* change the default hphosts list source to ad and tracking servers
only, the overall list includes to many false positives
* new optional config parm 'adb_hotplugif' to restrict hotplug support
to a certain wan interface or to disable it at all
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Update Csocket to a newer version with compile fixes for OpenSSL with
disabled compression support. Since we don't get zlib as an transitive
dependency anymore, also add zlib as an explicit dependency.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Set teardown_on_l3_link_down notifying netifd xl2tpd wants to be
teared down when layer3 link loss is detected
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
while at it, also fix post-install script and no longer ship
gnunet-download-manager.scm, we ain't got guile anyway and it wasn't
touched for 12 years.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes two issues with the freeradius package init scripts:
- The package installs libraries in /usr/lib/freeradius{2,3}, but the
musl dynamic linker won't find them there unless LD_LIBRARY_PATH is
set to include this directory. This adds an appropriate env statement
to the procd init setup.
- procd expects services to stay in the foreground, or it will be unable
to properly shut them down again. This adds the -f flag to radiusd to
achieve that.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This adds a package wrapping the acme.sh script from
https://github.com/Neilpang/acme.sh in Uci config and hooks to interact
correctly with uhttpd.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Before starting chilli instance, it first removes generated
files (/var/run/chilli*) for the instance. While deleting
generated files, it doesn't match full instance name.
Thus if coova-chilli config file (/etc/config/chilli) has
instances wlan11 and wlan1 in order,
when creating coova-chilli instance for wlan1, it is removing
files generated for wlan11 instances also (as it uses wlan1*
in remove command).
Fix issue by matching full instance name while removing old files.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
Signed-off-by: Bhargav Patel <br13patel@gmail.com>
From the Tor project page:
obfsproxy is a tool that attempts to circumvent censorship, by
transforming the Tor traffic between the client and the bridge. This
way, censors, who usually monitor traffic between the client and the
bridge, will see innocent-looking transformed traffic instead of the
actual Tor traffic.
This depends on:
- pyptlib (#2053)
- twisted (#2052)
Also, txsocksx (#2058) is necessary to use an outgoing SOCKS proxy,
and having either gmpy2 (#2067) or gmpy (#2051) installed will help
speed up calculations.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Tcpreplay is a suite of free Open Source utilities for editing and
replaying previously captured network traffic. Originally designed
to replay malicious traffic patterns to Intrusion Detection/Prevention
Systems, it has seen many evolutions including
capabilities to replay to web servers.
Pretty useful for testing stuff too.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
for working out the interface name
Working:
ubus -S call network.interface dump|jsonfilter -e "@.interface[@.interface=\"wan\"].l3_device"
Broken:
ubus -S call network.interface dump|jsonfilter -e "@.interface[@.interface=\"wan\"].device"
Fix run tested:
root@wifi:/overlay/upper# ps |grep mini_snmpd
1404 root 980 S /usr/bin/mini_snmpd -n -c public -L Undisclosed -C VGB <admin@victimsofgaybullying.com> -t 1 -a -d /overlay,/tmp -i br-lan,pppoe-w
Before it wasn't using the pppoe interface it was using the parent
interface eth0 twice. Small 1 line fix. Merge at your convenience.
Signed-off-by: Luke McKee <hojuruku@gmail.com>
Also fix a new compilation error, due to upstream changes in the build
system. SUBDIRS= is deprecated when building external kernel modules, use
M= instead to fix compilation.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Maintainer: Ondrej Caletka / @Oskar456
Compile tested: TurrisOS 3.1 (fork of OpenWRT Chaos Calmer), Trunk (both uClibC and musl)
Run tested: mpc85xx - Turris 1.0 - TurrisOS - no problems observed
Upstream: https://github.com/fln/addrwatch / @fln
Description:
This is a tool similar to arpwatch. It's main purpose is to monitor network
and log discovered ethernet/ip pairings.
The package has been UCIfied, care has been taken to reload the deamon
every time an interface goes up or down.
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
freeradius-server version 2.x has been marked End-Of-Life.
This commit adds freeradius-server version 3.0.11 in a new package.
This commit also introduces the option "freeradius3-default"
which activate all modules needed to run radiusd with its default
configuration.
- rlm_digest (HTTP Digest Authentication) has been added
- rlm_unix (System Authentication) has been added
- rlm_attr_rewrite has been deleted
Note that SQL and LDAP support has been disabled.
Signed-off-by: Lucile Quirion <lucile.quirion@savoirfairelinux.com>
The default /etc/config/racoon shipped by ipsec-tools lacks an option keyword
on the p2_proposal line, leading to a syntax error when processing the file.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Makes use of all available runtime options that can be passed to
mini_snmpd such as -I listen_on interface
Run-tested on trunk on ar71xx. Please review the init script regarding procd
monitoring interfaces, though everything else due to the conversion to
procd should be and done properly, if not overkill compared to most
other script bundled with openwrt.
The main benefit of all this is now larger routers can run multiple
instances of mini_snmpd on different ports, to get around the MIB hard
coded 4 interface/mountpoint limits.
Due to somewhat lacking dev / package maintainer docs except for
http://wiki.prplfoundation.org/wiki/Procd_reference writing this script
took longer than it should. You can see it's evolution here:
https://github.com/hojuruku/openwrt-packages/blob/mini_snmpd/net/mini_snmpd/files/mini_snmpd.init
If everything in it is found to be sane, please include it to the
openwrt wiki on procd as an example.
Due to procd / uci /sbin/validate_data cbi element datatype (uciname) being used
to check uci config, the configuration file now only takes openwrt uci network names not
physical network names as it did before.
http://git.openwrt.org/?p=packages.git;a=commit;h=783e5578ad104d1ca3c31582add08fc8eb4ad083
Like busybox the package Makefile has depends for all runtime
dependencies needed by the init script. mini_snmpd only depends on libc
squashed commits:
mini_snmpd: fix typo to fix procd triggers calling daemon binary directly instead of init script - misuse of $PROG var
mini_snmpd: enable SSP & mini_snmpd to start by default and listen on lan
mini_snmpd: disable RELRO blocker in Makefile after consulation
mini_snmpd: add smarts to init script to detect if ubusd hasn't started yet
mini_snmpd: fix init script - ubus -S doesn't print meaningful errors to give the user
mini_snmpd: Makefile roll back Makefile PKG_RELEASE to 1 for feng shui
Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
From the oldpackages.
Updated to version 3.0.719, new config file to add more options
Rewritten init file to take in account the new config file and
removing a bug when stopping the daemon.
Corrected license information in Makefile
Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
UCI commands report errors in parsing coova-chilli
sample configuration file. Fix this issue by using
proper format in configuration.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
In file included from print.h:25:0,
from linreg.c:24:
util.h:364:32: error: unknown type name 'time_t'
int rate_limited(int interval, time_t *last);
^
Signed-off-by: Stephen Walker <stephendwalker+github@gmail.com>
Standard assignment is immediate expansion without any extraneous spacing, RFC822 compliant email addresses without any quotation marks and long git hashes
Signed-off-by: Stephen Walker <stephendwalker+github@gmail.com>
The default busybox config used by OpenWrt does not enable floating
point number support for the sleep applet. This can cause an error when
stopping or restarting strongswan:
sleep: invalid number '0.1'
Replace the float with an integer to fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
postrm/postinst symlink mangling is frowned upon
by trunk devs, in addition to packages modifying
the files as other packages during
installation/removal (without a agreed upon mechanism
for coordinating such changes) is prohibited in
most distros.
Further in this case results in wget-ssl failing to conflict
with wget-nossl. As mentioned in the github issue
regarding this (https://github.com/openwrt/packages/issues/2728)
it is also unnessary in current openwrt/lede.
This patch there makes the symlink from the specific
flavour of wget (e.g. wget-ssl) from /usr/bin/wget part
of /install so that they conflict with each other the
way they should, and do not modify the same files
without a delibarate --force-overwrite.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
add PKG_BUILD_DEPENDS and PKG_CONFIG_DEPENDS and also make the sub
packages select the main package.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
This brings IoTivoity to version 1.1.0
The old @lantiq.com address does not work any more, update to the
@intel.com address.
The removed patches were merged upstream, but there are still some new ones needed.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
davfs2 had hardcoded value for stack protector. If stack protector is disabled
in toolchain, it would break the build. Disabling the hardcoded value, counting
on settings in cross-build system.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
[bump PKG_RELEASE]
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
lispmob accesses the gnu members of struct udphdr like source and dest
and does not use the posix member names. Instead of using the correct
names just define this as _GNU_SOURCE.
[bump PKG_RELEASE]
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
* fw rule changes:
force_dns now supports multiple lan devices
disable needless force_dns- & forward/output-rules in 'ap mode'
check return codes during adblock chain creation
* simplified the test for a running firewall
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
- fix handling of parameter "is_glue" and "dns_server" to work with luci-app-ddns
- update TLD_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* restructured sources
* fix logical glitches in config handling
* many corner case fixes & cosmetics
* show runtime errors in LuCI (in lastrun section)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Until now unbound was always running as root by default. A DNS resolver can
easily run under a non-privileged user.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
The commands aliased by $(INSTALL_BIN) and $(INSTALL_DATA) set good
permissions, unlike a raw file copy.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
The custom list of DNS root servers provided with the package is not necessary.
Unbound ships with a built-in list.
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
* rework download/backup/restore handling
* rework firewall handling
* refine whitelist parsing
* changed default null-ip to 198.18.0.1 to prevent conflicts with bcp38
* spread traffic from ad servers (port 80/443) on two uhttpd instances,
this fixes timeouts on sites with many ssl ad server connections, i.e.
youtube.com
* provide statistics & last runtime for LuCI interface
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Enabling BCP38 causes an iptables rule to be inserted before this rule:
ACCEPT all -- anywhere anywhere ID:66773300 ctstate RELATED,ESTABLISHED
This makes all forwarded packets go through the BCP38 ipset match, which slows
down download speed from 440 Mbit/s to 340 Mbit/s.
Only apply BCP38 match rules if state is NEW.
Bump package version.
Signed-off-by: Török Edwin <edwin@skylable.com>
Bring back Subversion from oldpackages and update to the latest version.
Create prerm script to stop subversion server and remove init script
on uninstall.
Signed-off-by: Donald Rumata <donald.rumata@gmail.com>
Install more development files as those might be used by other software
depending on knot libraries. They are used for example by knot-resolver.
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
Introduce package for additional experimental scripts for sqm-scripts.
The target is to provide an opportunity to test QoS scripts and qdiscs
still under development. E.g. cake related scripts can be placed here
for testing.
sqm-scripts and luci-app-sqm will pick up the new scripts automatically.
Initially the package contains five cake-related scripts.
The package depends on the main sqm-scripts package.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* new config option 'adb_restricted' to disable updates of the adblock
config during runtime (no flash writes, disabled by default)
* new update function, to apply latest configuration changes if needed
(/etc/init.d/adblock cfgup)
* fix dns redirect rule
* various optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
If libuv is present within the build environment, aria2 will fail to build
with the following error:
LibuvEventPoll.cc: In member function 'virtual void aria2::LibuvEventPoll::poll(const timeval&)':
LibuvEventPoll.cc:144:59: error: invalid conversion from 'void (*)(uv_timer_t*, int) {aka void (*)(uv_timer_s*, int)}' to 'uv_timer_cb {aka void (*)(uv_timer_s*)}' [-fpermissive]
uv_timer_start(timer, timer_callback, timeout, timeout);
^
In file included from LibuvEventPoll.h:43:0,
from LibuvEventPoll.cc:44:
.../staging_dir/target-arm_xscale_musl-1.1.14_eabi/usr/include/uv.h:770:44: note: initializing argument 2 of 'int uv_timer_start(uv_timer_t*, uv_timer_cb, uint64_t, uint64_t)'
UV_EXTERN int uv_timer_start(uv_timer_t* handle,
^
Makefile:2271: recipe for target 'LibuvEventPoll.lo' failed
make[6]: *** [LibuvEventPoll.lo] Error 1
Explicitely disable the libuv support in `configure` to avoid picking up this
unwanted dependency.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Patch modified to resolve conflict caused by #2804
This closes#2776
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Assuming the following dns zone configuration for kresin.me:
. 1800 IN NS ns.inwx.de.
home.kresin.me. 1800 IN NS gw.home.kresin.me.
gw.home.kresin.me. 60 IN A 198.51.100.1
Using the example, gw.home.kresin.me is a glue record and used as DDNS
record as well. gw.home.kresin.me points to the OpenWrt installation
where the ddns-scripts are running.
Since ns.inwx.de isn't the authoritative server for home.kresin.me,
a query for the the A record of gw.home.kresin.me will be "forwarded"
to and replied by the authoritative server 198.51.100.1. If the
authoritative server can't be reached, the query times out without any
address returned.
The only way to get the A record of the glue record is to use bind
host in verbose output mode, query ns.inwx.de for gw.home.kresin.me and
evaluate the additional section of the response.
To my knowledge, only bind host in verbose output mode shows the
additional section of the response. Therefore, this features depends on
bind host.
It is not possible to use the bind host verbose mode for all queries.
In verbose mode the "has address" line isn't returned. Grepping for the
hostname might fail if the hostname is CNAME. Grepping for the first
occurrence of an ip-address is way to error prone, since it could
return the ip address of a different record type.
Signed-off-by: Mathias Kresin <dev@kresin.me>
ktutil_funcs.c: In function 'ktutil_delete':
ktutil_funcs.c:75:28: error: 'prev' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Signed-off-by: John Crispin <john@phrozen.org>
Add back from oldpackages with fixes for build errors and UCIfication
(for LuCI app submitted in a related PR (against LuCI repo)).
NOTE: Untested packages have been marked with @BROKEN. This can
be undone of others report success with the sniffer
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
If the liblz4 library exists within the build environment, the openconnect
configure will pick it up and start depending on it, leading to the following
build error:
Package openconnect is missing dependencies for the following libraries:
liblz4.so.1
Disable LZ4 support in configure in order to avoid this implicit,
nondeterministic dependency.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mark the usbip package nonshared so that is built along with the target
specific binaries and not within the SDK environment.
This is needed since the usbip package draws its source files directly
from the kernel tree which is unavailable within the SDK.
Fixes the following build error encountered by the LEDE buildbots:
http://downloads.lede-project.org/snapshots/faillogs/mipsel_1004kc_dsp/packages/usbip/compile.txt
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The most recent developer of netdiscover had self-hosted downloads
but also put the project on SourceForge. The self-hosted site went
down but SourceForge is much more reliable so I have moved the
download URI to SourceForge (md5sum is the same).
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
- add DNS lookup support for "drill" and "khost" (Knot DNS) #2637
- new service nsupdate.info (IPv4 and IPv6) #2433
- new services dyndnss.net, dyns.net (IPv4 only)
- new services dnshome.de, goip.de, myonlineportal.net (IPv4 and IPv6)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* push gnurl, gnutls and libmicrohttpd dependencies down to modules
* use standard UID/GID for gnunet (958/958)
* use GID adjecent (452) to dnsmasq (453) for gnunetdns to allow
using the owner match with a range of GIDs (452-452)
* package new gnunet-social pub/sub CLI tool
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following CVEs:
Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
Reported by Matt Street and others of Cisco ASIG
Bug 3012 / CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY
Reported by Matthew Van Gundy of Cisco ASIG
Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG
Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG
Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken
Reported by Michael Tatarinov, NTP Project Developer Volunteer
Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
Reported by Jonathan Gardner of Cisco ASIG
Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing
Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.
Signed-off-by: Peter Wagner <tripolar@gmx.at>
OpenWrt offers a special 'prelocal' routing table at priority 0.
Use it, so local-to-local DNS traffic also gets redirected properly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
fwknop Makefile had two conffiles sections. Combine them.
Remove also the whitespace from conffiles section (see #2652)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The conffiles definition in Makefile should not contain leading whitespace.
Remove whitespace from Makefile of motion, dnscrypt-proxy and sstp-client.
Reference to discussion at #2652
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* support more router modes, as long as the firewall and the DNS server
are enabled
* new source sites can be added & changed via awk ruleset in uci config
* source domain count, last update time & overall count will be stored
in uci config
* added 3 new source sites:
ransomware tracker
rolist/easylist
winspy
* switch to minimal inline base64 encoded 1×1 GIF for pixel server
(separate png image no longer needed)
* simplified uci parser
* source download & domain sort optimization
* add whitelist parser with wildcard support
* reduced code size & various cleanups
* updated documentation
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
Create directory which was accidentally left-out during the previous
commit adding the proto handler.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
fixes bug in resolver logic which was exposed by recent fixes in
various C Standard libraries including musl.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
TARGET_CFLAGS was pointing to /usr/include/libnl3 instead
of $(STAGING_DIR)/usr/include/libnl3
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
[RELEASE] Released version 1.5.16
Released version 1.5.16 with the following main changes :
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
- BUG/MINOR: acl: don't use record layer in req_ssl_ver
- BUG: http: do not abort keep-alive connections on server timeout
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
- MINOR: config: extend the default max hostname length to 64 and beyond
- BUG/MEDIUM: http: don't enable auto-close on the response side
- BUG/MEDIUM: stream: fix half-closed timeout handling
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
- BUILD: freebsd: double declaration
- BUG/MEDIUM: sample: urlp can't match an empty value
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
- BUG/MEDIUM: peers: old stick table updates could be repushed.
- CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
- BUG/MINOR: chunk: make chunk_dup() always check and set dst->size
- MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
- MINOR: chunks: add chunk_strcat() and chunk_newstr()
- MINOR: chunk: make chunk_initstr() take a const string
- BUG/MEDIUM: config: Adding validation to stick-table expire value.
- BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week
- BUG/MEDIUM: channel: fix miscalculation of available buffer space.
- BUG/MINOR: stream: don't force retries if the server is DOWN
- MINOR: unix: don't mention free ports on EAGAIN
- BUG/CLEANUP: CLI: report the proper field states in "show sess"
- MINOR: stats: send content-length with the redirect to allow keep-alive
- BUG: stream_interface: Reuse connection even if the output channel is empty
- DOC: remove old tunnel mode assumptions
- DOC: add server name at rate-limit sessions example
- BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
- BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
- BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly
- BUG/MINOR: http: Be sure to process all the data received from a server
- BUG/MEDIUM: chunks: always reject negative-length chunks
- BUG/MINOR: systemd: ensure we don't miss signals
- BUG/MINOR: systemd: report the correct signal in debug message output
- BUG/MINOR: systemd: propagate the correct signal to haproxy
- MINOR: systemd: ensure a reload doesn't mask a stop
- CLEANUP: stats: Avoid computation with uninitialized bits.
- CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
- CLEANUP: map: Avoid memory leak in out-of-memory condition.
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
- BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs
- MINOR: cfgparse: warn when uid parameter is not a number
- MINOR: cfgparse: warn when gid parameter is not a number
- BUG/MINOR: standard: Avoid free of non-allocated pointer
- BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
- CLEANUP: http: fix a build warning introduced by a recent fix
- BUG/MINOR: log: GMT offset not updated when entering/leaving DST
Signed-off-by: heil <heil@terminal-consulting.de>
