Commit graph

29176 commits

Author SHA1 Message Date
Stan Grishin
e9e96c08e8
Merge pull request #20523 from stangri/master-simple-adblock
simple-adblock: implement procd_boot_wan_timeout support
2023-02-19 13:21:28 -07:00
Stan Grishin
587cd4d0d7 simple-adblock: implement procd_boot_wan_timeout support
* implement procd_boot_wan_timeout support
* update config with oisd ABPlus and domains lists

Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-02-19 05:10:35 +00:00
Stan Grishin
79eb58a4b5
Merge pull request #20511 from stangri/master-simple-adblock
simple-adblock: update to 1.9.4-1
2023-02-18 22:04:19 -07:00
Michael Heimpold
53bb5cc13e libgpiod: update to 1.6.4
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2023-02-18 22:18:07 +01:00
Dirk Brenken
f765b2e79c
Merge pull request #20491 from dibdot/banIP
banip: release 0.8.0 (nft rewrite)
2023-02-18 21:14:56 +01:00
Dirk Brenken
82a491bac8
banip: release 0.8.0 (nft rewrite)
- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course

Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-02-18 21:06:26 +01:00
Dirk Brenken
0b222b7e10
adblock: update 4.1.5-6
* adapted changed oisd downloads (again), fixed #20516

Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-02-18 20:17:34 +01:00
Alexandru Ardelean
2ecde63118 django: bump to version 4.1.7
Fixes:
   https://nvd.nist.gov/vuln/detail/CVE-2023-23969

Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
2023-02-17 19:32:46 +02:00
Dengfeng Liu
9aa82f48c1 kcptun: update to version 20230207
add support for port-range dailer, port-range listener

Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
2023-02-17 15:18:00 +08:00
Oskari Rauta
0b4185ab92 podman: update 4.4.1
patch refreshed.

Changes
 - Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
 - Documented journald identifiers used in the journald backend for the podman events command.

Bugfixes
 - Fixed a bug where the default handling of pids-limit was incorrect.
 - Fixed a bug where parallel calls to make docs crashed (#17322).
 - Fixed a regression in the podman kube play command where existing resources got mistakenly removed.

Full list of changes: [Release notes](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2023-02-17 13:14:39 +08:00
Hirokazu MORIKAWA
6cd5a2c57f node: bump to v16.19.1
Thursday February 16 2023 Security Releases

Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2023-02-17 11:51:35 +09:00
Stan Grishin
6c45b40317 simple-adblock: update to 1.9.4-1
* update default config for new oisd.nl lists
* conf.update file to migrate oisd.nl lists to the new format
* introduce AdBlockPlus lists support (new oisd.nl format)
* longer wait for WAN up/gateway detection
* make load_environemnt only execute once to suppress duplicate
  warnings/errors

PS. While I was testing this, oisd.nl has brought back the old domains
    lists as well, so this version supports both as I'm unclear as to
    why the "big" ABPlus list is only 6.2Mb where as the "big" domains
    list is whopping 19.9Mb.

Signed-off-by: Stan Grishin <stangri@melmac.ca>
2023-02-16 23:10:22 +00:00
Eneas U de Queiroz
ac547f5af8
apfree-wifidog: add support for OpenSSL 3.0
This adds an upstream commit to allow building with OpenSSL 3.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
d0d2f1862b
libuhttpd: allow building with OpenSSL 3.0
Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
51fda9dde7
boinc: Add compatibility with OpenSSL 3.0
This adds a patch from upstream allowing to build with OpenSSL 3.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
6b40dccedf
umurmur: fix compilation with OpenSSL 3.0
Remove a call to CRYPTO_mem_ctrl(), which is used only for debugging,

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
78dcc29e47
squid: bump to release 5.7
This is the latest version and brings compatibility with OpenSSL 3.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
94b06478ed
nsd: bump to 4.6.1
This version adds compatibility with OpenSSL 3.0.

There's a patch, submitted upstream, to fix building without SSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
c4f3f54386
nginx-util: allow building with OpenSSL 3.0
Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Eneas U de Queiroz
ab6fbdc44a
gost_engine: add version 3.0.0.1
With OpenSSL soon to be updated to 3.0, the gost engine will have to be
bumped as well.  Gost 3.0.0.1 will not build with OpenSSL 1.1.

To avoid disruption, this commit detects the OpenSSL version from
ENGINES_DIR in include/openssl-engin, and sets the package version
accordingly.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-02-16 10:28:52 -03:00
Tianling Shen
5a9979d243
cloudreve: Update to 3.7.1
Dropped architectures that are no longer supported by upstream.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-16 11:32:12 +08:00
Tianling Shen
70009d3586
gg: Update to 0.2.18
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-16 11:24:46 +08:00
Tianling Shen
c5c3c2e223
dnsproxy: Update to 0.47.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-16 11:24:29 +08:00
Oskari Rauta
779920ee29 conmon: update to 2.1.6
Bug fixes
 - Fix OOM watcher for cgroupv2 oom_kill events

Misc
 - Use --detach instead of -d
 - ctrl: drop fifo perms to 0660

[Release notes](https://github.com/containers/conmon/releases/tag/v2.1.6)

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
2023-02-16 10:01:29 +08:00
Hannu Nyman
22188b42bd irqbalance: Add upstream fix for AARCH64 irq name parsing
Add upstream fix for AARCH64 irq name parsing.

> On arm64 SoCs like TI's K3 SoC and few other SoCs,
> IRQ names don't get parsed correct due to which they
> end up being classified into wrong class. Fix this by
> considering last token to contain IRQ name always.

The fix seems to enable e.g. RT3200 to notice a few more
interrupts and start balancing them.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-02-15 23:51:58 +02:00
Dirk Brenken
51634a960c
adblock: update 4.1.5-5
* adapted changed oisd namings / download locations
   oisd_big (old: oisd_full), oisd_small (old: oisdb_basic)
* added antipopads as new sources
* removed broken energized source
* fixed readme

Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-02-15 21:15:20 +01:00
Florian Eckert
c7d23af17d
Merge pull request #20481 from ttytyper/hamlib-init-config
hamlib: Added init script and config files
2023-02-15 09:35:59 +01:00
Daniel Golle
3d86716b4f
uvol: switch to /sys/class/ubi
Instead of /sys/devices/virtual/ubi which will no longer be available
in future kernels, switch to /sys/class/ubi.
While at it fix unrelated arithmetic syntax error by guarding the
affected expression to not run on an empty string.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-02-15 04:06:36 +00:00
Josef Schlehofer
7aa180412c
Merge pull request #20425 from autobakterie/flask_jinja_update_maintainer
Flask, Jinja2: update maintainer
2023-02-14 18:01:57 +01:00
Šimon Bořek
29e75d5ba8
Jinja2: pass maintainership to Michal Vasílek
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2023-02-14 17:37:18 +01:00
Šimon Bořek
a6f227e0aa
Flask: pass maintainership to Michal Vasílek
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2023-02-14 17:37:16 +01:00
Šimon Bořek
b4c6c4e7c1
Jinja2: get rid of deprecated AUTORELEASE
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2023-02-14 17:37:14 +01:00
Šimon Bořek
76ed9d5218
Flask: get rid of deprecated AUTORELEASE
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
2023-02-14 17:37:11 +01:00
Jesper Henriksen
f6e4eda119
hamlib: Added newline at end of init script and config
Signed-off-by: Jesper Henriksen <mail-openwrt@jesper.io>
2023-02-13 21:23:43 +01:00
Salim B
63dc13d7d2 transmission: retrieve boolean config opts using config_get_bool
The tranmission UCI config options

- `config_overwrite`
- `incomplete_dir_enabled`
- `watch_dir_enabled`

are all booleans, so we have to retrieve them using `config_get_bool` in order
to make sure they are properly interpreted in case the user sets them to a
keyword (`true`/`false`, `on`/`off` etc.) and not an integer (`0`/`1`).

Signed-off-by: Salim B <git@salim.space>
2023-02-13 01:50:52 +01:00
Tom Stöveken
0876220ba4 restic: update to 0.15.1
Maintainer: Tom Stöveken <tom@naaa.de>
Compile tested: SDK for OpenWrt 22.03.3
Run tested: x86/64 @ Intel(R) Celeron(R) CPU N3160 @ 1.60GHz, OpenWrt 22.03.3

Description:
Updated to version 0.15.1
changed PKG_RELEASE:=2 due to deprecated value AUTORELEASE, squashed commits and then
changed PKG_RELEASE:=1 because upgrading the whole main PKG_VERSION (the major version item) should reset this to 1

Signed-off-by: Tom Stöveken <tom@naaa.de>
2023-02-12 19:40:12 +02:00
Jesper Henriksen
45f6a8ddd2
hamlib: Added init and config files
Signed-off-by: Jesper Henriksen <mail-openwrt@jesper.io>
2023-02-12 14:30:36 +01:00
Javier Marcet
b064f6b5db python-websocket-client: update to 1.5.1
- 1.5.1
  - Fix logic bug that can cause disconnects

- 1.5.0
  - Refactor and improve ping/pong logic to resolve several issues,
  including an infinite loop issue during reconnect
  - Fix issue where `skip_utf8_validation = True` is ignored
  - Fix issue where sslopt `is_ssl` is ignored
  - Downgrade "websocket connected" message from logging.warning to
  logging.info
  - Update github actions to newer versions (669fe1b)

Signed-off-by: Javier Marcet <javier@marcet.info>
2023-02-12 12:01:30 +02:00
Jesper Henriksen
c63618f8b3 hamlib: update to 4.5.4
Signed-off-by: Jesper Henriksen <mail-openwrt@jesper.io>
2023-02-12 10:55:21 +02:00
Ralf Kaiser
33d32450b4 gsocket: upstream update to 1.4.39
Signed-off-by: Ralf Kaiser <skyper@thc.org>
2023-02-11 11:46:58 +01:00
Javier Marcet
6b53f122ff docker-compose: Update to version 2.16.0
Signed-off-by: Javier Marcet <javier@marcet.info>
2023-02-11 11:47:37 +08:00
Josef Schlehofer
63baa4249e
Merge pull request #20349 from turris-cz/unbound-1171
unbound: update to version 1.17.1
2023-02-10 16:44:05 +01:00
Josef Schlehofer
97e69ec89c
unbound: update to version 1.17.1
- Refreshed one patch
- Removed deprecated AUTORELEASE

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2023-02-10 15:25:35 +01:00
Van Waholtz
c85a23a81e sing-box: add new package
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
2023-02-10 08:45:15 +08:00
Tianling Shen
4947b057cf
v2ray-geodata: Update to latest version
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-10 07:29:56 +08:00
Tianling Shen
a9ac85db71
v2ray-core: Update to 5.3.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-10 07:29:19 +08:00
Tianling Shen
b4c4b17308
xray-core: Update to 1.7.5
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-10 07:28:57 +08:00
Tianling Shen
c1544f9a5f
cloudflared: Update to 2023.2.1
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-02-09 22:35:23 +08:00
Michael Heimpold
c999b2fd85
Merge pull request #20460 from mhei/php8-update-8.2.2
php8: update to 8.2.2
2023-02-09 07:35:07 +01:00
Fabian Lipken
c142df18ed dnscrypt-proxy2: update to version 2.1.4
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
2023-02-08 10:42:51 +01:00