Something having to do with passing a file descriptor over spamd's
Unix socket causes the ClamAV milter to fail. The milter says "ERROR:
Unknown reply from clamd," and running strace on spamd reveals "No file
descriptor received. ERROR."
Some work by others can be found on the Internet that suggests using
a TCP socket for the communication between the milter and spamd fixes
this. Lucian Cristian confirmed this on OpenWrt.
I am not sure why the Unix socket does not work. I suspect it is something
related to musl, but I have not yet found evidence of this.
This merge request adds the option to configure spamd to use a TCP
socket, and it uses this as the default. The merge request also adds an
init script for clamav-milter.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
* update to 4.13.3
* enable vfs io_uring module by default, if kernel supports it
* fix for possible exploit openwrt/packages#13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
* remove old aio modules/deps
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.
Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.
OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.
[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
Add fadvise64_64 and fchmod syscalls needed on PowerPC platforms to
seccomp rules of transmission-daemon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When specifying a secondary password script, the output should be appended to the temporary password file and shouldn't overwrite it. If you refer to the case where there is a static secondary password, you can see that the secondary password is appended. Without this fix, only the secondary password is passed to the `openconnect` session.
Signed-off-by: Frederick Morlock <FrederickGeek8@gmail.com>
There's some kind of crash internally in wolfSSL. It doesn't seem like
anyone knows how to fix it. Just disable it for now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove uClibc-ng patch as it's not in the tree anymore.
Also remove the _GNU_SOURCE CFLAG for the same reason.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This package has been completely broken on several levels since
commit eadd5abe40 ("smartsnmpd: Update to 2015-02-22 version")
The update changed the configuration file syntax without fixing
the scripts generating this file. The OpenWrt package would
therefore fail to run.
Worse than that, the last upstream version is completely broken
is unable to generate proper snmp replies even if the
configuration file is fixed, This has been tested and verified
on both OpenWrt/realtek and Debian/amd64.
I considered fixing the package, but dropped it for the following
reasons
1) upstream has abandoned the project
2) the upstream fork "smithsnmp" continues to make aribitrary
changes to configuration files and other packaging challenges
3) the package is tied to the lua5.1 C API, and further upgrades
will be non-trivial
4) there are several other snmp daemons available in OpenWrt,
without any of these issues
5) no one is interested in this package
The last point is proven by the lack of testing and feedback.
The last update was not even tested by the person preparing and
commiting the update.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
It tries to link to host libraries for some reason. Add autoreconf to
fix. Also remove redundant prefixes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The idea behind this is to prevent confusion between "virtual" package
wget and real one. Wget is provided by not just wget packages but also
by uclient-fetch so technically it is better to threat wget as virtual
package.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* update device description framework to v1.3
* setup methods in database
* setup uhttpd to use hs20 cert
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
pass CC to configure. host CC flags can leak in the build system,
preventing compilation.
Deleted upstream backports.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>