Eric Luehrsen [Mon, 18 Sep 2017 04:12:02 +0000 (00:12 -0400)]
unbound: update options for remote-control
Enhance the 'control' option to allow using SSL
to connect to the server. Add the 'extended_stats'
option to match 'extended-statistics: yes.'
Document the 'extended_luci' option; it does not
control Unbound, but changes the LuCI tabs.
Marko Ratkaj [Tue, 18 Apr 2017 13:35:29 +0000 (15:35 +0200)]
yara: add package
YARA is a tool aimed at (but not limited to) helping malware researchers
to identify and classify malware samples. With YARA you can create
descriptions of malware families based on textual or binary patterns.
When cross-compiling Domoticz on a system without GPIO, the WITH_GPIO
flag is not set by cmake, and GPIO support is disabled as a result.
Enabling GPIO support by adding the flag to TARGET_CXXFLAGS.
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Multiple vulnerabilities in RubyGems
Update bundled libyaml to version 0.1.7.
And many other bugfix.
Signed-off-by: Luiz Angelo Daros de Luca <redacted>
Domoticz 3.8153 introduced support for dzVents. Unfortunately this was
broken by the 902_add-scripts-path, which attempts to make Domoticz more
FHS-compliant instead of throwing everything under /opt/domoticz.
The problem is that dzVents scripts added via the webinterface will be
generated on the filesystem. With the 902_add-scripts-path patch,
Domoticz tried to write this to "scriptsdir/dzVents/generated_scripts".
As the scriptsdir contains scripts that come with upstream, and are not
meant to be changed, this defaults to /usr/share/domoticz/scripts, which
is not writeable, so Domoticz is unable to write the script to the
filesystem. What is worse is that this silently fails.
Fix this by moving the generated_scripts dir to
"userdatadir/generated_scripts". The userdatadir defaults to
/var/lib/domoticz, which is writeable.
Additionally, since this patch does more than just adding the scripts
path, rename it to something more appropriate.
Hannu Nyman [Tue, 19 Sep 2017 16:33:41 +0000 (19:33 +0300)]
wget: Revert update to 1.19.1
revert the update as the new wget version links to libunistring
that is a rather large library. Better to revert the update now
in order to fix buildbot and then look into solutions.
Hannu Nyman [Mon, 18 Sep 2017 17:40:16 +0000 (20:40 +0300)]
wget: try to fix libunistring dependency
wget 1.91.1 configure script tries to link libunistring
if that is found. That lib is rather large and is not that
essential for normal operations, so instead of depending
on that, try to avoid linking it.
Revert an upstream commit that removed the clearance of
libunistring data in case IRI is explicitly disabled
(like we have it).
Mislav Novakovic [Fri, 25 Aug 2017 13:00:42 +0000 (15:00 +0200)]
sysrepo: update the sysrepo/netopeer2 stack
Patch includes updates to packages:
netopeer2: update to version 0.4.0
sysrepo: update to 0.7.0
libnetconf2: update to 0.9.15
libyang: update to 0.13.46
ede744a: depends on libcares now instead of libudns 1c64829: new cmdline option --no-delay for not turning off TCP_NODELAY 9201619: ss-local: check if client supports socks5 protocol and no-auth-required method f8283fc: Fix potential buffer overflow when parsing json config 380fddb: redir: fix conversion from DSCP to ToS
Marcin Jurkowski [Tue, 25 Jul 2017 21:37:57 +0000 (23:37 +0200)]
htpdate: modify init scripts to use procd and uci configuration
Modify init script to use standard uci configuration and procd for
process management. We benefit from:
- use of standard LEDE configuration with its ability to revert and
commit changes
- validation of configuration variables
- procd taking care of restarting daemon when config changes and user
wants to reload it
- automatic respawning of daemon process in case it dies
The source is patched to make it possible to run as a daemon in
foreground.
Hannu Nyman [Thu, 14 Sep 2017 21:09:42 +0000 (00:09 +0300)]
collectd: uptime plugin: apply fix from upstream
Uptime plugin fails to adjust for system time changes after boot.
As Openwrt/LEDE routers usually do not have a RTC, the system time
gets adjusted with NTP possibly after collectd has already started.
But collectd continues to use the initial time set by 'sysfixtime',
which can lead to incorrect uptime calculations.
Apply a proposed fix from upstream that uses /proc/uptime
Reference to https://github.com/collectd/collectd/pull/2034
Hans Dedecker [Thu, 31 Aug 2017 12:40:00 +0000 (14:40 +0200)]
libcoap: add coap client and server packages
Client package adds the CoAP client allowing to communicate with 6LoWPAN
devices via the CoAP protocol.
Server package adss the CoAP server and the CoAP Resource Directory server.
The CoAP server allows to simulate 6LoWPAN devices which can be addressed
via the CoAP protocol while the CoAP Resource Directory server can handle
resource registrations using the CoAP protocol.
python,python3: add host-flags/settings to host pip install rules
The host pip install should have the host's CFLAGS, LDFLAGS, etc
available.
And not the target's flags.
Otherwise, weird things can happen when installing
packages (host-side) that need to build C code.
mwan3: fix interface-bound traffic when interface is offline
This commit fixed what 6d99b602 was supposed to fix without affecting
interface-bound traffic.
Before 6d99b602 interface-bound traffic was working normally as long
as at least one interface was online. However when the last interface
went offline, it was impossible to ping and such state was
unrecoverable.
Commit 6d99b602 fixed unrecoverable offline state problem (it was
possible to ping -I iface) but messed inteface-bound traffic. Traffic
with interface source address was not working if the interface was in
"offline" state, even if another interface was online.
The problem was caused by an inconsistent "offline" interface state:
iptables-related rules were kept while routing table and policy were
deleted.
The idea behind this commit is to:
1. Keep all the rules for each interface (iptables, routing table,
policy) regardless of its state. This ensures consistency,
2. Make interface state hotplug events affect only iptables'
mwan3_policy_* rules. Interface-related iptables, routing table
and policy is removed only when mwan3 is manually stopped.
To make such changes possible, it's necessary to change the way
mwan3_policy_* rule generator keeps track of interface state hotplug
events.
Until now, it checked for the existence of custom interface-related
routing table (table id 1, 2, 3, ...). Clearly we can no longer rely
on that so each interface state is stored explicitly in file.
Colby Whitney [Wed, 30 Aug 2017 17:26:47 +0000 (11:26 -0600)]
squashfs-tools: fix segfault
Unsquashfs was segfaulting. When examining in gdb the stack was corrupt.
I found that converting the variable length arrays to malloc caused the
stack corruption to not happen and the segfault went away. This is due to
the musl pthread stack size being 80k by default. So the chance of a stack
overflow is high.
* add kresd & turris omnia support
* add dnscrypt-proxy support
* change start priority to 30, to fix possible trigger issues on slow
booting hardware
* simplify suspend/resume handling (no longer use a hideout directory)
* enhanced LuCI frontend
* many small changes & improvements
* default config change (please update your config!), adblock is now
disabled by default
* documentation update