Jeffery To [Tue, 28 Dec 2021 07:00:09 +0000 (15:00 +0800)]
golang: Update to 1.17.5, add patch
Includes fixes for:
* CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization
cache
* CVE-2021-44717: syscall.ForkExec error can close file descriptor 0
Added patches:
* 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch:
https://github.com/golang/go/pull/49748 backported for Go 1.17,
this removes the requirement for the gold linker when building Go
programs that use Go plugins on arm/arm64
Hiếu Lê [Tue, 21 Dec 2021 16:22:57 +0000 (10:22 -0600)]
adguardhome: update to 0.107.0
Full changelog available at: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.0
packr has been removed from build dependencies, per
https://github.com/AdguardTeam/AdGuardHome/commit/c6888326b034daea9e69de5ee0a8f37aede45892#diff-2873f79a86c0d8b3335cd7731b0ecf7dd4301eb19a82ef7a1cba7589b5252261L2
Also added the ability to configure working directory location and moved
the directory to /var. On most setups this should not change anything,
as /var is symlinked to /tmp. The move mostly benefits setups where /var
is configured to be persistent.
The working directory is used by AdGuard to store persistent data like
query logs, filter lists, etc.
Data stored in this directory can get really huge, as such allowing
this directory to be moved elsewhere (ie. an USB drive) is very
beneficial.
Co-authored-by: Dobroslaw Kijowski <redacted> Co-authored-by: Jeffery To <redacted> Signed-off-by: Hiếu Lê <redacted>
Matthew Hagan [Sat, 20 Nov 2021 23:46:34 +0000 (23:46 +0000)]
geoipupdate: initial commit
Add MaxMind's geoipupdate utility. mmdb files are downloaded to /var/GeoIP
by default. The user should update /etc/GeoIP.conf with their API key and
DB choice, currently set to country only. So as not to exceed MaxMind's
download limitations, the user should manually run the utility or set up a
cron job.
Matthew Hagan [Sat, 18 Dec 2021 18:09:02 +0000 (18:09 +0000)]
openldap: hide configurables when libopenldap is not enabled
When openldap is not enabled, the following configurables remain present
in the config:
CONFIG_OPENLDAP_DEBUG=y
\# CONFIG_OPENLDAP_CRYPT is not set
\# CONFIG_OPENLDAP_MONITOR is not set
\# CONFIG_OPENLDAP_DB47 is not set
\# CONFIG_OPENLDAP_ICU is not set
This patch adds a libopenldap dependency for these options, removing the
above from .config when libopenldap is not used. Further, move these
configurables to Config.in.
Remove un-necessary crowdsec package dependency, to be able to use
crowdsec-firewall-bouncer independently from crowdsec local installation.
(with remote API)
Description:
using crowdsec-firewall-bouncer on many OpenWRT devices connected
with my domain LAPI server (which collect many crowdsec machines,
mostly nginx), it works great. Actually, crowdsec package is not
mandatory for that usage, it would be great if it was not a dependency.
Daniel Golle [Sun, 19 Dec 2021 23:13:58 +0000 (23:13 +0000)]
uvol: update to 0.6
* auto-created meta volume
Automatically create volume '.meta' sized 0.01% of the total space
managed by uvol, the minimum size being 4 MiB.
This volume should be used to keep metadata about stored volumes, such
as container runtime configuration (in /var/run/uvol/.meta/uxc) or
the database of installed container packages.
* configurable LVM volume group
Allow setting volume group to be used by uvol using UCI.
This is useful on devices which do not boot off the device which
should be used for uvol and hence cannot make use of autopart and
physical volume detection based on kernel cmdline.
Use option vg_name in uvol section of fstab UCI config package.
Michael Heimpold [Sun, 19 Dec 2021 13:33:14 +0000 (14:33 +0100)]
php8-pecl-http: add compile-time hint about TLS13 ciphers (fixes #17332)
When cURL is built with OpenSSL as backend SSL/TLS library,
pecl_http's configure tries to detect whether TLS 1.3 ciphers
are enabled. This does not work when cross-compiling so let's
pass it based on OpenSSL build configuration.
Matthew Hagan [Sat, 18 Dec 2021 20:10:40 +0000 (20:10 +0000)]
logrotate: add logrotate.d to conffiles definition
Currently the contents of logrotate.d is not kept across sysupgrades.
Add this directory to the conffiles definition to ensure its content is
maintained.
Ivan Pavlov [Sat, 18 Dec 2021 08:29:11 +0000 (11:29 +0300)]
openvpn: update to 2.5.5
Maintainer: me / @mkrkn
Compile tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
Run tested: ramips/mt7620 TP-Link Archer C50 v1, ramips/mt7621 Xiaomi Mi router 3 Pro, ath79/generic TP-Link WDR-3500
openvpn: update to 2.5.5
use of CFG Spectre-mitigations in MSVC builds
bring back OpenSSL config loading to Windows builds
several build fixes, refer to https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst
Imran Khan [Sun, 12 Dec 2021 14:17:12 +0000 (01:17 +1100)]
nft-qos: fix include on image build service enable
Fixes: f88485f572ec1ff9082106ccf0ccb20fc7af5801 ("nft-qos: silence buildsystem errors")
Prefixing IPKG_INSTROOT to sourced includes is ineffective for this
package.
Source includes only when empty to avoid image make errors.