This commits adds the new usteer package to the packages feed.
usteer is a daemon for steering wireless clients across frequency
bands as well as between multiple access points on a network.
Signed-off-by: David Bauer <mail@david-bauer.net>
* remove upstreamed gcc10 and cerrno patches
* disable SSO and OIDC as it needs Rust/Cargo support
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Release notes:
1.8.0
- Upgrade json.hpp dependency to version 3.10.2
- Check if DNS servers need to be applied on macOS
- Set MAC address before bringing up Linux TAP link
- Stop binding to temporary IPv6 addresses
- Fix for mistakenly using v6 source addresses for v4 routes on some platforms
- Fix for MacOS MTU capping issue on feth devices
- Implement a workaround for one potential source of a "coma" bug, which can occur if buggy NATs/routers stop allowing the service to communicate on a given port. ZeroTier now reassigns a new secondary port if it's offline for a while unless a secondary port is manually specified in local.conf. Working around crummy buggy routers is an ongoing effort.
- A completely rewritten desktop UI for Mac and Windows!
1.8.1
- Fix an issue that could cause clobbering of MacOS IP route settings on restart.
- Added additional hardening against address impersonation on networks (also in 1.6.6).
- MacOS IPv6 no longer binds to temporary addresses as these can cause interruptions if they expire.
- Remove support for REALLY ancient 1.1.6 or earlier network controllers.
- Fix numerous UI issues from 1.8.0 (never fully released).
Changed to git as source and added $(AUTORELEASE)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fixes multiple security issues:
* CVE-2022-0667 -- An assertion could occur in resume_dslookup() if the
fetch had been shut down earlier
* CVE-2022-0635 -- Lookups involving a DNAME could trigger an INSIST when
"synth-from-dnssec" was enabled
* CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the CLOSE_WAIT
state blocking indefinitely when out-of-order processing was
disabled.
* CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside the
configured bailiwick
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 4c6ea5379c)
This fixes CVE-2022-23308.
Also switch to GNOME as download source and xz tarball.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 81fd836f97)
Show error message instead of segfaulting in case of an invalid URL
being read from UCI config.
Fixes: #17971
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c0d2c82528)
Fallback to use 'sdcard' image in case there is neither 'sysupgrade'
nor 'combined' image available.
This allows using 'auc' on targets where 'sdcard' image is also used
for sysupgrade (such as some mvebu-based devices with eMMC).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6b041752a0)
Accept both 'y' and 'Y' as positive confirmation when asking the user
if auc should proceed with requesting and installing an upgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d27ecdcc49)
Add option to allow only requesting an image but not actually download
or sysupgrade anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 19c135685f)
* Use SPDX
* Use CA (ucert) public key
* Update repo link
* Update maintainer email
* Format description
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit a54b9570ad)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If config parameter is not set, tvheadend will bind to LAN IP address by default.
Fixes issue #16500 without requiring user modifications to config file. It's also more secure if firewall becomes disabled.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
(cherry picked from commit 95cbfe893b)
There is no reason for the kmod to depend on the binary package
itself, neither for building nor for installing.
That dependency prevents phase1 from building the kmod even though
support is enabled in the binary.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 385923321b)
Includes fix for CVE-2022-21716 (The Twisted SSH client and server
implementation naively accepted an infinite amount of data for the
peer's SSH version identifier.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 630d6800f2)
Remove un-necessary crowdsec package dependency, to be able to use
crowdsec-firewall-bouncer independently from crowdsec local installation.
(with remote API)
Fix issue: https://github.com/openwrt/packages/issues/17406
Description:
using crowdsec-firewall-bouncer on many OpenWRT devices connected
with my domain LAPI server (which collect many crowdsec machines,
mostly nginx), it works great. Actually, crowdsec package is not
mandatory for that usage, it would be great if it was not a dependency.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit ffd97e173c)
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
