| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The contract between the acme-common framework and consumers and hook
scripts is that certificates can be consumed from /etc/ssl/acme and that
web challenges are stored in /var/run/acme/challenge. Make this explicit by
exporting $CERT_DIR and $CHALLENGE_DIR as environment variables as well,
instead of having knowledge of those paths depend on out-of-band
information. We already exported $challenge_dir, but let's change it to
upper-case to make it clear that it's not a user configuration variable.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
| |\
| |
| | |
acme: deprecate state_dir
|
| | |
| |
| |
| | |
Signed-off-by: Glen Huang <i@glenhuang.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
state_dir is actually a hardcoded value in conffiles. Allowing users to
customize it could result in losing certificates after upgrading if they
don't also specify the dir as being preserved. We shouldn't default to
this dangerous behavior.
With the new ACME package, certificates live in the standard location
/etc/ssl/acme, users who need to do certificate customizations should
look for them in that dir instead.
Signed-off-by: Glen Huang <i@glenhuang.com>
|
| |\ \
| | |
| | | |
python-pycares: bump to 4.3.0
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
|
| |\ \ \
| | | |
| | | | |
stress-ng: bump to version 0.15.00
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \ \
| | | |
| | | | |
pbr: detect missing iptables
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: bugfix: add dnsmasq.nftset to uci_load_validate
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* fixes https://github.com/openwrt/openwrt/issues/11481 thanks to:
* https://github.com/mistepien for reporting
* https://github.com/dave14305 for diagnosing
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| | | | |
| | | | | |
ddns-scripts: update_gandi_net: improve logging & add timeout
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Improved logging
- Log the executed curl command to be able to rerun and test it manually
- Log the curl exit status
- Added 30 second timeout timeout for clear-cut detection of flaky connections.
Signed-off-by: Pyry Kontio <pyry.kontio@drasa.eu>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Hák <jan.hak@nic.cz>
|
| | |_|/ /
|/| | |
| | | |
| | | | |
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
ruby: update to 3.1.3
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This release includes a security fix.
- CVE-2021-33621: HTTP response splitting in CGI
For more details:
- https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace my own patch with the upstream solution, which they issued
in response to my bug report.
(Two patches as they overlooked something on the first try.
Reference to https://savannah.gnu.org/bugs/index.php?63431 )
The nettle lib evaluation is now conditional to not having "--disable-ntlm".
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |\ \
| | |
| | | |
https-dns-proxy: fix restart
|
| |/ /
| |
| |
| | |
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \
| | |
| | | |
https-dns-proxy: add mdns service records
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add mdns records for started instances
* Makefile: use $(PKG_VERSION) as a value for PKG_SOURCE_DATE instead of
hard-coding it
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \
| | | |
| | | | |
simple-adblock: support new OISD dnsmasq config
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
* OISD dnsmasq config files switched from using address= to server=
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \
| | | |
| | | | |
ddns-scripts: add support for Google Cloud DNS
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The implementation uses a GCP service account. The user is expected to
create and secure a service account and generate a private key. The
"password" field can contain the key inline or be a file path pointing
to the key file on the router.
The GCP project name and Cloud DNS ManagedZone must also be provided.
These are taken as form-urlencoded key-value pairs in param_enc. The TTL
can optionally be supplied in param_opt.
Signed-off-by: Chris Barrick <chrisbarrick@google.com>
|
| |\ \ \ \
| | | | |
| | | | | |
golang: Update to 1.19.4
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
go1.19.4 (released 2022-12-06) includes security fixes to the net/http
and os packages, as well as bug fixes to the compiler, the runtime,
and the crypto/x509, os/exec, and sync/atomic packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |/ / /
|/| | |
| | | |
| | | | |
Signed-off-by: Vladimir Ulrich <admin@evl.su>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Fixes #19774
Signed-off-by: Carlo Alberto Ferraris <cafxx@strayorange.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Drop deprecated AUTORELEASE.
Disable unused tests as its compilation is optional in 1.20.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Drop deprecated AUTORELEASE.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Drop deprecated AUTORELEASE.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
update summary
* Add Javascript Node v12-v18 support, remove support prior to v6.
* Octave 6.0 to 6.4 support added.
* Add PHP 8 support.
* PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
* Perl 5.8.0 is now the oldest version SWIG supports.
* Python 3.3 is now the oldest Python 3 version SWIG supports.
* Python 3.9-3.11 support added.
* Various memory leak fixes in Python generated code.
* Scilab 5.5-6.1 support improved.
* Many improvements for each and every target language.
* Various preprocessor expression handling improvements.
* Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
* Make SWIG much more move semantics friendly.
* Add C++ std::unique_ptr support.
* Few minor C++ template handling improvements.
* Various C++ using declaration fixes.
* Few fixes for handling Doxygen comments.
* GitHub Actions is now used instead of Travis CI for continuous integration.
* Add building SWIG using CMake as a secondary build system.
* Update optional SWIG build dependency for regex support from PCRE to PCRE2.
* Couple of stability fixes.
* Stability fix in ccache-swig when calculating hashes of inputs.
* Some template handling improvements.
* R - minor fixes plus deprecation for rtypecheck typemaps being optional.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enable `errexit` and `nounset` [POSIX shell options][1]
in `.github/workflows/entrypoint.sh` so that the script fails
if any command within the script fails.
[1]: https://pubs.opengroup.org/onlinepubs/9699919799//utilities/V3_chap02.html#set
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Fixes: https://github.com/openwrt/packages/issues/19953
Signed-off-by: Alois Klink <alois@aloisklink.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix the indentation of the preinst/postinst scripts for the privoxy
package.
Because these scripts didn't start with `#!/bin/sh`
(they instead started with the TAB character), `/bin/sh` was not used
to start them.
On x86_64 and i386_pentium-mmx, this seems to be fine, but on
arm_cortex-a15_neon-vfpv4 and aarch64_cortex-a53, running these
scripts fails with a:
```
Installing privoxy (3.0.33-3) to root...
Collected errors:
* pkg_run_script: package "privoxy" preinst script returned status 1.
* preinst_configure: Aborting installation of privoxy.
* opkg_install_cmd: Cannot install package privoxy.
```
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Alois Klink <alois@aloisklink.com>
|
| |\ \ \ \
| | | | |
| | | | | |
django: bump version 4.1.3
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fix CVE-2022-41323
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
vallumd: updates
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add upstream patch to fix building from source tarballs.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The github repository has been archived; the project is now hosted on
Codeberg. Update the PKG_SOURCE_URL accordingly.
Gitea doesn't seem to add a version suffix to the directory in the
tarball, so use a custom PKG_BUILD_DIR.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This commit adds /etc/snort/local.lua and /etc/snort/homenet.lua for user
defined config options which is more simplistic than modifying upstream
files directly. That can be tedious and decisive to maintain in sync with
upstream changes. The init script has been adjusted accordingly.
Acknowledgment to amish who maintains the Arch Linux snort-nfqueue package[1]
for these ideas and initial code.
Another modification is dropping the following args in the call to
/usr/bin/snort by the init system as these options are provided in
/etc/snort/local.lua:
* --daq-dir /usr/lib/daq/
* -A "$alert_module"
Instructions to configure snort3:
1. Edit /etc/snort/homenet.lua and redefine HOME_NET and EXTERNAL_NET, for example:
HOME_NET = [[ 10.9.8.0/24 192.168.1.0/24 ]]
EXTERNAL_NET = "!$HOME_NET"
2. Edit /etc/snort/local.lua to setup options unique to your use case of snort.
The default ones I included should be sane for the role of IDS (alert only),
but users may easily uncomment some options therein to use IPS (drop) mode.
3. Install or symlink rules to /etc/snort/rules/snort.rules and optionally
edit /etc/snort/local.lua to define extra rules files if not using a unified
'snort.rules'
References:
1. https://aur.archlinux.org/packages/snort-nfqueue
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |\ \ \ \
| | | | |
| | | | | |
natmap: merge "ipv4" and "ipv6" options into single "family" option
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
|