From 633950a384985b4612ca3fb453d25352fa76e181 Mon Sep 17 00:00:00 2001 From: John Audia Date: Tue, 12 Sep 2023 14:59:10 -0400 Subject: [PATCH 1/7] snort3: update to 3.1.70.0 Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne ,,_ -*> Snort++ <*- o" )~ Version 3.1.70.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.12 Using LuaJIT version 2.1.0-beta3 Using OpenSSL 3.0.10 1 Aug 2023 Using libpcap version 1.10.4 (with TPACKET_V3) Using PCRE version 8.45 2021-06-15 Using ZLIB version 1.2.13 Using Hyperscan version 5.4.2 2023-09-07 Signed-off-by: John Audia --- net/snort3/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/snort3/Makefile b/net/snort3/Makefile index 59492862c..691d08be8 100644 --- a/net/snort3/Makefile +++ b/net/snort3/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=snort3 -PKG_VERSION:=3.1.69.0 +PKG_VERSION:=3.1.70.0 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/ -PKG_HASH:=97083cd33a6ba33bdaa133bf19138a3f6a24ce93b2a9e285dcbd89858534cb72 +PKG_HASH:=4917f2631d033383ca553002f5688b61df507f5c809b9ba62abceca45a7554ad PKG_MAINTAINER:=W. Michael Petullo PKG_LICENSE:=GPL-2.0-only From ccde8d18a1a7abda2f0e69de02fd9268c1157c32 Mon Sep 17 00:00:00 2001 From: Tyler Young Date: Thu, 14 Sep 2023 11:14:43 -0400 Subject: [PATCH 2/7] tailscale: set nftables as default This changes the default firewall method used by Tailscale to nftables. The 'autodetection' mode is only supported by arm64 and amd64 for now[1]. This causes mips devices to not do proper detection and incorrectly default back to iptables. I added a fw_mode variable to the tailscale.conf file that could be set to iptables for easy conversion for someone still using iptables. I was able to test on an older mips device and my current aarch64 without issues. Also a few readme updates to bring it up to the current status. 1. https://github.com/tailscale/tailscale/blob/dc7aa98b768bf82017aa5cc82a62dd4d685f811d/util/linuxfw/linuxfw_unsupported.go#L4C58-L4C58 Signed-off-by: Tyler Young --- net/tailscale/README.md | 9 +++------ net/tailscale/files/tailscale.conf | 2 ++ net/tailscale/files/tailscale.init | 6 ++++-- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/net/tailscale/README.md b/net/tailscale/README.md index eaffa57d7..7bad0a3c3 100644 --- a/net/tailscale/README.md +++ b/net/tailscale/README.md @@ -8,6 +8,8 @@ To install them run ``` opkg install tailscale tailscaled ``` +> [!NOTE] +> By default this package will use nftables. If you wish to use iptables, the config file `/etc/config/tailscale` can be modfied, changing the line `fw_mode 'nftables'` to `fw_mode 'iptables'`. You can then run `/etc/init.d/tailscale restart` to restart tailscale using your chosen method ## First setup @@ -25,9 +27,4 @@ Run command and finish device registration with the given URL. tailscale up ``` -If you are running with nftables, it is not supported by tailscale, -so disable it and configure firewall by yourself and add argument ---netfilter-mode off -to tailscale up command to disable iptables use. - -After that, you should see your router in tailscale admin page. +See the [OpenWrt wiki](https://openwrt.org/docs/guide-user/services/vpn/tailscale/start) for more detailed setup instructions diff --git a/net/tailscale/files/tailscale.conf b/net/tailscale/files/tailscale.conf index 194d8df4f..0261582ac 100644 --- a/net/tailscale/files/tailscale.conf +++ b/net/tailscale/files/tailscale.conf @@ -3,3 +3,5 @@ config settings 'settings' option log_stdout '1' option port '41641' option state_file '/etc/tailscale/tailscaled.state' + # default to using nftables - change below to 'iptables' if still using iptables + option fw_mode 'nftables' \ No newline at end of file diff --git a/net/tailscale/files/tailscale.init b/net/tailscale/files/tailscale.init index 7d5f52134..5100c7cee 100644 --- a/net/tailscale/files/tailscale.init +++ b/net/tailscale/files/tailscale.init @@ -17,14 +17,16 @@ start_service() { config_get_bool std_err "settings" log_stderr 1 config_get port "settings" port 41641 config_get state_file "settings" state_file /etc/tailscale/tailscaled.state + config_get fw_mode "settings" fw_mode nftables /usr/sbin/tailscaled --cleanup procd_open_instance procd_set_param command /usr/sbin/tailscaled - # starting with v1.48.1 ENV variable is required to enable autodetection of iptables / nftables - procd_set_param env TS_DEBUG_FIREWALL_MODE=auto + # Starting with v1.48.1 ENV variable is required to enable use of iptables / nftables. + # Use nftables by default - can be changed to 'iptables' in tailscale config + procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode" # Set the port to listen on for incoming VPN packets. # Remote nodes will automatically be informed about the new port number, From b76a0d6aa63a9cdb6e6409538aafe11ac67dd22c Mon Sep 17 00:00:00 2001 From: Leo Douglas Date: Thu, 14 Sep 2023 10:15:03 +0800 Subject: [PATCH 3/7] sing-box: update to 1.4.3 see changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.4.3 Signed-off-by: Leo Douglas --- net/sing-box/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/sing-box/Makefile b/net/sing-box/Makefile index 47fe20a5e..dd3b3b026 100644 --- a/net/sing-box/Makefile +++ b/net/sing-box/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.4.0 +PKG_VERSION:=1.4.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=ab6698545442e9197339f459553e241ff91396ba39a8e5d14e0a792e78d290a0 +PKG_HASH:=baf7c87f2e5005bf268975b1a2511f30927210b1607f20451fec2de0044edfa8 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE From 0343dffefa2b1b5dbd731516ed0a9431d6ed4cae Mon Sep 17 00:00:00 2001 From: Leo Douglas Date: Fri, 15 Sep 2023 10:17:38 +0800 Subject: [PATCH 4/7] zerotier: update to 1.12.2 see changelog: https://github.com/zerotier/ZeroTierOne/releases/tag/1.12.2. Signed-off-by: Leo Douglas --- net/zerotier/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/zerotier/Makefile b/net/zerotier/Makefile index b997b4c87..6eefb3a7a 100644 --- a/net/zerotier/Makefile +++ b/net/zerotier/Makefile @@ -6,12 +6,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zerotier -PKG_VERSION:=1.12.1 +PKG_VERSION:=1.12.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)? -PKG_HASH:=c6758a04f161bba1c0ef11fce991029a645ede381ae3862a25a2f5145aaffca8 +PKG_HASH:=7c6512cfc208374ea9dc9931110e35f71800c34890e0f35991ea485aae66e31c PKG_BUILD_DIR:=$(BUILD_DIR)/ZeroTierOne-$(PKG_VERSION) PKG_MAINTAINER:=Moritz Warning From c43599b0c885bbb3b6aae2cac34aa8d526fb8274 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Sun, 3 Sep 2023 10:26:21 +0200 Subject: [PATCH 5/7] syslog-ng: update to version 4.3.1 Makefile changes: - Since version 4.3.0, there is required to use pcre2 instead of pcre Reference: https://github.com/syslog-ng/syslog-ng/pull/4537 - Disable c++ support by default to avoid picking libstdcpp dependency Reference: https://github.com/syslog-ng/syslog-ng/pull/4484 Config changes: - Bump version in config file Signed-off-by: Josef Schlehofer --- admin/syslog-ng/Makefile | 7 ++++--- admin/syslog-ng/files/syslog-ng.conf | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/admin/syslog-ng/Makefile b/admin/syslog-ng/Makefile index a6edb205e..9612566fa 100644 --- a/admin/syslog-ng/Makefile +++ b/admin/syslog-ng/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=syslog-ng -PKG_VERSION:=4.2.0 +PKG_VERSION:=4.3.1 PKG_RELEASE:=1 PKG_MAINTAINER:=Josef Schlehofer @@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ -PKG_HASH:=092bd17fd47002c988aebdf81d0ed3f3cfd0e82b388d2453bcaa5e67934f4dda +PKG_HASH:=999dbab62982c3cffba02c0be22c596ee1ce81d6954689dc9b3a6afeb513cce3 PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 @@ -33,7 +33,7 @@ define Package/syslog-ng CATEGORY:=Administration TITLE:=A powerful syslog daemon URL:=https://www.syslog-ng.com/products/open-source-log-management/ - DEPENDS:=+libpcre +glib2 +libopenssl +libpthread +librt +zlib +libdbi +libjson-c +libcurl +libuuid +SYSLOGNG_LOGROTATE:logrotate + DEPENDS:=+libpcre2 +glib2 +libopenssl +libpthread +librt +zlib +libdbi +libjson-c +libcurl +libuuid +SYSLOGNG_LOGROTATE:logrotate endef define Package/syslog-ng/description @@ -89,6 +89,7 @@ CONFIGURE_ARGS += \ --disable-sql \ --disable-linux-caps \ --with-jsonc=system \ + --enable-cpp=no \ --enable-json=yes \ --enable-http=yes \ --disable-smtp \ diff --git a/admin/syslog-ng/files/syslog-ng.conf b/admin/syslog-ng/files/syslog-ng.conf index e04686fd6..d4ce83b54 100644 --- a/admin/syslog-ng/files/syslog-ng.conf +++ b/admin/syslog-ng/files/syslog-ng.conf @@ -4,7 +4,7 @@ # More details about these settings can be found here: # https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition -@version: 4.1 +@version: 4.3 @include "scl.conf" options { From 536569ca62b125994b26e7cf02c981b338f82676 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Mon, 4 Sep 2023 14:18:28 +0200 Subject: [PATCH 6/7] dnscrypt-proxy2: update to version 2.1.5 Fixes compilation with Go 1.21+. Signed-off-by: Josef Schlehofer --- net/dnscrypt-proxy2/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/dnscrypt-proxy2/Makefile b/net/dnscrypt-proxy2/Makefile index 7a5d82b15..2c0286ed0 100644 --- a/net/dnscrypt-proxy2/Makefile +++ b/net/dnscrypt-proxy2/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnscrypt-proxy2 -PKG_VERSION:=2.1.4 +PKG_VERSION:=2.1.5 PKG_RELEASE:=1 PKG_SOURCE:=dnscrypt-proxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/DNSCrypt/dnscrypt-proxy/tar.gz/$(PKG_VERSION)? -PKG_HASH:=05f0a3e8c8f489caf95919e2a75a1ec4598edd3428d2b9dd357caba6adb2607d +PKG_HASH:=044c4db9a3c7bdcf886ff8f83c4b137d2fd37a65477a92bfe86bf69587ea7355 PKG_BUILD_DIR:=$(BUILD_DIR)/dnscrypt-proxy-$(PKG_VERSION) PKG_MAINTAINER:=Josef Schlehofer From 66b72b6db341e7026d96cd1b6ee222e321a7a08d Mon Sep 17 00:00:00 2001 From: Olivier Poitrey Date: Thu, 14 Sep 2023 11:56:54 +0000 Subject: [PATCH 7/7] nextdns: Update to version 1.40.1 Signed-off-by: Olivier Poitrey --- net/nextdns/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/nextdns/Makefile b/net/nextdns/Makefile index f5ca3a677..7061d39e9 100644 --- a/net/nextdns/Makefile +++ b/net/nextdns/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nextdns -PKG_VERSION:=1.39.4 +PKG_VERSION:=1.40.1 PKG_RELEASE:=1 PKG_SOURCE:=nextdns-$(PKG_VERSION).tar.gz PKG_SOURCE_VERSION:=v$(PKG_VERSION) PKG_SOURCE_URL:=https://codeload.github.com/nextdns/nextdns/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=e24db909fbd732e064be465b74f4004a6f4fc0f422ef7c10e86ff707a016ccac +PKG_HASH:=5fec5ed5373d94dcaf8b17ddd78d05ccdfd0faa8b4695d9e926d8e71278ea08e PKG_MAINTAINER:=Olivier Poitrey PKG_LICENSE:=MIT