Includes fixes for:
* CVE-2021-44716: unbounded growth of HTTP/2 header canonicalization
cache
* CVE-2021-44717: syscall.ForkExec error can close file descriptor 0
Added patches:
* 001-cmd-link-use-gold-on-ARM-ARM64-only-if-gold-is-available.patch:
https://github.com/golang/go/pull/49748 backported for Go 1.17,
this removes the requirement for the gold linker when building Go
programs that use Go plugins on arm/arm64
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Full changelog available at: https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.0
packr has been removed from build dependencies, per
c6888326b0 (diff-2873f79a86c0d8b3335cd7731b0ecf7dd4301eb19a82ef7a1cba7589b5252261L2)
Also added the ability to configure working directory location and moved
the directory to /var. On most setups this should not change anything,
as /var is symlinked to /tmp. The move mostly benefits setups where /var
is configured to be persistent.
The working directory is used by AdGuard to store persistent data like
query logs, filter lists, etc.
Data stored in this directory can get really huge, as such allowing
this directory to be moved elsewhere (ie. an USB drive) is very
beneficial.
Co-authored-by: Dobroslaw Kijowski <dobo90@gmail.com>
Co-authored-by: Jeffery To <jeffery.to@gmail.com>
Signed-off-by: Hiếu Lê <leorize+oss@disroot.org>
Add MaxMind's geoipupdate utility. mmdb files are downloaded to /var/GeoIP
by default. The user should update /etc/GeoIP.conf with their API key and
DB choice, currently set to country only. So as not to exceed MaxMind's
download limitations, the user should manually run the utility or set up a
cron job.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
When openldap is not enabled, the following configurables remain present
in the config:
CONFIG_OPENLDAP_DEBUG=y
\# CONFIG_OPENLDAP_CRYPT is not set
\# CONFIG_OPENLDAP_MONITOR is not set
\# CONFIG_OPENLDAP_DB47 is not set
\# CONFIG_OPENLDAP_ICU is not set
This patch adds a libopenldap dependency for these options, removing the
above from .config when libopenldap is not used. Further, move these
configurables to Config.in.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
With the last upstream change, all build variants were removed so that
we only have one package. It is now called openwisp-config.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove un-necessary crowdsec package dependency, to be able to use
crowdsec-firewall-bouncer independently from crowdsec local installation.
(with remote API)
Fix issue: https://github.com/openwrt/packages/issues/17406
Description:
using crowdsec-firewall-bouncer on many OpenWRT devices connected
with my domain LAPI server (which collect many crowdsec machines,
mostly nginx), it works great. Actually, crowdsec package is not
mandatory for that usage, it would be great if it was not a dependency.
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
* auto-created meta volume
Automatically create volume '.meta' sized 0.01% of the total space
managed by uvol, the minimum size being 4 MiB.
This volume should be used to keep metadata about stored volumes, such
as container runtime configuration (in /var/run/uvol/.meta/uxc) or
the database of installed container packages.
* configurable LVM volume group
Allow setting volume group to be used by uvol using UCI.
This is useful on devices which do not boot off the device which
should be used for uvol and hence cannot make use of autopart and
physical volume detection based on kernel cmdline.
Use option vg_name in uvol section of fstab UCI config package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When cURL is built with OpenSSL as backend SSL/TLS library,
pecl_http's configure tries to detect whether TLS 1.3 ciphers
are enabled. This does not work when cross-compiling so let's
pass it based on OpenSSL build configuration.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Currently the contents of logrotate.d is not kept across sysupgrades.
Add this directory to the conffiles definition to ensure its content is
maintained.
Bump the release as well.
Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>