* Update to 1.0.12
* Use PKG_HASH instead of PKG_MD5SUM
* Add libsodium github link in PKG_SOURCE_URL
Signed-off-by: Damiano Renfer <damiano.renfer@gmail.com>
* Update to 1.9.5
* Use PKG_HASH instead of PKG_MD5SUM
* Add dnscrypt-proxy github link in PKG_SOURCE_URL
Signed-off-by: Damiano Renfer <damiano.renfer@gmail.com>
If mwan3track will not stop immediately after sending the kill signal,
the clean_up handler will delete the pid file later while the new mwan3track is
already running.
This could result in a situation that mwan3track is running
more then once because the old mwan3track service could not be killed,
because the pid file is missing.
Using pgrep to kill all mwan3track for the tracked interface and not using
pid file should fix this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This change includes fixes for several security issues:
* CVE-2017-3138: rndc "" could trigger an assertion failure in named.
* CVE-2017-3137: Some chaining (i.e., type CNAME or DNAME) responses to
upstream queries could trigger assertion failures.
* CVE-2017-3136: dns64 with break-dnssec yes; can result in an assertion
failure.
* CVE-2017-3135: If a server is configured with a response policy zone
(RPZ) that rewrites an answer with local data, and is also configured
for DNS64 address mapping, a NULL pointer can be read triggering a
server crash.
* CVE-2016-9444: named could mishandle authority sections with missing
RRSIGs, triggering an assertion failure.
* CVE-2016-9131: named mishandled some responses where covering RRSIG
records were returned without the requested data, resulting in an
assertion failure.
* CVE-2016-9131: named incorrectly tried to cache TKEY records which could
trigger an assertion failure when there was a class mismatch.
* CVE-2016-8864: It was possible to trigger assertions when processing
responses containing answers of type DNAME.
* CVE-2016-6170: Added the ability to specify the maximum number of
records permitted in a zone (max-records #;). This provides a mechanism
to block overly large zone transfers, which is a potential risk with
slave zones from other parties.
* CVE-2016-2776: It was possible to trigger an assertion when rendering a
message using a specially crafted request.
* CVE-2016-2775: Calling getrrsetbyname() with a non absolute name could
trigger an infinite recursion bug in lwresd or named with lwres
configured if, when combined with a search list entry from resolv.conf,
the resulting name is too long.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
fixes webroot to be defined as
_currentRoot='/www'
instead of being interpreted as
_currentRoot='"/www"'
Signed-off-by: Aleksei Nosachev <nos1609@hotmail.com>
* create /etc/vsftpd directory for extra config files
like userlist, certificate and key
* modify config file to use that directory
* include that directory in conffiles for backup
* use PKG_HASH
* update URL
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
backend:
* various small fixes & optimizations
LuCI frontend (see luci repo):
* Limit Blacklist/Whitelist Online editing to max. 512 KB, approx.
20.000 domains per list
* Automatically refresh the overview page after button onclick event,
e.g. 'Suspend/Resume' or 'Save & Apply'
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Notes:
- drop un-needed patches
- bump kernel support up to 4.9
- switch from git repo to release tarball
- use OVS intree kernel module ; seems that using the kernel module
from the package has certain issues due to the glue/backport code
that tries to adapt to many kernel versions and has a potential
to mess up ; not to mention, the glue code makes the kmod
a few times larger than it should be
- tested on x86_64 VM
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Hannu Nyman
Michael Heimpold
Damiano Renfer
Luka Perkov
champtar
Mislav Novakovic
Florian Eckert
Noah Meyerhans
Michail Frolov
Dirk Brenken
Aleksei Nosachev
Jason A. Donenfeld
Christian Simon
Nikos Mavrogiannopoulos
Stan Grishin
Alexandru Ardelean
Moritz Warning