Turris OS packages issueshttps://gitlab.nic.cz/turris/os/packages/-/issues2019-09-01T19:11:44+02:00https://gitlab.nic.cz/turris/os/packages/-/issues/469[unbound] version bump 1.9.32019-09-01T19:11:44+02:00Ghost User[unbound] version bump 1.9.3https://github.com/NLnetLabs/unbound/releases/tag/release-1.9.3
Appreciate if
> `ipset module`, that helps add ip-addresses that are looked up in a domain to a firewall
ip-address filter. Needs libmnl, and --enable-ipset
Would be com...https://github.com/NLnetLabs/unbound/releases/tag/release-1.9.3
Appreciate if
> `ipset module`, that helps add ip-addresses that are looked up in a domain to a firewall
ip-address filter. Needs libmnl, and --enable-ipset
Would be compiled in.https://gitlab.nic.cz/turris/os/packages/-/issues/53[Github Issue] utils/collectd: Update to the latest upstream state2019-11-04T11:04:11+01:00Jan Pavlinec[Github Issue] utils/collectd: Update to the latest upstream state---------
#### **DO NOT EDIT HERE!** Copy from https://github.com/CZ-NIC/turris-os-packages/issues/40
---------
* Update to the latest upstream state
* Enable [Write Prometheus](https://collectd.org/wiki/index.php/Plugin:Write_Prometheu...---------
#### **DO NOT EDIT HERE!** Copy from https://github.com/CZ-NIC/turris-os-packages/issues/40
---------
* Update to the latest upstream state
* Enable [Write Prometheus](https://collectd.org/wiki/index.php/Plugin:Write_Prometheus) plugin.https://gitlab.nic.cz/turris/os/packages/-/issues/325lighttpd: update to version 1.4.532020-01-04T23:32:06+01:00Josef Schlehoferlighttpd: update to version 1.4.53Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repo...Package name: **lighttpd**
Short description of the package: **open-source web server - security, speed, compliance, and flexibility**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/lighttpd
Upstream repository:
https://github.com/lighttpd/lighttpd1.4
_Version information_
We have version: 1.4.50
OpenWrt has version: 1.4.49
Upstream has version: 1.4.53
Quite interesting changes between 1.4.50 and 1.4.53 are:
* TLS-ALPN-01
* security fixes
* support for WolfSSLTurris OS 4.0https://gitlab.nic.cz/turris/os/packages/-/issues/224Request for update of sqm-scripts and kmd-sched-cake2020-01-06T12:47:47+01:00moeller0Request for update of sqm-scripts and kmd-sched-cakehttps://gitlab.nic.cz/turris/os/packages/-/issues/533Update mariadb to version 10.4.112020-01-11T22:34:08+01:00Josef SchlehoferUpdate mariadb to version 10.4.11Turris OS 4.0.5https://gitlab.nic.cz/turris/os/packages/-/issues/532Update Nextcloud to version 16.0.72020-01-13T10:42:57+01:00Josef SchlehoferUpdate Nextcloud to version 16.0.7Update it to the latest version of 16.xx to ensure smooth migration from 16.xx to 17.xx.Update it to the latest version of 16.xx to ensure smooth migration from 16.xx to 17.xx.Turris OS 4.0.5https://gitlab.nic.cz/turris/os/packages/-/issues/555Tvheadend should run with "hts" user instead of root2021-09-27T15:38:42+02:00Josef SchlehoferTvheadend should run with "hts" user instead of rootTurris OS 6.0https://gitlab.nic.cz/turris/os/packages/-/issues/431Update mariadb to at least version in test in master2023-08-16T14:42:15+02:00Karel KociUpdate mariadb to at least version in test in masterCurrently in master we have older version of MariaDB than in test. This causes problems if users migrate their instance from TOS 3.x to 4.0+. It won't downgrade database and so it is not possible to use such database.
Effectively this b...Currently in master we have older version of MariaDB than in test. This causes problems if users migrate their instance from TOS 3.x to 4.0+. It won't downgrade database and so it is not possible to use such database.
Effectively this breaks Nextcloud primarily.
Anyway we should update that. Upstream has never version by now.Turris OS 4.0Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/packages/-/issues/333syslog-ng: update to version 3.20.12023-08-16T14:49:21+02:00Josef Schlehofersyslog-ng: update to version 3.20.1Pull request for upstream: https://github.com/openwrt/packages/pull/8335Pull request for upstream: https://github.com/openwrt/packages/pull/8335Turris OS 3.11.3https://gitlab.nic.cz/turris/os/packages/-/issues/646unbound version bump 1.11.02023-08-16T14:54:53+02:00Ghost Userunbound version bump 1.11.0please consider updating upon source release https://github.com/NLnetLabs/unbound/releases/tag/release-1.11.0please consider updating upon source release https://github.com/NLnetLabs/unbound/releases/tag/release-1.11.0Turris OS 5.1Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/418[unbound] version bump 1.9.22023-08-16T14:55:21+02:00Ghost User[unbound] version bump 1.9.2expected to patch https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/401
> Unbound 1.9.2 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2.tar.gz
> sha256 6f7acec5cf451277fcda31729886ae7dd62537c4f506855...expected to patch https://gitlab.labs.nic.cz/turris/turris-os-packages/issues/401
> Unbound 1.9.2 is available:
> https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2.tar.gz
> sha256 6f7acec5cf451277fcda31729886ae7dd62537c4f506855603e3aa153fcb6b95
> pgp https://nlnetlabs.nl/downloads/unbound/unbound-1.9.2.tar.gz.asc
>
>
> This release contains a number of bug fixes for crashes introduced in
> 1.9, session ticket code, stream pipeline code, auth zone code and it
> also fixes qname minimisation packet scrub failures.
>
> There is a new python module example. This is an example of a module
> that is loaded into unbound that changes DNS messages, and how Unbound
> processes them. The example resolves records in multicast DNS, with Avahi.
>
> AXFR over TLS is supported. This uses TLS to connect to the master and
> download the AXFR or IXFR. Enable by loading certificates (just like
> for other DNS over TLS), and syntax like master: "ip#authname" in
> unbound.conf for the auth-zone where you want to use this.
>
>
> Features
> - add type CAA to libpyunbound (accessing libunbound from python).
> - Fix #17: Add python module example from Jan Janak, that is a
> plugin for the Unbound DNS resolver to resolve DNS records in
> multicast DNS [RFC 6762] via Avahi. The plugin communicates
> with Avahi via DBus. The comment section at the beginning of
> the file contains detailed documentation.
> - travis build file.
> - PR #16: XoT support, AXFR over TLS, turn it on with
> master: <ip>#<authname> in unbound.conf. This uses TLS to
> download the AXFR (or IXFR).
>
> Bug Fixes
> - Fix for #4233: guard use of NDEBUG, so that it can be passed in
> CFLAGS into configure.
> - Add log message, at verbosity 4, that says the query is encrypted
> with TLS, if that is enabled for the query.
> - Fix #4239: set NOTIMPL when deny-any is enabled, for RFC8482.
> - Fix #4240: Fix whitespace cleanup in example.conf.
> - Fix that tls-session-ticket-keys: "" on its own in unbound.conf
> disables the tls session ticker key calls into the OpenSSL API.
> - Fix crash if tls-servic-pem not filled in when necessary.
> - Fix auth-zone NSEC3 response for empty nonterminals with exact
> match nsec3 records.
> - Fix for out of bounds integers, thanks to OSTIF audit. It is in
> allocation debug code.
> - Fix for auth zone nsec3 ent fix for wildcard nodata.
> - Move goto label in answer_from_cache to the end of the function
> where it is more visible.
> - Fix auth-zone NSEC3 response for wildcard nodata answers,
> include the closest encloser in the answer.
> - Fix spelling error in log output for event method.
> - Fix to reinit event structure for accepted TCP (and TLS) sockets.
> - Fix to use event_assign with libevent for thread-safety.
> - verbose information about auth zone lookup process, also lookup
> start, timeout and fail.
> - Fix to wipe ssl ticket keys from memory with explicit_bzero,
> if available.
> - Fix that auth zone uses correct network type for sockets for
> SOA serial probes. This fixes that probes fail because earlier
> probe addresses are unreachable.
> - Fix that auth zone fails over to next master for timeout in tcp.
> - Squelch SSL read and write connection reset by peer and broken pipe
> messages. Verbosity 2 and higher enables them.
> - Update python documentation for init_standard().
> - Typos.
> - Fix tls write event for read state change to re-call SSL_write and
> not resume the TLS handshake.
> - Better braces in if statement in TCP fastopen code.
> - iana portlist updated.
> - Scrub RRs from answer section when reusing NXDOMAIN message for
> subdomain answers.
> - For harden-below-nxdomain: do not consider a name to be non-exitent
> when message contains a CNAME record.
> - Fix wrong query name in local zone redirect answers with a CNAME,
> the copy of the local alias is in unpacked form.
> - contrib/fastrpz.patch updated for code changes, and with git diff.
> - Fix #29: Solaris 11.3 and missing symbols be64toh, htobe64.
> - Fix #30: AddressSanitizer finding in lookup3.c. This sets the
> hash function to use a slower but better auditable code that does
> not read beyond array boundaries. This makes code better security
> checkable, and is better for security. It is fixed to be slower,
> but not read outside of the array.
> - Fix edns-subnet locks, in error cases the lock was not unlocked.
> - Fix doxygen output error on readme markdown vignettes.
> - Squelch log messages from tcp send about connection reset by peer.
> They can be enabled with verbosity at higher values for diagnosing
> network connectivity issues.
> - Attempt to fix malformed tcp response.
> - Fix #31: swig 4.0 and python module.
> - Note that so-reuseport at extreme load is better turned off,
> otherwise queries are not distributed evenly, on Linux 4.4.x.
> - Fix that spoolbuf is not used to store tcp pipelined response
> between mesh send and callback end.
> - Fix double file close in tcp pipelined response code.
> - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD.
> - Fix to guard _OPENBSD_SOURCE from redefinition.
> - Fix that fixes the Fix that spoolbuf is not used to store tcp
> pipelined response between mesh send and callback end, this fixes
> error cases that did not use the correct spoolbuf.
> - Fix that fixes the Fix that spoolbuf is not used to store tcp
> pipelined response between mesh send and callback end, this fixes
> error cases that did not use the correct spoolbuf.
> - Fix another spoolbuf storage code point, in prefetch.https://gitlab.nic.cz/turris/os/packages/-/issues/287luajit: update to version 2.1.0-beta3-12023-08-16T14:55:26+02:00Jan Pavlinecluajit: update to version 2.1.0-beta3-1Update luajit to upstream version. This could enable build knot-resolver for Turris 1.x
(Related to https://github.com/LuaJIT/LuaJIT/issues/330)Update luajit to upstream version. This could enable build knot-resolver for Turris 1.x
(Related to https://github.com/LuaJIT/LuaJIT/issues/330)https://gitlab.nic.cz/turris/os/packages/-/issues/514[cronie] version bump 1.5.52023-08-16T14:57:01+02:00Ghost User[cronie] version bump 1.5.5https://github.com/cronie-crond/cronie/releases/tag/cronie-1.5.5
>Release 1.5.5
>
> Explicitly validate upper end of range and step to disallow entries such as: 1-234/5678 * * * * ....
> crond: Report missing newline befo...https://github.com/cronie-crond/cronie/releases/tag/cronie-1.5.5
>Release 1.5.5
>
> Explicitly validate upper end of range and step to disallow entries such as: 1-234/5678 * * * * ....
> crond: Report missing newline before EOF in syslog so the line is not completely silently ignored.
> crontab -l colors comment lines in a different color.
> crond: Revert "Avoid creating pid files when crond doesn't fork".
> anacron is built by default.
> Use non-recursive build.
> cronnext: Allow to optionally select jobs by substring .https://gitlab.nic.cz/turris/os/packages/-/issues/218shadowsocks-libev: update to version 3.2.02023-08-16T14:58:20+02:00Josef Schlehofershadowsocks-libev: update to version 3.2.0Package name: **shadowsocks-libev**
Short description of the package: **lightweight implementation of shadowsocks protocol**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/shadowsocks-libev
Upstream repos...Package name: **shadowsocks-libev**
Short description of the package: **lightweight implementation of shadowsocks protocol**
OpenWRT repository:
https://github.com/openwrt/packages/tree/master/net/shadowsocks-libev
Upstream repository:
https://github.com/shadowsocks/shadowsocks-libev/
_Version information_
We have version: 2.2.3.
Upstream and OpenWRT have version: 3.2.0
Dependencies:
* [x] libcares
We have version: 1.11.0
Upstream and OpenWRT have version: 1.14.0 ( https://github.com/openwrt/packages/blob/master/libs/c-ares/Makefile )
* [x] libev
We have version: 4.22
Upstream and OpenWRT have version: 4.22 ( https://github.com/openwrt/packages/blob/master/libs/libev/Makefile )
* [x] libpcre (commit in dev branch: https://gitlab.labs.nic.cz/turris/turris-os-packages/commit/57fb7f173d90ea6b299599a00b705b06b923915f)
We have version: 8.41
Upstream and OpenWRT have version: 8.42 ( https://github.com/openwrt/packages/blob/master/libs/pcre/Makefile )
* [ ] libpthread
We have version: 1.1.15
Upstream and OpenWRT have version:
* [x] libsodium
We have version: 1.0.10
Upstream and OpenWRT have version: 1.0.16 ( https://github.com/openwrt/packages/tree/master/libs/libsodium )
* [x] libmbedtls (commit in dev branch: https://gitlab.labs.nic.cz/turris/openwrt/commit/70303e1c8cb9b4734bb02479fb952078ffc14ff2)https://gitlab.nic.cz/turris/os/packages/-/issues/185https-dns-proxy: update to upstream version2023-08-16T14:58:22+02:00Josef Schlehoferhttps-dns-proxy: update to upstream versionThe version in our repository is outdated and should be updated to the latest version, which is available since 23.4.2018.
Here is a link to upstream package: https://github.com/openwrt/packages/tree/master/net/https-dns-proxyThe version in our repository is outdated and should be updated to the latest version, which is available since 23.4.2018.
Here is a link to upstream package: https://github.com/openwrt/packages/tree/master/net/https-dns-proxyJan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/25Bump net-snmp version2023-08-16T14:58:36+02:00Krzysztof KuleszaBump net-snmp versionPlease bump net-snmp version and compile it with modules ucd-snmp/lmsensorsMibPlease bump net-snmp version and compile it with modules ucd-snmp/lmsensorsMibTurris OS 3.11.21Jan PavlinecJan Pavlinechttps://gitlab.nic.cz/turris/os/packages/-/issues/941update foris-controller to version 5.5.32024-02-09T10:54:58+01:00Filip Hronupdate foris-controller to version 5.5.3related https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/issues/274
Please update `foris-controller`to latest tag https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/tags/v5.5.3
regards!related https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/issues/274
Please update `foris-controller`to latest tag https://gitlab.nic.cz/turris/foris-controller/foris-controller/-/tags/v5.5.3
regards!Turris OS 7.0Richard MuzikRichard Muzik