| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| |
|
|
| |
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This makes mwan3rtmon check if mwan3_get_routes returns a route
before removing it. This helps with IPv6 routes with source address
selector removal where multiple original routes are transformed to
the same mwan3 route if one of the source routes is removed while
the others are kept.
Signed-off-by: Jonas Lochmann <git@inkompetenz.org>
|
| |
|
|
|
|
|
|
|
|
| |
Check the conffile existance (with .conf extension), before calling the
function 'start_path_instance'. This fixes errors with non-existing and
wrong spelling instances.
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Update commit description
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |\
| |
| | |
php8: update to 8.3.3
|
| | |
| |
| |
| | |
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | |
| |
| |
| |
| |
| | |
Synced LDFLAGS from upstream Makefile.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Without it, using uci to manipulate ipsec config can result in errors,
making it much difficult to use in uci-defaults for example.
Signed-off-by: Glen Huang <me@glenhuang.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Increases snort's IPS fast pattern matching by 2x (compared to
the ac_full engine) and 3x (compared to ac_bfna). This is most
noticeable for users of large rules sets and when doing deep flow
inspection.
For more see: https://blog.snort.org/2020/09/snort-3-hyperscan-.html
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update to 1.48.0
CVE-2024-24806 : Improper Domain Lookup that potentially leads to SSRF attacks
Vulnerabilities fixed
* CVE-2024-24806 / GHSA-f74f-cvh7-c6q6 0f2d7e7, 3530bcc and e0327e1
Notable Changes
* linux: disable io_uring on ppc64 and ppc64le #4285
* linux: disable io_uring on hppa below kernel 6.1.51 #4224
* win/spawn: optionally run executable paths with no file extension #4292 (We recommend that most users consider setting this by default)
Important Bugs Fixed
* unix,win: fix busy loop with zero timeout timers #4250, #4304.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This prevents clashes with network addresses that
contain '/'.
Resolves: #18589
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| |\ \
| |/
|/| |
openconnect: make host dependency more resilient
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Retry when resolveip fails as it seems to be causing issues
on startup depending on various unpredictable parameters.
Resolves: #23185
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| |\ \
| | |
| | | |
apr/subversion: fix subversion build and apache-mod-php8 build regres…
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
(fixes #23460)
The recent upgrade of apr included a change with should fix the subversion build.
Unfortunately, this fix resulted in a build regression of apache-mod-php8.
The new approach is to pass the locations of the apr config helpers
to configure via parameter.
Fixes: 68dd7b7cf632 ("apr: update to 1.7.4")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Maintainer: @EricLuehrsen
Fixes: CVE-2023-50387, CVE-2023-50868
Release notes: https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
Run tested: BPi-R3, mediatek/filogic, OpenWrt 23.05.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Refresh patches.
- Disable new features like AF XDP, Rutabaga VGA, libkeyutils
- Delete removed features such as HAX hypervisor
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
OpenBLAS allows to specify per-family CPU optimizations during build stage.
This package supports manual specification of a family during configuration.
This commit adds automatic detection of target family, while keeping manual
override as a backup.
Automatically detected ARM families:
- Cortex-A9 without NEON
- Cortex-A9 with NEON
- Cortex-A15
- Cortex-A53
- Cortex-A72
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Update haproxy PKG_VERSION and PKG_HASH
- See changes: http://git.haproxy.org/?p=haproxy-2.8.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Changelogs: https://github.com/containers/podman/releases
Patches refreshed
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
bug fixes:
- Fix incorrect free in conn_sock
- logging: Respect log-size-max immediately after open
- fix some issues flagged by SAST scan
- src: fix write after end of buffer
- src: open all files with O_CLOEXEC
- oom-score: restore oom score before running exit command
new features:
- Forward more messages on the sd-notify socket
- logging: -l passthrough accepts TTYs
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
adblock-fast: add force_dns_interface setting
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
* allow users to specify list of interfaces/networks to force the
DNS Hijacking on
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
changelog:
- Fix some FD leaks (#334, thanks to @giuseppe)
As package belongs to network category, I moved it from utils to network folder
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
changelogs: https://github.com/containers/aardvark-dns/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Update to v20.11.1
This is a security release.
Notable changes
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
* undici version 5.28.3
* libuv version 1.48.0
* OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| |\ \ \
| | | |
| | | | |
procps-ng: update to version 4.0.4 and rename old version 3.3.16 to procps-ng3
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Install library only (utilities are in procps-ng API version 4)
- Latest 3.3.17 version of 3.x series is used
- Refresh existing patch
- Add new patch from Alpine Linux
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
- Rebase patch because of packages version update was reverted before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The props-ng packages adds a new API version that breaks other
downstream packages. This revert is a preparation commit to move the old
API to procps-ng3 so that the new API could use procps-ng packages
name again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 81629ba5918f48a0886e6f601d63d0b016ef8c1e.
|
| |\ \ \
| | | |
| | | | |
glib2: revert latest changes to get back to working version 2.74.0
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So that we have a working ModemManager again and can look at the problem
revert the update to version 2.78.4 for now.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 08c7b0dfcae48114176762e93aa1b4ce5d42f8ad.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is must also get revert to get back to working glib2 version 2.74.0
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This reverts commit 9f57ef2d6e339231278f36614d9b2fdd275a9339.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changelogs: https://github.com/containers/crun/releases
Previous version was 1.12
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
changelogs: https://github.com/containers/netavark/releases
wrapper script and config file removed as they have become obsolete,
firewall driver is now configured in containers.conf
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
changes: https://github.com/netbirdio/netbird/compare/v0.25.2...v0.25.8
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |/ /
| |
| |
| |
| |
| |
| | |
efivar fails to build with mold linker, so it should
be opted out. I also added missing maintainer.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|