Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* fix a dns restart issue if 'flush dns cache' is set
* fix a suspend/resume issue, the status wasn't properly updated
* fix a long standing query issue
* rework return code handling, mostly for debugging
* various cleanups & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Development moved to GitHub. Update URLs.
Cleaned up Makefile a bit for consistency between packages.
Added patch that removes deprecated bzero.
Ran init script through shellcheck. Fixed minor warnings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bidirectional Forwarding Detection (BFD) is a network protocol that is used to
detect faults between two forwarding engines connected by a link.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* update to git (2019-08-19)
* use new "kill_server" sysfs option on stop
* ensure reload_service() works correctly
* add inherit owner, force create mode, force directory mode UCI options
* add patches for mips target (vfree, vmalloc)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* background service: no longer miss "signal" events for the
dns backend (to trigger adblock)
* fix a dns backend reload issue during switch between
different blocking modes
* domain query: report found domains only once in
"null" blocking mode with IPv4 & IPv6 list entries
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a possible race condition during DNS file reset on slow hardware
* optimize DNS restart behaviour in 'null' blocking mode
* mute useless warnings
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add support for 'DNS File Reset', where the final DNS blockfile
will be purged after DNS backend loading (save storage space).
A small background service will be started to trace/handle
dns backend reloads/restarts
* add support for the 'null' blocking variant in dnsmasq
(via addn-hosts), which may provide better response times
in dnsmasq
* enhance the report & search engine to support
the new blocking variants. Search now includes
backups & black-/whitelist as well
* compressed source list backups are now mandatory (default to '/tmp')
* speed up TLD compression
* E-Mail notification setup is now integrated in UCI/LuCI
* update the LuCI frontend to reflect all changes (separate PR)
* drop preliminary dnscrypt-proxy-support (use dnsmasq instead)
* drop additional 'dnsjail' blocklist support (not used by anyone)
* procd cleanups in init
* various shellcheck cleanups
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
iotivity's scons build script is not compatible with python3, so use
python2.7 from python/host to run it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Otherwise compilation fails when clang-tidy is found in the host:
-- clang-tidy found: /usr/lib/llvm/7/bin/clang-tidy
error: unknown argument: '-fhonour-copts' [clang-diagnostic-error]
error: unknown argument:'-iremap[...]:https_dns_proxy-2018-04-23'
[clang-diagnostic-error]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This avoids copying /usr/include, unversioned *.so files, pkgconfig,
/usr/lib/*.la, and the build-time libs/cflags configuration utility
clamav-config.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f5420af phantap: do not capture vlans
5d1bd13 phantap-learn: improve the BPF filter, exclude vlans
be6f7d9 Readme.md: we now support talking to the victim.
8789da5 README.md: fix typo
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Full changelog here: https://mosquitto.org/blog/2019/08/version-1-6-4-released/
Fixes a regression in persistent session handling, and various other
regressions related to the mqtt5 support.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Changelog prepared by upstream project
* osport.h: replace SUSv3-specific functions by POSIX variants [Fabrice Fontaine]
* avp: Error Code field in Result Code AVP is optional [Pau Espin Pedrol]
* network_thread: Early continue in loop to remove huge indented block [Pau Espin Pedrol]
* network_thread: Simplify while loop using for loop [Pau Espin Pedrol]
* network: connect_pppol2tp: early return to avoid huge indentation block [Pau Espin Pedrol]
* xl2tpd: start_pppd: Fix truncation of last character [Pau Espin Pedrol]
* handle_packet: Remove unneded else clause when handling payload [Pau Espin Pedrol]
* control: Split control message handling into its own function [Pau Espin Pedrol]
* handle_packet: Rearrange code flow to simplify it [Pau Espin Pedrol]
* avp: Early failure if no handler to remove indent block [Pau Espin Pedrol]
* xl2tpd: Mark internal symbols as static [Pau Espin Pedrol]
* Fix indentation and whitespace in code block [Pau Espin Pedrol]
* xl2tpd: Remove unused variable [Pau Espin Pedrol]
* network: Add missing close(kernel_fd) on init network failure [Pau Espin Pedrol]
* network: Add missing close(server_fd) on init network failure [Pau Espin Pedrol]
* Add 'cap backoff' option, limiting exponential backoff retries will
be delayed by exponentially longer time, unless that time is capped
by configuration. [Bart Trojanowski]
* Add program to show status icon in system tray. [Github user: username34]
* Add info on building and installing xl2tpd [Samir Hussain]
* Update formatting of README.md [Samir Hussain]
* Rename README.xl2tpd to README.md [Samir Hussain]
* Update Debian changelog [Samir Hussain]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This should fixopenwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>