* supports newer shellcheck
* restore EXTRA_COMMANDS compatibility with 19.07
* move status display from various functions to status_service
* bugfix: status_service line break after output
* minor arythmetic fix in status_service
Signed-off-by: Stan Grishin <stangri@melmac.net>
July 2021 Security Releases:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
* update binary to the latest commit (2021-07-29) to fix#16222 and #16239
* add hotplug.d/iface file and update Makefile to install it
* use Cloudflare's and Google's bootstrap DNS if bootstrap DNS is missing
* minor improvements in append_bool function
* add append_counter function for verbosity setting
* add append_bootstrap function (and supporting functions) to parse/sanitize bootstrap setting
* move firewall array from 'main' instance to the first proxy instance
* delete useless 'main' instace
Signed-off-by: Stan Grishin <stangri@melmac.net>
* code cleanup
* add auto login script for Julianahoeve beach resort (NL)
* add auto login script for Vodafone hotspots (DE)
* add auto login script for telekom hotspots (DE)
* enhance captive portal detection to support html redirects as well
* change default captive portal detection url to
'detectportal.firefox.com'
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 380a5110b4)
This matches an ipv4 change in 21f5cdd2fa and has the same rationale.
Google requires https for both ipv6 and ipv6.
Signed-off-by: Scott Lamb <slamb@slamb.org>
(cherry picked from commit e5f45b94c0)
- Bump yggdrasil-go version to v0.4.0
- Update ygguci tool for compatibility with the new yggdrasil-go version
- Yggdrasil's config file is now generated in a separate command before running the daemon
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
(cherry picked from commit e135c4c867)
bugfix: domain names bypass
rename config file
update Makefile
updated README link
updated shellcheck compatibility
support for 21.02.0-rc2 and later
updated code for interface triggers
add newline to test.sh
Signed-off-by: Stan Grishin <stangri@melmac.net>
Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit c0c62227bd)
- use $(INSTALL_DIR) instead of mkdir
- using $(INSTALL_CONF) and then running chmod is pointless, use
$(INSTALL_DATA) directly
- /etc/xinetd.d/sane-port doesn't need read protection from non-root
users, use $(INSTALL_DATA) as well
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit f37006c2e6)
On some build systems (build bots, Debian Buster for example) the
current mechanism in the Build/Install define doesn't run. Replace it
with shell fu that works.
Issue was reported, see [1].
[1] https://github.com/openwrt/packages/issues/16085Fixes#16085
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 977109e286)
support for 21.02.0-rc2 and up
support for reloading a single interface on ifup/ifupdate
rename config file
updated shellcheck compatibility
remove obsolete create/remove_lock
interface processing optimizations to speed up reloads
drop dependency on curl in user scripts
uniform styling of functions
Signed-off-by: Stan Grishin <stangri@melmac.net>
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 1b41e8f641)
ec9a3a9 fix GCC11 compilation
Thanks to neheb and cotequeiroz.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ee4616fb43b489003cab957e3a2d6f5f14c6fb97)
555268b ubus: filter neighbors by SSID when preparing nr
3db9607 data storage: match SSID when searching ap entry
a22f5a7 storage: ensure SSID strings are NULL-terminated
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 163ccbf0236824b29fd2158d3a287dda5e427b00)
