Updates pdns-recursor to latest release in the 4.2 series.
Includes backported fixes for CVE-2020-10995, CVE-2020-12244 and
CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.
Full change log for this release is available at:
https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2
Signed-off-by: James Taylor <james@jtaylor.id.au>
Removed patch
`03-configure-allow-to-manually-disable-POSIX-capabiliti.patch` that has been backported into release.
Signed-off-by: Jan Hak <jan.hak@nic.cz>
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Includes:
- dawn_iwinfo: fix whitespace
- dawn_iwinfo: indentation
- dawn_iwinfo: iwinfo_finish();
- dawn_iwinfo: filter out global interface
- dawn_iwinfo: release iwinfo after usage
- tcpsocket: fix port print
- github: set CONFIG_SRC_TREE_OVERRIDE in actions CI
- github: fix link to dawn source
- github: use v2 for checkout action
- github: add GitHub Actions CI
- ubus: only update TCP socket list when using TCP connections
- add notice that full wpad is requirement
- fix link to luci-app-dawn
- update readme and install instructions
Signed-off-by: Nick Hainke <vincent@systemli.org>
Recently, there was added libcap-ng to OpenWrt packages feed,
which is optional for Knot DNS. It enables POSIX 1003.1e capabilities.
This can restrict root (by default it runs as root) permissions and
might harm and as there isn't systemd on OpenWrt it can interfere.
There is an added patch, which introduced an option to disable libcap-ng.
This will be part of the next release.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* Replace creating an empty PYTHON3_PKG_DIR with setting filespec to an
empty value
* Disable the default Python package build recipe (with
PYTHON3_PKG_BUILD:=0) and set an empty Build/Compile
* Remove VARIANT:=python3 and PROVIDES (providing the same name as the
package)
* Add PKG_BUILD_PARALLEL:=1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
start if kernel has missing ipv6 support
add libcap-ng support
fix some errors displayed on syslog
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Some monitoring tools will run into errors when sysDescr field is empty. This was the case for cacti 1.2.8 that i'm using to monitor my network. Ideally the sysDescr field would contain some information from the overview of luci, e.g. the Model, Firmware and Kernel-Version fields, but i am stranger to OpenWRT, so I'm unable to do that.
Signed-off-by: Robert von Könemann <lordtaifleh@gmail.com>
Explain which are the options supported by the protocol, and also
which are the supported values in each (if the field has value
validation).
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
ModemManager allows specifying which are the authentication protocols
to be used during the user/password context authentication with the
peer.
This protocol update allows users to provide a new 'allowedauth'
option in the interface configuration, which is then used in two
different places:
* It is sent to ModemManager in the --simple-connect call so that
modems with a network interface can perform the authentication
using their own vendor-specific protocol.
* If the connection is done using PPP, this list of protocols is used
to configure the pppd call.
If the new 'allowedauth' option is not given, all auth protocols are
implicitly allowed.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Use the upstream value for NGX_MAX_PROCESSES (=1024) again.
So it is safe to use `worker_processes auto;` (which sets it to
the number of CPUs). Also use this directive in the conf instead
of calculating the number in the init and passing it as argument.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
The upstream package supports it with a configure switch.
Defaulting to 'with SNMP support' as it was before.
Signed-off-by: Christophe Lermytte <gentoo@lermytte.be>
According to a comment in programs/pluto/kernel_xfrm_interface.c:177:
* IFLA_XFRM_IF_ID was added to mainline kernel 4.19 linux/if_link.h
with older kernel headers 'make USE_XFRM_INTERFACE_IFLA_HEADER=true'
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Integrate with uci to support 'enabled/disabled' startup option and
override netify's default auto network selection.
config netifyd
option enabled 0
option autoconfig 1
autoconfig: Use netify's in-built interface selection
else use 'internal/external_if' definitions.
Also persist important agent config across sysupgrade
agent.uuid, serial.uuid, site.uuid
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
hotplug scripts are sourced not exec'd so #!/bin/sh /etc/rc.common
doesn't pull in the functions defined in /etc/rc.common thus since
'enabled' isn't defined the following sequence always fails:
enabled miniupnpd || exit 0
Unfortunately sourcing /etc/rc.common doesn't appear to work so come up
with some alternatives.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>