Dirk Brenken [Sun, 26 Feb 2023 07:16:15 +0000 (08:16 +0100)]
banip: update 0.8.1-2
* add oisdbig as new feed
* LuCI frontend preparation:
- the json feed file points always to /etc/banip/banip.feeds (and is no longer compressed)
- supply country list in /etc/banip/banip.countries
* update readme
Koen Vandeputte [Mon, 13 Feb 2023 09:08:50 +0000 (10:08 +0100)]
gst1-plugins-bad: bump to 1.20.5
- aesdec: Fix padding removal for per-buffer-padding=FALSE
- aesdec test failing in gst-plugins-bad
- alphacombine: Add missing query handler for gaps
- avfdeviceprovider: do not leak the properties
- avfvideosrc: Report latency when doing screen capture
- d3d11screencapturesrc: Specify PAR 1/1 to template caps
- d3d11videosink: Fixing focus lost on desktop layout change
- d3d11videosink: Call ShowWindow() from window thread
- d3d11videosink: Fix deadlock when parent window is busy
- d3d11videosink: Always clear back buffer on resize
- decklink: reset calculation of time_mapping to fix clipping HDMI video
- directshow: Fix build error with glib 2.75 and newer
- dvbsubenc: Forward GAP events as-is if we wouldn't produce an end packet and...
- dvbsubenc: Write Display Definition Segment if a non-default width/height is used
- h265decoder: Do not abort when failed to prepare ref pic set
- h264parser: Fix a typo in pred_weight_table parsing.
- mediafoundation, d3d11: Fix memory leak and make leak tracer happy
- mpegts: Handle when iconv doesn't support ISO 6937 (e.g. musl libc)
- mpegts: Check continuity counter on section streams
- mpegts: Revert "mpegtspacketizer: memcmp potentially seen_before data"
- mpegtspacketizer: memcmp potentially seen_before data
- mpegtsdemux: Always clear packetizer on DISCONT push mode
- srt: various fixes - improve stats and error handling
- rtmp2: Improve error messages
- rtmp2sink: Correctly return GST_FLOW_ERROR on error
- vulkan: Fix static linking on macOS
- webrtcbin: also add rtcp-fb ccm fir for video mlines by default
- webrtc/nice: fix small leak of split strings
Koen Vandeputte [Mon, 13 Feb 2023 09:08:01 +0000 (10:08 +0100)]
gst1-plugins-good: bump to 1.20.5
- flacparse: Fix handling of headers advertising 32bps
- qt5: deactivate context if fill_info fails
- qt5: initialize GError properly in gst_qt_get_gl_wrapcontext()
- qtdemux: check return value from gst_structure_get in PIFF box
- qtdemux: use unsigned int types to store result of QT_UINT32
- qtmux: Prefill mode fixes
- oss4: Fix debug category initialization
- multiudpsink: allow binding to IPv6 address
- rtpjitterbuffer tests: Cast drop-messages-interval type properly (fixing it on 32-bit architectures)
- rtspsrc: fix seek event leaks
- rtspsrc: Don't replace 404 errors with "no auth protocol found"
- rtspsrc: Only EOS on timeout if all streams are timed out/EOS
- rtspsrc: Fix usage of IPv6 connections in SETUP
- splitmuxsrc: don't queue data on unlinked pads
- v4l2: Fix SIGSEGV on 'change state' during 'format change'
- v4l2videodec: Fix activation of internal pool
- wavparse: Avoid occasional crash due to referencing freed buffer.
- wavparse: Fix crash that occurs in push mode when header chunks are corrupted in certain ways.
Koen Vandeputte [Mon, 13 Feb 2023 09:07:19 +0000 (10:07 +0100)]
gst1-plugins-base: bump to 1.20.5
- audioconvert, audioresample, audiofilter: fix divide by 0 for input buffer without caps
- cdparanoia: Ignore compiler warning coming from the cdparanoia header
- oggdemux, parsebin: More leak fixes
- opengl: fix automatic dispmanx detection for rpi4
- opengl: Fix usage of eglCreate/DestroyImage
- opengl: Fix static linking on macOS
- opusdec: Various channel-related fixes
- textrender: Negotiate caps on a GAP event if none were negotiated yet
- textrender: Don't blindly forward all events and don't blindly forward all events
- timeoverlay: fix pad leak
- oggdemux: Don't leak incoming EOS event
- subparse: Fix non-closed tag handling.
- videodecoder: Only post latency message if it changed
- videoscale: buffer meta handling fixes (NULL-terminate array of valid meta tags)
- videosink: Don't return unknown end-time from get_times()
- Bump core requirement in 1.20 branch to 1.20.4
Koen Vandeputte [Mon, 13 Feb 2023 09:06:27 +0000 (10:06 +0100)]
gstreamer: Update to 1.20.5
- allocator: Copy allocator name in gst_allocator_register()
- miniobject: support higher refcount values
- pads: Fix non-serialized sticky event push, e.g. instant change rate events
- padtemplate: Fix annotations
- systemclock: Use futex_time64 syscall on x32 and other platforms that always...
- Fix build of 1.20 branch with Meson 0.64.1 for those who have hotdoc installed on their system.
- meson: fix check for pthread_setname_np()
- -Wimplicit-function-declaration in pthread_setname_np check (missing GNUSOURCE)
- gst-inspect: Don't leak list
- concat: Properly propagate EOS seqnum
- fakesrc: avoid time overflow with datarate
Josef Schlehofer [Thu, 23 Feb 2023 06:56:04 +0000 (07:56 +0100)]
antfs-mount: drop
Since kernel module was dropped, check the reasons why it was removed in
the commit 42a4fbe4a4fda8b61a1cec0762957872511f6527 ("
antfs: drop this kernel package"), then this package should be removed,
too as the dependency was removed and without it, it is not useful
Josef Schlehofer [Thu, 23 Feb 2023 06:52:01 +0000 (07:52 +0100)]
antfs: drop this kernel package
Reasons to remove this package:
1. It is not available for Linux kernel 5.15 and onwards.
2. It seems that it is not maintained as the original repository was
done in 2018 and then the forked repository was done to have this
merged only to OpenWrt.
3. Anyone can use ntfs-3g (fuse) or ntfs3 from Paragon, which has been
available since Linux kernel 5.15
4. Nobody said why this package was necessary or required to be added
here or what was the difference between driver(s) in the Linux kernel and
this package.
5. No project home page, no documentation, only source code provided by
AVM
Tianling Shen [Tue, 21 Feb 2023 04:48:00 +0000 (12:48 +0800)]
golang: Update to 1.19.6
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Glenn Strauss [Sat, 21 Jan 2023 01:07:36 +0000 (20:07 -0500)]
lighttpd: add lighttpd-mod-webdav_min package
add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav
lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.
Dirk Brenken [Mon, 13 Feb 2023 16:56:57 +0000 (17:56 +0100)]
banip: release 0.8.0 (nft rewrite)
- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course
Oskari Rauta [Mon, 13 Feb 2023 17:45:32 +0000 (17:45 +0000)]
podman: update 4.4.1
patch refreshed.
Changes
- Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
- Documented journald identifiers used in the journald backend for the podman events command.
Bugfixes
- Fixed a bug where the default handling of pids-limit was incorrect.
- Fixed a bug where parallel calls to make docs crashed (#17322).
- Fixed a regression in the podman kube play command where existing resources got mistakenly removed.
Full list of changes: [Release notes](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Stan Grishin [Thu, 16 Feb 2023 22:59:10 +0000 (22:59 +0000)]
simple-adblock: update to 1.9.4-1
* update default config for new oisd.nl lists
* conf.update file to migrate oisd.nl lists to the new format
* introduce AdBlockPlus lists support (new oisd.nl format)
* longer wait for WAN up/gateway detection
* make load_environemnt only execute once to suppress duplicate
warnings/errors
PS. While I was testing this, oisd.nl has brought back the old domains
lists as well, so this version supports both as I'm unclear as to
why the "big" ABPlus list is only 6.2Mb where as the "big" domains
list is whopping 19.9Mb.
Hannu Nyman [Wed, 15 Feb 2023 21:07:53 +0000 (23:07 +0200)]
irqbalance: Add upstream fix for AARCH64 irq name parsing
Add upstream fix for AARCH64 irq name parsing.
> On arm64 SoCs like TI's K3 SoC and few other SoCs,
> IRQ names don't get parsed correct due to which they
> end up being classified into wrong class. Fix this by
> considering last token to contain IRQ name always.
The fix seems to enable e.g. RT3200 to notice a few more
interrupts and start balancing them.
Daniel Golle [Wed, 15 Feb 2023 04:04:12 +0000 (04:04 +0000)]
uvol: switch to /sys/class/ubi
Instead of /sys/devices/virtual/ubi which will no longer be available
in future kernels, switch to /sys/class/ubi.
While at it fix unrelated arithmetic syntax error by guarding the
affected expression to not run on an empty string.
are all booleans, so we have to retrieve them using `config_get_bool` in order
to make sure they are properly interpreted in case the user sets them to a
keyword (`true`/`false`, `on`/`off` etc.) and not an integer (`0`/`1`).
Tom Stöveken [Thu, 9 Feb 2023 06:36:08 +0000 (07:36 +0100)]
restic: update to 0.15.1
Maintainer: Tom Stöveken <redacted>
Compile tested: SDK for OpenWrt 22.03.3
Run tested: x86/64 @ Intel(R) Celeron(R) CPU N3160 @ 1.60GHz, OpenWrt 22.03.3
Description:
Updated to version 0.15.1
changed PKG_RELEASE:=2 due to deprecated value AUTORELEASE, squashed commits and then
changed PKG_RELEASE:=1 because upgrading the whole main PKG_VERSION (the major version item) should reset this to 1
Javier Marcet [Tue, 7 Feb 2023 12:52:28 +0000 (13:52 +0100)]
python-websocket-client: update to 1.5.1
- 1.5.1
- Fix logic bug that can cause disconnects
- 1.5.0
- Refactor and improve ping/pong logic to resolve several issues,
including an infinite loop issue during reconnect
- Fix issue where `skip_utf8_validation = True` is ignored
- Fix issue where sslopt `is_ssl` is ignored
- Downgrade "websocket connected" message from logging.warning to
logging.info
- Update github actions to newer versions (669fe1b)