As written in the commit message:
Depending on your conntrackd configuration, events might get lost,
leaving stuck entries in the cache forever. Skip checking the conntrack
ID to allow for lazy cleanup by when a new entry that is represented by
the same tuple is added.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit da619f19f4)
Reasons to drop this package:
a) this package depends on luci-app-rosy-file-server
Unfortunately, it was marked as broken as it is unmaintained.
See: 34b682afac
b) maintainer is inactive
c) rosinson website does not seem to be working
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f1893a426a)
It never works... And Xray-core needs root access to work.
Bump geodata to latest version while at it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ab540e6990)
The following CVE updates are included:
* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
effectively disables the lame server cache, as it could previously be
abused by an attacker to significantly degrade resolver performance.
* CVE-2021-25218: An assertion failure occurred when named attempted
to send a UDP packet that exceeded the MTU size, if Response Rate
Limiting (RRL) was enabled.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry-picked from commit c2de702cbd)
User mpeleshenko reported that symm encryption breaks hearing map.
Set the default to 0.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 8b7fb614dd)
This uses some definitions from <sys/cdefs.h> in gcc 8.4.0, not present
in musl or gcc11.
Also use clock_gettime() instead of syscall(__NR_clock_gettime,...),
which is not currently defined.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 281df4bcf5)
* refresh patches
* disabling kres_gen_test is not required anymore for cross compilation, it was fixed upstream with the 5.4.1 release
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 2b3b2ffe42)
ddc007e32ced ubus: avoid use after free in handle_probe_req()
e1275713c057 github: fix workflow
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2e02deb5a9)
Some users report that DAWN sometimes crashes after a while. Mostly
this happens after the new update has been rolled out.
Since I would not like to go back to the older version, I add as
a workaround for now that DAWN automatically respawned.
Workaround for:
https://github.com/berlin-open-wireless-lab/DAWN/issues/151
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c1490175d3)
* c70773a - datastorage: use signal strength as a metric
* 14e0f83 - Don't display debugging output with DAWN_NO_OUTPUT
* 97e5de1 - uci: add neighbor list priority options
* 2b1a53c - dawn_uci: set default values
* 6eb747b - Use separate configs for 802.11g & 802.11a bands
* 1e34357 - Verify compatibility before parsing config message
* a7a8309 - List all neighbors with same score when kicking
* 3ba0fa4 - Change beacon request fields to appropriate values
* 009aab9 - Change mode config parameter from int to string
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 2039e3fce0)
* bugfix: change killall param from -HUP to -s HUP
* bugfix: change tmpfs param from status to gateway
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 2b6c8d8273)
* there are reports that 0.3.5-x versions do not work on some configs
* the development of the new features moved to the new package (pbr)
* revert to the last known good version of vpn-policy-routing
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 77514c10a7)
/net/crowdsec-firewall-bouncer/
crowdsec-firewall-bouncer will fetch new and old decisions from
a CrowdSec API to add them in a blocklist used by supported firewalls.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 676a621647)
/net/crowdsec/
Crowdsec - An open-source, lightweight agent to detect
and respond to bad behaviours.
It also automatically benefits from a global community-wide
IP reputation database.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 8903d1b7ca)
* update to [2021-09-27](da2501f542)
* fixes https://github.com/aarond10/https_dns_proxy/issues/125
* restart instead of reload on interface hotplug
* fixes https://github.com/openwrt/packages/issues/16794
* produce output and log entries on service start/stop
* prevent unnecessary dnsmasq restarts if service has previously updated dnsmasq settings
* allow both named and typed dnsmasq instance settings to be updated
* update 010-fix-cmakelists patch file
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit f8d16338da)
On September the 29th, the certificate for R3, the intermediate
CA of Let's Encrypt expired, followed by the root CA expiration
on September the 30th. Update the acme client to 3.0.1,
to make sure newly generated certificates are using the new CA.
This is a backport of 468fc5fca4.
https://github.com/openwrt/packages/pull/16801
Default to letsencrypt because the upstream default may change.
Passing --staging is no longer needed, since --serever will
select a staging server if needed.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Acked-by: Toke Høiland-Jørgensen <toke@toke.dk>
This commit fixes an issue where the `AUTOSSH_GATETIME` is not available in the `procd` environment which gets overwritten by the second `procd_set_param env` call.
It now calls the `procd_set_param env` once with the two variables, instead of twice.
Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 9c4d79519c)
configure script looks for host ssh. Just pass the configure variable
directly. --with-ssh doesn't work.
Also get rid of custom Compile section. It's not needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 63b7febf5f)
Currently `travelmate` only support `<meta` tag
if it contains `"`. This updates `travelmate.sh` to support
`'` as well.
```html
<meta...content='1; url=
```
Signed-off-by: Kamil Trzciński <ayufan@ayufan.eu>
(cherry picked from commit 2cbd9a2eb1)
* removed the newly introduced wpa-supplicant dependency as it makes trouble with a circular dependency
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 40f1071a39)
* Create working directory when it is not present. Apparently
some recent change made adguardhome fail to start when working
directory is missing.
* Full changelog available at:
* https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.106.1
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
(cherry picked from commit 350ba8cbbd)
* add wpa-supplicant package dependency
* removed no longer working 'db-bahn.login' and 'wifionice.login' auto-login scripts
* added the new 'wifibahn.login' script for auto-logins to captive portals WIFI@BAHN (DE),
run tested on a single ICE (station logins are currently unsupported!)
* vodafone.login prepared to support free/time limited logins (still WIP!)
* change return code handling in login scripts and travelmate
* refine f_wifi function
* fix a few conercase issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3167e00aff)
Avoid restarting fail2ban by hotplug when the service is disabled.
Related issue: https://github.com/openwrt/packages/issues/16601
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
(cherry picked from commit 57aab9f1d1)
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
fail2ban v0.11.2 package version 2
Following PR #15098, add fixes to build fail2ban package:
- remove use of fail2ban-python (directly use python3 in script)
- remove link to python3 in /usr/bin (break the package build)
- remove python-tests (reduce the package size)
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 56a084d3922c84e936ef660a67a2156439223393)
python3-pyinotify: initial package version 0.9.6 of pyinotify for python3
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit bcb8775e48eb8f99a76b05a8539a0140513e4158)
Currently there is a problem with log spam when ipv6 network
is dropped. Fix this by backporting a patch to silence these errors
when verbose logging is not enabled.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit f2f05088a5a12bf9963b83d9613bb96335a27e66)
To allow the script to define what it should be run with.
This let's the user use bash if it's available, or python, or perl, etc.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Update PKG_VERSION to 2.10.12
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 3d824ea288)
The "-s -w" flags in GO_PKG_LDFLAGS tells the Go compiler to strip the
binaries it produces. Since the default Go package build process will
strip binaries when CONFIG_USE_STRIP or CONFIG_USE_SSTRIP are selected,
these flags are unnecessary.
When CONFIG_NO_STRIP is selected, these flags override the user's
intention of building unstripped packages.
This removes these flags for all relevant packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This will allow the server to know more info about the client like
HWADDR, very useful for managing IoT devices.
See: https://www.mankier.com/8/openvpn#--push-peer-info
Signed-off-by: Nguyen Quang Minh <minhnq31@fpt.com.vn>
