bbf/openwrt-packages
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/openwrt-packages.git synced 2025-12-20 08:49:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,884 Commits 74 Branches 1 Tag
devel
Commit Graph

12851 Commits

Author SHA1 Message Date
Sukru Senli
f172bd812b mosquitto: add procd interface triggers and dynamic ACL reload 
Refactor subnet ACL generation into standalone script and use procd
  interface triggers to automatically regenerate ACLs when network
  interfaces change. Add 'hup' command for SIGHUP-based reload without
  client disconnection.

  - Move ACL generation to /usr/share/mosquitto/generate-subnet-acl.sh
  - Add procd_add_interface_trigger in service_triggers()
  - Add 'hup' command for dynamic reload via SIGHUP
  - Remove hotplug script (replaced by procd triggers)
 2025-11-26 10:52:51 +01:00
Vivek Dutta
9cfeb175b7 mosquitto: add subnet_acl UCI sections for per-user IP filtering 
(cherry picked from commit da1b407998)

3d467bb8 mosquitto: add subnet_acl UCI sections for per-user IP filtering
896c1b6b update based on feedback

Co-authored-by: Sukru Senli <sukru.senli@iopsys.eu>
 2025-11-14 15:56:42 +05:30
Markus Gothe
1702e95c20 iperf3: adjust Airoha's patches for iperf 3.19.1 2025-10-30 13:52:33 +01:00
John Audia
be945360ce iperf3: update to 3.19.1 
Update to latest upstream release.

Changelog: https://github.com/esnet/iperf/releases/tag/3.19.1

Relevant security fixes: E-2025-54349, ESNET-SECADV-2025-0003, CVE-2025-54350,
ESNET-SECADV-2025-0002, VE-2025-54351, ESNET-SECADV-2025-0001

Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc

Signed-off-by: John Audia <therealgraysky@proton.me>
 2025-10-30 11:20:53 +01:00
Dane Murphy
d95c49036a iperf3: update to 3.19 
Updates iperf3 to the latest upstream release, 3.19

Changelog: https://github.com/esnet/iperf/releases/tag/3.19

Signed-off-by: Dane Murphy <danem7@gmail.com>
 2025-10-30 11:20:49 +01:00
Sander
60059b3348 iperf: package update to v3.18 
Signed-off-by: Sander <schutten@hotmail.com>
 2025-10-30 11:20:45 +01:00
Erik Karlsson
9f0de1226e net-snmp: disable by default 
We need to be able to include snmpd in all softwares and for security
reasons it must be disabled by default.
 2025-10-15 15:33:04 +02:00
Christian Svensson
d25e436525 ntpd: disable autoreconf fixup 
Fixes #24918 which got introduced with openwrt c364cb8.

Credit for the fix goes to Hirokazu MORIKAWA.

Signed-off-by: Christian Svensson <blue@cmd.nu>
(cherry picked from commit de0e7efdb8)
 2025-10-08 02:05:57 +02:00
Andreas Gnau
b4fc7f66b2 Merge OpenWrt 23.05.6 commit 'e59d9ef823b' into devel 
Merge OpenWrt 23.05.6 commit 'e59d9ef823bcb581e3939789b4eaeaf900b79759'
into devel.

Remove patch superseded by bump to later upstream release:
libs/libxslt/patches/0001-xsltproc-remove-maxparserdepth-option.patch
 2025-10-07 17:04:45 +02:00
Vivek Kumar Dutta
f3677af57f mosquitto: change default log level to upto warning 2025-09-23 09:24:26 +05:30
Husaam Mehdi
7aaf702596 Revert "mosquitto: workaround for debug logging" 
This reverts commit 974db63a1c
 2025-09-22 14:06:47 +00:00
Vivek Kumar Dutta
974db63a1c mosquitto: workaround for debug logging 2025-09-11 10:18:35 +05:30
Sukru Senli
187d6a8e3c openvswitch: install libopenvswitch shared library 
Install shared libopenvswitch library, so it can be linked by opensync
 2025-09-01 17:48:07 +05:30
Roman Azarenko
e2ec369843 nginx: update CPE ID 
Looking at the official CPE dictionary [1], `cpe:/a:nginx:nginx` was
only used until 1.21.4 inclusively. Later it was renamed to
`cpe:/a:f5:nginx`, and it showed up in a few more non-contiguous
versions numbers after 1.21.4.

In all nginx security advisories [2] starting from year 2024, the CPE
ID used is `cpe:/a:f5:nginx_open_source`. This includes versions 1.25.0
and newer.

Update the CPE ID to the newest known value of `cpe:/a:f5:nginx_open_source`
used in nginx's own security advirosies/CVEs.

[1]: https://nvd.nist.gov/products/cpe
[2]: https://nginx.org/en/security_advisories.html

Signed-off-by: Roman Azarenko <roman.azarenko@genexis.eu>
Link: https://github.com/openwrt/packages/pull/27246
 2025-08-19 11:55:02 +00:00
Tianling Shen
f3a45fc265 strongswan: fix build with wolfssl 5.7.6 
Backport an upstream patch to fix build with wolfssl 5.7.6.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2025-08-14 21:11:56 +08:00
Thibaut VARÈNE
7135dd3cbd uspot: update to Git HEAD (2025-08-07) 
e2e3c649ab80 README update
18e6bcc14cc2 uspot/portal: urldecode FORM POST data
bf6051dba822 uspot/handler-uam: accept /login endpoint
32273591d8d5 uspotfilter: provide peer_lookup answers only for known clients
b0aeef9973a9 README: clarify uam vs radius mode features
b7b0d0efb0e2 uspot: improve config documentation
bce68a97fad8 captive: rename to 'uspot'
da6ca713e15d uspot: client_remove(): pass device to ratelimit client_delete()
3ebfe262bfb1 uspot: remove unused radius_call() args
691d73aa00dc uspot: let radius_init() set all required payload members
be50a66b777f uspot: allow setting global bandwidth limits
4851ada4b0c0 uspot: send Called-Station-Id in Acct-On/Off requests
0974fc8d47ac Implement uspot-bpf, an eBPF traffic counter
e99809f97e34 introduce uspotbpf.uc
7f6f43883568 uspotbpf: work around ucode-mod-bpf bug
319e0c285afb uspot: hook traffic accounting
ccf3fa9b8e83 uspot: client_interim(): remove dead code
0e92cc9f6e75 uspotbpf: fix priority conflict with ratelimit
55d40a8794b6 uspot: implement traffic limiting
b05257e862cb uspot: implement swapio
e83f95081c21 uspot: radius_acct(): don't needlessly call uspotfilter
442cff773220 uspotfilter: cleanup unused API
7878d512cd21 handler-api: include 'seconds-remaining' only if not captive
cca6d218a6a7 handler-api: implement 'bytes-remaining'
e8cf3d08ac64 uspot: start(): ratelimit clearing is independent from RADIUS accounting
6d12a2da5b20 README update
bf6364cb61ea config: clarify units for acct_interval
8133b8cd215e uspot: implement state_get()/state_set()
094825fdfe68 radius-client: lowercase non-attribute JSON members
de70c588c2e3 radius-client: add error reporting
ebe9eac34f5b radius: add option for udp or tcp connection
d6b338d5d194 uspot: support RadSec with PSK authentication
53de77512159 uspot: validate config
d0578f740111 uspot: don't store debug data through uspotfilter
fe4fa5e8a25f uspot.init: rename DAS instance
bd1fbe481da3 README update
76a03155db44 uspot: add support for secondary RADIUS servers
694ff75f4fcc uspot: remove 'final_redirect_url' config option
a347454db08c handler: redirect UAM connected clients to the 'res=already' UAM url
0ea8f9bec545 handlers: simplify auth check
f69e1df8db0f Improve RADIUS error handling and reporting
34216b56b9ed src/CMakeLists: disable -Werror
8599a968877b Makefile: sync with OpenWrt repo

Update Makefile to reflect addition of the eBPF module and other changes
in the package

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 3d76208)
 2025-08-09 15:30:05 +08:00
Wei-Ting Yang
946c364b19 treewide: assign some PKG_CPE_IDs 
Assign some PKG_CPE_IDs to enhance CVE coverage.

https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=aardvark-dns
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=alpine_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=boringssl
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ecdsautils
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=file_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=knot_resolver
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=libwrap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=lsof_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nfdump
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nlnetlabs%20name_server_daemon
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=rclone
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=setserial
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tang_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tesseract_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tmate-ssh-server
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ttyd
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=uw-imap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=v2ray-core
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=zstandard

Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
(cherry picked from commit ae56deff2c)
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
9f3582340c net/aria2: fix PKG_CPE_ID 
aria2_project:aria2 is a better CPE ID than tatsuhiro_tsujikawa:aria2 as
this CPE ID has the latest CVE (whereas tatsuhiro_tsujikawa:aria2 only
has CVEs up to 2010):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:aria2_project:aria2

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit c1c47695a8)
 2025-08-07 09:25:01 +08:00
Fabrice Fontaine
ee71f6bfdb net/openssh: fix PKG_CPE_ID 
openbsd:openssh is a better CPE ID than openssh:openssh as this CPE ID
has the latest CVEs (whereas openssh:openssh has no CVEs):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:openbsd:openssh

Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 4faf09cfb5)
 2025-08-07 09:25:01 +08:00
George Sapkin
dc4dee5d30 tailscale: assign PKG_CPE_ID 
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&orderBy=2.2&keyword=cpe%3A2.3%3Aa%3Atailscale%3Atailscale&status=FINAL
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit f6c7871464)
 2025-08-07 09:25:01 +08:00
George Sapkin
c5c0c201ee adguardhome: assign PKG_CPE_ID 
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aadguard%3Aadguardhome
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit fd52fb6e3c)
 2025-08-07 09:25:01 +08:00
Mohd Husaam Mehdi
36b3a950b3 openssh: disable interactive login when password login is disabled 
this is required when pam is being used, because then, disabling
only password authentication is not sufficient
 2025-08-06 18:25:51 +05:30
Tianling Shen
72eba96f43 microsocks: Update to 1.0.5 
Release note: https://github.com/rofl0r/microsocks/releases/tag/v1.0.5

Removed upstreamed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab4b299591)
 2025-07-29 17:09:50 +08:00
Tianling Shen
f0c296aadc v2ray-geodata: Update to latest version 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 083f4ce617)
 2025-07-25 13:48:28 +08:00
Gregory Gullin
8f71668a83 sing-box: Update to 1.11.15 
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.15

Signed-off-by: Gregory Gullin <garuwex@gmail.com>
(cherry picked from commit b9ac3c5e7d)
 2025-07-25 13:46:13 +08:00
Anton P.
43df63ce78 sing-box: Update to 1.11.13 
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.13

Signed-off-by: Anton P. <dragunap@gmail.com>
(cherry picked from commit 24e3f2a4c8)
 2025-07-25 13:46:10 +08:00
Anton P.
e5665a3a9c sing-box: Update to 1.11.9 
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.9

Signed-off-by: Anton P. <dragunap@gmail.com>
[line break added after commit title, accidental line removal fixed]
(cherry picked from commit c0a996ddd9)
 2025-07-25 13:46:07 +08:00
Mosney Strange
577564371e sing-box: Update to 1.11.3 
Signed-off-by: Mosney Strange <Mosney@users.noreply.github.com>
(cherry picked from commit 2d51880e48)
 2025-07-25 13:46:04 +08:00
Jan Hák
3fcb698a6c knot-resolver: update to version 5.7.4 
Knot Resolver 5.7.4 (2024-07-23)
================================

Security
--------
- reduce buffering of transmitted data, especially TCP-based in userspace
  Also expose some of the new tweaks in lua:
   (require 'ffi').C.the_worker.engine.net.tcp.user_timeout = 1000
   (require 'ffi').C.the_worker.engine.net.listen_{tcp,udp}_buflens.{snd,rcv}

Improvements
------------
- add the fresh DNSSEC root key KSK-2024 already, Key ID 38696

Incompatible changes
--------------------
- libknot 3.0.x support is dropped
  Upstream last maintained 3.0.x in spring 2022.

Knot Resolver 5.7.3 (2024-05-30)
================================

Improvements
------------
- stats: add separate metrics for IPv6 and IPv4

Bugfixes
--------
- fix NSEC3 records missing in answer for positive wildcard expansion
  with the NSEC3 having over-limit iteration count

Knot Resolver 5.7.2 (2024-03-27)
================================

Bugfixes
--------
- fix on 32-bit systems with 64-bit time_t

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 6e208887e3)
 2025-07-04 14:03:21 +02:00
Philip Prindeville
f88b618fe2 named: /var/run/named isn't being created with correct permissions 
It needs to be group writable or session.key can't be written once
named drops privileges.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit b82574b31c)
 2025-07-03 10:27:02 -04:00
Erik Karlsson
e0988a17ae openssh: read authorized keys from /etc/board.json 
If there are keys present, root password login gets disabled.
 2025-06-19 13:20:12 +02:00
Erik Karlsson
8d38bdfdee openssh: remove unnecessary "uci commit" in uci-defaults script 2025-06-19 11:32:21 +02:00
Vivek Kumar Dutta
f2079b1ab4 mosquitto: debug information 
- update log_level to information
- Added max in-flight message to 10
- define reload handler
 2025-06-17 10:45:24 +05:30
Vivek Kumar Dutta
61d82af182 mosquitto: cleanup uci-default script 2025-06-17 10:26:09 +05:30
Vivek Kumar Dutta
feceb57dbf mosquitto: align with upstream changes 2025-06-17 10:22:02 +05:30
Tianling Shen
75e3e5d327 v2ray-geodata: Update to latest version 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7d6535737c)
 2025-06-16 18:31:13 +08:00
Tianling Shen
daba53947d v2ray-geodata: Update to latest version 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ed12bfe13c)
 2025-06-16 18:31:13 +08:00
Tianling Shen
4b2429557d v2ray-geodata: Update to latest version 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a91d278804)
 2025-06-16 18:31:13 +08:00
Liangbin Lian
2855313b1f transmission: add syscalls to seccomp filter 
Add missing syscalls found with `/etc/init.d/transmission trace`.

fix crash on boot on x86_64 platform

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit d827297546)
 2025-06-07 15:08:43 +02:00
Serhii Ivanov
c6576f049e transmissision: remove build dependency on nodejs 
Have no idea why such dependency was added.
No documentation from transmission that they need
such dependency on build time. On the other hand
saves vast of time during build

Signed-off-by: Serhii Ivanov <icegood1980@gmail.com>
(cherry picked from commit a06829b0a2)
 2025-06-07 15:08:37 +02:00
Peter van Dijk
d6c912fc8e dnsdist: update to 1.9.10 
fixes CVE-2025-30193

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit ec30d1e4f6c33d200c11b35a218a6ae68364b391)
 2025-06-03 19:07:55 +02:00
Tianling Shen
840f3ac55a netavark: revert lock cargo dependencies 
Now we have rust 1.85.0.

This reverts commit aba78031f5.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2025-05-29 17:51:52 +08:00
Markus Gothe
56144cf996 treewide: Add PKG_FLAGS:=nonshared for packages with platform patches. 2025-05-22 21:16:25 +02:00
Noah Meyerhans
f1673cee7e bind: bump to 9.18.37 
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
 2025-05-21 21:00:04 -04:00
Markus Gothe
ed7c1f1720 iperf3: Add Airoha specific patches for HW acceleration. 
Add patches from Airoha's 2025Q1 LTS SDK for iperf3.
 2025-05-21 19:24:18 +02:00
Noah Meyerhans
72561be263 bind: bump to 9.18.36 
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
 2025-05-20 08:01:53 +02:00
Peter van Dijk
be13825169 dnsdist: update to 1.9.9 
fixes CVE-2025-30194

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
 2025-05-08 22:06:31 +03:00
Tianling Shen
c4add161e3 v2raya: Update to 2.2.6.7 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit aad793b6f4)
 2025-04-22 22:18:33 +08:00
Tianling Shen
b40127d88b librespeed-go: add missing conffiles 
Add missing uci configuration to conffiles.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit df9ba18578)
 2025-04-22 22:18:03 +08:00
Tianling Shen
d31e306e47 v2ray-geodata: Update to latest version 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1d73b25ed8)
 2025-04-22 22:17:57 +08:00