| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |\
| |
| | |
php8: update to 8.3.3
|
| | |
| |
| |
| | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | |
| |
| |
| |
| |
| | |
Synced LDFLAGS from upstream Makefile.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This prevents clashes with network addresses that
contain '/'.
Resolves: #18589
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| |\ \
| |/
|/| |
openconnect: make host dependency more resilient
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.
Resolves: #23185
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| |\ \
| | |
| | | |
apr/subversion: fix subversion build and apache-mod-php8 build regres…
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(fixes #23460)
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf632 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Refresh patches.
- Disable new features like AF XDP, Rutabaga VGA, libkeyutils
- Delete removed features such as HAX hypervisor
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.
Automatically detected ARM families:
- Cortex-A9 without NEON
- Cortex-A9 with NEON
- Cortex-A15
- Cortex-A53
- Cortex-A72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changelogs: https://github.com/containers/podman/releases
Patches refreshed
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
bug fixes:
- Fix incorrect free in conn_sock
- logging: Respect log-size-max immediately after open
- fix some issues flagged by SAST scan
- src: fix write after end of buffer
- src: open all files with O_CLOEXEC
- oom-score: restore oom score before running exit command
new features:
- Forward more messages on the sd-notify socket
- logging: -l passthrough accepts TTYs
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
adblock-fast: add force_dns_interface setting
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* allow users to specify list of interfaces/networks to force the
DNS Hijacking on
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
changelogs: https://github.com/containers/aardvark-dns/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |\ \ \
| | | |
| | | | |
procps-ng: update to version 4.0.4 and rename old version 3.3.16 to procps-ng3
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 81629ba5918f48a0886e6f601d63d0b016ef8c1e.
|
| |\ \ \
| | | |
| | | | |
glib2: revert latest changes to get back to working version 2.74.0
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So that we have a working ModemManager again and can look at the problem
revert the update to version 2.78.4 for now.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 08c7b0dfcae48114176762e93aa1b4ce5d42f8ad.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is must also get revert to get back to working glib2 version 2.74.0
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 9f57ef2d6e339231278f36614d9b2fdd275a9339.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changelogs: https://github.com/containers/crun/releases
Previous version was 1.12
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
changelogs: https://github.com/containers/netavark/releases
wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
changes: https://github.com/netbirdio/netbird/compare/v0.25.2...v0.25.8
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |/ /
| |
| |
| |
| |
| |
| | |
efivar fails to build with mold linker, so it should
be opted out. I also added missing maintainer.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |\ \
| | |
| | | |
prometheus-node-exporter-ucode: fix sporadic wifi errors and warnings
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some properties may not yet be available, properly guard them.
Fixes error like:
daemon.err uhttpd[2116]: error running collector 'wifi':
daemon.err uhttpd[2116]: left-hand side expression is null
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|