Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2023-08-16T14:55:26+02:00https://gitlab.nic.cz/turris/os/packages/-/issues/287luajit: update to version 2.1.0-beta3-12023-08-16T14:55:26+02:00Jan Pavlinecluajit: update to version 2.1.0-beta3-1Update luajit to upstream version. This could enable build knot-resolver for Turris 1.x
(Related to https://github.com/LuaJIT/LuaJIT/issues/330)Update luajit to upstream version. This could enable build knot-resolver for Turris 1.x
(Related to https://github.com/LuaJIT/LuaJIT/issues/330)https://gitlab.nic.cz/turris/os/packages/-/issues/31Update Home Assistant2019-06-17T12:30:21+02:00Jan PavlinecUpdate Home AssistantUpdate Home AssistantUpdate Home Assistanthttps://gitlab.nic.cz/turris/os/packages/-/issues/32Update domoticz2019-07-08T15:26:16+02:00Jan PavlinecUpdate domoticzUpdate domoticzUpdate domoticzhttps://gitlab.nic.cz/turris/os/packages/-/issues/44Update Wireguard package2019-05-06T17:21:57+02:00Jan PavlinecUpdate Wireguard packageVersion in our branch does not work with last version https://github.com/CZ-NIC/turris-os/issues/55Version in our branch does not work with last version https://github.com/CZ-NIC/turris-os/issues/55https://gitlab.nic.cz/turris/os/packages/-/issues/53[Github Issue] utils/collectd: Update to the latest upstream state2019-11-04T11:04:11+01:00Jan Pavlinec[Github Issue] utils/collectd: Update to the latest upstream state---------
#### **DO NOT EDIT HERE!** Copy from https://github.com/CZ-NIC/turris-os-packages/issues/40
---------
* Update to the latest upstream state
* Enable [Write Prometheus](https://collectd.org/wiki/index.php/Plugin:Write_Prometheu...---------
#### **DO NOT EDIT HERE!** Copy from https://github.com/CZ-NIC/turris-os-packages/issues/40
---------
* Update to the latest upstream state
* Enable [Write Prometheus](https://collectd.org/wiki/index.php/Plugin:Write_Prometheus) plugin.https://gitlab.nic.cz/turris/os/packages/-/issues/25Bump net-snmp version2023-08-16T14:58:36+02:00Krzysztof KuleszaBump net-snmp versionPlease bump net-snmp version and compile it with modules ucd-snmp/lmsensorsMibPlease bump net-snmp version and compile it with modules ucd-snmp/lmsensorsMibTurris OS 3.11.21Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/123adblock: update to upstream version2019-05-06T17:21:59+02:00Jan Pavlinecadblock: update to upstream versionVersion from our package feed is probably breaking web interface see https://forum.turris.cz/t/webinterface-luci-foris-cannot-be-reached-anymore/5972Version from our package feed is probably breaking web interface see https://forum.turris.cz/t/webinterface-luci-foris-cannot-be-reached-anymore/5972Turris OS 3.10https://gitlab.nic.cz/turris/os/packages/-/issues/150python: Bump python3 and python to latest fixup2019-05-06T15:00:06+02:00Karel Kocipython: Bump python3 and python to latest fixupWe are two fixups back on our version of Python. We should update.We are two fixups back on our version of Python. We should update.Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/159dump1090: udpate to upstream version2019-05-06T17:21:57+02:00Jan Pavlinecdump1090: udpate to upstream versionProbably due to excessive dependencies the dump1090 is not built for Turris 1.x. The upstream version of the package depends only on the libpthread. That could solve the build problem.
Related forum thread:
https://forum.turris.cz/t/ins...Probably due to excessive dependencies the dump1090 is not built for Turris 1.x. The upstream version of the package depends only on the libpthread. That could solve the build problem.
Related forum thread:
https://forum.turris.cz/t/instalace-a-build-balicku-dump1090/6432
Upstream package:
https://github.com/openwrt/packages/blob/master/utils/dump1090/MakefileTurris OS 3.10.4Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/184nut: update to upstream version2018-11-02T11:03:06+01:00Jan Pavlinecnut: update to upstream versionOur version is missing upscmd utility, which is included in [upstream version](https://github.com/openwrt/packages/blob/master/net/nut/Makefile)
Related forum topic https://forum.turris.cz/t/turris-os-3-10-je-nyni-v-rc/6930/39Our version is missing upscmd utility, which is included in [upstream version](https://github.com/openwrt/packages/blob/master/net/nut/Makefile)
Related forum topic https://forum.turris.cz/t/turris-os-3-10-je-nyni-v-rc/6930/39Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/185https-dns-proxy: update to upstream version2023-08-16T14:58:22+02:00Josef Schlehoferhttps-dns-proxy: update to upstream versionThe version in our repository is outdated and should be updated to the latest version, which is available since 23.4.2018.
Here is a link to upstream package: https://github.com/openwrt/packages/tree/master/net/https-dns-proxyThe version in our repository is outdated and should be updated to the latest version, which is available since 23.4.2018.
Here is a link to upstream package: https://github.com/openwrt/packages/tree/master/net/https-dns-proxyJan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/190ddns-scripts: update to the latest version2019-05-06T17:21:58+02:00Josef Schlehoferddns-scripts: update to the latest versionHello,
with the recent LuCI update in Services → Dynamic DNS it says:
> The currently installed ‘ddns-scripts’ package did not support all available settings.
and from feedback from our users, which they gave us on [forum](https://fo...Hello,
with the recent LuCI update in Services → Dynamic DNS it says:
> The currently installed ‘ddns-scripts’ package did not support all available settings.
and from feedback from our users, which they gave us on [forum](https://forum.turris.cz/t/problems-configuring-ddns-with-turris-omnia-and-turris-os-3-10/7296/4) it's probably broken.
Anyway, they find the workaround to install [package](https://downloads.openwrt.org/snapshots/packages/x86_64/packages/ddns-scripts_2.7.7-5_all.ipk) directly from OpenWRT, but if somebody use no-ip,cloudflare, etc we would need to update also:
* ddns-scripts_cloudflare
* ddns-scripts_no-ip_comTurris OS 3.10.1Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/203nginx: update to the latest version2018-10-25T11:41:19+02:00Josef Schlehofernginx: update to the latest versionPackage name: **nginx**
Short description of the package: **Web server, which can be also used as a reverse proxy, load balancer, mail proxy and HTTP cache**
OpenWRT repository:
https://github.com/openwrt/packages/blob/master/net/n...Package name: **nginx**
Short description of the package: **Web server, which can be also used as a reverse proxy, load balancer, mail proxy and HTTP cache**
OpenWRT repository:
https://github.com/openwrt/packages/blob/master/net/nginx/
Upstream repository:
https://github.com/nginx/nginx
*Version information*
We have version: 1.10.1
OpenWRT has version: 1.14.0
Upstream has version: 1.15.1
Requested on our [forum](https://forum.turris.cz/t/requesting-new-packages-new-versions/4187/37?u=pepe).Turris OS 3.10.4Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/204transmission: update to the version 2.942018-10-25T11:50:10+02:00Josef Schlehofertransmission: update to the version 2.94Package name: **transmission**
Short description of the package: ** BitTorrent client **
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/transmission
Upstream repository:
https://github.com/transmission/...Package name: **transmission**
Short description of the package: ** BitTorrent client **
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/transmission
Upstream repository:
https://github.com/transmission/transmission
_Version information_
We have version: 2.93
OpenWRT and Upstream have version: 2.94
Requested on our [forum](https://forum.turris.cz/t/requesting-new-packages-new-versions/4187/43?u=pepe).Turris OS 3.10.4https://gitlab.nic.cz/turris/os/packages/-/issues/206lighttpd: update to the latest version2018-09-13T10:38:18+02:00Josef Schlehoferlighttpd: update to the latest versionPackage name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repo...Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repository:
https://github.com/lighttpd/lighttpd1.4
_Version information_
We have version: 1.4.47
Upstream and OpenWRT have version: 1.4.49Turris OS 3.11Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/186mdadm: update to the latest version2018-10-26T12:48:04+02:00Josef Schlehofermdadm: update to the latest versionPackage name: **mdadm**
Short description of package: **Tool for managing Soft RAID**
OpenWRT repository:
https://github.com/openwrt/openwrt/blob/master/package/utils/mdadm/Makefile
Upstream repository:
https://git.kernel.org/p...Package name: **mdadm**
Short description of package: **Tool for managing Soft RAID**
OpenWRT repository:
https://github.com/openwrt/openwrt/blob/master/package/utils/mdadm/Makefile
Upstream repository:
https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/
In our repository, there is version 3.2.5.
In OpenWRT repository, there is version 4.0.
Can we update it?Turris OS 3.11Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/220unbound version bump 1.8.12018-12-06T09:35:41+01:00Ghost Userunbound version bump 1.8.1Unbound 1.8.0 is available:
https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0.tar.gz
sha256 78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0.tar.gz.asc
With...Unbound 1.8.0 is available:
https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0.tar.gz
sha256 78f79d6d3b643fdcd74a14fc76542250da886c82f82bc55b51e189663d61b83f
pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0.tar.gz.asc
With pgp signatures
https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0-w32.zip.asc
https://nlnetlabs.nl/downloads/unbound/unbound-1.8.0.zip.asc
This release has a number of bug fixes, a list of features added and some defaults changed.
The defaults that are changed enable options that have been introduced in the past with an option that defaulted to off, but have proven to work, improve speed and resilience and we would now recommend to enable when configuring the server. Still the option exists if you want to manually specify the feature.
**New features** include options for unbound-control: auth_zone_reload, auth_zone_transfer.
New counters in the statistics output: num.queries.tls, num.query.subnet, num.query.subnet_cache.
**New options** in unbound.conf: dns64-ignore-aaaa, tcp-idle-timeout, edns-tcp-keepalive, edns-tcp-keepalive-timeout, tcp-connection-limit, stub-no-cache, forward-no-cache, log-servfail, log-local-actions, serve-expired-ttl, serve-expired-ttl-reset.
Commandline options -R (use direct queries) for unbound-anchor, -d (delay) for streamtcp. There is support for RR type SMIMEA. There is support for EDNS option EDNS KeepAlive.
The libunbound library has gone up an api version increment because one of the callback signatures has changed. New information is available to the callback, existing usage of the function could conceivable get an upgrade by ignoring the extra function call parameter. For python scripts, a similar situation, where new information has been made
available to the callback functions, in the form of extra function call parameters. This information is also available to module callbacks internally. For python the extra arguments functionality is used to extend the arguments. The extra information is connection information, exposing the client's IP address to the callback function and whether the query failed because of rate limiting.
There are a number of bug fixes for Qname minimisation, and a number of fixes for auth-zone functionality. And there has been a fix in the processing of dns64 negative cache entries and a fix about fallthrough in the view local-zone processing functionality.
**Features**
- unbound-control auth_zone_reload _zone_ option rereads the zonefile.
- unbound-control auth_zone_transfer _zone_ option starts the probe sequence for a master to transfer the zone from and transfers when a new zone version is available.
- num.queries.tls counter for queries over TLS.
- log port number with err_addr logs.
- dns64-ignore-aaaa: config option to list domain names for which the existing AAAA is ignored and dns64 processing is used on the A record.
- Fix #4112: Fix that unbound-anchor -f /etc/resolv.conf will not pass if DNSSEC is not enabled. New option -R allows fallback from resolv.conf to direct queries.
- Note RFC8162 support. SMIMEA record type can be read in by the zone record parser.
- Patches from Jim Hague (Sinodun) for EDNS KeepAlive.
- Add config tcp-idle-timeout (default 30s). This applies to client connections only; the timeout on TCP connections upstream is unaffected.
- Add edns-tcp-keepalive and edns-tcp-keepalive timeout options and implement option in client responses.
- Add delay parameter to streamtcp, -d secs. To be used when testing idle timeout.
- Expose if a query (or a subquery) was ratelimited (not src IP ratelimiting) to libunbound under 'ub_result.was_ratelimited'. This also introduces a change to 'ub_event_callback_type' in libunbound/unbound-event.h.
- Patch to implement tcp-connection-limit from Jim Hague (Sinodun). This limits the number of simultaneous TCP client connections from a nominated netblock.
- Fix #4142: unbound.service.in: improvements and fixes.
Add unit dependency ordering (based on systemd-resolved).
Add 'CAP_SYS_RESOURCE' to 'CapabilityBoundingSet' (fixes warnings about missing privileges during startup). Add 'AF_INET6' to 'RestrictAddressFamilies' (without it IPV6 can't work). From Guido Shanahan.
- unbound-checkconf checks if modules exist and prints if they are not compiled in the name of the wrong module.
- Patch for stub-no-cache and forward-no-cache options that disable caching for the contents of that stub or forward, for when you want immediate changes visible, from Bjoern A. Zeeb.
- Upgraded crosscompile script to include libunbound DLL in the zipfile.
- Set libunbound to increase current, because the libunbound change to the event callback function signature. That needs programs, that use it, to recompile against the new header definition.
- log-servfail: yes prints log lines that say why queries are returning SERVFAIL to clients.
- log-local-actions: yes option for unbound.conf that logs all the local zone actions, a patch from Saksham Manchanda (Secure64).
- #4146: num.query.subnet and num.query.subnet_cache counters.
- #4140: Expose repinfo (comm_reply) to the inplace_callbacks. This gives access to reply information for the client's communication point when the callback is called before the mesh state (modules). Changes to C and Python's inplace_callback signatures were also necessary.
- Set defaults to yes for a number of options to increase speed and resilience of the server. The so-reuseport, harden-below-nxdomain, and minimal-responses options are enabled by default. They used to be disabled by default, waiting to make sure they worked. They are enabled by default now, and can be disabled explicitly by setting them to "no" in the unbound.conf config file. The reuseport and minimal options increases speed of the server, and should be otherwise harmless. The harden-below-nxdomain option works well together with the recently default enabled qname minimisation, this causes more fetches to use information from the cache.
- Added serve-expired-ttl and serve-expired-ttl-reset options.
**Bug Fixes**
- Windows example service.conf edited with more windows specific configuration.
- #4108: systemd reload hang fix.
- Fix usage printout for unbound-host, hostname has to be last argument on BSDs and Windows.
- Partial fix for permission denied on IPv6 address on FreeBSD.
- Fix that auth-zone master reply with current SOA serial does not stop scan of masters for an updated zone.
- Fix that auth-zone does not start the wait timer without checking if the wait timer has already been started.
- #4109: Fix that package config depends on python unconditionally.
- Patch, do not export python from pkg-config, from Petr Menšík.
- Fix checking for libhiredis printout in configure output.
- Fix typo on man page in ip-address description.
- Update libunbound/python/examples/dnssec_test.py example code to also set the 20326 trust anchor for the root in the example code.
- Better documentation for unblock-lan-zones and insecure-lan-zones config statements.
- Fix permission denied printed for auth zone probe random port nrs.
- Fix documentation ambiguity for tls-win-cert in tls-upstream and forward-tls-upstream docs.
- iana port update.
- Fix round robin for failed addresses with prefer-ip6: yes
- Note in documentation that the *cert name match code needs OpenSSL 1.1.0 or later to be enabled*.
- Fix to improve systemd socket activation code file descriptor assignment.
- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more easily changed to adjust default rtt assumptions.
- Fix #4127 unbound -h does not list -p help.
- Print error if SSL name verification configured but not available in the ssl library.
- Fix that ratelimit and ip-ratelimit are applied after reload of changed config file.
- Resize ratelimit and ip-ratelimit caches if changed on reload.
- Fix #4129 unbound-control error message with wrong cert permissions is too cryptic.
- Fix #4130: print text describing -dd and unbound-checkconf on config file read error at startup, the errors may have been moved away by the startup process.
- Fix #4131: for solaris, error YY_CURRENT_BUFFER undeclared.
- Fix use-systemd readiness signalling, only when use-systemd is yes and not in signal handler.
- Fix #4135: 64-bit Windows Installer Creates Entries Under The Wrong Registry Key, reported by Brian White.
- Fix man page, say that chroot is enabled by default.
- Sort out test runs when the build directory isn't the project root directory.
- Error if EDNS Keepalive received over UDP.
- Correct and expand manual page entries for keepalive and idle timeout.
- Implement progressive backoff of TCP idle/keepalive timeout.
- Fix 'make depend' to work when build dir is not project root.
- Fix #4139: Fix unbound-host leaks memory on ANY.
- Fix to remove systemd sockaddr function check, that is not always present. Make socket activation more lenient. But not
different when socket activation is not used.
- Fix #4136: insufficiency from mismatch of FLEX capability between released tarball and build host. Fix to unconditionally call destroy in daemon.c.
- Make capsforid fallback QNAME minimisation aware.
- document --enable-subnet in doc/README.
- Fix #4144: dns64 module caches wrong (negative) information.
- Fix that printout of error for cycle targets is a verbosity 4 printout and does not wrongly print it is a memory error.
- Fix segfault in auth-zone read and reorder of RRSIGs.
- Fix contrib/fastrpz.patch.
- Fix warning on compile without threads.
- print servfail info to log as error.
- added more servfail printout statements, to the iterator.
- Fix classification for QTYPE=CNAME queries when QNAME minimisation is enabled.
- Fix only misc failure from log-servfail when val-log-level is not enabled.
- Fix lintflags for lint on FreeBSD.
- Fix that a local-zone with a local-zone-type that is transparent in a view with view-first, makes queries check for answers from the local-zones defined outside of views.Turris OS 3.11Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/213update OpenSSL to 1.1.1 for applications (unbound) being reliant on it2019-05-06T13:57:06+02:00Ghost Userupdate OpenSSL to 1.1.1 for applications (unbound) being reliant on ithttps://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658#c16
> Do you have openssl 1.1.x? **Without that the SSL_set1_host call is not available, and unbound does not do verification**. This is detected at configure time, though.
> Yo...https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658#c16
> Do you have openssl 1.1.x? **Without that the SSL_set1_host call is not available, and unbound does not do verification**. This is detected at configure time, though.
> You can see what openssl is linked with unbound with unbound -h
---
`unbound -h`
> Version 1.7.3
> linked libs: pluggable-event internal (it uses select), **OpenSSL 1.0.2o** 27 Mar 2018Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/215update wireguard to upstream version 0.0.201808092018-09-20T15:06:40+02:00Ghost Userupdate wireguard to upstream version 0.0.20180809Whilst the month old commit https://gitlab.labs.nic.cz/turris/openwrt/commit/265c4d4eb4c86f954501095e0e3d03e02ab27947 is not yet even merged to the test branch the upstream package https://github.com/lede-project/source/tree/master/packa...Whilst the month old commit https://gitlab.labs.nic.cz/turris/openwrt/commit/265c4d4eb4c86f954501095e0e3d03e02ab27947 is not yet even merged to the test branch the upstream package https://github.com/lede-project/source/tree/master/package/network/services/wireguard | https://github.com/openwrt/openwrt/tree/master/package/network/services/wireguard has meantime been bumped to version 0.0.20180809Turris OS 3.10.6https://gitlab.nic.cz/turris/os/packages/-/issues/218shadowsocks-libev: update to version 3.2.02023-08-16T14:58:20+02:00Josef Schlehofershadowsocks-libev: update to version 3.2.0Package name: **shadowsocks-libev**
Short description of the package: **lightweight implementation of shadowsocks protocol**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/shadowsocks-libev
Upstream repos...Package name: **shadowsocks-libev**
Short description of the package: **lightweight implementation of shadowsocks protocol**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/shadowsocks-libev
Upstream repository:
https://github.com/shadowsocks/shadowsocks-libev/
_Version information_
We have version: 2.2.3.
Upstream and OpenWRT have version: 3.2.0
Dependencies:
* [x] libcares
We have version: 1.11.0
Upstream and OpenWRT have version: 1.14.0 ( https://github.com/openwrt/packages/blob/master/libs/c-ares/Makefile )
* [x] libev
We have version: 4.22
Upstream and OpenWRT have version: 4.22 ( https://github.com/openwrt/packages/blob/master/libs/libev/Makefile )
* [x] libpcre (commit in dev branch: https://gitlab.labs.nic.cz/turris/turris-os-packages/commit/57fb7f173d90ea6b299599a00b705b06b923915f)
We have version: 8.41
Upstream and OpenWRT have version: 8.42 ( https://github.com/openwrt/packages/blob/master/libs/pcre/Makefile )
* [ ] libpthread
We have version: 1.1.15
Upstream and OpenWRT have version:
* [x] libsodium
We have version: 1.0.10
Upstream and OpenWRT have version: 1.0.16 ( https://github.com/openwrt/packages/tree/master/libs/libsodium )
* [x] libmbedtls (commit in dev branch: https://gitlab.labs.nic.cz/turris/openwrt/commit/70303e1c8cb9b4734bb02479fb952078ffc14ff2)https://gitlab.nic.cz/turris/os/packages/-/issues/222[Package request] luci-app-nut so NUT can be easily configured2018-10-28T00:30:38+02:00Ghost User[Package request] luci-app-nut so NUT can be easily configuredThe NUT packages need to be configured using uci but luci-app-nut can make configuration easier
https://git.openwrt.org/?p=project/luci.git;a=tree;f=applications/luci-app-nutThe NUT packages need to be configured using uci but luci-app-nut can make configuration easier
https://git.openwrt.org/?p=project/luci.git;a=tree;f=applications/luci-app-nutTurris OS 3.11https://gitlab.nic.cz/turris/os/packages/-/issues/224Request for update of sqm-scripts and kmd-sched-cake2020-01-06T12:47:47+01:00moeller0Request for update of sqm-scripts and kmd-sched-cakehttps://gitlab.nic.cz/turris/os/packages/-/issues/260update hostapd/wpad/wpad-mesh to current OpenWRT version 2018-04-09-fa617ee6-52019-06-05T19:07:13+02:00Ghost Userupdate hostapd/wpad/wpad-mesh to current OpenWRT version 2018-04-09-fa617ee6-5The current package version 2016-12-19-8 in the TO repo is almost 2 years of age and since then there are various updates/fixes pushed in the OpenWRT repo.
https://openwrt.org/packages/pkgdata/hostapdThe current package version 2016-12-19-8 in the TO repo is almost 2 years of age and since then there are various updates/fixes pushed in the OpenWRT repo.
https://openwrt.org/packages/pkgdata/hostapdhttps://gitlab.nic.cz/turris/os/packages/-/issues/325lighttpd: update to version 1.4.532020-01-04T23:32:06+01:00Josef Schlehoferlighttpd: update to version 1.4.53Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repo...Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repository:
https://github.com/lighttpd/lighttpd1.4
_Version information_
We have version: 1.4.50
OpenWrt has version: 1.4.49
Upstream has version: 1.4.53
Quite interesting changes between 1.4.50 and 1.4.53 are:
* TLS-ALPN-01
* security fixes
* support for WolfSSLTurris OS 4.0https://gitlab.nic.cz/turris/os/packages/-/issues/327netdata: update to version 1.12.02019-02-17T23:32:39+01:00Josef Schlehofernetdata: update to version 1.12.0Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/333syslog-ng: update to version 3.20.12023-08-16T14:49:21+02:00Josef Schlehofersyslog-ng: update to version 3.20.1Pull request for upstream: https://github.com/openwrt/packages/pull/8335Pull request for upstream: https://github.com/openwrt/packages/pull/8335Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/401[unbound] Fix that auth zone uses correct network type for sockets for2019-06-17T12:30:21+02:00Ghost User[unbound] Fix that auth zone uses correct network type for sockets for{"kernel":"4.14.113","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"armada-385-turris-omnia","release":{"distribution":"TurrisOS","version":"4.0-beta1","revision":"0663455801","target":"mvebu/...{"kernel":"4.14.113","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"armada-385-turris-omnia","release":{"distribution":"TurrisOS","version":"4.0-beta1","revision":"0663455801","target":"mvebu/cortexa9","description":"TurrisOS 4.0-beta1 0663455801"}}
___
To my understanding `unbound` package feed is provided by TO and not upstream https://repo.turris.cz/hbs/omnia/packages/turrispackages/ and thus would appreciate if `unbound` could be patched for this issue [no fallback to ipv4 for auth-zone if node's ipv6 upstream connectivity is not available](https://github.com/NLnetLabs/unbound/issues/35)
Source development is citing this patch as potential cure https://github.com/NLnetLabs/unbound/commit/474afc9016d34a98537a97cc94e14d329c7d8aebhttps://gitlab.nic.cz/turris/os/packages/-/issues/412Update python3-idna2019-08-14T16:35:27+02:00Vojtech MyslivecUpdate python3-idna`python3-requests` version *2.21.0* (currently in *TOS 3.11.5-rc2*) needs `python3-idna` at least *2.5* and no more than *2.9* (appropriate [setup.py definition](https://github.com/kennethreitz/requests/blob/v2.21.0/setup.py#L46)), howev...`python3-requests` version *2.21.0* (currently in *TOS 3.11.5-rc2*) needs `python3-idna` at least *2.5* and no more than *2.9* (appropriate [setup.py definition](https://github.com/kennethreitz/requests/blob/v2.21.0/setup.py#L46)), however we have `python3-idna` version only *2.1* available
It would be probably the same for python2.
We need `requests` for turris/sentinel/certgen>
Could you @jschlehofer look at it please?Turris OS 3.11.6https://gitlab.nic.cz/turris/os/packages/-/issues/418[unbound] version bump 1.9.22023-08-16T14:55:21+02:00Ghost User[unbound] version bump 1.9.2expected to patch https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/401
> Unbound 1.9.2 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2.tar.gz
> sha256 6f7acec5cf451277fcda31729886ae7dd62537c4f506855...expected to patch https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/401
> Unbound 1.9.2 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2.tar.gz
> sha256 6f7acec5cf451277fcda31729886ae7dd62537c4f506855603e3aa153fcb6b95
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2.tar.gz.asc
>
>
> This release contains a number of bug fixes for crashes introduced in
> 1.9, session ticket code, stream pipeline code, auth zone code and it
> also fixes qname minimisation packet scrub failures.
>
> There is a new python module example. This is an example of a module
> that is loaded into unbound that changes DNS messages, and how Unbound
> processes them. The example resolves records in multicast DNS, with Avahi.
>
> AXFR over TLS is supported. This uses TLS to connect to the master and
> download the AXFR or IXFR. Enable by loading certificates (just like
> for other DNS over TLS), and syntax like master: "ip#authname" in
> unbound.conf for the auth-zone where you want to use this.
>
>
> Features
> - add type CAA to libpyunbound (accessing libunbound from python).
> - Fix #17: Add python module example from Jan Janak, that is a
> plugin for the Unbound DNS resolver to resolve DNS records in
> multicast DNS [RFC 6762] via Avahi. The plugin communicates
> with Avahi via DBus. The comment section at the beginning of
> the file contains detailed documentation.
> - travis build file.
> - PR #16: XoT support, AXFR over TLS, turn it on with
> master: <ip>#<authname> in unbound.conf. This uses TLS to
> download the AXFR (or IXFR).
>
> Bug Fixes
> - Fix for #4233: guard use of NDEBUG, so that it can be passed in
> CFLAGS into configure.
> - Add log message, at verbosity 4, that says the query is encrypted
> with TLS, if that is enabled for the query.
> - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
> - Fix #4240: Fix whitespace cleanup in example.conf.
> - Fix that tls-session-ticket-keys: "" on its own in unbound.conf
> disables the tls session ticker key calls into the OpenSSL API.
> - Fix crash if tls-servic-pem not filled in when necessary.
> - Fix auth-zone NSEC3 response for empty nonterminals with exact
> match nsec3 records.
> - Fix for out of bounds integers, thanks to OSTIF audit. It is in
> allocation debug code.
> - Fix for auth zone nsec3 ent fix for wildcard nodata.
> - Move goto label in answer_from_cache to the end of the function
> where it is more visible.
> - Fix auth-zone NSEC3 response for wildcard nodata answers,
> include the closest encloser in the answer.
> - Fix spelling error in log output for event method.
> - Fix to reinit event structure for accepted TCP (and TLS) sockets.
> - Fix to use event_assign with libevent for thread-safety.
> - verbose information about auth zone lookup process, also lookup
> start, timeout and fail.
> - Fix to wipe ssl ticket keys from memory with explicit_bzero,
> if available.
> - Fix that auth zone uses correct network type for sockets for
> SOA serial probes. This fixes that probes fail because earlier
> probe addresses are unreachable.
> - Fix that auth zone fails over to next master for timeout in tcp.
> - Squelch SSL read and write connection reset by peer and broken pipe
> messages. Verbosity 2 and higher enables them.
> - Update python documentation for init_standard().
> - Typos.
> - Fix tls write event for read state change to re-call SSL_write and
> not resume the TLS handshake.
> - Better braces in if statement in TCP fastopen code.
> - iana portlist updated.
> - Scrub RRs from answer section when reusing NXDOMAIN message for
> subdomain answers.
> - For harden-below-nxdomain: do not consider a name to be non-exitent
> when message contains a CNAME record.
> - Fix wrong query name in local zone redirect answers with a CNAME,
> the copy of the local alias is in unpacked form.
> - contrib/fastrpz.patch updated for code changes, and with git diff.
> - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
> - Fix #30: AddressSanitizer finding in lookup3.c. This sets the
> hash function to use a slower but better auditable code that does
> not read beyond array boundaries. This makes code better security
> checkable, and is better for security. It is fixed to be slower,
> but not read outside of the array.
> - Fix edns-subnet locks, in error cases the lock was not unlocked.
> - Fix doxygen output error on readme markdown vignettes.
> - Squelch log messages from tcp send about connection reset by peer.
> They can be enabled with verbosity at higher values for diagnosing
> network connectivity issues.
> - Attempt to fix malformed tcp response.
> - Fix #31: swig 4.0 and python module.
> - Note that so-reuseport at extreme load is better turned off,
> otherwise queries are not distributed evenly, on Linux 4.4.x.
> - Fix that spoolbuf is not used to store tcp pipelined response
> between mesh send and callback end.
> - Fix double file close in tcp pipelined response code.
> - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
> - Fix to guard _OPENBSD_SOURCE from redefinition.
> - Fix that fixes the Fix that spoolbuf is not used to store tcp
> pipelined response between mesh send and callback end, this fixes
> error cases that did not use the correct spoolbuf.
> - Fix that fixes the Fix that spoolbuf is not used to store tcp
> pipelined response between mesh send and callback end, this fixes
> error cases that did not use the correct spoolbuf.
> - Fix another spoolbuf storage code point, in prefetch.https://gitlab.nic.cz/turris/os/packages/-/issues/431Update mariadb to at least version in test in master2023-08-16T14:42:15+02:00Karel KociUpdate mariadb to at least version in test in masterCurrently in master we have older version of MariaDB than in test. This causes problems if users migrate their instance from TOS 3.x to 4.0+. It won't downgrade database and so it is not possible to use such database.
Effectively this b...Currently in master we have older version of MariaDB than in test. This causes problems if users migrate their instance from TOS 3.x to 4.0+. It won't downgrade database and so it is not possible to use such database.
Effectively this breaks Nextcloud primarily.
Anyway we should update that. Upstream has never version by now.Turris OS 4.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/469[unbound] version bump 1.9.32019-09-01T19:11:44+02:00Ghost User[unbound] version bump 1.9.3https://github.com/NLnetLabs/unbound/releases/tag/release-1.9.3
Appreciate if
> `ipset module`, that helps add ip-addresses that are looked up in a domain to a firewall
ip-address filter. Needs libmnl, and --enable-ipset
Would be com...https://github.com/NLnetLabs/unbound/releases/tag/release-1.9.3
Appreciate if
> `ipset module`, that helps add ip-addresses that are looked up in a domain to a firewall
ip-address filter. Needs libmnl, and --enable-ipset
Would be compiled in.https://gitlab.nic.cz/turris/os/packages/-/issues/514[cronie] version bump 1.5.52023-08-16T14:57:01+02:00Ghost User[cronie] version bump 1.5.5https://github.com/cronie-crond/cronie/releases/tag/cronie-1.5.5
>Release 1.5.5
>
> Explicitly validate upper end of range and step to disallow entries such as: 1-234/5678 * * * * ....
> crond: Report missing newline befo...https://github.com/cronie-crond/cronie/releases/tag/cronie-1.5.5
>Release 1.5.5
>
> Explicitly validate upper end of range and step to disallow entries such as: 1-234/5678 * * * * ....
> crond: Report missing newline before EOF in syslog so the line is not completely silently ignored.
> crontab -l colors comment lines in a different color.
> crond: Revert "Avoid creating pid files when crond doesn't fork".
> anacron is built by default.
> Use non-recursive build.
> cronnext: Allow to optionally select jobs by substring .https://gitlab.nic.cz/turris/os/packages/-/issues/532Update Nextcloud to version 16.0.72020-01-13T10:42:57+01:00Josef SchlehoferUpdate Nextcloud to version 16.0.7Update it to the latest version of 16.xx to ensure smooth migration from 16.xx to 17.xx.Update it to the latest version of 16.xx to ensure smooth migration from 16.xx to 17.xx.Turris OS 4.0.5https://gitlab.nic.cz/turris/os/packages/-/issues/533Update mariadb to version 10.4.112020-01-11T22:34:08+01:00Josef SchlehoferUpdate mariadb to version 10.4.11Turris OS 4.0.5https://gitlab.nic.cz/turris/os/packages/-/issues/555Tvheadend should run with "hts" user instead of root2021-09-27T15:38:42+02:00Josef SchlehoferTvheadend should run with "hts" user instead of rootTurris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/646unbound version bump 1.11.02023-08-16T14:54:53+02:00Ghost Userunbound version bump 1.11.0please consider updating upon source release https://github.com/NLnetLabs/unbound/releases/tag/release-1.11.0please consider updating upon source release https://github.com/NLnetLabs/unbound/releases/tag/release-1.11.0Turris OS 5.1Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/941update foris-controller to version 5.5.32024-02-09T10:54:58+01:00Filip Hronupdate foris-controller to version 5.5.3related https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/issues/274
Please update `foris-controller`to latest tag https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/tags/v5.5.3
regards!related https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/issues/274
Please update `foris-controller`to latest tag https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/tags/v5.5.3
regards!Turris OS 7.0Richard MuzikRichard Muzik