- Update copyright year.
- Add PKG_LICENSE:=GPL-2.0 from the Google Code project page.
- Add autoreconf as the PKG_FIXUP method.
- Add myself as the package maintainer.
- Add a patch to fix building with musl-libc.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When only strongswan-minimal is selected, libtls.so will not be built
yet package strongswan will still try to copy the file causing build
failure.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Update vsftpd to 3.0.3 released in July 2015.
Changelog: https://security.appspot.com/vsftpd/Changelog.txt
Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Several patches here and pull requests at the upstream github project
page were merged into the devel branch. Switch to that until the next
stable release.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This change aims to address the following 2 issues
- The control file was there yet xl2tpd process was not
- The control file's existence prevented xl2tpd from start
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
L2TP with xl2tpd has no proto_task in the context of netifd and because
of this there is no valid $ERROR to check for when doing tearing down.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
sqm-scripts and luci-app-sqm now live in the same Makefile and are built
from the upstream git repository, rather than having the files included
here.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* 010_fix_getnameinfo.patch is no longer needed
* 011-cron-without-pthread-fix.patch added, fixes incorrect
ifdef when building without pthreads
Signed-off-by: Michael Haas <haas@computerlinguist.org>
Fixes regression already fixed in oldpackages commit
012eec3f60a24db1a568d64868a48ea95aedcc87
but re-introduced in commit 6636e13f2ab8992d4eb03a48919ae9ae8da98cee.
This patch also enables IPv6 support.
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
being based on curl 0.70.0 gnurl is affected by
CVE-2015-3144
CVE-2015-3145
CVE-2015-3153
CVE-2015-3236
Import patches from curl package to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* always re-create config-file when service is started
* use /lib/upgrade/keep.d instead of /etc/sysupgrade.conf sed'ery
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* add gnunet-vpn binary, it was missing
* clean-up -datastore, it contained files already packaged in -mysql
* remove gnunet-import-gns.sh from -utils, it can live in -gns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ntripcaster developer agency (http://igs.bkg.bund.de/) no longer provides sources for download.
Created a github repository to provide sources and allow contributions.
Fixed install location for configuration files.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
ntripserver developer agency http://igs.bkg.bund.de/ does not reliably provide a source mirror with version naming.
Created a github repository to provide sources and allow contributions.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
ntripclient developer agency http://igs.bkg.bund.de/ does not reliably provide a source mirror with version naming.
Created a github repository to provide sources and allow contributions.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
simple.qos had accidentally set up the egress shaper twice, once
with the true egress parameters and a second time using the ingress
parameters, effectively misconfiguring both directions. This bub
only affected situations where 3-tier ingress classification was
used.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
sqm_logger tried tro wait indefinitely if passed an empty string.
This in turn makes sqm-scripts hang. Quoting the input argument in sqm_logger
seems to fix the problem.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
The last batch of changes tried to teach the GUI to pass link layer
options to cake but forgot to actually call the function that parses
the GUI variables and used it as a string insteead. So this fixes that
it also tries to allow the use of the tc_stab link layer adjustment
method with cake so the implementations can be validated against each other
easily. Needs testing...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
The cake traffic-shaper qdisc omne stop solution knows how to handle
link layer adjustments for ATM and can account for per packet overhead.
This commit adds cake as link layer adjustment mechanism in the GUI and
passes numerically specified overhead as well as the ATM linklayer
keywords on to cake. This change also passes the "advanced option strings"
from the Queue Discipline tab to cake. But as before no error checking.
This needs testing, as I have no working cake qdisc available so
caveat emptor...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
Make clear that configuration options guarded by checkboxes are only
effective as long as those boxes are checked.
The sqm gui has giarded some advanced configuration options behind exposing
checkboxes, meaning these optiopn's values were only used as long
as those boxes were checked. This commit just improves the description of
the checkboxes to included this useage instruction...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
The SQM gui has confused its users with an enable button, that only served to
selecively activate/de-activate sqm instances instead of controlling sqm's
initscript (which needs to be enabled so the sqm properly starts up after a reboot
and also for hotplug to work properly). luci-app-sqm will now enable sqm's
initscript when a single sqm instance get enabled. It also informs the user about
this fact in the top margin of the sqm page. Note sqm will not disable the
initscript behind the user's back if sqm instances get disabled.
While I would have prefered this notice to be more prominent an attentive user
should notice, and most users should not care anyway. This also increases the
package release number.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
