Includes fix for CVE-2021-34558 (crypto/tls: clients can panic when
provided a certificate of the wrong type for the negotiated parameters).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
- use $(INSTALL_DIR) instead of mkdir
- using $(INSTALL_CONF) and then running chmod is pointless, use
$(INSTALL_DATA) directly
- /etc/xinetd.d/sane-port doesn't need read protection from non-root
users, use $(INSTALL_DATA) as well
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
On some build systems (build bots, Debian Buster for example) the
current mechanism in the Build/Install define doesn't run. Replace it
with shell fu that works.
Issue was reported, see [1].
[1] https://github.com/openwrt/packages/issues/16085
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* make sure new volumes are in state 'down' until explicitely
requested to transition to 'up' state. Useful for additional
verification steps after writing a read-only volume.
* remove unused ubus events as blockd does that much better now
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
A simple DNS proxy server that supports all existing DNS protocols
including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC.
Moreover, it can work as a DNS-over-HTTPS, DNS-over-TLS or
DNS-over-QUIC server.
For documents, see https://github.com/AdguardTeam/dnsproxy.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
A simple command line utility to make DNS lookups. Supports all known
DNS protocols: plain DNS, DoH, DoT, DoQ, DNSCrypt.
For documents, see https://github.com/ameshkov/dnslookup.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Notable changes:
* Use toml as new default storage backend:
Upstream has removed the ini plugin, we have been using in the
past. toml is still somewhat experimental, but upstream has
designated it as future recommended default.
* Remove the dependency on boost. The only plugin needing that has
been removed upstram.
* Enable plugins for libev and libuv event loop integration. This
adds two new packages with the respective dependencies.
Upstream has fixed the bugs preventing us from using this.
* Enable the internal notification plugin/system. This allows
applications to automatically receive notifications about changes
to their configuration. Again upstream fixing bugs enables this
for us.
* Set the environment variable $XDG_CACHE_HOME to "/tmp/" globally
to prevent elektra (and possibly other applications) from
writing temporary data to flash.
Signed-off-by: Harald Geyer <harald@ccbib.org>
Python works with GNU DBM and with Berkley DBM.
Berkley DBM has been under Oracle for some time.
And it's not clear how many Python users actually use DBM.
In the packages feed, we have both libdb47 (which is now under Oracle) and
GNU DBM. The GNU DBM has a compatibility layer for Berkley DBM.
There are newer versions than libdb47, but it's probably not worth having
them yet. The libbd47 tarball is ~40+ MB. Odds are newer versions will be
bigger and more bloated.
This change merges the old `python3-gdbm` package into the `python3-dbm`
package, since they are effectively using the same underlying library now,
i.e. gdbm.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Python supports both GNU dbm and Berkley DBM.
GNU dbm also has a compatibility layer for Berkeley.
The current Berkley DB in OpenWrt is 4.7 and hasn't been updated in ages.
It's also pretty big.
So, an alternative for Python is to use GNU dbm for both (GNU and Berkley).
Also, removing static shared libraries from the build, to encourage the
usage of the shared ones.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
User that don't control both OpenVPN client and server
might still need LZO support, so keep it enable by default for at least
OpenSSL variant.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.
---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---
This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>