There are many places in the packages' install recipes whith multiple
commands being executed in the same shell invocation, separated with a
semicolon (;). The return status will depend only on the last command
being run. The same thing happens in loops, where only the last file
will determine the result of the command.
Change the ';' to '&&', and exit the loop if any operation fails.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
There are six places pointing to files that do not exist any more:
- gns-import.sh in package gnunet-gns (dropped in v0.11.0)
- libgnunetdnsstub.so* in gnunet-vpn (integrated into util in v0.11.0)
- libgnunettun.so* in gnunet-vpn (integrated into util in v0.11.0)
- gnunet-service-ats-new in package gnunet (dropped in v0.12.0)
- libgnunetreclaimattribute.so.* (integrated into reclaim in v0.13.0)
- libgnunetabe.so.* in gnunet-reclaim (dropped in v0.17.2)
They were not noticed because their failing copy commands were part of
loops in which only the last operation had its exit status checked.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
According to the package's configure.ac, reclaimID OpenID Connect plugin
depends on jose. It is installed by the gnunet-rest plugin package:
libgnunnetrest_openid_connect.so.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* add setting to enable/disable blocking access to iCloud Private Relay resolvers
* add setting to enable/disable blocking access to Mozilla resolvers
* rename variables loaded from config in the init script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fix bug in download_lists and adb_allow to prevent unintended exclisions from
the block-lists of domains containing allowed domain. Fixes issue:
https://github.com/stangri/source.openwrt.melmac.net/issues/160
* add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains,
disabled by default
Signed-off-by: Stan Grishin <stangri@melmac.ca>
It was a bit confusing to use *verbosity* level for Dry Run mode. Add
explicity switch for it and designed DRY_RUN variable to make code
easier to understand.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename variable to make code easier to understand. This variable
specifies how many times in row ddns script tried to update IP without a
success.
Previous name ("ERR_UPDATE") didn't suggest it was for counting
anything. It also didn't specify was error was it related to.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Local suggests something related to the local network or available
locally only. All that code related to the "local" IP was actually
dealing with *current* device external IP address. Using name "current"
should make code a bit easier to understand.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename variable to make code easier to understand. This variable
specifies how many times ddns script should try to send a request.
Previous name ("retry_count") suggested it was for *counting* attempts.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
* remove obsolete block-lists from config
* add removal of obsolete lists to config-update
* add AdGuard team's block-list to config
* improve allow command
* improve nftset support
* move config load to uci_load_validate, which required some code refactoring which
looks dramatic, but isn't
* always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options
for dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.ca>
snowflake-proxy doesn't write any files
=> run in read-only rootfs environment
the process needs to read SSL certs but no other files
=> only exposed path is /etc/ssl/certificates (read-only)
running as unpriviledged user with no additional capabilities
=> set no-new-privs bit
By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Gatling is a high-performance webserver from fefe. It gives a
fairly decent feature-set at really small size. And its fast.
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
