This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The speedtest-netperf.sh script measures the network throughput while
monitoring latency under load and capturing key CPU usage and frequency
statistics. The script can emulate a web-based speed test by downloading
and then uploading from an internet server, or perform simultaneous
download and upload to mimic the stress of the FLENT test program.
It simplifies tasks such as validating ISP provisioned speeds or setting
up and fine-tuning SQM, directly on the router. The CPU usage details
can also help determine if the demands of SQM, routing and other tasks
such as the test itself are exhausting the device's CPUs.
This script leverages earlier scripts from the CeroWrt project used for
bufferbloat mitigation, betterspeedtest.sh and netperfrunner.sh. They are
used with the permission of the author, Rich Brown.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* add captive portal domains automatically to the related
domain whitelist (dhcp option 'rebind_domain'),
if rebind protection/RFC1918 is enabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
This updates the package to use the default PyBuild/Compile, instead of
defining a custom Build/Compile.
This also updates the source url and adds a src package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the Python 2 twisted package to python-twisted, and updates
dependents (i.e. obfsproxy) to reference the updated name.
This also fixes conflicts between the Python 2 and 3 packages. Twisted
installs some scripts to /usr/bin, and previously scripts for both
packages used the same names. This adds a "3" suffix to scripts
installed by python3-twisted.
This also adds python[3]-setuptools as a dependency, as the scripts
installed to /usr/bin depend on pkg_resources (part of setuptools).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When OpenSSL is built without deprecated APIs, pkg-config first tries
OpenSSL in the staging directory but fails as it cannot find the
deprecated SSL_library_init function and ends up finding the system one.
Added PKG_BUILD_PARALLEL for faster compilation.
Added -Wl,--gc-sections to LDFLAGS to save ~10KB from the resulting ipk.
Reworked configure section as some of those options were renamed or
removed.
Removed EXTRA_* hacks that are no longer necessary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Using an external toolchain, it was discovered that net-snmp would
link with the Perl library (-lperl) from the host rather than from the
target.
Since we do not provide Perl as a dependency to net-snmp, the solution
is to disable support for it.
Fixes issue #8217.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also replaces space indentation with tabs, and removes trailing
whitespace and unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a validate section to service_triggers(), and fixes some
variable name typos in qosdef_init_static().
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Changes:
-remove old patch(part of 0.0.9 release)
-change the canonical upstream repo location to gitlab
-change source to gitlab
-change source package to golang-gitlab-yawning-obfs4-dev
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and updates the timeout
value to the new max timeout in ipset 7.0.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.
Always call post_checks when returning from issue_cert.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
git is hard. :-(
Reported-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fixes: 4629f043e0 ("znc: update to 1.7.2")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Eneas U de Queiroz
Deng Qingfang
Peter Wagner
W. van den Akker
Dirk Brenken
Tony Ambardar
Jeffery To
Yousong Zhou
Rosen Penev
Stijn Tintel
Luís Felipe Safady
Maxim Cournoyer
Karl Palsson
Christian Lachner
Jan Pavlinec
Toke Høiland-Jørgensen
Adrien DAURIAT
Alexey I. Froloff
David Yang
Jonas Gorski