* add new 'hblock' compilation source (XL, see https://hblock.molinero.dev for reference)
* print runtime/date information in ISO-8601 standard format
* minor cleanups
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 51a5ec6069)
The forecast plugin does not require the iptables binary, it uses
libiptc instead.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 6e132e74fd)
The connmark plugin does not require the iptables binary, it uses
libiptc instead.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 6cb15df69a)
Let's move the iptables IPsec dependencies out of the strongswan package
and into the plugin package that actually depends on it,
strongswan-mod-updown. As the default updown script calls the iptables
binary, also add a dependency on the iptables-legacy package.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 93fbbcbfee)
Enable AUTORELEASE in a separate commit so that the next commit can be
reverted without having to manually re-introduce it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit cf1e146858)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Make sure /etc/gnunet and all its files and sub-directories are owned
by gnunet:gnunet. This is somehow necessary as file ownership otherwise
doesn't survive sysupgrade.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 65f5f850f3)
Only notable change since 0.14.0 is that pthread_mutexattr_setkind_np()
is now no longer used.
pthread_mutexattr_setkind_np() is deprecated and non-standard.
The standard version is called pthread_mutexattr_settype()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d59731ba61)
This is a bugfix release for gnunet 0.16.1.
Noteworthy changes in 0.16.2 (since 0.16.1)
DHT: Fix path signature handling.
GNS: Fix BOX handling in zone apex.
NAMESTORE: Prevent storing under invalid labels.
Buildsystem: Fix build on *BSD and Guix.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 033744ac59)
Fixes multiple security issues:
* CVE-2022-0667 -- An assertion could occur in resume_dslookup() if the
fetch had been shut down earlier
* CVE-2022-0635 -- Lookups involving a DNAME could trigger an INSIST when
"synth-from-dnssec" was enabled
* CVE-2022-0396 -- A synchronous call to closehandle_cb() caused
isc__nm_process_sock_buffer() to be called recursively,
which in turn left TCP connections hanging in the CLOSE_WAIT
state blocking indefinitely when out-of-order processing was
disabled.
* CVE-2021-25220 -- The rules for acceptance of records into the cache
have been tightened to prevent the possibility of
poisoning if forwarders send records outside the
configured bailiwick
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
As per the discussion in PR #18047, split the MTR package into
two, one with jansson enabled for JSON output, and one without.
This commit also bumps the version to 0.95. Since the MTR project
website does not seem to be updated with builds any longer, switch
to GitHub Codeload instead.
Also enable PKG_FIXUP:=autoreconf so that MTRs bootstrap.sh process
is executed properly.
Signed-off-by: Marc Egerton <marc@malloc.me>
* remove upstreamed gcc10 and cerrno patches
* disable SSO and OIDC as it needs Rust/Cargo support
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Enable AUTORELEASE in a separate commit so that the next commit can be
reverted without having to manually re-introduce it.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Note that on 32-bit ARM with MUSL we don't have Unwind_GetIP() so
we need to disable backtraces.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Unless we're using "mktemp -u ..." (not recommended), it will
create the temp file as part of its safety checking. Thus you
should only create the name (file) if you're going to use it,
and always remove it if you have created it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
If named is configured to not listen on any IPv6 interfaces,
then we should run 'nsupdate' with the '-4' argument.
Also:
* cleanup RFC-1918 address detection;
* don't generate PTR records for domain entries that aren't
RFC-1918 addresses or these will generate NOTAUTH failures;
We're assuming that we're doing DNS split-horizon and that
internal addresses aren't routable.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
To allow using gnunet on systems with firewall4, add replace direct
dependency on 'firewall' with 'uci-firewall' which is satisfied by
either 'firewall' or 'firewall4'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It turns out that under high system load, ipsets cannot be deleted. This
is because there is still a reference in iptables. A short sleep should
give the system time to clean this up.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>