Mirror of packages feed https://git.openwrt.org/feed/packages/atom?h=master 2026-04-03T10:27:39Z 2026-04-03T10:27:39Z Michał Kępień 2026-04-03T10:26:26Z urn:sha1:47ce75da3d24e273f625ab8c794940af72cc18f4 Drop the meson.build workaround needed before commit 8aa78ebebfb6727c46334a69e32fc76576376a09, which fixed the underlying issue. Link: https://github.com/openwrt/packages/pull/29047 Signed-off-by: Michał Kępień <michal@isc.org> 2026-03-29T06:00:28Z Alexandru Ardelean 2026-03-29T05:51:47Z urn:sha1:35d9eadb5b818f509b849ca75d3f24d8671812ab Jan Pavlinec <jan.pavlinec1@gmail.com> is no longer maintaining these packages. Remove him from the PKG_MAINTAINER field across all affected packages. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro> 2026-03-14T08:51:33Z Alexandru Ardelean 2026-03-14T08:32:45Z urn:sha1:27b6ad53b9e56c38b7a99e123584c562e8ba1b5a Add 'Alexandru Ardelean <ardeleanalex@gmail.com>' as co-maintainer alongside Jan Pavlinec <jan.pavlinec1@gmail.com> for all packages where Jan Pavlinec is listed as maintainer. Signed-off-by: Alexandru Ardelean <alex@shruggie.ro> 2025-08-04T06:19:11Z Vladimír Čunát 2025-07-31T06:55:46Z urn:sha1:47f8b88f43c614b7f683dcdf941e47d4c1e45b98 This is long overdue. Honestly I dislike that packaging is hardcoding it this way. It's error-prone, as we can see. Knot Resolver source does contain the up to date anchors, and it also (optionally) installs them. Still, I'm not up to larger changes in OpenWrt packaging right now. Signed-off-by: Vladimír Čunát <vladimir.cunat@nic.cz> 2025-08-04T06:19:11Z Vladimír Čunát 2025-07-31T06:53:26Z urn:sha1:4f22b4dcebe7d660a198bfa218a205ec5ecd2e0d Knot Resolver 5.7.6 (2025-07-17) ================================ Security -------- - DoS: fix a rare segfault in `resolve` function (!1720) Someone controlling the DNS traffic might be able to trigger this crash intentionally and too often. - DoS: drop a wrong assertion/crash (!1721) Someone controlling the DNS traffic will most likely be able to trigger this crash intentionally and too often. Knot Resolver 5.7.5 (2025-04-24) ================================ Security -------- - DoS: fix unconfirmed crashes with the line below (!1683) [system] requirement "h && h->end > h->begin" failed in queue_pop_impl Improvements ------------ - tests: disable problematic config.http test (#925, !1678) - validator: accept a confusing NODATA proof with insecure delegation (!1678) Bugfixes -------- - daemon/http: DoH stream got stuck after returning an error code (!1652) - stats: request latency was very incorrect in some cases (!1678) Signed-off-by: Vladimír Čunát <vladimir.cunat@nic.cz> 2025-07-08T06:21:38Z Noah Meyerhans 2025-07-04T16:23:16Z urn:sha1:3413d5bd9c45e1f0cb53bf233bdb318434df62e0 knot-resolver will attempt to use jemalloc if it's available. Jemalloc was added to openwrt packages in PR: Add jemalloc and integrate into bind #26721 [1]. At this time, we would rather continue linking with the libc malloc, so this PR disables jemalloc support explicitly in the knot-resolver build configuration. [1] https://github.com/openwrt/packages/pull/26721#issuecomment-2973865778 Signed-off-by: Noah Meyerhans <frodo@morgul.net> 2025-05-20T06:57:12Z Wei-Ting Yang 2025-04-24T11:45:39Z urn:sha1:ae56deff2ce42da3c0331832457aaec480a873ed Assign some PKG_CPE_IDs to enhance CVE coverage. https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=aardvark-dns https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=alpine_project https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=boringssl https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ecdsautils https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=file_project https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=knot_resolver https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=libwrap https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=lsof_project https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nfdump https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nlnetlabs%20name_server_daemon https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=rclone https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=setserial https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tang_project https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tesseract_project https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tmate-ssh-server https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ttyd https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=uw-imap https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=v2ray-core https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=zstandard Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com> 2024-09-23T13:34:20Z Jan Hák 2024-09-19T10:37:10Z urn:sha1:6e208887e3977367d0adc3ff28eb2df62063f274 Knot Resolver 5.7.4 (2024-07-23) ================================ Security -------- - reduce buffering of transmitted data, especially TCP-based in userspace Also expose some of the new tweaks in lua: (require 'ffi').C.the_worker.engine.net.tcp.user_timeout = 1000 (require 'ffi').C.the_worker.engine.net.listen_{tcp,udp}_buflens.{snd,rcv} Improvements ------------ - add the fresh DNSSEC root key KSK-2024 already, Key ID 38696 Incompatible changes -------------------- - libknot 3.0.x support is dropped Upstream last maintained 3.0.x in spring 2022. Knot Resolver 5.7.3 (2024-05-30) ================================ Improvements ------------ - stats: add separate metrics for IPv6 and IPv4 Bugfixes -------- - fix NSEC3 records missing in answer for positive wildcard expansion with the NSEC3 having over-limit iteration count Knot Resolver 5.7.2 (2024-03-27) ================================ Bugfixes -------- - fix on 32-bit systems with 64-bit time_t Signed-off-by: Jan Hák <jan.hak@nic.cz> 2024-03-24T10:35:38Z Michal Hrusecky 2024-02-13T13:17:31Z urn:sha1:1131acf57fb07c0fa3e47c71bdca172f9d2f2e43 - Fixes CVE-2023-50868 and CVE-2023-50387 - Also, the resolver has not been called 'Knot DNS Resolver' for quite some time, so fix that, too. Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com> 2024-03-24T10:35:28Z Šimon Bořek 2022-05-06T11:18:08Z urn:sha1:a68397ff778db68bd4e78ac26880dda959aaaf18 'dnstap' module will be built but not loaded by default at runtime (configuration must be provided for it to be loaded). It is still possible to disable dnstap build manually using menuconfig. "The dnstap module supports logging DNS requests and responses to a unix socket in dnstap format using fstrm framing library. This logging is useful if you need effectively log all DNS traffic."[^1] Adds dependency on 'protobuf', 'protobuf-c', 'libfstrm'. Listed packages are available from OpenWrt packages, have uncomplicated manifests and while 'protobuf-c' doesn't have a maintainer since spring 2020, all the packages (including 'protobuf-c') seem to be maintained - the last updates of all of them in autumn 2021. As stated by Vladimír Čunát from Knot Resolver team they build dnstap while packaging for majority of standard Linux distributions. Therefore this change brings us closer to expected default. [^1]: https://knot-resolver.readthedocs.io/en/stable/modules-dnstap.html Signed-off-by: Šimon Bořek <simon.borek@nic.cz>