* lots of fixes for many subsystems
* new messenger group chat service
* 'abd' temporarily removed due to upstream issue
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. In combination with "--auth-gen-token" or
a user-specific token auth solution it can be possible to get access to
a VPN with an otherwise-invalid account.
OpenVPN 2.5.2 also includes other bug fixes and improvements.
Add CI build test script.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* add a "whitelist only" mode, this option allows to restrict Internet
access from/to a small number of secure websites/IPs, and block access
from/to the rest of the Internet.
Signed-off-by: Dirk Brenken <dev@brenken.org>
Use sfdisk to get GPT partition by name as partition names are not
known by the kernel if added via partx.
Make sure physical volume names are unique, if possible correlate
with the disks serial number and/or card's cid.
mkf2fs apparently returns 134 even in case format succeeded, so don't
fail in that case (this fixes rw volumes large enough for F2FS to be
selected by the lvm scripts of uvol).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
- Add support for AppArmor
- Gracefully stop containers and pods on shutdown
I found out that If you change location of containers to persistent storage instead of tmpfs, starting them will fail unless they have been stopped. If this is the case that reboot has occurred before pods and containers have been stopped, they cannot be started, they have to be removed and re-created. Change in initscript tries to avoid that. Even if containers are running at tmpfs, this won't hurt. Still, if something happens and system hangs/reboots/etc, script won't save you from that. It's just a attempt to make things better.
I also enabled AppArmor support for future possibilities.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
This commit updates boost to version 1.76.0
There are no new libraries in this version
More info about Boost 1.76.0 can be found at the usual place [1].
Note: This package update includes a fix merged to Boost.Fiber in [2]
which did not make into this version but it will be present in the next
one. For now, the patch is needed, but it will be removed in version
1.77.0
[1]: https://www.boost.org/users/history/version_1_76_0.html
[2]: https://github.com/boostorg/fiber/pull/276
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
This commit is largely based on the work from Daniel Dickinson in
PR #2096 which was never merged. I tweaked it in a number of ways.
All bugs with this package are mine, not his.
Signed-off-by: Aaron Curley <accwebs@gmail.com>
Currently, this package can not be installed while using standard path
of busybox, because binary killall wants to be installed on the same
location as busybox.
Collision:
• /usr/bin/killall: busybox (new-file), psmisc (existing-file)
Many of these binaries, which provides alternatives were moved to
folder /usr/libexec like wget, sed, findutils, less.
So I moved killall to /usr/libexec and others leave in touch and added
ALTERNATIVES for it, because preinstall script is no longer necessary.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Emmit ubus events when volumes come up/down.
Make sure volume state is always well defined by introducing
additional state 'write-prepare' (wp) during mkfs.
Add init scripts to bring up volumes at boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain
clients based on their IP (currently only supported by bind!)
* avoid promiscuous mode in tcpdump setup for adblock reporting
* speed up dns report preparation
* support dns report mailing (/etc/init.d/adblock report mail)
* fix bind autodetection
* update LuCI-frontend (separate PR)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>