Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This should hopefully prevent issues with that option not showing up in the
GUI, like in #11095.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
nginx-ssl-util and nginx-ssl-util-nopcre are replacements for each other,
but cannot replace nginx-util (instead conflict with it).
The hard coded [::1] could lead to a nginx error if build without IPv6.
So, get the loopback addresses dynamically.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Do not destroy the iterator twice if cur==this (segfault).
* Do not add the delimiter clim=='\0' when creating the SSL directives.
* Set the right SSL_SESSION_CACHE_ARG for nginx-util get_env.
* Remove static from the constexpr that are used only for Line::build.
* Concat strings instead of appending them for not using a non-const ref
(to remove some warnings of clang-tidy -checks=google-runtime-references)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
add missing 'peer_id_ttl_hours' and remove 'scrape_paused_torrents'
which is not exist in transmission wiki.
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
We depend on luci-compat now, which will pull in luci-base, which in turn
will pull in lua. So remove those two dependencies to maybe help with
recursive dependency resolution errors.
Fixes#5320.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Ran init script through shellcheck. Simplified several statements.
Replaced INSTALL_CONF with INSTALL_DATA. i2pd runs as non-root and so the
conf file must be accessible.
Fixed: https://github.com/openwrt/packages/issues/10977
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This can do the main work of nginx/nginx-ssl init script.
For nginx-ssl it can create selfsigned certificates, too.
It uses libpcre and libopenssl iff nginx(-ssl) uses them.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Install the standalone (scons-local) version
Advantages:
- The regular version of SCons requires distutils during installation;
the standalone version does not have this requirement
Disadvantages:
- The scons-local package is not available from the Fossies mirror
- The patch will need to be manually updated with each version update
* Install files to $(STAGING_DIR_HOSTPKG) instead of $(STAGING_DIR_HOST)
* Write the correct shebang into scripts instead of using the wrapper
* Update to 3.1.2
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- helps build system to locate zlib
- adds depend on libgdbm if libaprutil-dbm-gdbm is selected
This fixes the two different build failures that can currently be
observed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
When issuing an ECC certificate, acme.sh for some reason changes the name
of the directory used for the certificate state. Handle this correctly when
moving directories and updating config files.
Fixes#7941.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
--log-error in the init script was overriding it.
Added several optimizations to the init script for speed and correctness.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Update xtables-addons to 3.7
Remove linux 4.9 compatible patch as OpenWrt master no longer supports it
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>