aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* openvpn: update to 2.6.10Ivan Pavlov2024-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a bugfix release containing several security fixes specific to the Windows platform. Bug fixes --------- - Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. - Compression: minor bugfix in checking option consistency vs. compiled-in algorithm support - systemd unit files: remove obsolete syslog.target Security fixes -------------- - CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. - CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. - CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
* docker-compose: Update to version 2.26.0Javier Marcet2024-03-23
| | | | Signed-off-by: Javier Marcet <javier@marcet.info>
* netbird: update to 0.26.3jiangslee2024-03-23
| | | | Signed-off-by: jiangslee <jiangsili@qq.com>
* tailscale: Update to 1.62.0Zephyr Lykos2024-03-23
| | | | | | https://github.com/tailscale/tailscale/releases/tag/v1.62.0 Signed-off-by: Zephyr Lykos <git@mochaa.ws>
* Merge pull request #23684 from stangri/master-pbrStan Grishin2024-03-22
|\ | | | | pbr: update to 1.1.4-5
| * pbr: update to 1.1.4-5Stan Grishin2024-03-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This update includes the following changes: 1. Makefile * update copyright * attempt to implement the proper variants to avoid luci-app dependency on both variants * quietly stop service on uninstall 2. Config-file * add the list of dnsmasq instances to target in supported dnsmasq modes * for default pbr variant, set the `resolver_set` to `dnsmasq.nftset` * for iptables pbr variant, set the `resolver_set` to `dnsmasq.ipset` * add the `nft_file_support` (disabled by default) * introduce `procd_boot_delay` to delay service start on boot * introduce the following nft set creation options: * nft_set_auto_merge * nft_set_counter * nft_set_flags_interval * nft_set_flags_timeout * nft_set_gc_interval * nft_set_policy * nft_set_timeout * add the pbr.user.wg_server_and_client custom user script to allow running wg server and client at the same time * add the "Ignore Local Requests" sample policy 3. Hotplug firewall/interface scripts * better logged messages 4. The pbr and pbr-iptables uci defaults script * use functions from the init script * improve vpn-policy-routing migration 5. The pbr-netifd uci defaults script * use functions from the init script * improve uci operations 6. Introduce the firewall.include file 7. Improve pbr.user.aws custom user script 8. Improve pbr.user.netflix custom user script 9. Introduce pbr.user.wg_server_and_client custom user script 10. Update the init file: * refactor some code to allow the init script file to be sourced by the uci defaults scripts and the luci rpcd script for shared functions * add support for `nft_file_mode` in which service prepares the fw4-compatible atomic nft/include file for faster operations on service reload * improve Tor support (nft mode only) * implement support for nft set options * update validation functions for new options/parameters Signed-off-by: Stan Grishin <stangri@melmac.ca>
* | opus: update to 1.5.1krant2024-03-22
| | | | | | | | | | | | | | - Switch to Meson build system - Update patch with Meson build fixes Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | tgt: update to 1.0.91Maxim Storchak2024-03-22
| | | | | | | | Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* | libstrophe: update to 0.13.1krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | minisatip: update to 1.3.4krant2024-03-22
| | | | | | | | | | | | - Configure option 'dvbaes' renamed to 'dvbca' Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | minizip: update to 4.0.5krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | squid: update to 6.8krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | libdeflate: update to 1.19krant2024-03-22
| | | | | | | | | | | | - Use proper tarball URL. Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | hwdata: update to 0.380krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | mpg123: update to 1.32.5krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | unrar: update to 7.0.7krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | git-lfs: update to 3.5.1krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | git: update to 2.44.0krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | erlang: update to 26.2.3krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | expat: update to 2.6.2krant2024-03-22
| | | | | | | | Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | pulseaudio: update to 17.0Russell Senior2024-03-22
| | | | | | | | | | | | | | | | | | changes: remove meson_gio patch, already applied upstream move pulseaudio-system.conf following upsteam change in e96d278bfc5: "daemon/meson.build: Install dbus policy in /usr, not /etc" Signed-off-by: Russell Senior <russell@personaltelco.net>
* | Merge pull request #23693 from TDT-AG/pr/20240319-rrdtool1Florian Eckert2024-03-21
|\ \ | | | | | | rrdtool1: add license information
| * | rrdtool1: change download URL to httpsFlorian Eckert2024-03-21
| | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
| * | rrdtool1: add license informationFlorian Eckert2024-03-21
| | | | | | | | | | | | | | | | | | | | | See the license information on the rrdtool homepage. https://oss.oetiker.ch/rrdtool/license.en.html Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | dnsproxy: Update to 0.66.0Tianling Shen2024-03-21
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | cloudflared: Update to 2024.3.0Tianling Shen2024-03-21
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | v2ray-geodata: Update to latest versionTianling Shen2024-03-21
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | v2ray-core: Update to 5.15.1Tianling Shen2024-03-21
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | xray-core: Update to 1.8.9Tianling Shen2024-03-21
| | | | | | | | | | | | Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* | | microsocks: update to 1.0.4Ozan Göktan2024-03-21
| | | | | | | | | | | | Signed-off-by: Ozan Göktan <ozan@goktan.site>
* | | Merge pull request #23695 from mhei/php8-update-to-8.3.4Michael Heimpold2024-03-21
|\ \ \ | | | | | | | | php8: update to 8.3.4
| * | | php8: update to 8.3.4Michael Heimpold2024-03-17
| | | | | | | | | | | | | | | | Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* | | | dnsdist: update to 1.9.1 and add maintainerPeter van Dijk2024-03-21
| | | | | | | | | | | | | | | | Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* | | | pdns: update to 4.9.0 and add maintainerPeter van Dijk2024-03-21
| | | | | | | | | | | | | | | | Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
* | | | telldus-mqtt: bump to 0.3Peter Liedholm2024-03-21
| | | | | | | | | | | | | | | | Signed-off-by: Peter Liedholm <peterfromswe884@gmail.com>
* | | | lualanes: update to version 3.16.3 and use tarballJosef Schlehofer2024-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. Update it to version 3.16.3 Release notes: https://github.com/LuaLanes/lanes/releases/tag/v3.16.3 2. Change to download tarball instead of checking out Git sources In the previous commit (in the Fixes tag), it was changed to Git sources without any reason. Let's revert it back. Let's use again tagged release. Fixes: b93e5b45b1daac827d429b51d8763226268f2b9a ("lualanes: Version bump to v3.16.2") Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | | xz: update to 5.6.1krant2024-03-21
| | | | | | | | | | | | | | | | | | | | | | | | - Change source URL to the up-to-date one Signed-off-by: krant <aleksey.vasilenko@gmail.com>
* | | | Merge pull request #23475 from mcha-forks/go-1.22Tianling Shen2024-03-21
|\ \ \ \ | | | | | | | | | | golang: update to 1.22.1
| * | | | golang: Update to 1.22.1Zephyr Lykos2024-03-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Go 1.22.1 contains the following security fixes: - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm - CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm - CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect - CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping - CVE-2024-24784 net/mail: comments in display names are incorrectly handled https://go.dev/doc/devel/release#go1.22.1 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg Signed-off-by: Zephyr Lykos <git@mochaa.ws>
| * | | | golang: Update to 1.22.0Zephyr Lykos2024-03-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added a third bootstrap stage since go1.22 (and onwards) requires at least go1.20.14 to build.[1] [1]: https://go.dev/doc/go1.22#bootstrap Signed-off-by: Zephyr Lykos <git@mochaa.ws>
* | | | | nginx: Fix compilation with LTOAndreas Gnau2024-03-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When CONFIG_USE_LTO=y, the int-size detection script will fail because a variable gets optimised out. Mark it as volatile to fix the issue. Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
* | | | | net/acme-common: Fix example configToke Høiland-Jørgensen2024-03-20
|/ / / / | | | | | | | | | | | | | | | | | | | | Make sure we quote all strings, and add missing "option" in second example. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* | | | mmc-utils: update to upstream's e1281d4de916 commitMichael Heimpold2024-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Included upstream changes: e1281d4de916 mmc-utils: mmc_cmds: fix type-punned warning on &ext_csd[] casting b5ca140312d2 mmc-utils: lsmmc: Fix emmc capacity calculation d1d8a05eeb4b mmc-utils: lsmmc: Disintegrade print_mmc_csd 3b055a2129bf mmc-utils: lsmmc: Simplify interface processing functions e82719f1d29c mmc-utils: lsmmc: Simplify prinitng manufacturer name Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* | | | mstflint: add new packageTil Kaiser2024-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a new package, including tools for diagnosing Mellanox Spectrum Switches and ConnectX NICs and querying and installing firmware. Package Contents: mflash lib This lib provides low level Flash access through Mellanox HCAs. mtcr lib (implemented in mtcr.h file) This lib enables access to HCA hardware registers. mstregdump This utility dumps hardware registers from Mellanox hardware for later analysis by Mellanox. mstvpd This utility dumps the on-card VPD. mstmcra This debug utility reads/writes a to/from the device configuration register space. mstconfig This tool sets or queries non-volatile configurable options for Mellanox HCAs. mstfwmanager Mellanox firmware update and query utility which scans the system for available Mellanox devices (only mst PCI devices) and performs the necessary firmware updates. mstreg The mlxreg utility allows users to obtain information regarding supported access registers, such as their fields and attributes. mstfwtrace The mstfwtrace utility extracts and prints trace messages generated by the firmware running on 5th generation devices iRISCs. This tool supports secure FW flow only. mstlink The mstlink tool is used to check and debug link status and issues related to them. Signed-off-by: Til Kaiser <mail@tk154.de>
* | | | openssh: bump to 9.7p1John Audia2024-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release notes: https://www.openssh.com/txt/release-9.7 Removed upstreamed patch: 010-better_fzero-call-detection.patch Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne Signed-off-by: John Audia <therealgraysky@proton.me>
* | | | Merge pull request #23648 from commodo/python-updates1Alexandru Ardelean2024-03-19
|\ \ \ \ | | | | | | | | | | python-{pytz,dateutil,evdev},django: bump versions
| * | | | django: bump to version 5.0.3Alexandru Ardelean2024-03-14
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
| * | | | python-evdev: bump to version 1.7.0Alexandru Ardelean2024-03-14
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
| * | | | python-dateutil: bump to version 2.9.0.post0Alexandru Ardelean2024-03-14
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
| * | | | python-pytz: bump to version 2024.1Alexandru Ardelean2024-03-14
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Powered by cgit, Themed by Ted Yin.