This change fixes multiple denial-of-service vulnerabilities:
* CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
* CVE-2016-9147: An error handling a query response containing
inconsistent DNSSEC information could cause an assertion failure
* CVE-2016-9444: An unusually-formed DS record response could cause
an assertion failure
* CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure
in db.c
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
- fix ip extraction if knot host is used together with glue records
- fix ip extraction from nslookup if reverse dns record has ip with dot reported at http://forum.lede-project.org/t/ddns-scripts-error/909
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Add a few mirrors in-front of main site for offloading
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Before this change logging was always activated and then IoTivity wrote
a lot of debug messages. Make it now configurable.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Install the header files needed to build something against IoTivity.
This will have it easier to build an application using IoTivity library.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These patches are making it possible to provide the compiler settings
from the environment so LEDE can change them. This replaces the old
patches with the versions send for upstream inclusion.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This does the following changes:
* update to version 1.2.1
* add iotivity-resource-directory-lib, this is needed by most
applications now
* do not activate security support by default, this caused some
problems and needs some more settings to setup.
* use sqlite version from normal package feed instead of using an own
version
* build against LEDE version of mbedtls
* update example security configuration
* remove some patches that went upstream
* add some new patches fixing problems observed in my environment, most
of them are on their way upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- cloudflare v1 change syntax of option domain to "host.sub@example.com" like already cloudflare v4 and godaddy to prepare logterm remove of public_suffix_list.dat from package
- change Makefile to be backportable to CC15.05 and working on DD
- change ddns.defaults to prepare future releases of ddns-scripts
- minor fixes
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Talked it over with Ben (@scrpi).
He said he'd be fine with taking over maintainership of this.
@scrpi: please confirm this on PR.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
HTTP header content-disposition isn't honored resulting in source tarball name only containing version number.
Switch to GIT repo as workaround to avoid clashing filenames.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Version bumped to 4.3.5. Separated out compile/install steps since
compiling with $DESTDIR yields bogus results. Removed rfc-3527 patch
as something similar (better) is now upstream (well, more complete
error checking anyway). Change relay scripts from '-l ifname' to
'-U ifname' to correspond to upstream changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Instead of causing nondeterministing conditional compilation depending on
whether libnl-core happens to be present or not, fixup the net-snmp package
to link against libnl-tiny which is present by default on the majority of
systems.
In order to successfully build against libnl-tiny, a number of things had
to be fixed in both the upstream configure and the outer Makefile:
- Add a patch which fixes the upstream configure macros to properly handle
cases where the cache variables for nl_connect() and netlink.h tests are
predefined. Without this patch, all subsequent link tests in configure
will fail, causing the build system to assume functions like opendir() or
readdir() to be missing, leading to build failures later on due to
conflicting redefinitions of structures and function prototypes
- In the same patch, stop probing the host systems /usr/include/libnl-3 if
ac_cv_header_netlink_netlink_h is given. This brings the proprietary
configure bits in line with the behaviour expected from autoconfig in a
cross compile setting
- Explicitely request nl support by passing the --with-nl flag to configure
- Pass the required cache variables to skip the broken tests for
nl_connect() and netlink.h
- Amend TARGET_CPPFLAGS to let net-snmp's build system discover nl-tiny's
netlink/netlink.h and netlink/socket.h
- Enable the autoreconf fixup to regenerate the broken shipped configure
from patched macros
- Adjust the depends to unconditionally require libnl-tiny
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commit e73964fa8f incorrectly dropped the
patch 101-update-struct-msghdr.patch. Add it again, and while add it
also add the follow-up patch that was added upstream.
Fixes#3757.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When libnl-core is enabled, but libnl isn't, build fails because of a
missing dependency on libnl-3.so.200. Depending on libnl-core seems to
work for both cases.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update to 5.7.3 by refreshing patches; remove 800-format-security
as upstream integrated.
Add libnl dependency in the package Makefile as net-snmp will check
if libnl is enabled in config_os_libs2.
Remove unneeded PKG_FIXUP build variable.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hannu Nyman
Aaron Drew
Noah Meyerhans
Daniel Golle
Christian Schoenebeck
danrl
Peter Wagner
Daniel Dickinson
Thomas Weißschuh
Matthias Schiffer
Ted Hess
Hauke Mehrtens
Dirk Brenken
Alexandru Ardelean
Moritz Warning
Federico Di Marco
Michael Heimpold
Daniel Engberg
Toke Høiland-Jørgensen
Cezary Jackiewicz
Philip Prindeville
Jo-Philipp Wich
Stijn Tintel
Hans Dedecker