| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Ralf Kaiser <skyper@thc.org>
|
| |\
| |
| | |
unbound: update to version 1.17.1
|
| | |
| |
| |
| |
| |
| |
| | |
- Refreshed one patch
- Removed deprecated AUTORELEASE
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| | |
Signed-off-by: Fabian Lipken <dynasticorpheus@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Samba4 running as Active Directory Domain Controller with the internal
DNS backend requires the nsupdate binary with GSSAPI support.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | |
| |
| |
| | |
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Bug was introduced in a7b770eec4370087a5ccd27887386dac9266214e and
results in bind always stating with the `-4` flag.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* add boot() function which waits for network.interface to come up
* switch oisd.nl hosts entry to domains
* remove erroneous oisd substitution from config-update file
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Update tailscale to version 1.36.0
- Patch iptables support
Tailscale does not (yet) support nftables.
Tailscale allows running with --netfilter=off allowing
end-user to create his own firewall rules, but this
affects only tailscale cli, not tailscaled daemon, so
connection cannot be made without error telling that
tailscaled was unable to determine execute iptables
for determining it's version.
There is a work-around for those who do not want
nft-iptables compatibility package; they can create
a script to /usr/bin/iptables which responds to
--version argument and echos fake version string
and on any other arguments or no arguments, just exits.
After this procedure and starting tailscale cli with
netfilter off- it works. Openwrt has moved on to
nftables, so iptables manipulation seems unnecessary.
Especially for other reasons, on Openwrt, firewall
should be configured on it's own, because firewall
rules made by other software, such as tailscale,
loose their firewalling rules when firewall restarts.
So I patched it to allow "fake" iptables pointing
to executable /bin/false and ignoring version
request. And I also set cli to default to
netfilter off setting.
If still end-user wants to use iptables, this
patch does not make it impossible; just install
iptables, or nft-iptables, and run tailscale
with argument --netfilter=on and it works out
as it did before, tailscaled daemon still
matches with iptables if it is found in $PATH.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | |
| |
| |
| | |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| | |
| |
| |
| | |
Signed-off-by: Sibren Vasse <github@sibrenvasse.nl>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update crowdsec-firewall-bouncer to latest upstream release version 0.0.25
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma GĂ©rald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3
Rework:
- now based on uci config file
- create nftables tables and chains in initd script
|
| | |
| |
| |
| | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | |
| |
| |
| |
| |
| |
| | |
Link: https://github.com/openwrt/packages/pull/19872
Signed-off-by: Li Xin <i@crzidea.com>
(squash commits)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes CVEs:
- CVE-2022-3924: Fix serve-stale crash when recursive clients
soft quota is reached.
- CVE-2022-3736: Handle RRSIG lookups when serve-stale is
active.
- CVE-2022-3094: An UPDATE message flood could cause named to
exhaust all available memory. This flaw was addressed by adding
a new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been added to
record events when the update quota is exceeded, and the XML and
JSON statistics version numbers have been updated.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Upstream bump
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | |
| |
| |
| | |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| | |
| |
| |
| | |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes in version v2.4.3 - 2023-01-16
- Fix version number in version.go
(Changes for v2.5.1 are missing)
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | |
| |
| |
| | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | |
| |
| |
| |
| |
| | |
Bump PKG_RELEASE for libiwinfo dependant packages.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
* fixes https://github.com/openwrt/packages/issues/20352
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | |
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
They were added in these commits [1] [2] and if they are not included,
the RIPE Atlas SW Probe does not work correctly.
This should also prevent this from happening in the future as it now. We include all
files with .sh extension file type.
[1] https://github.com/RIPE-NCC/ripe-atlas-software-probe/commit/70ced29fc3217dd8d61e2b78506b6103ded100aa
[2] https://github.com/RIPE-NCC/ripe-atlas-software-probe/commit/71a4ff0e68c55464f766ddb9f1dfe21b22e530db
Fixes: https://github.com/openwrt/packages/issues/20338
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Upstream bump
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Upstream bump
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| | |
| |
| |
| |
| |
| |
| | |
When CC is set to e.g. "ccache mips-openwrt-linux-musl-gcc" it needs
to be quoted to avoid word splitting on substitution.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Fix build with gcc12.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |\ \
| |/
|/| |
ddns-scripts: add hosting.de provider
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add hosting.de provider. To use dynamic DNS you have to create a DDNS
host with a separate DDNS user.
Note: As of 2023-01-17 hosting.de does not work with wget which will
fail with `400: Bad Request` (it will work with `--auth-no-challenge`).
You should use curl instead. I have reported that to the provider.
Signed-off-by: Benjamin Drung <bdrung@bdrung.de>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes CVE-2022-23521
Fixes CVE-2022-41903
Fixes CVE-2022-39260
Fixes CVE-2022-39253
Fixes CVE-2022-29187
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |/
|
|
| |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |\
| |
| | |
simple-adblock: update sed for allowing domains
|
| | |
| |
| |
| | |
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* improve install/uninstall messages
* fix ips add command
* add boot() to init file
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \
| | |
| | | |
pbr: update to 1.0.1-10
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Bugfixes:
* better error information for empty tid/mark and failure to resolve domains
* better handling of entries in /etc/iproute2/rt_tables
* update packages definitions and descriptions
* remove firewall4 from dependencies to prevent dependency recursion
Updates:
* introduce nft_user_set_policy and nft_user_set_counter to control options for
user nft sets this service creares
* use counters in internal nft sets
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |\ \ \
| | | |
| | | | |
xinetd: fix URL
|