* add a patch to fix a null pointer dereference in src/racoon/gssapi.c (CVE-2015-4047)
* refresh patches
* bumb release number
Signed-off-by: Nicolas Thill <nico@openwrt.org>
- Use netifd no_proto_task for notifying that xl2tpd does not have a
protocol task running.
- Use procd for xl2tpd service management.
- Refreshed 2xx patches to
- Prevent leftover regular type control result file.
- Allow xl2tpd run as foreground process while logging via syslog.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- bumped version
- removed dependency on `ip` package as routes are setup by netifd
if iproute2 is actually required, please depend on
`@(PACKAGE_ip||PACKAGE_ip-full)` instead of `ip`
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
gcc complains about atexit() being implicitely defined in
xl2tpd-control.c
Fix that by including stdlib.h in xl2tpd-control.c
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Yousong Zhou <yszhou4tech@gmail.com> made a couple of useful fixes
mostly for the xl2tpd-control tool which was broken.
imported them (patches/2*) here.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fix Makefile to force compression of tld_names.dat reported in OpenWrt Ticket 19597
* change default of retry_count to "0" (retry endless) suggested by Henning Schild
* updated tld_names.dat include changes until 07.05.2015
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
It used to require 1+ IPv4 addresses to start on Linux. Now it starts
up with 0 addresses (of any type), as netlink can provide us more
later. This way, no stupid restart loop with procd if it is racing
with netifd at startup.
Signed-off-by: Steven Barth <steven@midlink.org>
[RELEASE] Released version 1.5.12
Released version 1.5.12 with the following main changes :
- BUG/MINOR: ssl: Display correct filename in error message
- DOC: Fix L4TOUT typo in documentation
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MINOR: compression: consider the expansion factor in init
- BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
- BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- DOC: http: update the comments about the rules for determining transfer-length
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
- BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding
- MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
- MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
- BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
- MINOR: stick-table: don't attach to peers in stopped state
- MEDIUM: config: initialize stick-tables after peers, not before
- MEDIUM: peers: add the ability to disable a peers section
- DOC: document option http-ignore-probes
- DOC: fix the comments about the meaning of msg->sol in HTTP
- BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
- BUG/MAJOR: http: prevent risk of reading past end with balance url_param
- DOC: update the doc on the proxy protocol
Signed-off-by: heil <heil@terminal-consulting.de>
seccomp is only supported on x86, amd64 and arm in tor.
This deactivated it currently completely which should close#935,
#1097, #1147 and #1161.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>