This is an upstream backport.
Currently on the buildbots, having libffi unavailable leads to long
range build failures.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0dcde0115e)
Security release. From the changelog:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes
https://github.com/eclipse/mosquitto/issues/1793
Changelog: https://mosquitto.org/blog/2020/08/version-1-6-12-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
command-count.h generated by makefile was wrong
when using default shell in mac,
set shell to bash to fix it.
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 9bb0962d6e)
* remove 'dshield' and 'sysctl' (discontinued)
* switch 'malwaredomains', 'shallalist' and 'winhelp' to https
* add a second regional list for poland (provided by matx1002)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5ba498f7c8)
This includes a fix for CVE-2020-16845 (encoding/binary: ReadUvarint and
ReadVarint can read an unlimited number of bytes from invalid inputs).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Add a hotplug script to reload nlbwmon's config after interface
ifup actions.
That should improve the detection of the IPv6 LAN address
that can get enabled a bit later in the boot process.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 25dfa20780)
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Adapted from treewide commit 0ec746ccb6 for just nlbwmon.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.
File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit f6974b8f3c)
From CHANGES_2.4:
SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information disclosure
or RCE of existing file on the server running under a malicious process
environment. [Yann Ylavic]
SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefan Eissing, Eric Covener, Christophe Jaillet]
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- prevent rapid overlap in DHCP script updates
- check and allow localhost forwards with specific applications
- add option for rate limiting inbound queries
- change UCI list to table format with Unbound conf references
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Patches require a bit of rework:
- dropped 010-missing-header.patch
- add 010-do-not-run-test-progs.patch
- re-updated 020-filterh-use-host-built-version.patch
- Makefile.in gets regenerated from PKG_FIXUP:=autoreconf
- added PKG_FIXUP:=autoreconf ; it's easier to patch automake stuff that
big configure scripts
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit dcdceb526e)
Removed most patches. The last was upstreamed and the others can be worked
around using Makefile.
Removed inactive maintainer.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license information.
Massive reorganization of Makefile for consistency between packages.
Removed --with-sql options. These are totally broken when cross compiling.
Leaving them out works just as well.
Added cpp patch as the test needs a header.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 496ee7f91b)
Fixed license information.
Update argp dependency to be for non glibc.
Added PKG_BUILD_PARALLEL for faster compilation.
Added --as-needed linker flag for slightly smaller size.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0cd1a9b537)
The last patch used a macro unavailable with older kernel headers.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 13278007f9)
This is using the input_event struct directly, instead of using the proper
defines.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ffb7da67a3)
This fixes misleading errors in the status file, and increases buffer
sizes to match the python implementation.
Signed-off-by: Karl Palsson <karlp@etactica.com>
