- Missing --without-nghttp3 was leaking host includes and breaking the build
- Remove or rename deprecated configure options
- Add --disable-libcurl-option to reduce package size
- Use .xz instead of .bz2 for PKG_SOURCE
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
This makes mwan3rtmon check if mwan3_get_routes returns a route
before removing it. This helps with IPv6 routes with source address
selector removal where multiple original routes are transformed to
the same mwan3 route if one of the source routes is removed while
the others are kept.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
Check the conffile existance (with .conf extension), before calling the
function 'start_path_instance'. This fixes errors with non-existing and
wrong spelling instances.
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Update commit description
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf6 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
changelogs: https://github.com/containers/netavark/releases
wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.
Resolves: #23185
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
softethervpn5: The softethervpn5 package is due for an update from recent source. This PR implements a Makefile update to pull December 2023 release, which includes fixes for recently-disclosed vulnerabilities. The build patches are also updated accordingly.
Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
Harmless to carry this fix until procd.sh adds the param
This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:
"Apple LaserWriter Pro 630"
Signed-off-by: Paul Donald <newtwen@gmail.com>
Commit driver_home defaults before continuing
Fix missing path for serial number acquisition
Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.
Signed-off-by: Paul Donald <newtwen@gmail.com>
The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:
... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.
This way, all supplied parameters should be visible via e.g.:
ps
xargs -0 < /proc/{procid}/cmdline
Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.
Signed-off-by: Paul Donald <newtwen@gmail.com>
Adjust patches for current version changes
Module "disk" renamed to "disk_hw"
Internal type "unknown" changed to "u_int32_t"
Add patch with removing macro syntax checking for successful build
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
- previously localport option was required, which broke older configs
- now in-config forwarding is only optional
- ssh option still can be used for forwarding as in sample config
Signed-off-by: kkubicki <krzysiek.kubicki@gmail.com>
- Enable missing variable checking by default
- Explicitly check variables are defined in all 'rm' commands
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
- Use git for sources since no proper tarball is available
- Switch package URL to HTTPS
- Refresh the patch
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
This updates mwan3 to use network_get_preferred_ipaddr6 instead of
network_get_ipaddr6 if possible to determine a source ip for the
connectivity checks. This avoids issues where the first ip address
that is returned from network_get_ipaddr6 does not work anymore while
the preferred one returned from network_get_preferred_ipaddr6 works.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
Reporting
- Use json alert data for 10x speed improvement in report generation
- Include both gid and sid, plus packet direction in report output
- Add by-date incident filtering
- Add verbose mode which displays actual rules triggered and their source
- Attempt to look up host names from IPs in verbose mode
- Clean up display of port number involved in incidents
Rules
- Complete downloader for subscription rules using oinkcode (only tested
with snort.org's "free" tier subscription)
- Auto-detect multiple rules files and include them in lua 'ips.rules'
- Add '--backup' option to copy out current rules before installing new
- Add '--persistent' option to 'snort-rules', storing in persistent location
CLI interface
- Completely rework command line option parsing in all user scripts
- Allow options and commands to be in any order on command line
- Add long-form names for all options ('--help' for '-h' and so on)
- Detect errors properly in options, enhance help pages
Bug fixes
- Use 'mkdir -p' on all directory creation
- Use proper tmp directory from 'snort.snort.temp_dir' everywhere
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
This version includes several new features that allow to simplify the
package significantly: The noexit patch and hotplug script are no longer
needed, and the init script doesn't have to check for legacy databases
anymore.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Update crowdsec to latest upstream release version 1.6.0
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested: not able to test run due to limited space (package is big)
Description: update to latest version of upstream
The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.
The `url: http://localhost:8000` is not a valid config option.
Additionally add a smale of configuring ingres rules.
The cloudflared.config has missing option token.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The following fixes have been applied to Makefile:
* fix the nebula license type
* add PKG_CPE_ID
* remove unneeded call to Build/Compile
* add leading spaces to descriptions
* add Package/nebula/conffiles definition
* remove unneeded /lib/upgrade/keep.d files
* no longer install actual license file
* add the README file
Kudos to @BKPepe and @1715173329 for feedback which lead to these fixes
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Maintainer: @mkrkn @neheb
Compile tested: armv7, cortexA15, OpenWRT 23.05
Run tested: Linksys EA8500
Compile tested: armv8, cortexA53, OpenWRT main
Run tested: Dynalink DL-WRX36
Description:
Script-security is always 2 and cannot be changed from the openvpn config file due to a missing rule in openvpn.init.
This is discussed in issue #23014
This patch adds the missing rule in openvpn.init to parse script-security from the openvpn config file.
Signed-off-by: Erik Conijn <egc112@msn.com>
also fix license variable
Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Signed-off-by: Otto Moerbeek <otto@drijf.net>
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Upstream bump
,,_ -*> Snort++ <*-
o" )~ Version 3.1.78.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.14
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2024-01-15
Using LZMA version 5.4.4
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
The log is filled with 'debug' messages. This is not necessary and is
only normaly needed during development. To suppress this message, check
whether the level is 'debug' and if so, suppress it. If this message is
required again, the message can be generated by commenting out this line.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Before this change, the status of the sysfs paths from the kernel events
was cached with a cache file. This is necessary to mark configured modems
as available for the netifd.
Using the new monitor service via the mmcli command 'mmcli -M' simplifies
the whole process. There is no need to start sub shells in the background
anymore that monitors whether the modem has already been added to the
ModemManager.
For this purpose, a new service was added that reacts on add and remove
events for modems in the ModemManager and, if necessary, marks the logical
netifd interface as available.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
These moved functions are general functions. This is a preparatory
commit so that these moved functions can also be used in other
ModemManager scripts.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The modem saves the permitted technology configuration in the modem
itself. If the technology configuration is deleted in the uci, this is
not passed on to the modem. This means that the previously saved
technology configuration is remains in the modem and is therefore still
active. By setting the technology to 'any', if no option is set, all
technologies are allowed again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Modify Makefile to combine tailscale and tailscaled according to
Tailscale documentatio (https://tailscale.com/kb/1207/small-tailscale)
This resulted for x86_64 in an exec of 31MB + the symlink. Before it
was 29MB (tailscaled) and 10MB (tailscale).
Signed-off-by: Thomas Kupper <thomas.kupper@gmail.com>
0cffba9458d3 treewide: add support for RADIUS Reply-Message
c9fb744fdee8 treewide: add support for 'lang=' & ChilliSpot-Lang
584a162cb19a handler-uam: ensure that 'seconds_remaining' is always set
bd1f7c5de1ae Makefile: align with packages feed one
0ea6ad3c4e54 Makefile: mark uspot-www and uspotfilter "PKGARCH:=all"
e6a286ccfdbf uspot/uspotfilter: use 'logger -t'
427ed16cfde5 uspot: expose ratelimits in client data
4ba1dd9c5135 uspot: don't send NAS-Port-Type
78a37ef49b85 templates: add id="replymsg" to reply msg header
e3f4e179fd17 templates: show remaining time in "connected"
398762dff711 radius-client: correctly use str_to_hex()
730ef800d9da templates: simplify HTML
6bb39282fd8f Documentation update
b6c802adac19 portal: handle_request() logic refactoring
1aa1a5eb28d7 uspotfilter: implement peer_lookup()
ba5547ec61f1 portal: speedup peer lookup by leveraging spotfilter
d551376c29bb templates: added html5 time tag to timeleft output
154c98e0b77b uspotfilter: mark client as active when set()
8dcb03a37a77 uspotfilter: rework neigh management
cfb2ce7909da uspotfilter: use client_remove() where applicable
8411314dbf90 Documentation update
8dacf3df9935 uspot: use a single operation for client removal
297b7857c1e0 uspotfilter: fix DELNEIGH processing
76003917c205 uspotfilter: client_set() only clear idle when allowing
f46a855c5085 uspotfilter: remove botched IPv6 "support"
4ff31cbf0e2b uspot: client_remove(): stay in sync with spotfilter
edc9ad7e60a3 uspot/uspotfilter: use ucode-mod-log for logging
52e24aecf2db uspotfilter: use ucode '??=' syntax
c4b6f2f0bb1e Update README
Update the package Makefile to reflect the changes from the following
above-listed commits:
0ea6ad3c4e54 Makefile: mark uspot-www and uspotfilter "PKGARCH:=all"
edc9ad7e60a3 uspot/uspotfilter: use ucode-mod-log for logging
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
New features for v1.8.0:
1. Migrate cache file from Clash API to independent options
2. Introducing Rule Set
3. Add `sing-box geoip`, `sing-box geosite` and `sing-box rule-set` commands
4. Allow nested logical rules
5. Independent `source_ip_is_private` and `ip_is_private` rules
6. Add context to JSON decode error message
7. Reject internal fake-ip queries
8. Add GSO support for TUN and WireGuard system interface
9. The legacy LWIP stack has been deprecated and removed
10. Add `idle_timeout` for URLTest outbound
11. Added some new uTLS fingerprints
...
Release notes: https://github.com/SagerNet/sing-box/releases/tag/v1.8.0
The new version has some breaking changes and may stop working after upgrading if use the original config.
Please see the migration manual to migrate the config: https://sing-box.sagernet.org/migration/
Signed-off-by: Anya Lin <hukk1996@gmail.com>
* fix a station scanning issue on single radio units (mainly a LuCI/JS issue) reported in the forum by multiple users
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes: e0d7181a6Closes: #22973Closes: #22988
1. Make the new `startup()` function in `/usr/bin/wifi_schedule.sh`
respect the global `enabled` config flag; in particular, make no
changes to `/etc/config/wireless` when wifi_schedule is disabled.
2. Make the new `/etc/init.d/wifi_schedule` service script executable.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
krant