There is not a single CVE linked to pyyaml_project:pyyaml so use
pyyaml:pyyaml instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pyyaml:pyyaml
Fixes: c06a04c754bdcfdb2ea0bd1d654128863a2b6738 (python-yaml: update to version 5.1) Signed-off-by: Fabrice Fontaine <redacted>
Jonas Lochmann [Mon, 1 Jan 2024 00:00:00 +0000 (01:00 +0100)]
mwan3: use network_get_preferred_ipaddr6
This updates mwan3 to use network_get_preferred_ipaddr6 instead of
network_get_ipaddr6 if possible to determine a source ip for the
connectivity checks. This avoids issues where the first ip address
that is returned from network_get_ipaddr6 does not work anymore while
the preferred one returned from network_get_preferred_ipaddr6 works.
Mark Baker [Thu, 18 Jan 2024 18:52:58 +0000 (13:52 -0500)]
lualanes: Version bump to v3.16.2
Update the PKG_VERSION and PKG_SOURCE_VERSION to pull version 3.16.2
from upstream. The upstream version includes fixes for the
`pthread_yield: symbol not found` issue.
Removed patches 100-musl-compat.patch and 200-fix-redef-error.patch
as fixes were implemented upstream.
Build tested on aarch64, arm_cortex_a15/a9, i386, mips[el]_24kc,
powerpc_464fp/8548, riscv64, x86_64. Confirmed on x86_64.
Corrects the commit subject being referred to as a "description"
and links the official OpenWrt patch submission standards for
commit messages. Adds additional notes about real names and
emails being required. Also fixes the capitalization of GitHub
and SourceForge.
krant [Thu, 1 Feb 2024 07:59:45 +0000 (09:59 +0200)]
libsndfile: update to 1.2.2
- Update package URL to the official one
- Update source URL to the official one
- Modernize CMake options
- Fixup pkgconfig file
- Enable mpg123 support per users request (+7kB)
Eric Fahlgren [Wed, 10 Jan 2024 16:10:05 +0000 (08:10 -0800)]
snort3: finish up several incomplete capabilities
Reporting
- Use json alert data for 10x speed improvement in report generation
- Include both gid and sid, plus packet direction in report output
- Add by-date incident filtering
- Add verbose mode which displays actual rules triggered and their source
- Attempt to look up host names from IPs in verbose mode
- Clean up display of port number involved in incidents
Rules
- Complete downloader for subscription rules using oinkcode (only tested
with snort.org's "free" tier subscription)
- Auto-detect multiple rules files and include them in lua 'ips.rules'
- Add '--backup' option to copy out current rules before installing new
- Add '--persistent' option to 'snort-rules', storing in persistent location
CLI interface
- Completely rework command line option parsing in all user scripts
- Allow options and commands to be in any order on command line
- Add long-form names for all options ('--help' for '-h' and so on)
- Detect errors properly in options, enhance help pages
Bug fixes
- Use 'mkdir -p' on all directory creation
- Use proper tmp directory from 'snort.snort.temp_dir' everywhere
Jan Hoffmann [Thu, 1 Feb 2024 20:12:05 +0000 (21:12 +0100)]
vnstat2: update to version 2.12
This version includes several new features that allow to simplify the
package significantly: The noexit patch and hotplug script are no longer
needed, and the init script doesn't have to check for legacy databases
anymore.
tuxera:ntfs-3g is a better CPE ID than ntfs-3g:ntfs-3g as this CPE ID
has the latest CVEs (whereas ntfs-3g:ntfs-3g only has one CVE from 2007):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tuxera:ntfs-3g
gpsd_project:gpsd is a better CPE ID than berlios:gps_daemon as this CPE
ID has the latest CVEs (whereas berlios:gps_daemon only has one CVE from
2004):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gpsd_project:gpsd
There is not a single CVE linked to network_block_device:nbd so use
network_block_device_project:network_block_device instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:network_block_device_project:network_block_device
motion_project:motion is a better CPE ID than lavrsen:motion as this CPE
ID has the latest CVE (whereas lavrsen:motion only a CVE from 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:motion_project:motion
cpe:/a:miniupnp_project:miniupnpc is the correct CPE ID for miniupnpc:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:miniupnp_project:miniupnpc
There is not a single CVE linked to libidn2_project:libidn2 so use
gnu:libidn2 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:gnu:libidn2
python-paho-mqtt is licensed under EPL-2.0, not EPL-1.0, since version
1.6.0 and
https://github.com/eclipse/paho.mqtt.python/commit/fabe7500fb6fde31fd98c619e0117d1c651fd18d
While at it, add LICENSE.txt to PKG_LICENSE_FILES
Fixes: 784f2a519bb8cdfaa973070f65ff9a3a481e5cd1 (python-paho-mqtt: bump to version 1.6.1) Signed-off-by: Fabrice Fontaine <redacted>
boinc_project:boinc has never been a valid CPE ID so use
rom_walton:boinc instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:rom_walton:boinc
Fixes: 9c2bd865c715cad8646157d6bbfb669d9970c322 (boinc: new package for distributed computing/data acquisition) Signed-off-by: Fabrice Fontaine <redacted>
zsh:zsh is a better CPE ID than zsh_project:zsh as this CPE ID has the
latest CVEs (whereas zsh_project:zsh only has CVEs up to 2017):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:zsh:zsh
Fixes: ff056fcffcacf2632505bb108bf8e8c2a3cef09c (zsh: Update to 5.6.2) Signed-off-by: Fabrice Fontaine <redacted>
tmux_project:tmux is a better CPE ID than nicholas_marriott:tmux as this
CPE ID has the latest CVE (whereas nicholas_marriott:tmux only has a CVE
from 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tmux_project:tmux
tinyproxy_project:tinyproxy is a better CPE ID than banu:tinyproxy as
this CPE ID has the latest CVEs (whereas banu:tinyproxy only has CVEs up
to 2012):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinyproxy_project:tinyproxy
tinc-vpn:tinc is a better CPE ID than tinc:tinc as this CPE ID has the
latest CVEs (whereas tinc:tinc only has CVEs up to 2002):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tinc-vpn:tinc
vsftpd_project:vsftpd is a better CPE ID than beasts:vsftpd as this CPE
ID has the latest CVEs (whereas beasts:vsftpd only has CVEs up to 2015):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:vsftpd_project:vsftpd
Fixes: 1371b7be878382b8b52cd73ff72a3a41d28013c4 (vsftpd: Fix compilation without ECC or deprecated APIs) Signed-off-by: Fabrice Fontaine <redacted>
There is not a single CVE linked to pivotal_software:redis so use
redis:redis instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:redis:redis
There is not a single CVE linked to python-requests:requests so use
python:requests instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:python:requests
There is not a single CVE linked to urllib3_project:urllib3 so use
python:urllib3 instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:python:urllib3
Fixes: 6dcaa769d8ce8921dc3bfaf78ab9a8c1cef4a9b9 (python-urllib3: update to version 1.25) Signed-off-by: Fabrice Fontaine <redacted>
aiohttp:aiohttp is a better CPE ID than aio-libs_projet:aiohttp as this
CPE ID has the latest CVEs (whereas aio-libs_project:aiohttp only has
one CVE from 2018):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:aiohttp:aiohttp
Fixes: 2edf5034f1c09fe60af52087abe7b6fcef9433fc (python-aiohttp: add a new package) Signed-off-by: Fabrice Fontaine <redacted>
The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.
The `url: http://localhost:8000` is not a valid config option.
Additionally add a smale of configuring ingres rules.
There is not a single CVE linked to phillip_lougher:squashfs so use
squashfs-tools_project:squashfs-tools instead:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:squashfs-tools_project:squashfs-tools
sudo_project:sudo is a better CPE ID than todd_miller:sudo as this CPE
ID has the latest CVEs (whereas todd_miller:sudo only has CVEs up to
2016):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:sudo_project:sudo
Fixes: 8ce9f30c421255c514b1b2e41fc92eafd7976583 (sudo: Update to 1.8.24) Signed-off-by: Fabrice Fontaine <redacted>
mit:kerberos_5 is a better CPE ID than mit:kerberos as this CPE ID has
the latest CVEs (whereas mit:kerberos only has CVEs until 2018):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:mit:kerberos_5
linux-pam:linux-pam is a better CPE ID than kernel:linux-pam as this CPE
ID has the latest CVEs (whereas kernel:linux-pam only has a
SUSE-specific CVE):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:linux-pam:linux-pam
Stan Grishin [Thu, 25 Jan 2024 23:15:49 +0000 (23:15 +0000)]
nebula: update to 1.8.2-2
The following fixes have been applied to Makefile:
* fix the nebula license type
* add PKG_CPE_ID
* remove unneeded call to Build/Compile
* add leading spaces to descriptions
* add Package/nebula/conffiles definition
* remove unneeded /lib/upgrade/keep.d files
* no longer install actual license file
* add the README file
Kudos to @BKPepe and @1715173329 for feedback which lead to these fixes
Fabrice Fontaine [Tue, 30 Jan 2024 20:06:31 +0000 (21:06 +0100)]
devel/automake: fix license
automake is licensed under GPL-2.0-or-later, not GPL-3.0-or-later:
https://git.savannah.gnu.org/cgit/automake.git/tree/COPYING
indeed switch to GPL-3.0-or-later was reverted a long time ago (i.e.
before its addition to openwrt) by
https://git.savannah.gnu.org/cgit/automake.git/commit/?id=fcf2f56062e384455ec8b1aed943af33f20c27c7
krant [Wed, 31 Jan 2024 11:15:14 +0000 (13:15 +0200)]
libjpeg-trubo: update to 3.0.2
- Switch source URL to Github since upstream migrated there
- Remove CMake options which are obsolete or match default values
- Don't disable arithmetic encoding/decoding since it's the standard
git.99rst.org / openwrt-packages.git / log