* update binary to the latest commit (2021-07-29) to fix#16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace
Signed-off-by: Stan Grishin <stangri@melmac.net>
* code cleanup
* add auto login script for Julianahoeve beach resort (NL)
* add auto login script for Vodafone hotspots (DE)
* add auto login script for telekom hotspots (DE)
* enhance captive portal detection to support html redirects as well
* change default captive portal detection url to
'detectportal.firefox.com'
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 380a5110b4)
This matches an ipv4 change in 21f5cdd2fa and has the same rationale.
Google requires https for both ipv6 and ipv6.
Signed-off-by: Scott Lamb <slamb@slamb.org>
(cherry picked from commit e5f45b94c0)
- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit e135c4c867)
bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh
Signed-off-by: Stan Grishin <stangri@melmac.net>
Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit c0c62227bd)
- use $(INSTALL_DIR) instead of mkdir
- using $(INSTALL_CONF) and then running chmod is pointless, use
$(INSTALL_DATA) directly
- /etc/xinetd.d/sane-port doesn't need read protection from non-root
users, use $(INSTALL_DATA) as well
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit f37006c2e6)
On some build systems (build bots, Debian Buster for example) the
current mechanism in the Build/Install define doesn't run. Replace it
with shell fu that works.
Issue was reported, see [1].
[1] https://github.com/openwrt/packages/issues/16085Fixes#16085
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 977109e286)
support for 21.02.0-rc2 and up
support for reloading a single interface on ifup/ifupdate
rename config file
updated shellcheck compatibility
remove obsolete create/remove_lock
interface processing optimizations to speed up reloads
drop dependency on curl in user scripts
uniform styling of functions
Signed-off-by: Stan Grishin <stangri@melmac.net>
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 1b41e8f641)
ec9a3a9 fix GCC11 compilation
Thanks to neheb and cotequeiroz.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ee4616fb43b489003cab957e3a2d6f5f14c6fb97)
555268b ubus: filter neighbors by SSID when preparing nr
3db9607 data storage: match SSID when searching ap entry
a22f5a7 storage: ensure SSID strings are NULL-terminated
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 163ccbf0236824b29fd2158d3a287dda5e427b00)
Makefile changes include:
* Remove USE_UCLIBC, as uclibc is no longer supported
* Package output modules
* Move main binary (back) to /usr/sbin, as it is system administration
related and requires superuser privileges
New patches:
* 003-add-space-for-null-byte.patch - from
374cfd2cab
* 004-more-specific-library-linking.patch - from
27b57d9da3
* 005-use-c99-format-macro-constants.patch - from
https://github.com/fln/addrwatch/pull/28
Init script changes include:
* Change from explicit disable to explicit enable, so that the service
is disabled by default and on first install
* Set config option default values to default values of the main binary
* Fix command-line option names and format (from
https://forum.openwrt.org/t/cant-start-addrwatch-service/60499/3)
* Always use the --quiet command-line option, as the procd instance is
not configured to capture stdout/stderr
* Change the syslog config option to start the syslog output module
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 31ae85bca9)
User that don't control both OpenVPN client and server
might still need LZO support, so keep it enable by default for at least
OpenSSL variant.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 03c3c92496)
For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.
---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---
This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e319e89fde)
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2b4be08a8c)
