Enable building cryptsetup-reencrypt, integritysetup and veritysetup,
add new binary packages for integritysetup and veritysetup.
Changes since version 2.7.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Fix possible online reencryption data corruption (only in 2.7.x).
In some situations (initializing a suspended device-mapper device),
cryptsetup disabled direct-io device access. This caused unsafe
online reencryption operations that could lead to data corruption.
The code now adds strict checks (and aborts the operation) and
changes direct-io detection code to prevent data corruption.
* Fix a clang compilation error in SSH token plugin.
As clang linker treats missing symbols as errors, the linker phase
for the SSH token failed as the optional cryptsetup_token_buffer_free
was not defined.
* Fix crypto backend initialization in crypt_format_luks2_opal API call.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changelog: https://github.com/snort3/snort3/releases/tag/3.6.2.0
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.6.2.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2024 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.18
Using Hyperscan version 5.4.2 2025-01-28
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.6.2
Using OpenSSL 3.0.15 3 Sep 2024
Using PCRE2 version 10.42 2022-12-11
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
* improvement: Makefile: prepend `r` to PKG_RELEASE in binary and init script versions to match package version
* bugfix: init script: more reliable/robust start on boot
* improvement: init script: more compact output()
* improvement: init script: better DNS Hijack login
* improvement: init script: fold some dnsmasq-related functions into dhcp_backup()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* support smartdns as dns backend
* support top level domains in local white- and blackklist,
e.g. a 'de' in the blacklist blocks all domains with a german tld
and the tld compression removes all subdomains from the final blocklist
Signed-off-by: Dirk Brenken <dev@brenken.org>
The -r option is not required here but should also not hurt,
since it was already tested, that $key is a file.
However, to express the intent of the command more clearly,
let's drop it.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Imitate dropbear init.d-script and make sure we
don't end up with corrupt keys.
This can happen if we use a caching filesystem,
like 'ubifs', and the DUT is powered off during
boot-up.
Signed-off-by: Markus Gothe <markus.gothe@genexis.eu>
If pppoe is used for wan access. script set 'eth1' as interface for curl
call. The correct interface is however 'pppoe-wan'.
These scripts use 'network_get_physdev' function to get real device for
bind_network but this is wrong. We need instead the l3_device of the the
logical interface.
In case if we don't use pppoe connection - 'l3_device' is equal to real device.
Follow P/R:
#14431
Signed-off-by: Coia Prant <coiaprant@gmail.com>
This is a security release.
Notable Changes
CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)
Dependency update:
CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
If PKG_FORTIFY_SOURCE is not 0 and lto is enabled for package git, it
will fail to compile with the following example error:
/openwrt/staging_dir/toolchain-aarch64_generic_gcc-14.1.0_musl/include/stdio.h: In function 'process_curl_messages': /openwrt/staging_dir/toolchain-aarch64_generic_gcc-14.1.0_musl/include/stdio.h:90:8: error: inlining failed in call to 'always_inline' 'fwrite': function body can be overwritten at link time
90 | size_t fwrite(const void *__restrict, size_t, size_t, FILE *__restrict);
| ^
http.c:355:33: note: called from here
355 | fprintf(stderr, "Received DONE message for unknown request!\n");
| ^
A related issue is #13016 .
This commit set PKG_FORTIFY_SOURCE to 0 if CONFIG_USE_LTO is y.
Close#24366
Link: https://lore.kernel.org/git/CAHfWF5mjquES-nocQaK+CAEsqWgdy-_OYdGtN82heYs0eJP3eQ@mail.gmail.com/T/#t
Link: https://github.com/openwrt/openwrt/issues/13016
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110834
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
* I had wrongly used config_get_bool for the option, so fixed it
* this also fixes the issue of /etc/init.d/vsftpd stop not working
Signed-off-by: Mohd Husaam Mehdi <husaam.mehdi@iopsys.eu>
Update to 1.29.2 and Change logfile path from /etc/syncthing/syncthing
log to /var/log/syncthing.log.
This utilizes tmpfs (memory-based storage) to prevent disk usage growth
caused by log file accumulation during extended operation.
Benefits:
- Avoids storage saturation from excessive log growth.
- Aligns with best practices for temporary log management.
- For systems using flash storage (e.g., SSDs or eMMC), storing logs in
tmpfs avoids flash memory wear caused by frequent writes to
/etc/syncthing.
Signed-off-by: Yun Wang <maoerpet@foxmail.com>
Updated lpac to 2.2.1 and added support for custom ISD-R AIDs.
This allows for a broader range of esim cards with non standard AIDs to be supported.
See https://github.com/estkme-group/lpac/pull/181 for additional info.
Signed-off-by: Dominik Borghorst <git@borghorst.net>
Sandro Jäckel