The following CVE updates are included:
* CVE-2021-25219: The "lame-ttl" option is now forcibly set to 0. This
effectively disables the lame server cache, as it could previously be
abused by an attacker to significantly degrade resolver performance.
* CVE-2021-25218: An assertion failure occurred when named attempted
to send a UDP packet that exceeded the MTU size, if Response Rate
Limiting (RRL) was enabled.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reload the service when interfaces flap; note that libcap support
is required to open new sockets on interfaces coming up during
a reload, otherwise a full restart would be needed.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Use newly introduced procd_add_reload_mount_trigger to reload nfsd
when a mountpoint covering an exported filesystem is added by blockd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix uci-defaults for PostgreSQL backends
Add user 'gnunet' to 'postgres' group
Always build with sqlite3 as configure fails when --without-sqlite
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If an interface doesn't exist yet when vnStat is started, it won't be
monitored, as only existing interfaces can be added to the database via
the vnstat command.
This adds a hotplug script which adds any configured interfaces to the
vnStat database when it goes up.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
By default, vnstatd adds all available interfaces on startup when its
database is empty. The --noadd option prevents this, but it breaks
import of legacy databases, and causes vnstatd to exit immediately
after startup, which breaks reloading.
This changes the init script to add the --noadd option when no legacy
databases need to be imported, and patches vnstatd to keep running
even when no interfaces are configured.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
3.23.1: 2021-09-21
Improve ubx cycle detection.
Add quirks for Jackson Labs nonstandard NMEA
Change STATUS_NO_FIX to STATUS_UNK to avoid confusion with fix mode.
Change STATUS_FIX to STATUS_GPS to avoid confusion with fix mode.
Change STATUS_DGPS_FIX to STATUS_DGPS to avoid confusion with fix mode.
Split SOURCE_ACM from SOURCE_USB. ACM has no speeds.
Add speeds 1 mbps, 1.152 mbps, 1.5 mbps, and higher. When libc supports them.
Improve autobaud.
Add new u-blox M10 messages.
Fix u-blox M6, M7 initialization issues.
Various ubxtool and gpxlogger updates.
Add mtk3301_speed_switcher()
No API changes, except for STATUS_* as above.
No ABI changes.
Fallback to "python3" if "python" not found.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This has been replaced with the "trust-anchors" keyword, per
section 8.21.1 New Features of the Bind 9 Administrator Reference
Manual:
• In order to clarify the configuration of DNSSEC keys, the trusted-keys and managed-keys statements have been deprecated, and the new trust-anchors statement should now be used for both types of key.
When used with the keyword initial-key, trust-anchors has the same behavior as managed-keys, i.e., it configures a trust anchor that is to be maintained via RFC 5011.
When used with the new keyword static-key, trust-anchors has the same behavior as trusted-keys, i.e., it configures a permanent trust anchor that will not automatically be updated. (This usage is not recommended for the root key.) [GL #6]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Add boringssl library. BoringSSL is Google's fork of OpenSSL.
Amongst other features, it adds support for QUIC.
Signed-off-by: Martin Schneider <martschneider@google.com>
apxs is used to get information about the apache installation when
building external modules. Currently there are issues:
1.
./staging_dir/target-mips_24kc_musl/usr/bin/apxs -q TARGET
apache2
apxs:Error: ./staging_dir/target-mips_24kc_musl/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/apr-1-config not found!.
This error is fixed by sed script #2.
2.
./staging_dir/target-mips_24kc_musl/usr/bin/apxs -q TARGET
cannot open ./staging_dir/target-mips_24kc_musl/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/share/apache2/build/config_vars.mk: No such file or directory at ./staging_dir/target-mips_24kc_musl/usr/bin/apxs line 213.
This error is fixed by sed scipt #1.
Both sed scripts taken from buildroot (see [1]).
[1] https://github.com/buildroot/buildroot/blob/master/package/apache/apache.mk
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Remove uClibc hack. uClibc is not in the tree anymore.
Update configure options. Change legacy_level to 7. This gets rid of
backwards compatibility with version 0.1 and bumps it to 0.7.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commits adds the new usteer package to the packages feed.
usteer is a daemon for steering wireless clients across frequency
bands as well as between multiple access points on a network.
Signed-off-by: David Bauer <mail@david-bauer.net>
Based on the work of Hirokazu MORIKAWA (nxhack):
https://github.com/nxhack/openwrt-arduino-packages/tree/master/bossa
BOSSA is a flash programming utility for Atmel's SAM family of
flash-based ARM microcontrollers. The motivation behind BOSSA is to
create a simple, easy-to-use, open source utility to replace Atmel's
SAM-BA software.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Avoids having to add
HOST_LDFLAGS: -Wl,-rpath,$(STAGING_DIR_HOSTPKG)/lib
for packages that rely on shared libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove various outdated patches. No more uClibc and distutils is a
requirement.
Compile host libraries statically. Size is not a concern there. Also
avoids rpath hacks. Disable NLS as well. Avoids gettext dependencies.
Add libpcre dependency. Seems to be a requirement now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ospf running in instance mod will keep cpu to 100% so revert offending commit
if daemon is disabled in the file while running also close that daemon
also add the pythontools to support reload
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>