The chrony interface hotplug script reuses the handle_allow function
from the init script to allow NTP access on interfaces specified in uci.
The function requires /lib/functions/network.sh. Include the file in the
hotplug script to make the function work as expected.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Fix a possible security issue with OpenSSL config autoloading on Windows (CVE-2021-3606).
Include a number of small improvements and bug fixes.
remove upstreamed: 115-fix-mbedtls-without-renegotiation.patch
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
There were closing curly braces missing and it was checking for empty
strings while it should have been checking for non-empty strings.
Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
Variables set in config_ipsec() need to be shared with do_postamble()
function, so change scoping to parent (prepare_env()).
Also, remove unused settings like "remote_sourceip", "reqid", and
"packet_marker".
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link to abandoned packages PR: https://github.com/openwrt/packages-abandoned/pull/18
AppleShare products have been unused for a while now (since Mac OS 9.2.2)
around 2002.
So, there should be fewer users requiring this package.
Last update of netatalk was in December 2018. Not sure if newer updates
will be created.
It's time to cut the cord on our end and move it to the abandoned packages.
Info: https://en.wikipedia.org/wiki/AppleShare
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Support for wolfSSL has been upstreamed to the master OpenVPN branch
in f6dca235ae560597a0763f0c98fcc9130b80ccf4 so we can use wolfSSL
directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN
in systems based on wolfSSL library
Compiled && tested on ramips/mt7620, ramips/mt7621
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
configure script looks for host ssh. Just pass the configure variable
directly. --with-ssh doesn't work.
Also get rid of custom Compile section. It's not needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fix a small json syntax issue in adblock.sources
* add easylist addon to reg_fr source
* add switch 'adb_fetchinsecure' to allow insecure downloads
without certificate check (disabled by default)
* better explain 'adb_fetchparm' in readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is a security and bugfix release.
Full release notes: https://mosquitto.org/blog/2021/06/version-2-0-11-released/
Fixes a remotely triggered memory leak
Fixes broker reconnections in certain failure situations
Fixes (non-standard) qos0 queuing
Signed-off-by: Karl Palsson <karlp@etactica.com>
Isochronous round trip time tool.
Useful for measuring one-way send or recv delay between hosts,
among other things.
Signed-off-by: Marcel Vital <ralmina@tuta.io>
Remove myself as maintainer from PowerDNS Related packages and add
Peter van Dijk from PowerDNS as the new maintainer
Signed-off-by: James Taylor <james@jtaylor.id.au>
ipsec uses starter, and reads /etc/ipsec.conf (which then includes
/var/ipsec/ipsec.conf, etc). This is overly complicated, and can
be problematic if you're using both swanctl and ipsec for migration.
Running charon directly from procd via the init.d script avoid
all of this.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Seeing the following error when running 'make defconfig':
tmp/.config-package.in:69874:warning: multi-line strings not supported
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Sierra Wireless modems need the string '$GPS_START' to be sent to the
GPS tty device as only then the modem firmware starts emitting
NMEA-0183 sentences.
Add an option 'sierragpsstart' to kplex' serial driver to support that
quirk as kplex can be very useful to spread GPS data over the network
while also supplying 'ugps' using a PTY, allowing for correct system
time to be set automatically on boot up from GPS.
This patch is also PR'ed at the upstream project:
https://github.com/stripydog/kplex/pull/54
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the build problem below.
Package miniupnpd is missing dependencies for the following libraries:
libmnl.so.0
libnetfilter_conntrack.so.3
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
- New upstream major release with tons of new features and LTS (see: https://www.haproxy.com/blog/announcing-haproxy-2-4/)
- Update haproxy download URL and hash
- Activate promtheus exporter support the new way (using USE_PROMEX=1)
- Cleaned up haproxy-specific CFLAGS
- Changed the halog build to make use of the new Makefile target (admin/halog/halog)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Rrsync is a perl script that is supplied as an extra with the rsync program.
It must be used in conjunction with openssh-server or openssh-server-pam
as it requires ~/.ssh/authorized_keys which is not supported by dropbear.
Rrsync allows selective access to subdirectories in either read-only, write-only or read-write,
depending on settings in authorized_keys. This allows for safe, restrictive access.
It's particularly useful for automated backup purposes.
An example usage would be this entry:
command="/usr/bin/rrsync -ro /home" <public key here>
This would allow a system connecting with this public key to be able to rsync FROM the
/home directory tree only. It could not write to this directory, nor read from any other directory.
Signed-off-by: Matt Reeve <matt@mreeve.com>
Recreate symbolic link if it's missing after a sysupgrade with a private and public key present in /etc/atlas/
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* Create working directory when it is not present. Apparently
some recent change made adguardhome fail to start when working
directory is missing.
* Full changelog available at:
* https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.1
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* fix pid file processing of the background monitor plus child
processes (bug reported in the forum)
* made the enabled/disabled switch of the background monitor functional
Signed-off-by: Dirk Brenken <dev@brenken.org>
Samplicator receives UDP datagrams on a given port and resends those
datagrams to a specified set of receivers.
Use Cases:
- replicate Flow Samples to multiple receivers
- use with conntrackd to synchronize via unicast to multiple targets
Signed-off-by: Nick Hainke <vincent@systemli.org>
In the procd refactor, support for interfaces with no tracking IPs was
inadvertentiy removed. This commit restores the previous behavior
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Fixes the following security issues:
* CVE-2021-25215 - named crashed when a DNAME record placed in the ANSWER
section during DNAME chasing turned out to be the final
answer to a client query.
* CVE-2021-25214 - Insufficient IXFR checks could result in named serving a
zone without an SOA record at the apex, leading to a
RUNTIME_CHECK assertion failure when the zone was
subsequently refreshed. This has been fixed by adding an
owner name check for all SOA records which are included
in a zone transfer.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Using `$(INSTALL_CONF)` will cause the program has no access to
configurations file when someone enabled the selinux support.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Xray now is no longer planning to keep compatibility with original
v2ray. Remove PROVIDES before it is totally broken.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
From mosquitto 2.x, port became optional and deprecated in the config,
and it was recommended that listeners be used instead. Drop the hard
requirement in our config conversion script.
Reported in: https://github.com/openwrt/packages/issues/15506
Signed-off-by: <karlp@etactica.com>
