Move setting global enabled flag from /etc/init.d/mwan3 to mwan3
command. So we could start mwan3 from the cmd mwan3 as well.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.
Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
- The original copy process is to delete all routing tables first,
then add new routing table. This process is too slow and very dirty.
- We use grep to identify the changes and apply them.
- ignore ipv6 unreachable routes
- update version number
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Should be faster.
Rearranged Makefile slightly for consistency with other packages.
Version 3.5.6 and above are relicensed to GPL-2.0.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix the init script to allow access from IPv6 subnets of the interface
specified in allow section in /etc/config/chrony.
Fixes issue #7039.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
- adjust a few UCI translations to coordinate with upstream defaults
- remove OpenSSL < 1.1.0 API log error patch which is included upstream
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* if <keyutils.h> is found krb5 pulls in the lib, which than fails to link because of a missing -fPic in libkeyutils.so
* keyutils 1.5.11 will depend on krb5, so we disable it in krb5 to avoid circular dependency
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* update to 4.9.0
* move vfs_xattr_tdb to defaults
* add vfs_audit, vfs_extd_audit, vfs_full_audit to AD-DC variant
* disable jansson, libarchive by default, enabled for AD-DC variant
* update waf answers
Noteable smb.conf changes:
* store dos attributes Default changed yes
* ea support Default changed yes
Fixes: Timemachine "The identity of the Backup disk ... has changed since the previous backup."
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Hannu Nyman