Michael Heimpold
b52dfce83f
php8: update to 8.2.30
...
This fixes:
- CVE-2025-14177
- CVE-2025-14178
- CVE-2025-14180
Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.30
Signed-off-by: Michael Heimpold <mhei@heimpold.de >
2025-12-20 14:15:43 +02:00
Yanase Yuki
2f29fccbd1
webui-aria2: remove package
...
It seems this software is no longer maintained.
- The latest upstream commit is 4 years ago.
- Author didn't respond security issue report. (CVE-2023-39141)
No packages depend on this.
Signed-off-by: Yanase Yuki <dev@zpc.st >
(cherry picked from commit 9d6d44487f
2025-12-03 08:42:49 +01:00
Noah Meyerhans
a2d5613880
bind: bump to 9.18.41
...
Addresses the following security issues:
- CVE-2025-8677: DNSSEC validation fails if matching but invalid
DNSKEY is found.
- CVE-2025-40778: Address various spoofing attacks.
- CVE-2025-40780: Cache-poisoning due to weak pseudo-random number
generator.
Full upstream changelog at
https://ftp.isc.org/isc/bind9/9.18.41/doc/arm/html/changelog.html
Signed-off-by: Noah Meyerhans <frodo@morgul.net >
2025-10-23 11:39:21 -04:00
Felix Fietkau
ac9eddc49f
python3-host.mk: disable pip --no-binary on macOS
...
For some reason, pip builds a broken Cython, which segfaults on attempting
to install wheel. Work around this by allowing to use precompiled wheels.
Signed-off-by: Felix Fietkau <nbd@nbd.name >
(cherry picked from commit d798ccce9a
2025-10-22 01:11:15 +02:00
Ralph Siemsen
57e5580dc4
znc: do not watch znc.conf for changes
...
ZNC can modify its own config file (znc.conf) during runtime, for
example using controlpanel or webadmin modules. Manually editing the
znc.conf file while znc is running is strongly discouraged.
Thus prodc should not watch this file, it would just lead to znc being
restarted unnecessarily.
As it happens, no restarts were done, because the watched path was
specified incorrectly. It used ZNC_CONFIG instead of ZNC_CONFIG_DIR,
and so it watched /tmp/etc/znc/configs/znc.conf/configs/znc.conf which
does not exist.
Remove the watch of znc.conf as it is not needed.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org >
(cherry picked from commit 00feb12444jonas.gorski@gmail.com >
2025-10-19 16:06:41 +02:00
Florian Maurer
658fee29b3
tunneldigger: add broker_selection option to expose load balancing capabilities
...
Using the broker_selection param makes it possible to decide by use (default),
always use the first available broker to connect or select a random broker
See also: 51a5e46ad1/client/l2tp_client.c (L1331-L1333)f.maurer@outlook.de >
(cherry picked from commit 296c15c1f2
2025-10-01 21:21:19 +02:00
Glenn Strauss
bbdfe7a050
lighttpd: update to lighttpd 1.4.82 release hash
...
Ref: https://www.lighttpd.net/2025/9/12/1.4.82/
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
(cherry picked from commit c8e1b9af99
2025-09-17 19:12:13 +08:00
Glenn Strauss
1ac5534034
lighttpd: update to lighttpd 1.4.81 release hash
...
https://www.lighttpd.net/2025/8/17/1.4.81/
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
(cherry picked from commit 62dbf8c87f
2025-09-17 19:12:13 +08:00
Michael Heimpold
1a22fff6a1
php8: update to 8.2.29
...
Upstream changelog:
https://www.php.net/ChangeLog-8.php#8.2.29
Signed-off-by: Michael Heimpold <mhei@heimpold.de >
2025-09-17 07:27:10 +02:00
Aleksey Vasilenko
aa9f3abc14
bottom: update to 0.9.7
...
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com >
(cherry picked from commit dc418e1255
2025-08-24 16:01:57 +08:00
Rosen Penev
2d18df2810
ola: update to 0.10.9
...
Use local tarballs instead of codeload. Smaller size.
Patch ola.m4 to support statically linked protobuf. Avoids rpath hacks.
Remove upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit 7be4cc6411cnsztl@immortalwrt.org >
2025-08-23 20:46:12 +08:00
Wei-Ting Yang
b4a1b88473
python-urllib3: update to 2.0.7
...
Fix CVE-2023-45803 and CVE-2023-43804.
Full changelogs:
- https://github.com/urllib3/urllib3/releases/tag/v2.0.5
- https://github.com/urllib3/urllib3/releases/tag/2.0.6
- https://github.com/urllib3/urllib3/releases/tag/2.0.7
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com >
(cherry picked from commit 23646be59e
2025-08-23 15:29:42 +03:00
Wei-Ting Yang
074e63a653
glib2: address CVE-2024-52533
...
More information can be found in
- https://www.openwall.com/lists/oss-security/2024/11/12/11
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com >
2025-08-23 15:10:07 +08:00
Oliver Chang
c95ce92989
django: bump to 4.2.20
...
Update django version to 4.2.20 to solve CVE-2024-53907 and CVE-2024-53908
Signed-off-by: Oliver Chang <oliverchang@nexcom.com.tw >
2025-08-22 17:24:43 +08:00
Tianling Shen
a831fb94c8
rust: read build path from {HOST_}MAKE_PATH
...
Allow set build path by `{HOST_}MAKE_PATH`.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
(cherry picked from commit 84cb850b7f
2025-08-22 17:19:18 +08:00
Tianling Shen
194c0742e8
rust: introduce RUST_{HOST,PKG}_LOCKED flag
...
Introduce `RUST_{HOST,PKG}_LOCKED` flag (enabled by default) to respect
upstream lockfile. This can be disabled by setting it to 0 if you want
to have up-to-date dependencies.
This change also adds new `CARGO_{HOST,PKG}_ARGS` variable to pass extra
build arguments to cargo.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
(cherry picked from commit 1000e99185
2025-08-22 17:19:14 +08:00
Tianling Shen
e59d9ef823
lttng-tools: fix build with libxml 2.14
...
Backport a pending patch to fix build with libxml 2.14.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
(cherry picked from commit 0ec95bd1f4
2025-08-14 21:15:09 +08:00
Tianling Shen
f3a45fc265
strongswan: fix build with wolfssl 5.7.6
...
Backport an upstream patch to fix build with wolfssl 5.7.6.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
2025-08-14 21:11:56 +08:00
Tianling Shen
153d1eda11
mariadb: fix build with libxml 2.14
...
Backport an upstream patch to fix build with libxml 2.14.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
2025-08-13 14:16:45 +08:00
Thibaut VARÈNE
7135dd3cbd
uspot: update to Git HEAD (2025-08-07)
...
e2e3c649ab80 README update
18e6bcc14cc2 uspot/portal: urldecode FORM POST data
bf6051dba822 uspot/handler-uam: accept /login endpoint
32273591d8d5 uspotfilter: provide peer_lookup answers only for known clients
b0aeef9973a9 README: clarify uam vs radius mode features
b7b0d0efb0e2 uspot: improve config documentation
bce68a97fad8 captive: rename to 'uspot'
da6ca713e15d uspot: client_remove(): pass device to ratelimit client_delete()
3ebfe262bfb1 uspot: remove unused radius_call() args
691d73aa00dc uspot: let radius_init() set all required payload members
be50a66b777f uspot: allow setting global bandwidth limits
4851ada4b0c0 uspot: send Called-Station-Id in Acct-On/Off requests
0974fc8d47ac Implement uspot-bpf, an eBPF traffic counter
e99809f97e34 introduce uspotbpf.uc
7f6f43883568 uspotbpf: work around ucode-mod-bpf bug
319e0c285afb uspot: hook traffic accounting
ccf3fa9b8e83 uspot: client_interim(): remove dead code
0e92cc9f6e75 uspotbpf: fix priority conflict with ratelimit
55d40a8794b6 uspot: implement traffic limiting
b05257e862cb uspot: implement swapio
e83f95081c21 uspot: radius_acct(): don't needlessly call uspotfilter
442cff773220 uspotfilter: cleanup unused API
7878d512cd21 handler-api: include 'seconds-remaining' only if not captive
cca6d218a6a7 handler-api: implement 'bytes-remaining'
e8cf3d08ac64 uspot: start(): ratelimit clearing is independent from RADIUS accounting
6d12a2da5b20 README update
bf6364cb61ea config: clarify units for acct_interval
8133b8cd215e uspot: implement state_get()/state_set()
094825fdfe68 radius-client: lowercase non-attribute JSON members
de70c588c2e3 radius-client: add error reporting
ebe9eac34f5b radius: add option for udp or tcp connection
d6b338d5d194 uspot: support RadSec with PSK authentication
53de77512159 uspot: validate config
d0578f740111 uspot: don't store debug data through uspotfilter
fe4fa5e8a25f uspot.init: rename DAS instance
bd1fbe481da3 README update
76a03155db44 uspot: add support for secondary RADIUS servers
694ff75f4fcc uspot: remove 'final_redirect_url' config option
a347454db08c handler: redirect UAM connected clients to the 'res=already' UAM url
0ea8f9bec545 handlers: simplify auth check
f69e1df8db0f Improve RADIUS error handling and reporting
34216b56b9ed src/CMakeLists: disable -Werror
8599a968877b Makefile: sync with OpenWrt repo
Update Makefile to reflect addition of the eBPF module and other changes
in the package
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org >
(cherry picked from commit 3d76208
2025-08-09 15:30:05 +08:00
Fabrice Fontaine
d92569e1a8
admin/syslog-ng: fix PKG_CPE_ID
...
oneidentity:syslog-ng is a better CPE ID than balabit:syslog-ng as
this CPE ID has the latest CVEs (whereas balabit:syslog-ng only
has a CVE from 2000):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:oneidentity:syslog-ng
Fixes: 5f07bb1094fontaine.fabrice@gmail.com >
(cherry picked from commit 3d32c62444
2025-08-07 09:25:01 +08:00
Wei-Ting Yang
946c364b19
treewide: assign some PKG_CPE_IDs
...
Assign some PKG_CPE_IDs to enhance CVE coverage.
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=aardvark-dns
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=alpine_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=boringssl
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ecdsautils
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=file_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=knot_resolver
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=libwrap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=lsof_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nfdump
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=nlnetlabs%20name_server_daemon
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=rclone
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=setserial
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tang_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tesseract_project
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=tmate-ssh-server
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=ttyd
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=uw-imap
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=v2ray-core
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=zstandard
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com >
(cherry picked from commit ae56deff2candreas.gnau@iopsys.eu >
2025-08-07 09:25:01 +08:00
Fabrice Fontaine
ae130f0352
libs/libuv: fix PKG_CPE_ID
...
libuv:libuv is a better CPE ID than libuv_project:libuv as this CPE ID
has the latest CVEs (whereas libuv_project:libuv only has a CVE from
2015):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:libuv:libuv
Fixes: f8ecbf529bfontaine.fabrice@gmail.com >
(cherry picked from commit 1774871476
2025-08-07 09:25:01 +08:00
Fabrice Fontaine
e5ac996904
lang/tcl: fix PKG_CPE_ID
...
tcl:tcl is a better CPE ID than tcl_tk:tcl_tk as this CPE ID has the
latest CVE (whereas tcl_tk:tcl_tk only has CVEs up to 2008):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:tcl:tcl
Fixes: 299e5b0a9bfontaine.fabrice@gmail.com >
(cherry picked from commit 6de9eebf51
2025-08-07 09:25:01 +08:00
Fabrice Fontaine
c5def550f9
utils/logrotate: fix PKG_CPE_ID
...
logrotate_project:logrotate is a better CPE ID than gentoo:logrotate as
this CPE ID has the latest CVE (whereas gentoo:logrotate only has CVEs
up to 2011):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:logrotate_project:logrotate
Fixes: 299e5b0a9bfontaine.fabrice@gmail.com >
(cherry picked from commit 996f0b81c6
2025-08-07 09:25:01 +08:00
Fabrice Fontaine
cb6b4a53f2
libs/libupnp: fix PKG_CPE_ID
...
pupnp_project:pupnp is a better CPE ID than libupnp_project:libupnp as
this CPE ID has the latest CVEs from 2021 (whereas
libupnp_project:libupnp only has CVEs up to 2020):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pupnp_project:pupnp
Fixes: 299e5b0a9bfontaine.fabrice@gmail.com >
(cherry picked from commit 911d890b11
2025-08-07 09:25:01 +08:00
Fabrice Fontaine
9f3582340c
net/aria2: fix PKG_CPE_ID
...
aria2_project:aria2 is a better CPE ID than tatsuhiro_tsujikawa:aria2 as
this CPE ID has the latest CVE (whereas tatsuhiro_tsujikawa:aria2 only
has CVEs up to 2010):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:aria2_project:aria2
Fixes: 299e5b0a9bfontaine.fabrice@gmail.com >
(cherry picked from commit c1c47695a8
2025-08-07 09:25:01 +08:00
Fabrice Fontaine
ee71f6bfdb
net/openssh: fix PKG_CPE_ID
...
openbsd:openssh is a better CPE ID than openssh:openssh as this CPE ID
has the latest CVEs (whereas openssh:openssh has no CVEs):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:openbsd:openssh
Fixes: 299e5b0a9bfontaine.fabrice@gmail.com >
(cherry picked from commit 4faf09cfb5
2025-08-07 09:25:01 +08:00
George Sapkin
8c5b6dc996
yt-dlp: assign PKG_CPE_ID
...
Link: https://nvd.nist.gov/products/cpe/detail/2739DE26-F16B-478E-A270-32C659C7F2C6?namingFormat=2.2&orderBy=CPEURI&keyword=yt-dlp&status=FINAL
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in >
(cherry picked from commit 303f7973f7
2025-08-07 09:25:01 +08:00
George Sapkin
dc4dee5d30
tailscale: assign PKG_CPE_ID
...
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&orderBy=2.2&keyword=cpe%3A2.3%3Aa%3Atailscale%3Atailscale&status=FINAL
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in >
(cherry picked from commit f6c7871464
2025-08-07 09:25:01 +08:00
George Sapkin
c5c0c201ee
adguardhome: assign PKG_CPE_ID
...
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aadguard%3Aadguardhome
Link: https://github.com/openwrt/packages/issues/8534
Signed-off-by: George Sapkin <george@sapk.in >
(cherry picked from commit fd52fb6e3c
2025-08-07 09:25:01 +08:00
Tianling Shen
72eba96f43
microsocks: Update to 1.0.5
...
Release note: https://github.com/rofl0r/microsocks/releases/tag/v1.0.5
Removed upstreamed patches.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
(cherry picked from commit ab4b299591
2025-07-29 17:09:50 +08:00
Tianling Shen
f0c296aadc
v2ray-geodata: Update to latest version
...
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
(cherry picked from commit 083f4ce617
2025-07-25 13:48:28 +08:00
Gregory Gullin
8f71668a83
sing-box: Update to 1.11.15
...
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.15
Signed-off-by: Gregory Gullin <garuwex@gmail.com >
(cherry picked from commit b9ac3c5e7d
2025-07-25 13:46:13 +08:00
Anton P.
43df63ce78
sing-box: Update to 1.11.13
...
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.13
Signed-off-by: Anton P. <dragunap@gmail.com >
(cherry picked from commit 24e3f2a4c8
2025-07-25 13:46:10 +08:00
Anton P.
e5665a3a9c
sing-box: Update to 1.11.9
...
changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.11.9
Signed-off-by: Anton P. <dragunap@gmail.com >
[line break added after commit title, accidental line removal fixed]
(cherry picked from commit c0a996ddd9
2025-07-25 13:46:07 +08:00
Mosney Strange
577564371e
sing-box: Update to 1.11.3
...
Signed-off-by: Mosney Strange <Mosney@users.noreply.github.com >
(cherry picked from commit 2d51880e48
2025-07-25 13:46:04 +08:00
Tianling Shen
acaae481ac
btop: Update to 1.4.4
...
Removed upstreamed patch.
Release note: https://github.com/aristocratos/btop/releases/tag/v1.4.4
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org >
(cherry picked from commit 062287375c
2025-07-25 13:44:56 +08:00
Nate Robinson
b0285689a0
btop: add patch to fix download/upload display
...
Uses https://github.com/aristocratos/btop/pull/1156
Signed-off-by: Nate Robinson <nrobinson2000@me.com >
(cherry picked from commit 99bc4798ed
2025-07-25 13:44:52 +08:00
Austin Lane
a89664e701
python-click: add hostbuild
...
Signed-off-by: Austin Lane <vidplace7@gmail.com >
(cherry picked from commit 117a3a2b1b
2025-07-24 18:10:15 +03:00
Jan Kardell
2b15fcabbf
sudo: Fix license file
...
Signed-off-by: Jan Kardell <jan.kardell@telliq.com >
(cherry picked from commit 7841c67092
2025-07-21 14:45:10 +08:00
Jan Kardell
c5ad64892d
sudo: bump to version 1.9.17p1
...
Fixes: CVE-2025-32462
Fixes: CVE-2025-32463
Signed-off-by: Jan Kardell <jan.kardell@telliq.com >
(cherry picked from commit b153b6a034cnsztl@immortalwrt.org >
2025-07-21 14:45:10 +08:00
Alexandru Ardelean
1b90a4c5e8
sudo: bump to version 1.9.16p2
...
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro >
(cherry picked from commit 190b99b1bccnsztl@immortalwrt.org >
2025-07-21 14:45:10 +08:00
Alexandru Ardelean
aae4f69f17
sudo: bump to verison 1.9.15p5
...
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro >
(cherry picked from commit f2a6449b6f
2025-07-21 14:45:10 +08:00
Alexandru Ardelean
43e7dde6e4
sudo: bump to verison 1.9.15p4
...
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro >
(cherry picked from commit 62f4f97bdb
2025-07-21 14:45:10 +08:00
Josef Schlehofer
bdcdc0e364
python-uci: update to version 0.10.3 + two patches
...
Release notes:
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.10.0
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.10.1
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.10.2
https://gitlab.nic.cz/turris/pyuci/-/tags/v0.10.3
Upstream (pyuci developers) removed setup.py,
I bring it back to be able to compile it despite
that we do support building packages, which are
using pyproject.toml, but the thing here is
that their pyproject.toml requires setuptools 74.1.0
[1] [2], but Python 3.11 is using bundled setuptools
and pip [3] [4]. In current version 3.11.13,
there is still outdated version of setuptools, but
it looks like that in the newer version, there will be
new one [5].
Once, there is released Python 3.11.14 and updated
in OpenWrt, these patches can be dropped.
[1] 240180b294/pyproject.toml (L29)https://setuptools.pypa.io/en/stable/history.html#v74-1-0
[3] c94ab433ca/lang/python/python3-version.mk (L18)https://github.com/python/cpython/commits/3.11/Lib/ensurepip/_bundled
[5] c96ab19ae4pepe.schlehofer@gmail.com >
(cherry picked from commit d457c26c0d
2025-07-18 11:35:55 +02:00
Austin Lane
c75de96989
python-urllib3: add hostbuild
...
Signed-off-by: Austin Lane <vidplace7@gmail.com >
(cherry picked from commit d6c644c5f5
2025-07-15 15:06:49 +02:00
Rosen Penev
02f00ef91b
protobuf: don't use shared libraries for host
...
Avoids needing to handle rpath.
Signed-off-by: Rosen Penev <rosenp@gmail.com >
(cherry picked from commit d24229e441
2025-07-04 14:05:20 +02:00
Jan Hák
3fcb698a6c
knot-resolver: update to version 5.7.4
...
Knot Resolver 5.7.4 (2024-07-23)
================================
Security
--------
- reduce buffering of transmitted data, especially TCP-based in userspace
Also expose some of the new tweaks in lua:
(require 'ffi').C.the_worker.engine.net.tcp.user_timeout = 1000
(require 'ffi').C.the_worker.engine.net.listen_{tcp,udp}_buflens.{snd,rcv}
Improvements
------------
- add the fresh DNSSEC root key KSK-2024 already, Key ID 38696
Incompatible changes
--------------------
- libknot 3.0.x support is dropped
Upstream last maintained 3.0.x in spring 2022.
Knot Resolver 5.7.3 (2024-05-30)
================================
Improvements
------------
- stats: add separate metrics for IPv6 and IPv4
Bugfixes
--------
- fix NSEC3 records missing in answer for positive wildcard expansion
with the NSEC3 having over-limit iteration count
Knot Resolver 5.7.2 (2024-03-27)
================================
Bugfixes
--------
- fix on 32-bit systems with 64-bit time_t
Signed-off-by: Jan Hák <jan.hak@nic.cz >
(cherry picked from commit 6e208887e3
2025-07-04 14:03:21 +02:00
Philip Prindeville
f88b618fe2
named: /var/run/named isn't being created with correct permissions
...
It needs to be group writable or session.key can't be written once
named drops privileges.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com >
(cherry picked from commit b82574b31c
2025-07-03 10:27:02 -04:00
