bbf/openwrt-packages
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/openwrt-packages.git synced 2025-12-20 08:49:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,884 Commits 74 Branches 1 Tag
devel
Commit Graph

34884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Yalu Zhang
bdeee4ed34 libxslt: upgrade the version from 1.1.42 to 1.1.43 
numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context
node can be modifield but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate,
xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
 2025-12-11 15:15:43 +00:00
Ted Hess
e4a5191a2d expat: upgrade to 2.7.3 
Upstream changelog: https://github.com/libexpat/libexpat/blob/R_2_7_3/expat/Changes

Signed-off-by: Ted Hess <thess@kitschensync.net>
 2025-12-05 11:46:57 +05:30
George Sapkin
f5182e7d7e expat: bump to 2.7.1 to fix several CVEs 
Addresses CVE-2024-8176 and CVE-2024-50602.

Full changelog linked below.

Changelog: https://github.com/libexpat/libexpat/blob/R_2_7_1/expat/Changes
Fixes: https://github.com/openwrt/packages/issues/26255
Fixes: https://github.com/advisories/GHSA-9hcv-xw76-m4h6
Fixes: https://github.com/advisories/GHSA-79wf-qgrg-2p6c
Signed-off-by: George Sapkin <george@sapk.in>
 2025-12-05 11:46:38 +05:30
Sukru Senli
f172bd812b mosquitto: add procd interface triggers and dynamic ACL reload 
Refactor subnet ACL generation into standalone script and use procd
  interface triggers to automatically regenerate ACLs when network
  interfaces change. Add 'hup' command for SIGHUP-based reload without
  client disconnection.

  - Move ACL generation to /usr/share/mosquitto/generate-subnet-acl.sh
  - Add procd_add_interface_trigger in service_triggers()
  - Add 'hup' command for dynamic reload via SIGHUP
  - Remove hotplug script (replaced by procd triggers)
 2025-11-26 10:52:51 +01:00
Vivek Dutta
9cfeb175b7 mosquitto: add subnet_acl UCI sections for per-user IP filtering 
(cherry picked from commit da1b407998)

3d467bb8 mosquitto: add subnet_acl UCI sections for per-user IP filtering
896c1b6b update based on feedback

Co-authored-by: Sukru Senli <sukru.senli@iopsys.eu>
 2025-11-14 15:56:42 +05:30
Markus Gothe
1702e95c20 iperf3: adjust Airoha's patches for iperf 3.19.1 2025-10-30 13:52:33 +01:00
John Audia
be945360ce iperf3: update to 3.19.1 
Update to latest upstream release.

Changelog: https://github.com/esnet/iperf/releases/tag/3.19.1

Relevant security fixes: E-2025-54349, ESNET-SECADV-2025-0003, CVE-2025-54350,
ESNET-SECADV-2025-0002, VE-2025-54351, ESNET-SECADV-2025-0001

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <therealgraysky@proton.me>
 2025-10-30 11:20:53 +01:00
Dane Murphy
d95c49036a iperf3: update to 3.19 
Updates iperf3 to the latest upstream release, 3.19

Changelog: https://github.com/esnet/iperf/releases/tag/3.19

Signed-off-by: Dane Murphy <danem7@gmail.com>
 2025-10-30 11:20:49 +01:00
Sander
60059b3348 iperf: package update to v3.18 
Signed-off-by: Sander <schutten@hotmail.com>
 2025-10-30 11:20:45 +01:00
Erik Karlsson
9f0de1226e net-snmp: disable by default 
We need to be able to include snmpd in all softwares and for security
reasons it must be disabled by default.
 2025-10-15 15:33:04 +02:00
Christian Svensson
d25e436525 ntpd: disable autoreconf fixup 
Fixes #24918 which got introduced with openwrt c364cb8.

Credit for the fix goes to Hirokazu MORIKAWA.

Signed-off-by: Christian Svensson <blue@cmd.nu>
(cherry picked from commit de0e7efdb8)
 2025-10-08 02:05:57 +02:00
Andreas Gnau
b4fc7f66b2 Merge OpenWrt 23.05.6 commit 'e59d9ef823b' into devel 
Merge OpenWrt 23.05.6 commit 'e59d9ef823bcb581e3939789b4eaeaf900b79759'
into devel.

Remove patch superseded by bump to later upstream release:
libs/libxslt/patches/0001-xsltproc-remove-maxparserdepth-option.patch
 2025-10-07 17:04:45 +02:00
Vivek Kumar Dutta
f3677af57f mosquitto: change default log level to upto warning 2025-09-23 09:24:26 +05:30
Husaam Mehdi
7aaf702596 Revert "mosquitto: workaround for debug logging" 
This reverts commit 974db63a1c
 2025-09-22 14:06:47 +00:00
Vivek Kumar Dutta
974db63a1c mosquitto: workaround for debug logging 2025-09-11 10:18:35 +05:30
John Audia
06865333ca jq: bump to v1.8.1 
Simple bump to new release

Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 383fba198e)
 2025-09-09 12:13:49 +02:00
John Audia
018480016e jq: bump to v1.8.0 
In addition to shipping the latest upstream version, package shared objects.
It is worth noting that this release is required when building with GCC 15.1.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 0f281ad57b)
(fixes CVE-2024-53427)
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
 2025-09-09 12:07:13 +02:00
Maximilian Trüpschuch
19a6d09d2c jq: provide regex support in additional package jq-full 
I modified the makefile, so that it will build two packages: jq and
jq-full. The former will remain unchanged and the latter will have a
dependency to the oniguruma library, so jq-full will have regex functions
enabled.

Signed-off-by: Maximilian Trüpschuch <milanx@gmx.net>
(cherry picked from commit 711a19c4b2)
 2025-09-09 12:00:42 +02:00
krant
3e7bc71474 jq: update to 1.7.1 
- Update package URLs
- Fix license
- Drop obsolete CFLAGS
- Drop obsolete patches

Signed-off-by: krant <aleksey.vasilenko@gmail.com>
(cherry picked from commit 73f179bdf0)
 2025-09-09 12:00:42 +02:00
W. Michael Petullo
5f7b6b8d28 jq: remove _GNU_SOURCE from Makefile and instead backport patch 
Commit 4bb18b04 added _GNU_SOURCE to jq's Makefile to fix a segfault.
This has since been fixed upstream, so this commit backports the upstream
patch instead. This keeps things closer to upstream, and it will prevent
the Makefile from containing a redundant fix once upstream releases the
next version.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit f60a0b2b46)
 2025-09-09 12:00:42 +02:00
Sukru Senli
187d6a8e3c openvswitch: install libopenvswitch shared library 
Install shared libopenvswitch library, so it can be linked by opensync
 2025-09-01 17:48:07 +05:30
Sukru Senli
33f7a4ba0e python-pyparsing: Add host install 
dependency for openvswitch/opensync
 2025-09-01 17:48:07 +05:30
Roman Azarenko
e2ec369843 nginx: update CPE ID 
Looking at the official CPE dictionary [1], `cpe:/a:nginx:nginx` was
only used until 1.21.4 inclusively. Later it was renamed to
`cpe:/a:f5:nginx`, and it showed up in a few more non-contiguous
versions numbers after 1.21.4.

In all nginx security advisories [2] starting from year 2024, the CPE
ID used is `cpe:/a:f5:nginx_open_source`. This includes versions 1.25.0
and newer.

Update the CPE ID to the newest known value of `cpe:/a:f5:nginx_open_source`
used in nginx's own security advirosies/CVEs.

[1]: https://nvd.nist.gov/products/cpe
[2]: https://nginx.org/en/security_advisories.html

Signed-off-by: Roman Azarenko <roman.azarenko@genexis.eu>
Link: https://github.com/openwrt/packages/pull/27246
 2025-08-19 11:55:02 +00:00
Tianling Shen
e59d9ef823 lttng-tools: fix build with libxml 2.14 
Backport a pending patch to fix build with libxml 2.14.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 0ec95bd1f4)
 2025-08-14 21:15:09 +08:00
Tianling Shen
f3a45fc265 strongswan: fix build with wolfssl 5.7.6 
Backport an upstream patch to fix build with wolfssl 5.7.6.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2025-08-14 21:11:56 +08:00
Tianling Shen
153d1eda11 mariadb: fix build with libxml 2.14 
Backport an upstream patch to fix build with libxml 2.14.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2025-08-13 14:16:45 +08:00
Thibaut VARÈNE
7135dd3cbd uspot: update to Git HEAD (2025-08-07) 
e2e3c649ab80 README update
18e6bcc14cc2 uspot/portal: urldecode FORM POST data
bf6051dba822 uspot/handler-uam: accept /login endpoint
32273591d8d5 uspotfilter: provide peer_lookup answers only for known clients
b0aeef9973a9 README: clarify uam vs radius mode features
b7b0d0efb0e2 uspot: improve config documentation
bce68a97fad8 captive: rename to 'uspot'
da6ca713e15d uspot: client_remove(): pass device to ratelimit client_delete()
3ebfe262bfb1 uspot: remove unused radius_call() args
691d73aa00dc uspot: let radius_init() set all required payload members
be50a66b777f uspot: allow setting global bandwidth limits
4851ada4b0c0 uspot: send Called-Station-Id in Acct-On/Off requests
0974fc8d47ac Implement uspot-bpf, an eBPF traffic counter
e99809f97e34 introduce uspotbpf.uc
7f6f43883568 uspotbpf: work around ucode-mod-bpf bug
319e0c285afb uspot: hook traffic accounting
ccf3fa9b8e83 uspot: client_interim(): remove dead code
0e92cc9f6e75 uspotbpf: fix priority conflict with ratelimit
55d40a8794b6 uspot: implement traffic limiting
b05257e862cb uspot: implement swapio
e83f95081c21 uspot: radius_acct(): don't needlessly call uspotfilter
442cff773220 uspotfilter: cleanup unused API
7878d512cd21 handler-api: include 'seconds-remaining' only if not captive
cca6d218a6a7 handler-api: implement 'bytes-remaining'
e8cf3d08ac64 uspot: start(): ratelimit clearing is independent from RADIUS accounting
6d12a2da5b20 README update
bf6364cb61ea config: clarify units for acct_interval
8133b8cd215e uspot: implement state_get()/state_set()
094825fdfe68 radius-client: lowercase non-attribute JSON members
de70c588c2e3 radius-client: add error reporting
ebe9eac34f5b radius: add option for udp or tcp connection
d6b338d5d194 uspot: support RadSec with PSK authentication
53de77512159 uspot: validate config
d0578f740111 uspot: don't store debug data through uspotfilter
fe4fa5e8a25f uspot.init: rename DAS instance
bd1fbe481da3 README update
76a03155db44 uspot: add support for secondary RADIUS servers
694ff75f4fcc uspot: remove 'final_redirect_url' config option
a347454db08c handler: redirect UAM connected clients to the 'res=already' UAM url
0ea8f9bec545 handlers: simplify auth check
f69e1df8db0f Improve RADIUS error handling and reporting
34216b56b9ed src/CMakeLists: disable -Werror
8599a968877b Makefile: sync with OpenWrt repo

Update Makefile to reflect addition of the eBPF module and other changes
in the package

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 3d76208)
 2025-08-09 15:30:05 +08:00
Fabrice Fontaine
d92569e1a8 admin/syslog-ng: fix PKG_CPE_ID 
oneidentity:syslog-ng is a better CPE ID than balabit:syslog-ng as
this CPE ID has the latest CVEs (whereas balabit:syslog-ng only
has a CVE from 2000):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:oneidentity:syslog-ng

Fixes: 5f07bb1094 (syslog-ng: update to version 3.19.1)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 3d32c62444)
 2025-08-07 09:25:01 +08:00
Wei-Ting Yang
946c364b19 treewide: assign some PKG_CPE_IDs 
Assign some PKG_CPE_IDs to enhance CVE coverage.

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=aardvark-dns
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=alpine_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=boringssl
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ecdsautils
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=file_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=knot_resolver
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=libwrap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=lsof_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nfdump
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nlnetlabs%20name_server_daemon
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=rclone
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=setserial
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tang_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tesseract_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tmate-ssh-server
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ttyd
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=uw-imap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=v2ray-core
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=zstandard

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
(cherry picked from commit ae56deff2c)
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
ae130f0352 libs/libuv: fix PKG_CPE_ID 
libuv:libuv is a better CPE ID than libuv_project:libuv as this CPE ID
has the latest CVEs (whereas libuv_project:libuv only has a CVE from
2015):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libuv:libuv

Fixes: f8ecbf529b (libuv: update to 1.32.0)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 1774871476)
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
e5ac996904 lang/tcl: fix PKG_CPE_ID 
tcl:tcl is a better CPE ID than tcl_tk:tcl_tk as this CPE ID has the
latest CVE (whereas tcl_tk:tcl_tk only has CVEs up to 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tcl:tcl

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 6de9eebf51)
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
c5def550f9 utils/logrotate: fix PKG_CPE_ID 
logrotate_project:logrotate is a better CPE ID than gentoo:logrotate as
this CPE ID has the latest CVE (whereas gentoo:logrotate only has CVEs
up to 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:logrotate_project:logrotate

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 996f0b81c6)
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
cb6b4a53f2 libs/libupnp: fix PKG_CPE_ID 
pupnp_project:pupnp is a better CPE ID than libupnp_project:libupnp as
this CPE ID has the latest CVEs from 2021 (whereas
libupnp_project:libupnp only has CVEs up to 2020):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pupnp_project:pupnp

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 911d890b11)
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
9f3582340c net/aria2: fix PKG_CPE_ID 
aria2_project:aria2 is a better CPE ID than tatsuhiro_tsujikawa:aria2 as
this CPE ID has the latest CVE (whereas tatsuhiro_tsujikawa:aria2 only
has CVEs up to 2010):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:aria2_project:aria2

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit c1c47695a8)
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
ee71f6bfdb net/openssh: fix PKG_CPE_ID 
openbsd:openssh is a better CPE ID than openssh:openssh as this CPE ID
has the latest CVEs (whereas openssh:openssh has no CVEs):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:openbsd:openssh

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 4faf09cfb5)
 2025-08-07 09:25:01 +08:00
George Sapkin
8c5b6dc996 yt-dlp: assign PKG_CPE_ID 
Link: https://nvd.nist.gov/products/cpe/detail/2739DE26-F16B-478E-A270-32C659C7F2C6?namingFormat=2.2&orderBy=CPEURI&keyword=yt-dlp&status=FINAL
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 303f7973f7)
 2025-08-07 09:25:01 +08:00
George Sapkin
dc4dee5d30 tailscale: assign PKG_CPE_ID 
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&orderBy=2.2&keyword=cpe%3A2.3%3Aa%3Atailscale%3Atailscale&status=FINAL
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit f6c7871464)
 2025-08-07 09:25:01 +08:00
George Sapkin
c5c0c201ee adguardhome: assign PKG_CPE_ID 
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aadguard%3Aadguardhome
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit fd52fb6e3c)
 2025-08-07 09:25:01 +08:00
Mohd Husaam Mehdi
36b3a950b3 openssh: disable interactive login when password login is disabled 
this is required when pam is being used, because then, disabling
only password authentication is not sufficient
 2025-08-06 18:25:51 +05:30
Tianling Shen
72eba96f43 microsocks: Update to 1.0.5 
Release note: https://github.com/rofl0r/microsocks/releases/tag/v1.0.5

Removed upstreamed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab4b299591)
 2025-07-29 17:09:50 +08:00
Tianling Shen
f0c296aadc v2ray-geodata: Update to latest version 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 083f4ce617)
 2025-07-25 13:48:28 +08:00
Gregory Gullin
8f71668a83 sing-box: Update to 1.11.15 
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.15

Signed-off-by: Gregory Gullin <garuwex@gmail.com>
(cherry picked from commit b9ac3c5e7d)
 2025-07-25 13:46:13 +08:00
Anton P.
43df63ce78 sing-box: Update to 1.11.13 
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.13

Signed-off-by: Anton P. <dragunap@gmail.com>
(cherry picked from commit 24e3f2a4c8)
 2025-07-25 13:46:10 +08:00
Anton P.
e5665a3a9c sing-box: Update to 1.11.9 
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.9

Signed-off-by: Anton P. <dragunap@gmail.com>
[line break added after commit title, accidental line removal fixed]
(cherry picked from commit c0a996ddd9)
 2025-07-25 13:46:07 +08:00
Mosney Strange
577564371e sing-box: Update to 1.11.3 
Signed-off-by: Mosney Strange <Mosney@users.noreply.github.com>
(cherry picked from commit 2d51880e48)
 2025-07-25 13:46:04 +08:00
Tianling Shen
acaae481ac btop: Update to 1.4.4 
Removed upstreamed patch.

Release note: https://github.com/aristocratos/btop/releases/tag/v1.4.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 062287375c)
 2025-07-25 13:44:56 +08:00
Nate Robinson
b0285689a0 btop: add patch to fix download/upload display 
Uses https://github.com/aristocratos/btop/pull/1156

Signed-off-by: Nate Robinson <nrobinson2000@me.com>
(cherry picked from commit 99bc4798ed)
 2025-07-25 13:44:52 +08:00
Austin Lane
a89664e701 python-click: add hostbuild 
Signed-off-by: Austin Lane <vidplace7@gmail.com>
(cherry picked from commit 117a3a2b1b)
 2025-07-24 18:10:15 +03:00
Jan Kardell
2b15fcabbf sudo: Fix license file 
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit 7841c67092)
 2025-07-21 14:45:10 +08:00
Jan Kardell
c5ad64892d sudo: bump to version 1.9.17p1 
Fixes: CVE-2025-32462
Fixes: CVE-2025-32463

Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit b153b6a034)
[rebase upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2025-07-21 14:45:10 +08:00