stan Grishin [Sat, 16 Sep 2023 23:43:18 +0000 (16:43 -0700)]
Merge pull request #22116 from stangri/openwrt-22.03-curl
[22.03] curl: update to version 8.3.0
Josef Schlehofer [Tue, 17 Jan 2023 23:01:42 +0000 (00:01 +0100)]
unbound: update to version 1.17.1
- Refreshed one patch
- Removed deprecated AUTORELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
97e69ec89c8bdb1c6d092eb5e8491467a06a9963)
John Audia [Sun, 25 Sep 2022 12:04:14 +0000 (08:04 -0400)]
ffmpeg: update to 5.1.2
Bump to latest upstream version
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
6b71d2fbde0be2f2f332ac542be09e37b3cb3ca9)
John Audia [Wed, 7 Sep 2022 18:30:56 +0000 (14:30 -0400)]
ffmpeg: update to 5.1.1
Bump to latest upstream version
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
73e02994fbd8176b43fe8138fb876329538b611d)
Jeffery To [Thu, 24 Aug 2023 17:13:17 +0000 (01:13 +0800)]
python-sentry-sdk: Update to 1.29.2, update list of dependencies
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
f279ae9418fff4f83bd16b353ef008e548d82cd7)
Josef Schlehofer [Mon, 4 Sep 2023 09:00:32 +0000 (11:00 +0200)]
treewide: change my no longer used email
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
1e1b2051db47a82513f4eb4e9da892207785b7e2)
Josef Schlehofer [Fri, 15 Sep 2023 08:11:51 +0000 (10:11 +0200)]
curl: update to version 8.3.0
Release notes:
https://curl.se/changes.html#8_3_0
Fixes:
CVE-2023-38039 [1]
[1] https://curl.se/docs/CVE-2023-38039.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
07c0a5eab8fe073fabcba999e6176fec93bd696b)
Olivier Poitrey [Thu, 14 Sep 2023 11:56:52 +0000 (11:56 +0000)]
nextdns: Update to version 1.40.1
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Sibren Vasse [Mon, 31 Jul 2023 09:18:37 +0000 (11:18 +0200)]
openssh: update to 9.3p2
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
731f0d70a8392f1d3abf1877334cfe25c6a0786f)
Darren Tucker [Thu, 11 May 2023 06:33:31 +0000 (16:33 +1000)]
openssh: sftp no longer needs crypto or zlib.
OpenSSH 9.1p1 removed remaining dependencies and stopped linking sftp,
sftp-server and scp against libcrypto or libz. This change moves those
package dependencies from the default to those that still need them.
In particular, this will allow sftp-server to be installed for use with
Dropbear without needing to install zlib or openssl.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
(cherry picked from commit
74c4ad2c0c0e2d7c277cda212ffe7027582214e9)
Darren Tucker [Thu, 11 May 2023 06:31:44 +0000 (16:31 +1000)]
openssh: Use CDN first for source downloads.
Also point to https for website.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
(cherry picked from commit
1daddd582f7fec1058ecb2ecf0d66e6a2951f56c)
Glen Huang [Thu, 13 Apr 2023 09:55:02 +0000 (17:55 +0800)]
openssh: preserve authorized_keys
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.
Signed-off-by: Glen Huang <me@glenhuang.com>
(cherry picked from commit
e36a55c9ed293bd608d18918cdda8dceffad9d96)
Sibren Vasse [Fri, 17 Mar 2023 16:19:27 +0000 (17:19 +0100)]
openssh: update to 9.3p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
2c755759dfabf5414f38b12914677c871e744824)
Sibren Vasse [Fri, 3 Feb 2023 13:42:23 +0000 (14:42 +0100)]
openssh: actually build openssh-server-pam with pam support
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
d41e918a36026ef9319084930fa411e81f93ac26)
Sibren Vasse [Thu, 2 Feb 2023 20:52:14 +0000 (21:52 +0100)]
openssh: update to 9.2p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
5c43c1bade7a4cedfb0966e1f1bba2f1bf9c17e4)
Sibren Vasse [Mon, 5 Dec 2022 23:13:13 +0000 (00:13 +0100)]
openssh: update to 9.1p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
ba8cb7c16c45bed6404cac9c76b4959c540d7db6)
Sibren Vasse [Sat, 9 Apr 2022 10:01:44 +0000 (12:01 +0200)]
openssh: update to 9.0p1
Remove upstreamed patches.
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
(cherry picked from commit
08b45115d7aa6291de0bb0b885750fa63a3a6e2f)
Rosen Penev [Mon, 19 Sep 2022 02:49:21 +0000 (19:49 -0700)]
glib2: update to 2.74.0
Remove upstreamed patch and delete pointless one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
5d27631d9fbca076eb6377fc8c10f474ce9f4fea)
Rosen Penev [Fri, 15 Jul 2022 20:54:35 +0000 (13:54 -0700)]
glib2: remove libiconv/host build dependency
No longer present. The original reason for having it was an unfortunate
side effect of the way meson uses HOST_LDFLAGS. Since the transistion to
use dependency('iconv'), this is no longer relevant.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
568669dc46e982563eb77b898da7b7cbacd90d85)
Josef Schlehofer [Sun, 3 Sep 2023 08:26:21 +0000 (10:26 +0200)]
syslog-ng: update to version 4.3.1
Makefile changes:
- Since version 4.3.0, there is required to use pcre2 instead of pcre
Reference: https://github.com/syslog-ng/syslog-ng/pull/4537
- Disable c++ support by default to avoid picking libstdcpp dependency
Reference: https://github.com/syslog-ng/syslog-ng/pull/4484
Config changes:
- Bump version in config file
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
c43599b0c885bbb3b6aae2cac34aa8d526fb8274)
Tianling Shen [Mon, 11 Sep 2023 01:55:44 +0000 (09:55 +0800)]
Merge pull request #22084 from jefferyto/golang-1.19.13-openwrt-22.03
[openwrt-22.03] golang: Update to 1.19.13
Jeffery To [Sun, 10 Sep 2023 20:06:34 +0000 (04:06 +0800)]
golang: Update to 1.19.13
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jeffery To [Tue, 5 Sep 2023 04:02:08 +0000 (12:02 +0800)]
python3: Update to 3.10.13
Includes fix for CVE-2023-40217 (Bypass TLS handshake on closed
sockets).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Liangbin Lian [Sat, 2 Sep 2023 03:30:26 +0000 (11:30 +0800)]
transmission: add syscalls to seccomp filter
Add missing syscalls found using `/etc/init.d/transmission trace`.
fix crash on adding torrent on x86_64 platform
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Moritz Warning [Sun, 27 Aug 2023 21:00:10 +0000 (23:00 +0200)]
zerotier: update to 1.12.1
* split up "fix makefile" patch logical distinct parts
* add libatomic dependency needed for prometheus-cpp-lite-1.0
* refresh patch series
* improve warning message in init script
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit
6cf39ba626e35474b5b3c59754610f20c240d202)
Oskari Rauta [Sun, 12 Mar 2023 16:30:35 +0000 (18:30 +0200)]
zerotier: do not allow executable stack
zerotier as default has executable stack.
[ 11.343143] process '/usr/bin/zerotier-one' started with executable stack
executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.
Stack is executable on x86_64, but not on all archs, such as ramips.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit
56f30520f2413f9f1434def5b533a265912aea1c)
Moritz Warning [Mon, 13 Mar 2023 18:16:05 +0000 (19:16 +0100)]
zerotier: update to 1.10.4
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit
b5cde91594a858b823270e50fed27bb7985ddebe)
Jan Hoffmann [Sat, 19 Aug 2023 22:07:51 +0000 (00:07 +0200)]
vnstat2: update to version 2.11
This release breaks the noexit patch, because the code for removing old
now returns an error when no interfaces are configured. As it is run on
startup, the daemon exits in this case. To avoid this, add an additional
check so an error is only returned in an actual error case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit
98719797074637cecdff6a0cdb782a1e807a13e9)
Jan Hoffmann [Sat, 22 Oct 2022 20:33:45 +0000 (22:33 +0200)]
vnstat2: update to version 2.10
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit
4edbd1afe7df62a980c085bef48d0f2df8ec19c7)
Stan Grishin [Mon, 4 Sep 2023 01:03:07 +0000 (18:03 -0700)]
Merge pull request #22018 from stangri/openwrt-22.03-https-dns-proxy
[22.03] https-dns-proxy: fix dns resolution not working on boot
Stan Grishin [Sun, 3 Sep 2023 20:33:17 +0000 (20:33 +0000)]
https-dns-proxy: fix dns resolution not working on boot
* fix dns resolution not working on boot
* add hotplug-online script
* reorganizes files/ and Makefile to reflect files destinations
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit
9a2c5ae18c5a4bce20d1a8c572d1261b191701dc)
Leon M. Busch-George [Sun, 11 Jun 2023 18:39:06 +0000 (20:39 +0200)]
wget: use pcre2
Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit
379946951c22ea774e4e22b4379571da604ded4b)
Josef Schlehofer [Sat, 2 Sep 2023 15:23:37 +0000 (17:23 +0200)]
knot-resolver: update to version 5.7.0
Changelog:
https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html
https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
a5314681149259827c1eec074ae11fe6b7a80961)
Jan Hák [Tue, 29 Aug 2023 11:36:24 +0000 (13:36 +0200)]
knot: enable QUIC support
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
dea3e7acb6b4ef4b83defc2d40ad4dfeb10d1df4)
Jan Hák [Tue, 29 Aug 2023 09:24:07 +0000 (11:24 +0200)]
knot: update to version 3.3.0
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
e79e4415139fd1bc475200a8e408dce9a7f89dc2)
Jan Hák [Tue, 1 Aug 2023 11:27:00 +0000 (13:27 +0200)]
knot: update to version 3.2.9
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
f6aa1198eb14487d57bb5cb88fcc359376bfd3ed)
Jan Hák [Mon, 26 Jun 2023 11:07:06 +0000 (13:07 +0200)]
knot: update to version 3.2.8
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
9517ef080a88812b96ef55e55ddc83ada0a6a829)
Jan Hák [Wed, 7 Jun 2023 11:23:05 +0000 (13:23 +0200)]
knot: update to version 3.2.7
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
439694a0128739e493d5ff2d20a8cbd4d4ca253e)
Jan Hák [Wed, 12 Apr 2023 09:16:04 +0000 (11:16 +0200)]
knot: update to version 3.2.6
Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit
bb946a19cd3203e288f99db666e123c92f7e3d0d)
Tianling Shen [Tue, 7 Mar 2023 02:52:37 +0000 (10:52 +0800)]
tmate: fix build against msgpack-c 6.0
This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=
f923597f4bdea424dc28b1d026269df060596fac
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
928710813baba4f6f5130d936f0cab44c0033b90)
Tianling Shen [Tue, 7 Mar 2023 02:50:02 +0000 (10:50 +0800)]
msgpack-c: Update to 6.0.0
Removed 010-no-gtest.patch as upstream no longer detects it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
394cc366b3210924ed270c3745d37a7be3d1965b)
Tianling Shen [Tue, 7 Mar 2023 07:44:29 +0000 (15:44 +0800)]
tmate-ssh-server: fix build against msgpack-c 6.0
This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=
f923597f4bdea424dc28b1d026269df060596fac
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit
c49a1dad52f6556757dc93f787c84cac76629435)