* add interface information to the dns report
* support multiple tcpdump interfaces ('any') in the dns report properly
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix compiling bundled Kerberos library on several 32-bit architectures
by linking with libatomic.
Disable kernel keyring being picked up from a dirty buildbot
environment.
Signed-off-by: George Sapkin <george@sapk.in>
Add dependabot config to automatically check for action updates once a
week and open PRs if any are found.
Signed-off-by: George Sapkin <george@sapk.in>
This software seems no longer maintained by upstream.
The latest upstream release is 16 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
Both PKG_SOURCE_URL and URL are dead, and
no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Error if shebang to host python interpreter would exceed 127 characters
(124 characters plus shebang and newline). This is used to alert user
when python-installer would fail to correctly set a Python program's
shebang line.
Closes: https://github.com/openwrt/packages/issues/28310
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Move version definition to a helper file so multiple versions can be
easily defined using it.
Variables HOST_GO_VARS, PKG_GO_ASMFLAGS, PKG_GO_GCFLAGS,
PKG_GO_INSTALL_ARGS, PKG_GO_LDFLAGS, PKG_GO_VARS, and
PKG_GO_ZBOOTSTRAP_MODS are defined using conditional variable
assignment and can be overridden for each go version.
Link: https://github.com/openwrt/packages/pull/28309
Signed-off-by: George Sapkin <george@sapk.in>
Add versioned package for 1.25 to enable having multiple host go
versions side by side.
Set default version to 1.25 in golang-values.mk
Add unversioned dummy package to allow go-based packages to continue
using the default go host version. Packages can use it by specifying:
PKG_BUILD_DEPENDS:=golang/host
or use a specific version out of the ones that are available in that
branch by specifying:
PKG_BUILD_DEPENDS:=golang1.25/host
Host go is exposed to each package through PATH set in
GO_PKG_BUILD_CONFIG_VARS and GO_PKG_VARS.
Target go is installed through alternatives with the default version
having higher priority.
Newer versions can reuse older ones as bootstraps by setting
GO_BOOTSTRAP_VERSION package variable to older version, e.g.:
GO_BOOTSTRAP_VERSION:=1.24
All subpackages provide suffix-less names, e.g. golang, golang-src, etc.
Default versions are marked as default variants.
Link: https://github.com/openwrt/packages/pull/28309
Signed-off-by: George Sapkin <george@sapk.in>
Busybox's chown stops reading the username at the dot, so only user was
changed and the group remained as root. Properly use ':' instead of '.'
as the delimeter.
Fixes: a98239c "domoticz: update to 3.9571 and clean up FHS handling"
Signed-off-by: Eugenio Pérez <eupm90@gmail.com>
[add PKG_RELEASE bump, modify commit message, add Fixes line]
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Update to version 1.9.5
* Use upstream meson.build file, as they now support meson
* patch it locally to continue using static glib linking
* Disable numa, systemd and thermal functions via meson options
* Resurrect the patch to silence repetitive EINVAL warnings.
(patch was used with 1.9.3, but was not needed with 1.9.4)
Related discussion in upstream issue 336 and 349
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This option is required for the proxy to be transparent, and has been
supported since at least 2009. Description taken from upstream.
Signed-off-by: Xu Wang <xwang1498@gmx.com>
When building lxc's meson.build tries to infer
something for the target system out of the host
build OS. This isn't reproducible and can actually
fail on some OS' like NixOS.
The failure looked like this, early in the
building stage of lxc:
> ../../../../build_dir/target-aarch64_cortex-a53_musl/lxc-6.0.5/meson.build:166:8: ERROR: Problem encountered: "distrosysconfdir" is not set
The /etc/default seems to be something that is
derived on most host systems, so use that as the
explicit config.
This fixes building lxc on NixOS and similar.
This also makes the build more pure and
reproducible. Before this commit building the same
set of checkouts, same config would yield
different lxc artifacts on RedHat and Ubuntu.
It was probably harmless though.
This also removes inactive maintainer from the
Makefile.
Signed-off-by: Michal Kazior <michal@plume.com>
This release is needed in order to build against the 6.18 kernel.
Removed upstreamed: 020-gcc15.patch
Signed-off-by: John Audia <therealgraysky@proton.me>
This software seems no longer maintained.
The latest upstream commit is 11 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
- align the config option names
- re-order the configuration options
- add some help text
- drop obsolete notes regarding older PHP versions and obsolete CONFLICT
- remove (meanwhile) unrecognized configure options
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
New upstream release. Changelog:
appid: configurable midstream service discovery
appid: prefer QUIC client appid over SSL
appid: prevent out-of-bounds read in bootp option parsing
appid: prevent out-of-bounds read in sslv2 server-hello detection
control: refactor connection ownership model and improve thread safety
extractor: avoid reporting default values for missing SSL fields
file_api: coverity fix
flow: refactor dump_flows command to dump flow state in binary format
mime: fix compile issues
react: block flow when packets are not reset candidates
show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow
smtp: handle split CRLF in multi-line response parsing
ssl: ssl client hello event is published with empty hostname
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.10.2.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.24
Using Vectorscan version 5.4.12 2026-01-11
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.5.4 30 Sep 2025
Using PCRE2 version 10.47 2025-10-21
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
New upstream release. Changelog:
alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix
alert_json: add support for logging appid, thanks to ssam18 on GitHub for suggesting this change
appid: add check to avoid setting brute force state for pending sessions that are pruned
appid: allow out-of-order packet inspection in third-party engine
appid: check for Lua table errors during initialization and cleanup
appid: enable out-of-order inspection by default
appid: fix client process regex mapping logic
appid: fix eve process handler event debug logging
appid: fix setting global ssh ignore flag
appid: fix size check in TFTP service detector
appid: mDNS TXT records parsing and deviceinfo event generation
appid: prevent multiple out-of-bounds reads in ssl
build: address compilation warnings
build: fix Coverity warnings in related components
cmake: fix pkg-config path for libdir, thanks to brianmcgillion on GitHub for submitting a similar fix
decoder: adding encode function for TransbridgeCodec
dns: add fix infinite recursion vulnerability
file: use new EVP functions rather than deprecated SHA functions
flow: add logs to show different ways a flow can fail to create
ftp_telnet: fix coverity errors and improve cmd_len configurability
ftp_telnet: fix ftp_cmd_pipe_index handling
ftp_telnet: Handle malformed traffic in ftp to generate alert
hash: update hashes to use new EVP functions, thanks to
http_inspect: add urlencoded to content-type list
http_inspect: fix coverity error
iec104: fix IEC 104 SQ0 bounds checks by removing duplicate asdu_size_map entries and using IO_GROUP sizes, preventing out-of-bounds reads
iec104: validate Type I length to prevent ASDU out-of-bounds read
ips_options: fix cursor position for byte_extract
ips_options: reset PCRE rule counts on new configuration loaded
main: update dioctl daqSnort latency common change
mime: add unit tests for data fitting memory limit
mime: add unit tests for data over memory limit
mime: add unit tests for file logging
mime: fix mime boundary parsing
mime: ignore field collection if not configured
mime: implement content parsing of multipart/form_data
mime: improve form-data collection for incomplete boundaries
mime: leave room for null-character in case of size limit hit
mime: remove unused forward-declaration
mime: rename class field to comply with the style
mime: return error code if cannot add headers for logging
pub_sub: add is_urlencoded method
sip: fix out-of-bounds reads in sip_parse_sdp_m
smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns
smtp: usage of config cmds
snort2lua: fix failure in converting patterns containing commas
snort_ml: enable client body scanning by default
snort_ml: scan multipart form data
ssl: free certificate data if certificate length is 0
ssl: tls client hello check out of bounds fix
unified2: use proper API for obtaining VLAN ID from packet
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.10.1.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.24
Using Vectorscan version 5.4.12 2026-01-11
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.5.4 30 Sep 2025
Using PCRE2 version 10.47 2025-10-21
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
* rework DNS reporting: more reliable, more information (request type), better performance
* fixed minor issues
* readme update
* LuCI: added new DNS page (incl. Allowed/Blocked canvas)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes security issues:
- CVE-2025-13878: Malformed BRID and HHIT records could trigger an
assertion failure.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The last PR (https://github.com/openwrt/packages/pull/28370) missed
including two needed changes, and had a minor packaging Makefile
mistake.
The Zabbix Agent needs to drop privileges to the zabbix-agent user.
Similarly, if run as root (not the default), the Zabbix server needs to
drop privileges to the zabbix-server user.
There are also, in the Makefile, three instances of using BUILD_VARIANT
instead of VARIANT in package definitions.
So we fix those issues.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
The domains list which this script uses isn't
updated for 5 years. We can use adblock related
packages instead of this script, so let's drop this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
HOST BUILD ONLY
Update to 22.22.0
This is a security release.
Notable Changes
(CVE-2025-59465) add TLSSocket default error handler
(CVE-2025-55132) disable futimes when permission model is enabled
lib,permission:
(CVE-2025-55130) require full read and write to symlink APIs
src:
(CVE-2025-59466) rethrow stack overflow exceptions in async_hooks
src,lib:
(CVE-2025-55131) refactor unsafe buffer creation to remove zero-fill toggle
tls:
(CVE-2026-21637) route callback exceptions through error handlers
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
passlib is unmaintained since 2020 and a maintained fork called libpass,
which is a drop-in replacement (even using the passlib module name), is
now available. https://github.com/Kozea/Radicale/issues/1952 has more
information.
Therefore we remove the python-passlib package from this repo.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
This eliminates a dependency on the unmaintained passlib
(python3-passlib) package and add a dependency on libpass, a maintained
fork of passlib: https://github.com/Kozea/Radicale/pull/1953
In addition Radicale auth type 'autodetect' for `htpasswd` auth has
been improved by upstream.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
