This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
A simple DNS proxy server that supports all existing DNS protocols
including DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC.
Moreover, it can work as a DNS-over-HTTPS, DNS-over-TLS or
DNS-over-QUIC server.
For documents, see https://github.com/AdguardTeam/dnsproxy.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
A simple command line utility to make DNS lookups. Supports all known
DNS protocols: plain DNS, DoH, DoT, DoQ, DNSCrypt.
For documents, see https://github.com/ameshkov/dnslookup.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Notable changes:
* Use toml as new default storage backend:
Upstream has removed the ini plugin, we have been using in the
past. toml is still somewhat experimental, but upstream has
designated it as future recommended default.
* Remove the dependency on boost. The only plugin needing that has
been removed upstram.
* Enable plugins for libev and libuv event loop integration. This
adds two new packages with the respective dependencies.
Upstream has fixed the bugs preventing us from using this.
* Enable the internal notification plugin/system. This allows
applications to automatically receive notifications about changes
to their configuration. Again upstream fixing bugs enables this
for us.
* Set the environment variable $XDG_CACHE_HOME to "/tmp/" globally
to prevent elektra (and possibly other applications) from
writing temporary data to flash.
Signed-off-by: Harald Geyer <harald@ccbib.org>
Python works with GNU DBM and with Berkley DBM.
Berkley DBM has been under Oracle for some time.
And it's not clear how many Python users actually use DBM.
In the packages feed, we have both libdb47 (which is now under Oracle) and
GNU DBM. The GNU DBM has a compatibility layer for Berkley DBM.
There are newer versions than libdb47, but it's probably not worth having
them yet. The libbd47 tarball is ~40+ MB. Odds are newer versions will be
bigger and more bloated.
This change merges the old `python3-gdbm` package into the `python3-dbm`
package, since they are effectively using the same underlying library now,
i.e. gdbm.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Python supports both GNU dbm and Berkley DBM.
GNU dbm also has a compatibility layer for Berkeley.
The current Berkley DB in OpenWrt is 4.7 and hasn't been updated in ages.
It's also pretty big.
So, an alternative for Python is to use GNU dbm for both (GNU and Berkley).
Also, removing static shared libraries from the build, to encourage the
usage of the shared ones.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
User that don't control both OpenVPN client and server
might still need LZO support, so keep it enable by default for at least
OpenSSL variant.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
For now, disable mqtt as it was automatically enabled as the build
system finds compiled libpaho-mqtt-c and requires dependency.
---
Here is the output:
Package syslog-ng is missing dependencies for the following libraries:
libpaho-mqtt3c.so.1
---
This is a new feature since syslog-ng 3.33.1 and if anyone is interested
in it, it can be enabled.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
- Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-3.33.1
- Bump version in config
It fixes:
WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.33 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file; config-version='3.31'
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Switch to AUTORELEASE for simplicity.
Disable parallel compilation as there's something wrong with NSS' build
system. Reliably fails with make -j 12 on a ryzen 3600.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The commit updating the seccomp filter didn't bump PKG_RELEASE.
Do that now.
Fixes: 1141ee1e5 ("transmission: add new syscalls to seccomp filter)"
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Testing showed that additional syscalls are needed on ARMv7.
Add "getegid32", "geteuid32", "getgid32" and "getrandom" as they are
all innocent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Using GPT/UUID parition table is not always a possible choice.
Add support for MBR/DOS partitioned disks to make autopart work on
legacy targets like mt7623.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
By default, there was used sks-keyservers.net pool, which has invalid
SSL certificate and they also announced that their service is deprecate
and no longer maintained.
Use the same GPG server as LXC is using by default in the newer
releases.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
555268b ubus: filter neighbors by SSID when preparing nr
3db9607 data storage: match SSID when searching ap entry
a22f5a7 storage: ensure SSID strings are NULL-terminated
Signed-off-by: Nick Hainke <vincent@systemli.org>
Rosen Penev
Luiz Angelo Daros de Luca
Tianling Shen
Luka Perkov
Jakov Petrina
Alexandru Ardelean
Harald Geyer
Etienne Champetier
Josef Schlehofer
Hirokazu MORIKAWA
Philip Prindeville
Nick Hainke
Daniel Golle
Florian Eckert
Wojciech Dubowik