This fixes 2 issues where mv88e6xxx_dump was displaying
data incorrectly for --vtu and --global2
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* move network.sh and jshn.sh includes into load_validate_config function
to prevent errors when adding the package to image with the Image Builder
* add @bongochong compressed domains block-list to the config
Signed-off-by: Stan Grishin <stangri@melmac.ca>
- Explicitly request the C++11 standard (codebase is not C++17 compliant).
- Removed categories.json from conffiles -- it's not a configuration
file.
- Removed commented-out convenience git hash place-holder -- for some
reason it irritates people.
- Added radix header file to devel files.
- Removed redundant call to Build/Configure (not needed).
Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
This reverts commit 983835afe6.
I merged the library update to v2.0 to fast, it breaks openocd build
due to API change.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reverts commit 82ea104b97.
I merged the library update to v2.0 to fast, it breaks openocd build
due to API change.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* fix the auto-detection for pppoe and 6in4 tunnel interfaces
* add the new 'ban_nftpolicy' option to expose the nft set policy, values: memory (default), performance
* add the new 'ban_nftlogevel' option to expose the nft syslog level, values: emerg, alert, crit, err, warn (default),
notice, info, debug, audit
* status optimizations
* logging optimizations
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Added `cgroupsns` to jail, otherwise you get this failure:
```
Mon Mar 6 14:46:05 2023 user.err : jail: Not using namespaces, capabilities or seccomp !!!
```
Error is here, seems to indicate that we're running a jail without using any capability.
https://lxr.openwrt.org/source/procd/jail/jail.c#L2847
Decided to use minimal effort approach
Signed-off-by: BackSlasher <nitz.raz@gmail.com>
simple protocol support script for netifd.
netifd protocol support for cni networks makes
defining network for podman and other similar
systems using cni networking much easier and simpler.
with cni protocol support, on a cni network, where firewall
and portmapper is disabled, you may control firewalling
with openwrt's standard firewall configuration.
for example, create a container that hosts web content on
port 80 with static ip on your cni network, if your
network is 10.88.0.0/16, use for eg. 10.88.0.101 as
your containers static ip address. Create a zone, cni
to your firewall and add your interface to it.
Now you can easily set up redirectiong to 10.88.0.101:80
to expose it's port 80 to wan for serving your website.
Protocol has only one setting: device, on podman this
often is cni-podman0. This protocol may also be used
on other equillavents, such as netavark (cni replacement
in podman), where device as default is podman0.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
This updates this library to the latest major version.
Since the Python binding build changed in this version,
let's switch to the Py3Package infrastructure.
Also the older v1 kernel interface is not used anymore,
so we can drop this part of the kernel configuration.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* update to 4.17.5
* changelog: https://www.samba.org/samba/history/samba-4.17.5
* refresh patch
* CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
* CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
* CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
* CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
This resolves errors logged during macOS TimeMachine backups.
https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
