This commit updates boost to version 1.85.0
New available libraries:
* *Charconv:* A high quality implementation of <charconv> in C++11,
from Matt Borland. [2]
* *Scope:* A collection of scope guard utilities and a
unique_resource wrapper, from Andrey Semashev. [3]
More info about Boost 1.85.0 can be found at the usual place [1].
[1]: https://www.boost.org/users/history/version_1_85_0.html
[2]: https://www.boost.org/libs/charconv/
[3]: https://www.boost.org/libs/scope/
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is a bugfix release containing several security fixes.
Security fixes
--------------
- CVE-2024-4877: Windows: harden interactive service pipe.
Security scope: a malicious process with "some" elevated privileges
could open the pipe a second time, tricking openvn GUI
into providing user credentials (tokens), getting full access
to the account openvpn-gui.exe runs as.
- CVE-2024-5594: control channel: refuse control channel messages
with nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn log,
or cause high CPU load.
- CVE-2024-28882: only call schedule_exit() once (on a given peer).
Security scope: an authenticated client can make the server "keep the session"
even when the server has been told to disconnect this client
Bug fixes
---------
- fix connect timeout when using SOCKS proxies
- work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers
- Add bracket in fingerprint message and do not warn about missing verification
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
tlsv1.3 support is broken in curl 8.8.0 with mbedtls 3.6.0.
See curl/curl#13653 and Mbed-TLS/mbedtls#9210 for more details.
A workaround was implemented in upsteam code, see curl/curl@0c4b4c1 and curl/curl@5f9017d
This commit includes patches generated from upstream commits.
fix#24365#24386
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Due to changes in elfutils in order to
simplify the build for static libraries only,
the zlib functions that libelf depends on
are no longer linked within the static libelf library.
If frr were to use pkg-config, no change would be necessary,
however, the AC_CHECK_LIB macro is used, so add the link manually.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Bump to latest 2.0.26 release
apache2/mod_proxy_uwsgi: let httpd handle CL/TE for non-http handlers CVE-2024-24795 (Eric Covener)
remove race-condition over termination of uWSGI process when using need-app and lazy-apps (Hanan .T)
fix 32-bit compilation with GCC14 (Rosen Penev)
uwsgiconfig: get compiler version with -dumpfullversion (Riccardo Magliocchetti)
Fix uwsgi_regexp_match() with pcre2 (Alexandre Rossi)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
libfido2 is licensed under the BSD 2-clause license as per:
https://github.com/Yubico/libfido2/
Update package Makefile to correctly reflect this.
Signed-off-by: Rahul Thakur <rahul.thakur@iopsys.eu>
Ruby 3.3 adds a new parser named Prism, uses Lrama as a parser
generator, adds a new pure-Ruby JIT compiler named RJIT, and many
performance improvements especially YJIT.
See: https://www.ruby-lang.org/en/news/2023/12/25/ruby-3-3-0-released/
The 3.3.1 release includes security fixes.
- CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
- CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
- CVE-2024-27280: Buffer overread vulnerability in StringIO
See: https://www.ruby-lang.org/en/news/2024/04/23/ruby-3-3-1-released/
The 3.3.2 release includes many bug-fixes.
See: https://www.ruby-lang.org/en/news/2024/05/30/ruby-3-3-2-released/
Packaging changes since 3.2.2:
- New packages: ruby-prism and ruby-rjit
- Added /usr/bin/rdbg to ruby-debug
- Added /usr/bin/syntax_suggest to ruby-syntax_suggest
The 3.3.3 release includes:
- RubyGems 3.5.11
- Bundler 2.5.11
- REXML 3.2.8
- strscan 3.0.9
- --dump=prism_parsetree is replaced by --parser=prism --dump=parsetree
- Invalid encoding symbols raise SyntaxError instead of EncodingError
- Memory leak fix in Ripper parsing
- Bugfixes for YJIT, **{}, Ripper.tokenize,
- RubyVM::InstructionSequence#to_binary, --with-gmp, and some build
environments
See: https://www.ruby-lang.org/en/news/2024/06/12/ruby-3-3-3-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Updated 010-configure-uname.patch as source changed.
Removed 100-example-conf-in.patch as not needed any more.
Release message:
This release has a fix for the DNSBomb issue CVE-2024-33655. This has a
low severity for Unbound, since it makes Unbound complicit in targeting
others, but does not affect Unbound so much.
To mitigate the issue new configuration options are introduced.
The options discard-timeout: 1900, wait-limit: 1000
and wait-limit-cookie: 10000 are enabled by default. They limit the
number of outstanding queries that a querier can have. This limits
the reply pulse, and make Unbound less favorable for the issue.
With the config wait-limit-netblock and wait-limit-cookie-netblock
the parameters can be fine tuned for specific destinations.
More information on the attack and Unbound's mitigations are
presented further down.
Other fixes in this release are that Unbound no longer follows symlinks
when truncating the pidfile. Unbound also does not chown the pidfile,
this is for safety reasons. There are also a number of fixes for RPZ, in
handling CNAMEs. There is a memory leak fix for the edns client subnet
cache. For DNSSEC validation a case is fixed when the query is of type
DNAME. The unbound-anchor program is fixed to first write to a temporary
file, before replacing the original. This handles disk full situations,
and because of it unbound-anchor needs permission to create that file,
in the same directory as the original file. There is also a fix for
IP_DONTFRAG, to disable fragmentation instead of the opposite.
The option cache-min-negative-ttl can be used to set the minimum TTL
for negative responses in the cache. It complements existing options to
set the maximum ttl for negative responses and to set the minimum and
maximum ttl but not specifically for negative responses.
The option cachedb-check-when-serve-expired option makes Unbound use
cachedb to check for expired responses, when serve-expired is enabled,
and cachedb is used. It is enabled by default.
The -q option for unbound-checkconf can be added to silence it when
there are no errors.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Release mainly focuses on bug fixes and patching compatibility issues.
Also, adds support to multiple platforms.
Removed obsolete patch as upstream has fixed.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
This release includes enhancements and bug fixes.
This release is ABI compatible with the previous release.
See: https://github.com/webmproject/libvpx/releases/tag/v1.14.1
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Remove one patch - instead of messing with BUILDCXXFLAGS there we
properly define it via CONFIGURE_ARGS inside Makefile of the package.
Refresh remaining patch.
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
* fixed a possible "Argument list too long" error in the f_log function
* fixed multiple, incomplete digit character classes
* fixed/optimized split file handling
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Remove the ancient package with experimental cake options,
from time when cake was not yet officially here.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Supports interface metrics exposed by mwan3. The performance is a
little slow compared to other collectors (~300ms) as the ubus call is
where most of the time is spent. Any future speedups are likely better
put into mwan3's rpcd binary.
Signed-off-by: Ryan Doyle <ryan@doylenet.net>
[rename metrics,bump version]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
…for textfile collector, to make it more consistent with the upstream
Prometheus node-exporter
Signed-off-by: Rob Hoelz <rob@hoelz.ro>
[bump version]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Carlos Miguel Ferreira