Fixes CVEs:
CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.
CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
From release notes:
"This release is the first of our regular quarterly releases.
It includes a new feature (multi-domain synchronization for phc2sys)
and several minor bug fixes. Users are encouraged to upgrade."
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@westermo.com>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
,,_ -*> Snort++ <*-
o" )~ Version 3.1.71.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.12
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.11 19 Sep 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.2.13
Using Hyperscan version 5.4.2 2023-09-23
Signed-off-by: John Audia <therealgraysky@proton.me>
The PKG_RELEASE was not incremented during the last merge, the commit shows
that it is incremented by one, but this was already done during the last
change. Very strange. Hence this commit which increments PKG_RELEASE by
one.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
opkg requires monotonically increasing version numbers to know which
version of a package is newer. As git commit IDs do not satisfy this
condition, PKG_SOURCE_DATE must be set to the date of the referenced
commit, resulting in the complete version number '2021-03-08-4f72b305-1'.
As the source date also becomes part of the paths inside the download
archive, the source hash must be updated as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Move arch dependency for luajit to dedicated config HAS_LUAJIT_ARCH to
workaround recursive dependency limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
The asynchronous API of libmariadb uses cooperative multi threading
by using the system calls
* makecontext
* swapcontext
* getcontext
* setcontext
of the ucontext.h C-API.
Thus additionally link libmariadb to libucontext which is a library
providing these system calls on platforms not supporting them out of
the box - like musl based platforms.
Signed-off-by: Volker Christian <me@vchrist.at>
Update crowdsec to latest upstream release version 1.5.4
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space
Description: update to latest version of upstream
There are no longer any packages in the packages repo that depend on
this package. Since this package backports exception groups from Python
3.11, and Python in the packages repo has been updated to 3.11, there
should be no future need for this package.
This package will be added to the abandoned packages feed.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The openvswitch build trips over a number of warnings during the
manpage-check step if groff 1.23 is installed on the build host,
resulting in a failed build.
As this check is optional, and we don't even install the manpages, simply
override the groff configure check to never detect groff.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
fix addresses issue when building ffmpeg with binutils v2.41
that is documented here: https://trac.ffmpeg.org/ticket/10405
Issue about build failure is available here:
https://github.com/openwrt/packages/issues/22170
Remarks:
Patch is merged to ffmpeg upstream and will be included in
next release of ffmpeg, so patch applies only to current
version and is removed when package is updated to next
version of ffmpeg.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Move nginx to PCRE2 now that lua modules supports it.
nginx ebaled PCRE2 by default so we simply revert the config to revert
it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add nginx-mod-lua-resty-core and nginx-mod-lua-resty-lrucache new module
required for the lua module to correctly works.
The module are based on luajit2 from Openresty.
Signed-off-by: Javier Marcet <javier@marcet.info>
[ improve commit description/tile and fix redundant dependency ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add OpenResty's mantained branch of luajit. Required for nginx lua
module to work correctly with their custom patches.
Signed-off-by: Javier Marcet <javier@marcet.info>
[ add commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bug Fixes
- Fixed mbedTLS crashes and TLS handshake errors when the nDPI-bundled libgcrypt "lite" version conflicts with the system version (via libcurl).
- Fixed linking order issue with libini.
- Fixed non-portable static linking warning with libndpi.
- Write flows to sockets regardless if "add_flows" is true.
- Fixed compilation error if _DIRENT_HAVE_D_RECLEN isn't defined.
- Fixed Agent path.
- [OpenWrt] Switch to "grep -E" as "egrep" is deprecated.
- Fixed possible ndAddr crash: return a const reference for cached strings.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
