This includes a fix for CVE-2020-16845 (encoding/binary: ReadUvarint and
ReadVarint can read an unlimited number of bytes from invalid inputs).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add a hotplug script to reload nlbwmon's config after interface
ifup actions.
That should improve the detection of the IPv6 LAN address
that can get enabled a bit later in the boot process.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 25dfa20780)
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Adapted from treewide commit 0ec746ccb6 for just nlbwmon.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.
File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit f6974b8f3c)
From CHANGES_2.4:
SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information disclosure
or RCE of existing file on the server running under a malicious process
environment. [Yann Ylavic]
SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefan Eissing, Eric Covener, Christophe Jaillet]
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- prevent rapid overlap in DHCP script updates
- check and allow localhost forwards with specific applications
- add option for rate limiting inbound queries
- change UCI list to table format with Unbound conf references
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Patches require a bit of rework:
- dropped 010-missing-header.patch
- add 010-do-not-run-test-progs.patch
- re-updated 020-filterh-use-host-built-version.patch
- Makefile.in gets regenerated from PKG_FIXUP:=autoreconf
- added PKG_FIXUP:=autoreconf ; it's easier to patch automake stuff that
big configure scripts
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit dcdceb526e)
Removed most patches. The last was upstreamed and the others can be worked
around using Makefile.
Removed inactive maintainer.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license information.
Massive reorganization of Makefile for consistency between packages.
Removed --with-sql options. These are totally broken when cross compiling.
Leaving them out works just as well.
Added cpp patch as the test needs a header.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 496ee7f91b)
Fixed license information.
Update argp dependency to be for non glibc.
Added PKG_BUILD_PARALLEL for faster compilation.
Added --as-needed linker flag for slightly smaller size.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0cd1a9b537)
The last patch used a macro unavailable with older kernel headers.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 13278007f9)
This is using the input_event struct directly, instead of using the proper
defines.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ffb7da67a3)
This fixes misleading errors in the status file, and increases buffer
sizes to match the python implementation.
Signed-off-by: Karl Palsson <karlp@etactica.com>
In OpenWrt master branch, there is just /etc/config/gerbera.
It was reported to me that if there is an update of gerbera in OpenWrt
19.07, it overwrites /etc/gerbera/config. So, I removed file extension.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This reverts commit cde2a77ed3.
Applying this change has shown that it is even quicker to provoke the
race condtition on simultan mwan3 commands execution.
By reversing the change we have the same behaviour as before.
But the race condition on mwan3 execute at the same time still exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b5bd6d757b)
