- rename the section instance to yggdrasil (feat. request)
- allow zone to cover both ip4 and ip6 fam
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit 2baab77b77)
Fixes:
CVE-2019-17567
CVE-2020-13938
CVE-2020-13950
CVE-2020-35452
CVE-2021-26690
CVE-2021-26691
CVE-2021-30641
CVE-2021-31618
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(partially cherry picked from commit 6dfd07097d)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[removed patch, which is not in OpenWrt 19.07 branch, used integer in
PKG_RELEASE instead of autorelease]
The luci app scan the script and search for params in the form of
$required_params.
This script use the form "${required_params}" and cause confusion
with the luci app by hiding needed values. Fix this by using the
standard way to declare required params following other ddns scripts.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Fixes the following security issues:
* CVE-2021-25216 - A specially crafted GSS-TSIG query could cause a buffer
overflow in the ISC implementation of SPNEGO.
* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
section during DNAME chasing turned out to be the final
answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
zone without an SOA record at the apex, leading to a
RUNTIME_CHECK assertion failure when the zone was
subsequently refreshed. This has been fixed by adding an
owner name check for all SOA records which are included
in a zone transfer.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07
Description:
Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
ssl_bump splice all
In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
ssl_bump stare all
ssl_bump bump all
This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
(cherry picked from commit dbda77686d)
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
(cherry picked from commit 272b0a5c18)
Major change are:
ksmbd.control -s terminate ksmbd.mountd as well as kernel server.
Update configuration.txt and README.
Turn off smb2 leases by default again.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7a1a8f3659)
Major changes for version 3.3.5 are:
- Rename "streams" parameter to "vfs objects = streams_xattr".
- Enable smb2 leases by default.
- Ignore ksmbd.subauth creation failure.
- Fix bugs that related to guest ok = yes.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 58f91090f5)
Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit f25f49a8b7)
