- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.38.1
- Update the configuration file to use version 4.0 as mentioned in the
release notes to try the latest changes
Fixes: CVE-2022-38725
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 34b7af9e08)
- Bump to the latest Git version in order to increase the package version
for simpler opkg upgrade of the broken version
- (Re-)Introduce PKG_RELEASE into the package, omitting it may lead to
opkg segmentation faults under certain circumstances
- Utilize automatic include hooks to drop the isolated miniupnpd table
in favor to chains within the main inet fw4 table, otherwise PCP is
unreliable as the upnp table might accept traffic which is later
rejected by fw4
- Install a fw4 script hook to restart miniupnpd on fw4 restarts and
reloads in order to repopulate the upnp chains with forward rules
- Register the used miniupnpd configuration file and the firewall uci
configuration as change sources, otherwise `/etc/init.d/miniupnpd reload`
has no effect if the firewall or upnpd config was changed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 3c6ff6c6c9)
Update the package to a commit that fixes an issue with removing PCP
mappings from nftables.
This also allows us to fix the nftables miniupnpd implementation on
openwrt.
In this new implementation, a table is created at the start of miniupnpd
and it is dedicated to miniupnpd with a priority above the firewall4
table. This allows miniupnpd to go ahead of the drop rules of firewall4
and forward traffic as needed. There was the possibility of adding a
chain inside the firewall4 table, but this would raise an issue where
if firewall4 was reloaded the port forwardings would be lost and
miniupnpd could be out of sync. When miniupnpd is stopped the table is
deleted, taking the port forwardings with it.
Some of this commit is based of msylgj's work, mainly the logic of the
init/hotplug scripts and the makefile build parameters.
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 651a578cac)
Consider only integer part of free space in megabytes when
deciding the boundaries of the to be created partition.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit f50a289e51)
Notable Changes:
Experimental command-line argument parser API
Experimental ESM Loader Hooks API
Experimental test runner
Improved interoperability of the Web Crypto API
Dependency updates:
Updated Corepack to 0.12.1
Updated ICU to 71.1
Updated npm to 8.15.0
Updated Undici to 5.8.0
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 841b38f37a)
With heavy system logging which goes by default into `/var/log/messages`
log file which is usually placed in tmpfs/RAM one can trigger OOM killer
fairly easily, thus killing random processes and in some cases making
system unusable.
This is likely happening due to the fact, that Linux by default uses 1/2
of available RAM for tmpfs, which might be for example an issue on low
RAM devices with ath10k wireless.
So let's fix it by adding logrotate functionality which should limit the
size of `/var/log/messages` log file to 1M by default, but could be
tweaked by config knob if needed be.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 660fa63faf)
This adds conflicts between the variants,
because they provide the same files, and it should not be
possible to install them side by side. Otherwise, it might happen that
half files would be from one variant and the other half from the
other.
Also, adds provides as if you request to install ``vim`` and
``vim-full``, then the request could be satisfied even they collide,
because ``vim-full`` provides ``vim`` package.
Signed-off-by: Karel Kočí <cynerd@email.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[add commit message]
(cherry picked from commit 46c058468a)
The full variant should conflict with the default variant. This prevents that
libgd and libgd-full could be installed side by side, and also, the full
variant should provide the libgd. Otherwise, if you install libgd-full,
you can not install vnstat.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 42b36b7180)
* Update maintainer's email address
* Style Make and init file to OpenWrt standard
* Rename dnsmasq and unbound-related variables to better reflect
their use
* New 'allow' CLI parameter to quickly unblock domain(s)
* Switch to uci wrappers
* Beautify the output of the 'check' CLI parameter
* Better handling of output files directory creation error
* Support for (upcoming) dnsmasq nftsets
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 3b686b08a5)
Fixes: https://github.com/openwrt/packages/issues/19210
If libjpeg isn't selected by another package, all is fine.
But if it is selected, the stress-ng build will see it and try to build the
jpeg stressor. This would usually fail sometime and link-time.
In any case, it's better to just pick-up libjpeg as a dependency of
stress-ng. If people want to stress their system with this tool, they can
probably expect libjpeg as well.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit fc6f44b13a)
The _init() function collides with a _init() function in crti.o.
This results in the following error in OpenWrt:
arc-openwrt-linux-gnu/bin/ld: libxt_coova.o: in function `_init':
/lib/gcc/arc-openwrt-linux-gnu/11.3.0/crti.o:(.init+0x4): first defined here
collect2: error: ld returned 1 exit status
make[7]: *** [Makefile:22: libxt_coova.so] Error 1
Fix this by suing a constructor attribute instead. This function will
still be called after the shared library was loaded.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 55297e45c8)
* vpn support can be disabled (enabled by default), fixes#19107 (see trm_vpn option)
* vpn support can be limited to certain interfaces (see trm_vpnifacelist list option)
* openvpn support works now per instance (same as wireguard today)
* add an auto-login script for tplink-omada hotspots provided by Sebastian Muszynski <basti@linkt.de>
* remove pipefail command, see #19043 for reference
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 963137dcc5)
Josef Schlehofer
Jo-Philipp Wich
Tiago Gaspar
Tianling Shen
Alexandru Ardelean
Daniel Golle
Fabian Lipken
Hirokazu MORIKAWA
Philip Prindeville
Daniel Bermond
R4SAS I2P
Vladimir Ulrich
Stan Grishin
Petr Štetiar
Toke Høiland-Jørgensen
Karel Kočí
Peter van Dijk
Jan Hák
Marko Ratkaj
Hauke Mehrtens
Rosen Penev
Lucian Cristian
Dirk Brenken
Michal Vasilek