| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Fixes
CVE-2019-6109
CVE-2019-6111
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
| |
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| |\
| |
| | |
ngircd: Update to 25
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove upstreamed patch.
Switch to .xz archives for smaller size.
Add PKG_BUILD_PARALLEL to speed up compilation.
Remove maintainer.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \
| | |
| | | |
tgt: Update init script
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | | |
Closes #8149
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
uhttpd configuration should be commited when update_uhttpd set.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.
Always call post_checks when returning from issue_cert.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
davfs2: Update to 1.5.5
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switched URL to @SAVANNAH for more mirrors.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_LICENSE info.
Minor reorganization for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
git is hard. :-(
Reported-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fixes: 4629f043e08e ("znc: update to 1.7.2")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Includes minor bugfixes, translation updates and most of the OpenSSL
compilation patch.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
clamav: Update init scripts
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also fixes some validation, makes variable declarations local,
removes unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refresh patches
Remove --enable-static and --enable-dynamic because they're enabled by default
Enable parallel compilation
Fix compile without IPv6
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is increasingly likely 240/4 and 0/8 netblocks will be allocated as
unicast globally rout-able and reachable address space
240/4 is already enabled throughout linux and openwrt.
Permit these address blocks under bcp38 address validation, ie. remove
those ranges from the block list:
list match '0.0.0.0/8' # RFC 1700
list match '240.0.0.0/4' # RFC 5745
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[bump package - minor tweaks to commit message - remove commented lines]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and removes some
unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \
| | |
| | | |
lighttpd: Fix mod_auth
|
| | | |
| | |
| | |
| | |
| | |
| | | |
e.g. 20-auth.conf
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| | |/
| |
| |
| |
| |
| | |
which never works on OpenWrt
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| |\ \
| | |
| | | |
adblock: update 3.6.5
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- fix reporting for bogus hostnames with underscores
- no longer accidently overwrite existing 'serversfile' entries in dhcp
config which reference to the adblock jail list
- remove needless 'no_mail' flag
- refined log message regarding tcpdump requirement for reporting
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \
| | | |
| | | | |
addrwatch: Update init script
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also lets procd trigger the validation function directly, and
removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
htpdate: Update init script
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also corrects a variable name typo ("proxy" instead of
"proxy_host").
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
gitweb is missing a dependencies on perlbase-filetest and
perlbase-storable. It fails to start without these packages.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
|
| |\ \ \ \
| | | | |
| | | | | |
net/ratechecker: Add new package
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ratechecker is a program that you can run in your ad-hoc wifi network to
"thoroughly" measure the quality of the links of your network. (By default)
each node sends a series of packets in all possible modulation rates. The
program also acts as the receiver simultaneously and log the packets
received or lost as a bitmap.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
nft-qos: fix useless log in syslog
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Since the functions in procd.sh invoke "initscript" variable which is
not defined when imported procd.sh from hotplug scripts. And this
results in error when calling basename utility.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:50 2019 user.notice nft-qos-monitor: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 250 192.168.11.109/60566 reply www.google.com is 216.58.215.68
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mtalk.google.com is <CNAME>
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mobile-gtalk.l.google.com is 173.194.222.188
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 user.notice nft-qos-dynamic: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Signed-off-by: Rosy Song <rosysong@rosinson.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
haproxy: Update all patches for HAProxy v1.8.17
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.17.html)
- Raise PKG_RELEASE to 2
- Prefix patches with 3-digit numbers instead of 4-digit numbers
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |\ \ \ \
| | | | |
| | | | | |
stunnel: Update init script
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The reworked init script:
* Loads and validates options using uci_validate_section() (through
uci_load_validate())
* Allows service options be specified in the globals section
* Hard-codes less global options (debug, syslog), as their default
values already work
* Adds support for almost all options (up to the current package
version, 5.49)
* Moves the pid file into a subdirectory (/var/run/stunnel) so that it
can be created successfully when setuid is used
Certain options are omitted:
* chroot - requires more setup than the init script can manage
* fips, libwrap - disabled at compile-time
* iconActive, iconError, iconIdle, taskbar - gui/win32 only
* verify - obsolete, verifyChain and/or verifyPeer should be used
instead
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Specify libmicrohttpd-ssl dependency
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Move back to use release tarball.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |\ \ \
| | | |
| | | | |
lighttpd: Fix dependencies among auth mods
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
lighttpd-mod-auth has to be installed with lighttpd-mod-authn_file,
otherwise an error will appear even when auth.backend is not "plain".
(plugin.c.229) dlopen() failed for: /usr/lib/lighttpd/mod_authn_file.so Error loading shared library /usr/lib/lighttpd/mod_authn_file.so: No such file or directory
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
ipsec-tools: Fix compilation without deprecated OpenSSL 1.0.2 APIs
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|