The most important change is local redirects being disabled by default.
There is an option called cgi.local-redir that allows enabling this
optimization manually back if needed.
Local redirects were initially introduced in 1.4.40 but caused many
problems for *some* web services.
One of problems is breaking Post/Redirect/Get design pattern. With
redirects handled on server side there is no browser redirection making
it "lose" the POST data.
Another possible issue are HTML forms with action="". With CGI local
redirects browser may be sending form data to the wrong URL (the one
that was supposed to redirect the browser).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
From upstream's changelog:
* main: annotate init/exit functions to save memory
* selftest: remove antique siphash self test
* haskell: re-add updated haskell example
* socket: use ip_rt_put instead of dst_release
* device: avoid double icmp send on routing loop
* compat: clean up cruft
* global: cleanup IP header checking
* compat: do not export symbols unnecessarily
Various cleanups and updates.
* device: netdevice destruction logic change for 4.12
When Linux 4.12 is released next week, we're good to go.
* device: only use one sleep notifier
Rather than have a separate sleep notification for every interface, we now
have a single notifier for every interface. This improves performance,
especially when creating many interfaces at once.
* device: remove icmp conntrack hacks
We're moving hacks upstream the proper way, and then backporting them to
compat.
* receive: extend rate limiting to 1 second after under load detection
After we determine that we're under load, we now wait 1 second before not
being under load again, a timer which is global across all interfaces on a
given system.
* curve25519: satisfy sparse and use short types
* curve25519: keep certain sandy2x functions in C
Certain functions have been made into C, which should improve stack frames and
reliability.
* ratelimiter: rewrite from scratch
This is a big change. We no longer rely on x_tables or xt_hashlimit, instead
using a super minimal and sleek token bucket ratelimiter. This works much
better than the old cruft and should allow us to run more places. It also has
the benefit of being global, so that it's possible to have thousands of
interfaces without killing the system with separate GCs and vmallocs, which is
what happened prior.
* socket: verify saddr belongs to interface
We now more quickly react to changes of the v4 routing table, by ensuring that
the sticky source address is actually still valid.
* wg-quick: properly match IPv6 endpoint
wg-quick now works better with IPv6.
* wg-quick: use printf -v instead of namerefs for bash 4.2
This adds support for old bash, which means wg-quick should be generically
"bash 4 and up". I'm not happy about this but EL7 uses old bash, so we're
stuck with it.
* compat: support EL7.3
Support for RHEL, CentOS, ScientificLinux, and so forth.
* compat: support Ubuntu 14.04
An old crufty Ubuntu is now supported, since it's LTS.
* add bind support (see readme)
* export all blocked domains in one central file (adb_list.overall)
* prerequisite for proper bind support
* much faster sort operation with less memory consumption
* backups are still handled per source separately,
to be more flexible in adding/removing block list sources
* add additional 'wan6' interface trigger in default configuration
* various small fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add the UNIX-based ACPI utilities. For now, only "acpidump" seems to
be useful on the target system. The others would only be of interest
on the host system, and only then if one were developing BIOS.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
libiio is a library for interfacing with Linux's Industrial Input/Output (IIO)
subsystem. The Linux IIO subsystem is intended to provide support for devices
that in some sense are analog to digital or digital to analog converters.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
If more then one interface get up/down at once mwan3 could be in a
undefined state, because more then one mwan3 hotplug script are running
and editing the iptables.
Lock the critical section should solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
A lot of autoconf-based scripts expect --with-foo-dir=$(STAGING_DIR)/usr
and break if they can't find bin/foo-config as a child of that path.
Putting things in $(STAGING_DIR)/host/bin seems to be suboptimal; I
could change the install path but there's no saying what that would
break.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
With this patch the unbound init routines manage resolv.conf if and only if
when unbound will listen on 127.0.0.1#53 and dnsmasq is not.
Also logs some cases where config values are overriden with sane defaults.
Fixes (partially) LEDE FS#785
Fixesopenwrt/packages#4487
Signed-off-by: Paul Oranje <por@xs4all.nl>
It's pretty useless as udev cannot run in coexistence with procd.
It was added mostly to get packages compiled which depend on libudev,
knowing that the udev related functionality will be broken.
eudev has now been replaced by libudev-fbsd which does the job much
better and may serve as a drop-in replacement with even some working
features.
In future we may want our own libudev-procd library which can also be
a mostly-stub implementation but may query things from procd using
ubus in some situations...
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The udev rule installed was ineffective as udev cannot run in
coexistence with procd. If needed, it should be reimplemented as
rule under /etc/hotplug.d/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* make sure contrib stuff gets built and installed
* refresh patches and improve Makefile while at it
Signed-off-by: Daniel Golle <daniel@makrotopia.org>