Richard Yu [Wed, 21 Dec 2022 09:50:18 +0000 (17:50 +0800)]
natmap: add forward_port option
The bind port (-b) can be used with forward port (-p),
so expose this option in config file.
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
Sergey Ponomarev [Tue, 6 Dec 2022 23:20:02 +0000 (01:20 +0200)]
emailrelay: update to v2.4.1
The patch seems not needed anymore.
Also remove deprecated PKG_RELEASE:=$(AUTORELEASE)
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Mark Mentovai [Wed, 23 Nov 2022 14:14:38 +0000 (09:14 -0500)]
unbound: fix local_subnet for IPv6 addresses that contain a port
This prevents a forwarding server named like ::1@5453 from being added
to unbound.conf as a forward-host instead of the correct forward-addr.
forward-host requires the name to be resolved, which is impossible in
the absence of another nameserver. Thus, forwarding-only configurations
referencing only the IPv6 loopback address with a port number were
broken.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Daniel Golle [Tue, 20 Dec 2022 00:21:19 +0000 (00:21 +0000)]
perl-mail-spamassassin: update to version 4.0.0
Apache SpamAssassin -- Version 4.0.0
See https://lwn.net/Articles/918145/ for details
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 23:59:40 +0000 (23:59 +0000)]
postgresql: update to version 14.6
This release contains a variety of fixes from 14.5.
See https://www.postgresql.org/docs/release/14.6/ for details.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 21:39:38 +0000 (21:39 +0000)]
gawk: update to version 5.2.1
Changes from 5.2.0 to 5.2.1
---------------------------
1. Infrastructure upgrades: PMA version Avon 8.
2. Issues related to the sign of NaN and Inf values on RiscV have
been fixed; gawk now gives identical results on that platform as
it does on others.
3. A few issues with the debugger have been fixed.
4. More subtle issues with untyped array elements being passed to
functions have been fixed.
5. The rwarray extension's readall() function has had some bugs fixed.
6. The PMA allocator is now supported on FreeBSD, OpenBSD and Linux on S/390x.
Is is now supported also on both Intel and M1 macOS systems.
7. There have been several minor code cleanups and bug fixes. See the
ChangeLog for details.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 19:37:03 +0000 (19:37 +0000)]
cni-plugins: update to version 1.1.1
For details see https://github.com/containernetworking/plugins/releases
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 19:35:01 +0000 (19:35 +0000)]
cni: update to version 1.1.2
For details see https://github.com/containernetworking/cni/releases
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 19:14:52 +0000 (19:14 +0000)]
ccid: update to version 1.5.1
1.5.1 - 14 November 2022, Ludovic Rousseau
Add support of
Access IS ATR220 with idProduct: 0x0184
Alcor Link AK9567
Alcor Link AK9572
BLUTRONICS TAURUS NFC
CHERRY SmartTerminal ST-1144
CREATOR CRT-603(CZ1) CCR
Dexon Tecnologias Digitais LTDA DXToken
ESMART Reader ER433x ICC
ESMART Reader ER773x Dual & 1S
Flight system consulting Incredist
Ledger Nano S
Ledger Nano S Plus
Ledger Nano SP
Ledger Nano X
SafeNet eToken Fusion
Sensyl SSC-NFC Reader
Adjust USB drivers path at run-time via environment variable PCSCLITE_HP_DROPDIR
configure.ac: add --enable-strict option
Fix a problem with AUTO PPS readers and ATR convention inverse cards
examples/scardcontrol:
- add support of 6A xx error codes
- check WinSCard error early
- parse wLcdLayout & bEntryValidationCondition
macOS: log non sensitive strings as "%{public}s"
Some other minor improvements
What's Changed
Fix debug logging of lang in ccid.c in LudovicRousseau/CCID#96
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 20:50:47 +0000 (20:50 +0000)]
cryptsetup: update to version 2.6.0
Update to new major release of cryptsetup. For details, please see
the release notes[1].
[1]: https://cdn.kernel.org/pub/linux/utils/cryptsetup/v2.6/v2.6.0-ReleaseNotes
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 20:34:03 +0000 (20:34 +0000)]
lvm2: update LVM2 to 2.03.17 and DM to 1.02.187
Version 2.03.17 - 10th November 2022
====================================
Add new options (--fs, --fsmode) for FS handling when resizing LVs.
Fix 'lvremove -S|--select LV' to not also remove its historical LV right away.
Fix lv_active field type to binary so --select and --binary applies properly.
Switch to use mallinfo2 and use it only with glibc.
Error out in lvm shell if using a cmd argument not supported in the shell.
Fix lvm shell's lastlog command to report previous pre-command failures.
Extend VDO and VDOPOOL without flushing and locking fs.
Add --valuesonly option to lvmconfig to print only values without keys.
Updates configure with recent autoconf tooling.
Fix lvconvert --test --type vdo-pool execution.
Add json_std output format for more JSON standard compliant version of output.
Fix vdo_slab_size_mb value for converted VDO volume.
Fix many corner cases in device_id, including handling of S/N duplicates.
Fix various issues in lvmdbusd.
libdm changes:
Version 1.02.187 - 10th November 2022
=====================================
Add DM_REPORT_GROUP_JSON_STD for more JSON standard compliant output format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 22:32:54 +0000 (22:32 +0000)]
libowfat: update to version 0.33
Remove no longer needed downstream patches.
Changes since 0.32:
add byte_start, byte_starts
add a man page for byte_equal_notimingattack
buffer_seek is no longer limited to the current buffer contents
add automated way to run unit test: make check
add parse.h
add bytestream abstraction for parsing data from a buffer or a file
add compiler.h to abstract gcc attributes
add fmt_strm_malloc
add cross references to open_* and mmap_* man pages
add fmt_strm_alloca and fmt_strm_malloc man pages
add buffer_init_allocbuf, buffer_init_read, buffer_init_write,
buffer_init_read_allocbuf, buffer_init_write_allocbuf
fix buffer overread for len=0 in scan_longn (Martin Castillo)
add iob_write2 with sendfile callback so caller can use OpenSSL's
SSL_sendfile
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Mon, 19 Dec 2022 21:06:35 +0000 (21:06 +0000)]
exfatprogs: update to version 1.2.0
CHANGES:
* fsck.exfat: Keep traveling files even if there is a corrupted
directory entry set.
* fsck.exfat: Introduce the option "b" to recover a boot sector even
if an exFAT filesystem is not found.
* fsck.exfat: Introduce the option "s" to create files in
"/LOST+FOUND", which have clusters allocated but was not belonged
to any files.
* fsck.exfat: Rename '.' and '..' entry name to the one user want.
NEW FEATURES:
* fsck.exfat: Repair corruptions of an exFAT filesystem.
Please refer to fsck.exfat manpage to see what kind of corruptions
can be repaired.
* exfat2img: Dump metadata of an exFAT filesystem. Please refer to
exfat2img manpage to see how to use it.
BUG FIXES:
* fsck.exfat: Fix an infinite loop while traveling files.
* tune.exfat: Fix bitmap entry corruption when adding new volume
lablel.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Stan Grishin [Mon, 19 Dec 2022 21:10:02 +0000 (14:10 -0700)]
Merge pull request #20108 from stangri/master-pbr
pbr: update to 1.0.1-1
Stan Grishin [Mon, 19 Dec 2022 02:52:29 +0000 (02:52 +0000)]
pbr: update to 1.0.1-1
* add more error/warning messages
* better return statements from ips/nftset functions
* better error/warning handling when inserting policies
* comment out unnecessary nft set/ipst clean ups
* shellchecked status functions
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Toke Høiland-Jørgensen [Mon, 19 Dec 2022 14:27:42 +0000 (15:27 +0100)]
Merge pull request #20099 from tohojo/fix-flent-pkg
flent: fixup flent package
Florian Eckert [Mon, 19 Dec 2022 08:10:14 +0000 (09:10 +0100)]
Merge pull request #20103 from graysky2/libdaq3
libdaq3: update to 3.0.10
Florian Eckert [Mon, 19 Dec 2022 07:13:08 +0000 (08:13 +0100)]
mwan3: make mwan3.user executable
This is a fix for the the following change:
https://github.com/openwrt/packages/commit/
3d824ea288d907a31729c3629e884ea122c30da0
Before the change, it was only possible to execute a shell script. To
remove this restriction, a binary or other script language can now also
be used for 'mwan3.user'. Unfortunately, the old shell script was not
executable for older mwan3 version. During a sysupgrade with config transfer,
this 'mwan3.user' script could not be executed for newer mwan3 versions.
To fix this, the calling script checks whether the 'mwan3.user' is executable,
and if not, this executable bit is now set.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Rui Salvaterra [Thu, 8 Dec 2022 18:40:05 +0000 (18:40 +0000)]
tor: bump to 0.4.7.12 stable
Quoting the changelog:
Changes in version 0.4.7.12 - 2022-12-06
This version contains a major change that is a new key for moria1. Also, new
metrics are exported on the MetricsPort for the congestion control
subsystem.
o Directory authority changes (moria1):
- Rotate the relay identity key and v3 identity key for moria1. They
have been online for more than a decade and refreshing keys
periodically is good practice. Advertise new ports too, to avoid
confusion. Closes ticket 40722.
o Minor feature (Congestion control metrics):
- Add additional metricsport relay metrics for congestion control.
Closes ticket 40724.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on December 06, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/12/06.
o Minor bugfixes (cpuworker, relay):
- Fix an off by one overload calculation on the number of CPUs being
used by our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Rui Salvaterra [Wed, 23 Nov 2022 19:10:06 +0000 (19:10 +0000)]
tor: bump to 0.4.7.11 stable
Quoting the changelog:
Changes in version 0.4.7.11 - 2022-11-10
This version contains several major fixes aimed at helping defend against
network denial of service. It is also extending drastically the MetricsPort
for relays to help us gather more internal data to investigate performance
and attacks.
We strongly recommend to upgrade to this version especially for Exit relays
in order to help the network defend against this ongoing DDoS.
o Directory authority changes (dizum, Faravahar):
- Change dizum IP address. Closes ticket 40687.
- Remove Faravahar until its operator, Sina, set it back up online
outside of Team Cymru network. Closes ticket 40688.
o Major bugfixes (geoip data):
- IPFire informed us on August 12th that databases generated after
(including) August 10th did not have proper ARIN network
allocations. We are updating the database to use the one generated
on August 9th, 2022. Fixes bug 40658; bugfix on 0.4.5.13.
o Major bugfixes (onion service):
- Set a much higher circuit build timeout for opened client rendezvous
circuit. Before this, tor would time them out very quickly leading to
unnecessary retries meaning more load on the network. Fixes bug 40694;
bugfix on 0.3.5.1-alpha.
o Major bugfixes (OSX):
- Fix coarse-time computation on Apple platforms (like Mac M1) where
the Mach absolute time ticks do not correspond directly to
nanoseconds. Previously, we computed our shift value wrong, which
led us to give incorrect timing results. Fixes bug 40684; bugfix
on 0.3.3.1-alpha.
o Major bugfixes (relay):
- Improve security of our DNS cache by randomly clipping the TTL
value. TROVE-2021-009. Fixes bug 40674; bugfix on 0.3.5.1-alpha.
o Minor feature (Mac and iOS build):
- Change how combine_libs works on Darwin like platforms to make
sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED`
symbols on the archive before we repack and run ${RANLIB} on the
archive. This fixes a build issue with recent Xcode versions on
Mac Silicon and iOS. Closes ticket 40683.
o Minor feature (metrics):
- Add various congestion control counters to the MetricsPort. Closes
ticket 40708.
o Minor feature (performance):
- Bump the maximum amount of CPU that can be used from 16 to 128. Note
that NumCPUs torrc option overrides this hardcoded maximum. Fixes bug
40703; bugfix on 0.3.5.1-alpha.
o Minor feature (relay):
- Make an hardcoded value for the maximum of per CPU tasks into a
consensus parameter.
- Two new consensus parameters are added to control the wait time in
queue of the onionskins. One of them is the torrc
MaxOnionQueueDelay options which supersedes the consensus
parameter. Closes ticket 40704.
o Minor feature (relay, DoS):
- Apply circuit creation anti-DoS defenses if the outbound circuit
max cell queue size is reached too many times. This introduces two
new consensus parameters to control the queue size limit and
number of times allowed to go over that limit. Closes ticket 40680.
o Minor feature (relay, metrics):
- Add DoS defenses counter to MetricsPort.
- Add congestion control RTT reset counter to MetricsPort.
- Add counters to the MetricsPort how many connections, per type,
are currently opened and how many were created.
- Add relay flags from the consensus to the MetricsPort.
- Add total number of opened circuits to MetricsPort.
- Add total number of streams seen by an Exit to the MetricsPort.
- Add traffic stats as in number of read/written bytes in total.
- Related to ticket 40194.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on November 10, 2022.
o Minor features (geoip data):
- Update the geoip files to match the IPFire Location Database, as
retrieved on 2022/11/10.
o Minor bugfixes (authorities, sandbox):
- Allow to write file my-consensus-<flavor-name> to disk when
sandbox is activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha.
o Minor bugfixes (dirauth):
- Directory authorities stop voting a consensus "Measured" weight
for relays with the Authority flag. Now these relays will be
considered unmeasured, which should reserve their bandwidth for
their dir auth role and minimize distractions from other roles. In
place of the "Measured" weight, they now include a
"MeasuredButAuthority" weight (not used by anything) so the
bandwidth authority's opinion on this relay can be recorded for
posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth
torrc option which never worked right. Fixes bugs 40698 and 40700;
bugfix on 0.4.7.2-alpha.
o Minor bugfixes (onion service client):
- A collapsing onion service circuit should be seen as an
"unreachable" error so it can be retried. Fixes bug 40692; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (onion service):
- Make the service retry a rendezvous if the circuit is being
repurposed for measurements. Fixes bug 40696; bugfix
on 0.3.5.1-alpha.
o Minor bugfixes (relay overload statistics):
- Count total create cells vs dropped create cells properly, when
assessing if our fraction of dropped cells is too high. We only
count non-client circuits in the denominator, but we would include
client circuits in the numerator, leading to surprising log lines
claiming that we had dropped more than 100% of incoming create
cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha.
o Code simplification and refactoring (bridges):
- Remove unused code related to ExtPort connection ID. Fixes bug
40648; bugfix on 0.3.5.1-alpha.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Alexey Smirnov [Sun, 18 Dec 2022 10:55:08 +0000 (13:55 +0300)]
smcroute: update to 2.5.6
Signed-off-by: Alexey Smirnov <s.alexey@gmail.com>
Hauke Mehrtens [Sun, 18 Dec 2022 19:18:28 +0000 (20:18 +0100)]
postfix: Fix compile against glibc 2.36
This backports a change from postfix 3.8, I do not know exactly why it
detects Linux 6 here, but this is needed to fix compilation with glibc
2.36.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Carlos Miguel Ferreira [Sun, 18 Dec 2022 19:23:35 +0000 (19:23 +0000)]
boost: Reset Package Release version
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Carlos Miguel Ferreira [Sun, 18 Dec 2022 04:01:49 +0000 (04:01 +0000)]
boost: Updates package to version 1.81.0
This commit updates boost to version 1.81.0
A new library is available:
- URL [1]: A library for parsing, modifying, and printing URLs using
only C++11, from Vinnie Falco and Alan de Freitas. Features include
fast compilation, strong invariants, and strict compliance using a
memory-friendly approach.
More info about Boost 1.81.0 can be found at the usual place [2].
[1]: https://www.boost.org/doc/libs/1_81_0/libs/url/doc/html/index.html
[2]: https://www.boost.org/users/history/version_1_81_0.html
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Hauke Mehrtens [Sun, 18 Dec 2022 14:06:12 +0000 (15:06 +0100)]
dos2unix: Deactivate NLS support
By default the dos2unix build uses the msgfmt application which is
provided by the host tool gettext in OpenWrt. Instead of adding the
dependency to gettext deactivate NLS support.
This fixes the following build error:
-------------------------------------------
msgfmt -c po/da.po -o po/da.mo
make[4]: msgfmt: No such file or directory
make[4]: *** [Makefile:472: po/da.mo] Error 127
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Sun, 18 Dec 2022 13:59:28 +0000 (08:59 -0500)]
libdaq3: update to 3.0.10
Upstream bump
Signed-off-by: John Audia <therealgraysky@proton.me>
Michael Heimpold [Sun, 18 Dec 2022 08:13:02 +0000 (09:13 +0100)]
Merge pull request #20075 from mhei/php8-update-8.2.0
php8: update to 8.2.0
Toke Høiland-Jørgensen [Sat, 17 Dec 2022 21:17:26 +0000 (22:17 +0100)]
flent: Integrate flent-tools into the flent package
Now that we're packaging flent itself, there's no reason to have a
completely separate flent-tools package. So integrate the flent-tools
package specification into the main flent package so it's always kept in
sync.
Also add a dependency from flent itself on flent-tools, as the shell
versions of those utilities that Flent uses when running tests doesn't work
on the busybox shell included with openwrt.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Toke Høiland-Jørgensen [Sat, 17 Dec 2022 21:02:35 +0000 (22:02 +0100)]
flent: Rename and update package
Update the Flent package and move it to net/, renaming it to just 'flent'
instead of python3-flent (it's not a library, having the python3- prefix
makes no sense). Also add python3-defusedxml as a dependency to protect
against XML bombs if using the one of the backends that use XML-RPC, and
trim the dependencies to those used directly by Flent.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Oli Ze [Mon, 12 Dec 2022 06:53:36 +0000 (07:53 +0100)]
igmpproxy: update to version 0.4.0
Signed-off-by: Oli Ze <olze@trustserv.de>
Michal Vasilek [Thu, 15 Dec 2022 10:18:00 +0000 (11:18 +0100)]
apr-util: disable parallel build
Build reliably fails with -j20
crypto/apr_passwd.c:200:1: fatal error: error closing -: Broken pipe
200 | }
| ^
compilation terminated.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Stijn Tintel [Wed, 14 Dec 2022 18:23:57 +0000 (20:23 +0200)]
dosfstools: fix PKG_SOURCE
Both mirrors provided in the Makefile only serve gzipped tarballs.
Fixes: dcd7fcfa5b4e ("dosfstools: update to v4.0")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Javier Marcet [Fri, 16 Dec 2022 14:33:32 +0000 (15:33 +0100)]
docker-compose: Update to version 2.14.1
Signed-off-by: Javier Marcet <javier@marcet.info>
Alexandru Ardelean [Wed, 14 Dec 2022 07:30:28 +0000 (09:30 +0200)]
python3-pytz: bump to version 2022.6
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
YiZhen Choo [Thu, 15 Dec 2022 18:28:38 +0000 (02:28 +0800)]
AdGuardHome: update to v0.107.21
Signed-off-by: YiZhen Choo <yizhen.c02@gmail.com>
John Audia [Sat, 10 Dec 2022 12:53:31 +0000 (07:53 -0500)]
OpenAppID: add new package
Traditionally, Snort rules are based upon packet analysis. OpenAppID
enables detection of applications/cloud applications on the network.
This package provides OpenAppID and signature files used by OpenAppID to detect
network traffic from certain applications can be used to identify rogue
application use, detect malicious applications and implement various
application policies, such as application blacklisting, limiting application
usage, and enforcing conditional controls.
To use, for example, edit /etc/snort/local.lua and add the following section
at a minimum:
appid = {
app_detector_dir = '/usr/lib/openappid',
log_stats = true,
app_stats_period = 60,
}
Signed-off-by: John Audia <therealgraysky@proton.me>
Hannu Nyman [Thu, 15 Dec 2022 15:54:26 +0000 (17:54 +0200)]
nano: update to 7.1
Update nano editor to version 7.1
* drop the backported upstream fix for 7.0
* drop AUTORELEASE
* disable justify from 'plus'. Rarely needed with OpenWrt
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Michael Heimpold [Thu, 15 Dec 2022 07:25:29 +0000 (08:25 +0100)]
php8-pecl-redis: bump package release
We need to bump the package release number to force a rebuild
against new PHP ABI version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Thu, 15 Dec 2022 07:25:09 +0000 (08:25 +0100)]
php8-pecl-raphf: bump package release
We need to bump the package release number to force a rebuild
against new PHP ABI version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Thu, 15 Dec 2022 07:24:19 +0000 (08:24 +0100)]
php8-pecl-krb5: bump package release
We need to bump the package release number to force a rebuild
against new PHP ABI version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Thu, 15 Dec 2022 07:23:28 +0000 (08:23 +0100)]
php8-pecl-imagick: bump package release
We need to bump the package release number to force a rebuild
against new PHP ABI version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Thu, 15 Dec 2022 07:22:33 +0000 (08:22 +0100)]
php8-pecl-http: bump package release
We need to bump the package release number to force a rebuild
against new PHP ABI version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Mon, 12 Dec 2022 20:12:28 +0000 (21:12 +0100)]
php8-pecl-dio: bump package release
We need to bump the package release number to force a rebuild
against new PHP ABI version.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Thu, 15 Dec 2022 07:24:41 +0000 (08:24 +0100)]
php8-pecl-mcrypt: update to 1.0.5
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Peter van Dijk [Mon, 12 Dec 2022 13:15:55 +0000 (14:15 +0100)]
pdns-recursor: update to 4.8.0
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Tianling Shen [Wed, 14 Dec 2022 20:24:29 +0000 (04:24 +0800)]
Merge pull request #20083 from paper42/miniflux-2.0.41
miniflux: update to 2.0.41
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 15:45:29 +0000 (16:45 +0100)]
Merge pull request #20088 from tohojo/acme-paths
acme: Export the canonical paths for certificates and challenges
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:21:59 +0000 (15:21 +0100)]
acme-acmesh: Provide a 'combined' certificate bundle as well
The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.
Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:14:59 +0000 (15:14 +0100)]
acme-acmesh: Don't hard-code certificate directory
The acme-acmesh package hardcoded the certificate path in its hook script.
Now that we export it as a variable we can avoid hard-coding and use the
variable version instead. Also factor out the linking of certificates into
a function so it's not repeated.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:11:58 +0000 (15:11 +0100)]
acme-common: Export canonical paths for storing certificates and challenges
The contract between the acme-common framework and consumers and hook
scripts is that certificates can be consumed from /etc/ssl/acme and that
web challenges are stored in /var/run/acme/challenge. Make this explicit by
exporting $CERT_DIR and $CHALLENGE_DIR as environment variables as well,
instead of having knowledge of those paths depend on out-of-band
information. We already exported $challenge_dir, but let's change it to
upper-case to make it clear that it's not a user configuration variable.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Doug Thomson [Sun, 11 Dec 2022 00:22:09 +0000 (11:22 +1100)]
perl: enable threading support for aarch64 by default
Perl threads seem to be supported and working for aarch64, and
including aarch64 here would allow packages like freeswitch-mod-perl
to become available from the standard OpwnWrt package repository for
popular routers such as the Linksys E8450 and Belkin RT3200.
Signed-off-by: Doug Thomson <dwt62f+github@gmail.com>
Tianling Shen [Wed, 14 Dec 2022 14:07:22 +0000 (22:07 +0800)]
Merge pull request #20082 from paper42/yt-dlp-2022.11.11
yt-dlp: update to 2022.11.11
源 文雨 [Wed, 14 Dec 2022 03:48:25 +0000 (03:48 +0000)]
base16384: add new package
Encode binary files to printable utf16be.
See more at https://github.com/fumiama/base16384.
Signed-off-by: 源 文雨 <fumiama@foxmail.com>
Toke Høiland-Jørgensen [Wed, 14 Dec 2022 14:00:48 +0000 (15:00 +0100)]
Merge pull request #20059 from hgl/acme
acme: deprecate state_dir
Alexandru Ardelean [Wed, 14 Dec 2022 13:47:20 +0000 (15:47 +0200)]
Merge pull request #20067 from dynasticorpheus/master
python-pycares: bump to 4.3.0
Glen Huang [Wed, 14 Dec 2022 13:16:57 +0000 (21:16 +0800)]
acme-acmesh: use $challenge_dir
Signed-off-by: Glen Huang <i@glenhuang.com>
Glen Huang [Sun, 11 Dec 2022 05:25:00 +0000 (13:25 +0800)]
acme: deprecate state_dir
state_dir is actually a hardcoded value in conffiles. Allowing users to
customize it could result in losing certificates after upgrading if they
don't also specify the dir as being preserved. We shouldn't default to
this dangerous behavior.
With the new ACME package, certificates live in the standard location
/etc/ssl/acme, users who need to do certificate customizations should
look for them in that dir instead.
Signed-off-by: Glen Huang <i@glenhuang.com>
Hannu Nyman [Tue, 13 Dec 2022 15:16:02 +0000 (17:16 +0200)]
Merge pull request #20016 from commodo/stress-ng-update
stress-ng: bump to version 0.15.00
Fabian Lipken [Tue, 13 Dec 2022 10:08:12 +0000 (11:08 +0100)]
python-pycares: PKG_RELEASE:=1
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Michal Vasilek [Tue, 13 Dec 2022 09:00:53 +0000 (10:00 +0100)]
miniflux: update to 2.0.41
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Michal Vasilek [Tue, 13 Dec 2022 08:57:36 +0000 (09:57 +0100)]
yt-dlp: update to 2022.11.11
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Alexandru Ardelean [Sat, 3 Dec 2022 19:29:13 +0000 (21:29 +0200)]
stress-ng: bump to version 0.15.00
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Stan Grishin [Tue, 13 Dec 2022 03:21:12 +0000 (20:21 -0700)]
Merge pull request #20062 from stangri/master-pbr
pbr: detect missing iptables
Sibren Vasse [Mon, 5 Dec 2022 23:13:13 +0000 (00:13 +0100)]
openssh: update to 9.1p1
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
Stan Grishin [Mon, 12 Dec 2022 22:11:10 +0000 (15:11 -0700)]
Merge pull request #20076 from stangri/master-simple-adblock
simple-adblock: bugfix: add dnsmasq.nftset to uci_load_validate
Stan Grishin [Mon, 12 Dec 2022 21:43:00 +0000 (21:43 +0000)]
simple-adblock: bugfix: add dnsmasq.nftset to uci_load_validate
* fixes https://github.com/openwrt/openwrt/issues/11481 thanks to:
* https://github.com/mistepien for reporting
* https://github.com/dave14305 for diagnosing
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Michael Heimpold [Mon, 12 Dec 2022 20:11:11 +0000 (21:11 +0100)]
php8-pecl-xdebug: update to 3.2.0
This update brings support for PHP 8.2.0.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Michael Heimpold [Mon, 12 Dec 2022 20:10:23 +0000 (21:10 +0100)]
php8: update to 8.2.0
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Tianling Shen [Mon, 12 Dec 2022 19:59:46 +0000 (03:59 +0800)]
Merge pull request #19982 from golddranks/master
ddns-scripts: update_gandi_net: improve logging & add timeout
Jan Hák [Mon, 12 Dec 2022 14:15:45 +0000 (15:15 +0100)]
knot: update to version 3.2.4
Signed-off-by: Jan Hák <jan.hak@nic.cz>
Van Waholtz [Mon, 12 Dec 2022 15:08:42 +0000 (23:08 +0800)]
syncthing: update to 1.22.2
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Fabian Lipken [Mon, 12 Dec 2022 13:38:15 +0000 (14:38 +0100)]
python-pycares: bump to 4.3.0
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
Josef Schlehofer [Mon, 12 Dec 2022 04:55:04 +0000 (05:55 +0100)]
Merge pull request #20064 from luizluca/ruby-3.1.3
ruby: update to 3.1.3
Luiz Angelo Daros de Luca [Mon, 12 Dec 2022 03:10:09 +0000 (00:10 -0300)]
ruby: update to 3.1.3
This release includes a security fix.
- CVE-2021-33621: HTTP response splitting in CGI
For more details:
- https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Stan Grishin [Mon, 12 Dec 2022 02:52:59 +0000 (02:52 +0000)]
pbr: detect missing iptables
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Peter van Dijk [Fri, 9 Dec 2022 10:27:52 +0000 (11:27 +0100)]
pdns: update to 4.7.3
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Hannu Nyman [Sun, 11 Dec 2022 14:10:15 +0000 (16:10 +0200)]
wget: apply upstream fix to avoid nettle linking in nossl
Replace my own patch with the upstream solution, which they issued
in response to my bug report.
(Two patches as they overlooked something on the first try.
Reference to https://savannah.gnu.org/bugs/index.php?63431 )
The nettle lib evaluation is now conditional to not having "--disable-ntlm".
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Stan Grishin [Sun, 11 Dec 2022 03:32:03 +0000 (20:32 -0700)]
Merge pull request #20052 from stangri/master-https-dns-proxy
https-dns-proxy: fix restart
Stan Grishin [Sat, 10 Dec 2022 05:32:20 +0000 (05:32 +0000)]
https-dns-proxy: fix restart
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Stan Grishin [Sat, 10 Dec 2022 05:02:49 +0000 (22:02 -0700)]
Merge pull request #20040 from stangri/master-https-dns-proxy
https-dns-proxy: add mdns service records
Stan Grishin [Sat, 10 Dec 2022 05:02:11 +0000 (22:02 -0700)]
Merge pull request #20050 from stangri/master-simple-adblock
simple-adblock: support new OISD dnsmasq config
Stan Grishin [Sat, 10 Dec 2022 01:52:58 +0000 (01:52 +0000)]
simple-adblock: support new OISD dnsmasq config
* OISD dnsmasq config files switched from using address= to server=
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Pyry Kontio [Mon, 28 Nov 2022 15:15:47 +0000 (00:15 +0900)]
ddns-scripts: update_gandi_net: improve logging & add timeout
- Improved logging
- Log the executed curl command to be able to rerun and test it manually
- Log the curl exit status
- Added 30 second timeout timeout for clear-cut detection of flaky connections.
Signed-off-by: Pyry Kontio <pyry.kontio@drasa.eu>
Florian Eckert [Fri, 9 Dec 2022 14:55:30 +0000 (15:55 +0100)]
Merge pull request #20018 from cbarrick/gcp_ddns
ddns-scripts: add support for Google Cloud DNS
Josef Schlehofer [Fri, 9 Dec 2022 10:53:40 +0000 (11:53 +0100)]
Merge pull request #20037 from
1715173329/g1194
golang: Update to 1.19.4
Vladimir Ulrich [Thu, 8 Dec 2022 14:28:30 +0000 (17:28 +0300)]
zoneinfo: updated to the latest release
Signed-off-by: Vladimir Ulrich <admin@evl.su>
Chris Barrick [Sun, 4 Dec 2022 04:00:51 +0000 (23:00 -0500)]
ddns-scripts: add support for Google Cloud DNS
The implementation uses a GCP service account. The user is expected to
create and secure a service account and generate a private key. The
"password" field can contain the key inline or be a file path pointing
to the key file on the router.
The GCP project name and Cloud DNS ManagedZone must also be provided.
These are taken as form-urlencoded key-value pairs in param_enc. The TTL
can optionally be supplied in param_opt.
Signed-off-by: Chris Barrick <chrisbarrick@google.com>
Carlo Alberto Ferraris [Wed, 2 Nov 2022 13:14:01 +0000 (22:14 +0900)]
tailscale: preserve tailscaled state file
Fixes #19774
Signed-off-by: Carlo Alberto Ferraris <cafxx@strayorange.com>
Kuan-Yi Li [Mon, 28 Nov 2022 18:34:28 +0000 (02:34 +0800)]
modemmanager: bump to 1.20.2
Drop deprecated AUTORELEASE.
Disable unused tests as its compilation is optional in 1.20.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Kuan-Yi Li [Mon, 28 Nov 2022 18:18:11 +0000 (02:18 +0800)]
libqmi: bump to 1.32.2
Drop deprecated AUTORELEASE.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Kuan-Yi Li [Mon, 28 Nov 2022 18:17:51 +0000 (02:17 +0800)]
libmbim: bump to 1.28.2
Drop deprecated AUTORELEASE.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Kuan-Yi Li [Mon, 28 Nov 2022 18:17:27 +0000 (02:17 +0800)]
libqrtr-glib: drop deprecated AUTORELEASE
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
Hirokazu MORIKAWA [Tue, 6 Dec 2022 06:05:07 +0000 (15:05 +0900)]
swig: bump to 4.1.1
update summary
* Add Javascript Node v12-v18 support, remove support prior to v6.
* Octave 6.0 to 6.4 support added.
* Add PHP 8 support.
* PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
* Perl 5.8.0 is now the oldest version SWIG supports.
* Python 3.3 is now the oldest Python 3 version SWIG supports.
* Python 3.9-3.11 support added.
* Various memory leak fixes in Python generated code.
* Scilab 5.5-6.1 support improved.
* Many improvements for each and every target language.
* Various preprocessor expression handling improvements.
* Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
* Make SWIG much more move semantics friendly.
* Add C++ std::unique_ptr support.
* Few minor C++ template handling improvements.
* Various C++ using declaration fixes.
* Few fixes for handling Doxygen comments.
* GitHub Actions is now used instead of Travis CI for continuous integration.
* Add building SWIG using CMake as a secondary build system.
* Update optional SWIG build dependency for regex support from PCRE to PCRE2.
* Couple of stability fixes.
* Stability fix in ccache-swig when calculating hashes of inputs.
* Some template handling improvements.
* R - minor fixes plus deprecation for rtypecheck typemaps being optional.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Alois Klink [Wed, 23 Nov 2022 18:37:01 +0000 (18:37 +0000)]
github-ci: error on any shell errors
Enable `errexit` and `nounset` [POSIX shell options][1]
in `.github/workflows/entrypoint.sh` so that the script fails
if any command within the script fails.
[1]: https://pubs.opengroup.org/onlinepubs/
9699919799//utilities/V3_chap02.html#set
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Fixes: https://github.com/openwrt/packages/issues/19953
Signed-off-by: Alois Klink <alois@aloisklink.com>
Alois Klink [Wed, 23 Nov 2022 23:32:14 +0000 (23:32 +0000)]
privoxy: fix preinst/postinst script indentation
Fix the indentation of the preinst/postinst scripts for the privoxy
package.
Because these scripts didn't start with `#!/bin/sh`
(they instead started with the TAB character), `/bin/sh` was not used
to start them.
On x86_64 and i386_pentium-mmx, this seems to be fine, but on
arm_cortex-a15_neon-vfpv4 and aarch64_cortex-a53, running these
scripts fails with a:
```
Installing privoxy (3.0.33-3) to root...
Collected errors:
* pkg_run_script: package "privoxy" preinst script returned status 1.
* preinst_configure: Aborting installation of privoxy.
* opkg_install_cmd: Cannot install package privoxy.
```
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Alois Klink <alois@aloisklink.com>
Alexandru Ardelean [Thu, 8 Dec 2022 09:27:05 +0000 (11:27 +0200)]
Merge pull request #20032 from peter-stadler/django
django: bump version 4.1.3
Peter Stadler [Fri, 2 Dec 2022 21:26:34 +0000 (22:26 +0100)]
django: bump version 4.1.3
fix CVE-2022-41323
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Stijn Tintel [Wed, 7 Dec 2022 22:02:18 +0000 (00:02 +0200)]
Merge pull request #19933 from stintel/vallumd
vallumd: updates
Stan Grishin [Wed, 7 Dec 2022 20:59:28 +0000 (20:59 +0000)]
https-dns-proxy: add mdns service records
* add mdns records for started instances
* Makefile: use $(PKG_VERSION) as a value for PKG_SOURCE_DATE instead of
hard-coding it
Signed-off-by: Stan Grishin <stangri@melmac.ca>
John Audia [Tue, 29 Nov 2022 10:50:45 +0000 (05:50 -0500)]
snort3: unified configs: local.lua and homenet.lua
This commit adds /etc/snort/local.lua and /etc/snort/homenet.lua for user
defined config options which is more simplistic than modifying upstream
files directly. That can be tedious and decisive to maintain in sync with
upstream changes. The init script has been adjusted accordingly.
Acknowledgment to amish who maintains the Arch Linux snort-nfqueue package[1]
for these ideas and initial code.
Another modification is dropping the following args in the call to
/usr/bin/snort by the init system as these options are provided in
/etc/snort/local.lua:
* --daq-dir /usr/lib/daq/
* -A "$alert_module"
Instructions to configure snort3:
1. Edit /etc/snort/homenet.lua and redefine HOME_NET and EXTERNAL_NET, for example:
HOME_NET = [[ 10.9.8.0/24 192.168.1.0/24 ]]
EXTERNAL_NET = "!$HOME_NET"
2. Edit /etc/snort/local.lua to setup options unique to your use case of snort.
The default ones I included should be sane for the role of IDS (alert only),
but users may easily uncomment some options therein to use IPS (drop) mode.
3. Install or symlink rules to /etc/snort/rules/snort.rules and optionally
edit /etc/snort/local.lua to define extra rules files if not using a unified
'snort.rules'
References:
1. https://aur.archlinux.org/packages/snort-nfqueue
Signed-off-by: John Audia <therealgraysky@proton.me>