| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |\ \ \
| |/ /
|/| | |
https-dns-proxy: 2022-10-15-11 update
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* config file update
* introduce boot() function
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |/ /
| |
| |
| |
| |
| | |
Fixes CVE-2023-22490, CVE-2023-23946
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
go1.19.6 (released 2023-02-14) includes security fixes to the
crypto/tls, mime/multipart, net/http, and path/filepath packages,
as well as bug fixes to the go command, the linker, the runtime,
and the crypto/x509, net/http, and time packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| |
| |
| | |
* remove bogus log limit
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \
| | |
| | | |
lighttpd: update to lighttpd 1.4.69 release hash
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav
lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* properly initialize the 'proto' variable in the log service
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |/
|/|
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
* fix a potential race condition during initial startup (after flash) which leads to a "disabled" service
Signed-off-by: Dirk Brenken <dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \
| | |
| | | |
treewide: prepare packages for OpenSSL 3.0 update
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This adds an upstream commit to allow building with OpenSSL 3.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This adds a patch from upstream allowing to build with OpenSSL 3.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Remove a call to CRYPTO_mem_ctrl(), which is used only for debugging,
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This is the latest version and brings compatibility with OpenSSL 3.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version adds compatibility with OpenSSL 3.0.
There's a patch, submitted upstream, to fix building without SSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add -Wno-error=deprecated-declarations to CFLAGS to allow usage of
deprecated API.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With OpenSSL soon to be updated to 3.0, the gost engine will have to be
bumped as well. Gost 3.0.0.1 will not build with OpenSSL 1.1.
To avoid disruption, this commit detects the OpenSSL version from
ENGINES_DIR in include/openssl-engin, and sets the package version
accordingly.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Hák <jan.hak@nic.cz>
|
| |\ \ \
| | | |
| | | | |
transmission: retrieve boolean config opts using `config_get_bool`
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The tranmission UCI config options
- `config_overwrite`
- `incomplete_dir_enabled`
- `watch_dir_enabled`
are all booleans, so we have to retrieve them using `config_get_bool` in order
to make sure they are properly interpreted in case the user sets them to a
keyword (`true`/`false`, `on`/`off` etc.) and not an integer (`0`/`1`).
Signed-off-by: Salim B <git@salim.space>
|
| |\ \ \ \
| |_|_|/
|/| | | |
node: bump to v16.19.1
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |\ \ \
| | | |
| | | | |
django: bump to version 4.1.7
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-23969
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
|
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: bugfix: ensure directory for jsonFile is created
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
libgpiod: update to 1.6.4
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: implement procd_boot_wan_timeout support
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* implement procd_boot_wan_timeout support
* update config with oisd ABPlus and domains lists
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: update to 1.9.4-1
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* update default config for new oisd.nl lists
* conf.update file to migrate oisd.nl lists to the new format
* introduce AdBlockPlus lists support (new oisd.nl format)
* longer wait for WAN up/gateway detection
* make load_environemnt only execute once to suppress duplicate
warnings/errors
PS. While I was testing this, oisd.nl has brought back the old domains
lists as well, so this version supports both as I'm unclear as to
why the "big" ABPlus list is only 6.2Mb where as the "big" domains
list is whopping 19.9Mb.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| | | | |
| | | | | |
banip: release 0.8.0 (nft rewrite)
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- complete rewrite of banIP to support nftables
- all sets are handled in a separate nft table/namespace 'banIP'
- for incoming blocking it uses the inet input hook, for outgoing blocking it uses the inet forward hook
- full IPv4 and IPv6 support
- supports nft atomic set loading
- supports blocking by ASN numbers and by iso country codes
- 42 preconfigured external feeds are available, plus local allow- and blocklist
- supports local allow- and blocklist (IPv4, IPv6, CIDR notation or domain names)
- auto-add the uplink subnet to the local allowlist
- provides a small background log monitor to ban unsuccessful login attempts in real-time
- the logterms for the log monitor service can be freely defined via regex
- auto-add unsuccessful LuCI, nginx, Asterisk or ssh login attempts to the local blocklist
- fast feed processing as they are handled in parallel as background jobs
- per feed it can be defined whether the input chain or the forward chain should be blocked (default: both chains)
- automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
- automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or wget
- supports a 'allowlist only' mode, this option restricts internet access from/to a small number of secure websites/IPs
- provides comprehensive runtime information
- provides a detailed set report
- provides a set search engine for certain IPs
- feed parsing by fast & flexible regex rulesets
- minimal status & error logging to syslog, enable debug logging to receive more output
- procd based init system support (start/stop/restart/reload/status/report/search)
- procd network interface trigger support
- ability to add new banIP feeds on your own
- add a readme with all available options/feeds to customize your installation to your needs
- a new LuCI frontend will be available in due course
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | | |
* adapted changed oisd downloads (again), fixed #20516
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
add support for port-range dailer, port-range listener
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
patch refreshed.
Changes
- Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
- Documented journald identifiers used in the journald backend for the podman events command.
Bugfixes
- Fixed a bug where the default handling of pids-limit was incorrect.
- Fixed a bug where parallel calls to make docs crashed (#17322).
- Fixed a regression in the podman kube play command where existing resources got mistakenly removed.
Full list of changes: [Release notes](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | | |
Dropped architectures that are no longer supported by upstream.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bug fixes
- Fix OOM watcher for cgroupv2 oom_kill events
Misc
- Use --detach instead of -d
- ctrl: drop fifo perms to 0660
[Release notes](https://github.com/containers/conmon/releases/tag/v2.1.6)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add upstream fix for AARCH64 irq name parsing.
> On arm64 SoCs like TI's K3 SoC and few other SoCs,
> IRQ names don't get parsed correct due to which they
> end up being classified into wrong class. Fix this by
> considering last token to contain IRQ name always.
The fix seems to enable e.g. RT3200 to notice a few more
interrupts and start balancing them.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* adapted changed oisd namings / download locations
oisd_big (old: oisd_full), oisd_small (old: oisdb_basic)
* added antipopads as new sources
* removed broken energized source
* fixed readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|