This fixes CVE-2022-40284.

Security release 2022.10.3 (Oct 31, 2022)

 * Rejected zero-sized runs
 * Avoided merging runlists with no runs

Security version 2022.5.17 (May 26, 2022)

 * Improved defence against maliciously tampered NTFS partitions
 * Improved defence against improper use of options
 * Updated the documentation

Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>

- nginx define /etc/nginx as conffile, which gets retained in upgrades
  keeping nginx services not desired in upgrades

- Removed default client example definition from uci as it not
  in conformance with TR181

Signed-off-by: Suresh Krishna <quic_sureshkr@quicinc.com>

Make xtables compilation compatible with Broadcom's ancient 4.19 kernel.
Compilation was failing due to use of modern C constructs like
fallthrough.

This commit can be reverted once Broadcom moves to a newer kernel.

Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>

Mattias Barthel authored Oct 07, 2022 and Andreas Gnau committed Oct 21, 2022

Merge commit specified in feeds.conf for OpenWrt-tag v22.03.0.

Consider only integer part of free space in megabytes when
deciding the boundaries of the to be created partition.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f50a289e515fcdc49da5c19d58ed3af54c640cd4)

Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
(cherry picked from commit 90ef79afd8c4ad73b3c8a20539eaab66d4b372c2)

Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API

Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 841b38f37a5e3f9ad1812aaae1688dcba69e1fe5)

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 6a30ed6fbd5aa625221607b215521fbec1f06677)

Maintainer   : @yangfl (David Yang)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (commit a434795809)
Run tested   : r7800 OpenWrt git master (commit a434795809)

Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
(cherry picked from commit 58b3857a5a8a2e66ac514be6af485b693e936ca5)

* Update to 2.42.1
* Replace spaces with tabulation in init file

Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
(cherry picked from commit bdd8ab6faf1ade127765f2629ffc955595967510)

Signed-off-by: Vladimir Ulrich <admin@evl.su>
(cherry picked from commit 89c2fa9d9b5cd8f6e1cf9859965de04b3707fa5a)

Signed-off-by: Vladimir Ulrich <admin@evl.su>
(cherry picked from commit cb5bf2b007940c14825dc734814bfe5ceae5b09f)

[22.03] simple-adblock: bugfix for allow command

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 717499e62b59e0a03b9550de56cadc6885b05b2d)

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d04fefc2b718d526a06ab3895e885475a16a1e12)

With heavy system logging which goes by default into `/var/log/messages`
log file which is usually placed in tmpfs/RAM one can trigger OOM killer
fairly easily, thus killing random processes and in some cases making
system unusable.

This is likely happening due to the fact, that Linux by default uses 1/2
of available RAM for tmpfs, which might be for example an issue on low
RAM devices with ath10k wireless.

So let's fix it by adding logrotate functionality which should limit the
size of `/var/log/messages` log file to 1M by default, but could be
tweaked by config knob if needed be.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 660fa63faf2881d69f903a589568b72fbd4d61f5)

- Release notes:
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.9.0


- Update copyright while at it.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e340fe8a124d1dcda2768ce3dfbcbaaf30fac44e)

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3c43f65ae90fd7de6a5bb91d1560917db1b281dd)

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
(cherry picked from commit a69e80648ad0e78a1bb87d752ff31f1ab5d298c4)

[22.03] django: bump to version 4.0.7

This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.

Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.

Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468aeaf7747c2e94e579020aa7f595c649)

The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 42b36b7180a1859502d72a42dcd6e9ef80519c55)

Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
(cherry picked from commit 0e660c9f501e3dde48bb7c4ead37ced7120542af)

[22.03] simple-adblock: update to 1.9.0-1

* Update maintainer's email address
* Style Make and init file to OpenWrt standard
* Rename dnsmasq and unbound-related variables to better reflect
  their use
* New 'allow' CLI parameter to quickly unblock domain(s)
* Switch to uci wrappers
* Beautify the output of the 'check' CLI parameter
* Better handling of output files directory creation error
* Support for (upcoming) dnsmasq nftsets

Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 3b686b08a54df89582af7092465fc5f0c76fed31)

Fixes: https://github.com/openwrt/packages/issues/19210



If libjpeg isn't selected by another package, all is fine.
But if it is selected, the stress-ng build will see it and try to build the
jpeg stressor. This would usually fail sometime and link-time.

In any case, it's better to just pick-up libjpeg as a dependency of
stress-ng. If people want to stress their system with this tool, they can
probably expect libjpeg as well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit fc6f44b13aef281a70327fa3786883a9a6489894)

While building pciutils 3.8.0 for OpenWrt 21.02 includes target
mvebu/cortex-a9, mvebu/cortex-a53 and powerpc/8540, it fails because of
this error:

-I<turris1x/ws/build/staging_dir/toolchain-powerpc_8548_gcc-8.4.0_musl/include>   -c -o filter.o filter.c
{standard input}: Assembler messages:
{standard input}:6: Error: multiple versions [`pci_filter_init@@LIBPCI_3.8'|`pci_filter_init@LIBPCI_3.3'] for symbol `pci_filter_init_v38'
{standard input}:8: Error: multiple versions [`pci_filter_parse_slot@@LIBPCI_3.8'|`pci_filter_parse_slot@LIBPCI_3.3'] for symbol `pci_filter_parse_slot_v38'
{standard input}:10: Error: multiple versions [`pci_filter_parse_id@@LIBPCI_3.8'|`pci_filter_parse_id@LIBPCI_3.3'] for symbol `pci_filter_parse_id_v38'
{standard input}:12: Error: multiple versions [`pci_filter_match@@LIBPCI_3.8'|`pci_filter_match@LIBPCI_3.3'] for symbol `pci_filter_match_v38'
make[4]: *** [<builtin>: filter.o] Error 1
make[4]: Leaving directory '<turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0/lib'>
make[3]: *** [Makefile:70: lib/libpci.so.3.8.0] Error 2
make[3]: Leaving directory '<turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0'>
make[2]: *** [Makefile:88: <turris1x/ws/build/build_dir/target-powerpc_8548_musl/pciutils-3.8.0/.built]> Error 2
make[2]: Leaving directory '<turris1x/ws/build/feeds/packages/utils/pciutils'>

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f08dadd517e4ecd5c15d4016dd6261d9fee3d41b)

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 754ba8920b1d5a61250897e146d1ad50778a7567)

Signed-off-by: Jan Hák <jan.hak@nic.cz>
(cherry picked from commit 74e2bfdd27bbf3625498ede40e357c8d409fbe91)

Fixes: https://nvd.nist.gov/vuln/detail/CVE-2022-36359



Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

Signed-off-by: Marko Ratkaj <markoratkaj@gmail.com>
(cherry picked from commit 15132b85b76409108c441470998c79d1b8d37814)