This change fixes multiple denial-of-service vulnerabilities:
* CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
* CVE-2016-9147: An error handling a query response containing
inconsistent DNSSEC information could cause an assertion failure
* CVE-2016-9444: An unusually-formed DS record response could cause
an assertion failure
* CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure
in db.c
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Per user request ship the sample upsset.conf file so that
upsset functionality can be used with nut-cgi
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Current maintainer (Martin Rowe) offered to hand over
maintership because I'm interested in doing more with
the package than he requires for his own use, so he
felt it made sense for me to maintain the package.
I accepted, hence this commit.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Use /var/run/nut as statepath and set appropriate owner
and permissions on /var/run/nut in order to avoid pidfile
for nut being world-readable.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
It looks like serial support was accidentally dropped due to missing
pieces on Config.in and Makefile. Add back serial support by fixing
that.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
With a LuCI app (of which I have one written) ucification makes
sense (and is in fact needed), so ucify the initscripts.
Also, rather than making selection of things to include an image
a matter of selecting compile-time config options, make optional
things into seperate packages that are built in default builds,
and leave selection of what to include or not up to the user
(e.g. using ImageBuilder, or adding packages via opkg).
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- fix ip extraction if knot host is used together with glue records
- fix ip extraction from nslookup if reverse dns record has ip with dot reported at http://forum.lede-project.org/t/ddns-scripts-error/909
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Add a few mirrors in-front of main site for offloading
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Before this change logging was always activated and then IoTivity wrote
a lot of debug messages. Make it now configurable.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Install the header files needed to build something against IoTivity.
This will have it easier to build an application using IoTivity library.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These patches are making it possible to provide the compiler settings
from the environment so LEDE can change them. This replaces the old
patches with the versions send for upstream inclusion.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This does the following changes:
* update to version 1.2.1
* add iotivity-resource-directory-lib, this is needed by most
applications now
* do not activate security support by default, this caused some
problems and needs some more settings to setup.
* use sqlite version from normal package feed instead of using an own
version
* build against LEDE version of mbedtls
* update example security configuration
* remove some patches that went upstream
* add some new patches fixing problems observed in my environment, most
of them are on their way upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- cloudflare v1 change syntax of option domain to "host.sub@example.com" like already cloudflare v4 and godaddy to prepare logterm remove of public_suffix_list.dat from package
- change Makefile to be backportable to CC15.05 and working on DD
- change ddns.defaults to prepare future releases of ddns-scripts
- minor fixes
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Talked it over with Ben (@scrpi).
He said he'd be fine with taking over maintainership of this.
@scrpi: please confirm this on PR.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Copy mime.conf to temporary directory so squid process can properly read the file. Without it squid cannot access mime.conf and throws a warning during startup.
Signed-off by: Adam Gensler <openwrt@a.gnslr.us>
HTTP header content-disposition isn't honored resulting in source tarball name only containing version number.
Switch to GIT repo as workaround to avoid clashing filenames.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Version bumped to 4.3.5. Separated out compile/install steps since
compiling with $DESTDIR yields bogus results. Removed rfc-3527 patch
as something similar (better) is now upstream (well, more complete
error checking anyway). Change relay scripts from '-l ifname' to
'-U ifname' to correspond to upstream changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Instead of causing nondeterministing conditional compilation depending on
whether libnl-core happens to be present or not, fixup the net-snmp package
to link against libnl-tiny which is present by default on the majority of
systems.
In order to successfully build against libnl-tiny, a number of things had
to be fixed in both the upstream configure and the outer Makefile:
- Add a patch which fixes the upstream configure macros to properly handle
cases where the cache variables for nl_connect() and netlink.h tests are
predefined. Without this patch, all subsequent link tests in configure
will fail, causing the build system to assume functions like opendir() or
readdir() to be missing, leading to build failures later on due to
conflicting redefinitions of structures and function prototypes
- In the same patch, stop probing the host systems /usr/include/libnl-3 if
ac_cv_header_netlink_netlink_h is given. This brings the proprietary
configure bits in line with the behaviour expected from autoconfig in a
cross compile setting
- Explicitely request nl support by passing the --with-nl flag to configure
- Pass the required cache variables to skip the broken tests for
nl_connect() and netlink.h
- Amend TARGET_CPPFLAGS to let net-snmp's build system discover nl-tiny's
netlink/netlink.h and netlink/socket.h
- Enable the autoreconf fixup to regenerate the broken shipped configure
from patched macros
- Adjust the depends to unconditionally require libnl-tiny
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add support to configure strongswan via uci.
uci support is based on the following sections
-ipsec : Global config items belonging in the strongswan.conf file
-remote : Defines the remote peer(s)
-tunnel : Defines the IPSec connections in tunnel mode
-transport : Defines the IPSec connections in transport mode
-crypto_proposal : Defines the different crypto proposals
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
Signed-off-by: Gino Peeters <peeters.gino@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>