- DNS Flag Day 2020
(default EDNS buffer size changed from 4096 to 1232 bytes)
-- Added patch, which should be part of the next release
It fixes an issue while cross-compilation (I linked it in the commit
message with issue link)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d442033941)
The path changed since 274506803a
Fixed.
Also took the time to convert to procd.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c14ba8bd77)
openconnect v8.10 supports 4 VPN protocols
--protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default)
--protocol=nc Compatible with Juniper Network Connect
--protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN
--protocol=pulse Compatible with Pulse Connect Secure SSL VPN
This patch allows user to specify protocol use the new "vpn_protocol"
option and deprecate the old option "juniper" which seems to be missing in
the current openconnect client.
Signed-off-by: Mengyang Li <mayli.he@gmail.com>
* switch all safesearch providers to dynamic ips (derived from cname)
* made the new safesearch approach compatible with bind-nslookup
* removed 3.x config compatibility code
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4b0d029bb5)
The substring "release_" does not reflect the version number.
In addition, package names will be shorter.
(backported from commit 11aa0b9)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
This meta-package contains only dependencies for modules needed in
FreeRADIUS default configuration.
This commit adds missing description and install sections.
(backported from commit 7737abf)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Conffile was set for OpenWrt master, but it is not present in OpenWrt
19.07. When /etc/config/nextdns is not set as conffile, it gets
overwritten by each update of nextdns and the user needs to set up it again.
This can be simply reproduced by these steps:
opkg update
opkg install nextdns
edit or add smth to /etc/config/nextdns, save it
then do: opkg install nextdns --force-reinstall
And /etc/config/nextdns gets overwritten by default values
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Drops pid files, no longer needed with procd management.
Now properly reloads on reload_config after UCI changes.
Signed-off-by: Karl Palsson <karlp@etactica.com>
[ Fixed two shellcheck warnings and bump PKG_RELEASE ]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Canonical radtest start results in an error:
$ radtest bob hello localhost 0 testing123
/usr/bin/radtest: line 1: hostname: not found
(0) Error parsing "stdin": Failed to get value
hostname command is not present in OpenWrt.
Instead, hostname can be obtained from file /proc/sys/kernel/hostname.
added: 005-get-hostname-from-proc-in-radtest.patch
(backported from commit 8b2792a)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
radtest utility is used in many manuals to check the operation of
radius server.
At the moment all parameters must be specified at startup, for example:
$ radtest bob hello localhost 0 testing123 0 localhost
(backported from commit 6480acd)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
* update to 4.11.12
* fix optional modules not included on module build (vfs_btrfs, vfs_linux_xfs_sgid)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Several security issures are addressed:
- CVE-2020-8620 It was possible to trigger an assertion failure by sending
a specially crafted large TCP DNS message.
- CVE-2020-8621 named could crash after failing an assertion check in
certain query resolution scenarios where QNAME minimization and
forwarding were both enabled. To prevent such crashes, QNAME minimization is
now always disabled for a given query resolution process, if forwarders are
used at any point.
- CVE-2020-8622 It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
- CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code determining the
number of bits in the PKCS#11 RSA public key with a specially crafted
packet.
- CVE-2020-8624 update-policy rules of type subdomain were incorrectly
treated as zonesub rules, which allowed keys used in subdomain rules to
update names outside of the specified subdomains. The problem was fixed by
making sure subdomain rules are again processed as described in the ARM.
Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit cf61f7f8ef)
Security release. From the changelog:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes
https://github.com/eclipse/mosquitto/issues/1793
Changelog: https://mosquitto.org/blog/2020/08/version-1-6-12-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
