Includes fix for CVE-2023-29406 (net/http: insufficient sanitization of
Host header).
This also updates the copyright information for various Go packaging
files.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 8000a7f769)
Mako was removed in 60ce07b9a1d5c7a53297f177f10af68f3304be9e; at the
time we were using host pip to install host Python packages and so
having this package was not necessary.
With the move away from host pip and toward proper host packages, it
would be better to have a Mako host-only package here to support the
mesa package in the video feed.
This re-imports the package from the abandoned packages feed, updates
the makefile with current Python package conventions, and updates the
package to the latest version.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 666ea93977)
* supports allowing / blocking of certain VLAN forwards in segregated network environments,
set 'ban_vlanallow', ''ban_vlanblock' accordingly
* simplified the code/JSON to generate/parse the banIP status
* enclose nft related devices in quotation marks , e.g. to handle devices which starts with a number '10g-1'
* made the new vlan options available to LuCI (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1c14eb6d8c)
This renames the source package to python-click to match other Python
packages.
This also updates the package dependencies, licence file, package title
and description.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 5710f272db)
* made the etag id parsing more bulletproof (to catch unverified etags as well)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5e2a9f082a)
* prevent superflous etag function calls during start action (on start backups will be used anyway)
* changed the ipthreat feed download URL (load a compressed file variant to save bandwidth)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 88e64a2ae4)
* added HTTP ETag or entity tag support to download only ressources that have been updated on the server side,
to save bandwith and speed up banIP reloads
* added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme)
* updated the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 68cdc3952d)
We currently have a more or less circular dependency with nginx ssl and
full variant.
FULL variant depends on every nginx module. Every nginx module depends
on nginx-ssl.
Since nginx-full depends on an nginx module, nginx-ssl is installed as
module depends on it and then the installation fails as nginx-full
conflicts with nginx-ssl.
nginx-full in it's meaning is nginx built with every config selected and
it should not have module as dependency. In fact an user should always
install them separetly as while other things, local modification to the
nginx config file are required to include the just installed module.
To fix this circular dependency problem, drop the dependency of every
nginx module for FULL variant.
Fixes: #21300
(cherry picked from commit 3d0183e9c5)
[ fix conflict error and bump pkg release ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
There is an apparent bug in pkgconf 1.9 that broke building the OpenWrt
Vala package. This adds a patch to circumvent the bug. For the related
discussion, see:
https://github.com/openwrt/packages/issues/21359
The pkgconf bug appears similar to the one discussed here:
https://github.com/pkgconf/pkgconf/issues/268
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(cherry picked from commit a7e1ba32fdf4b736a44d467b0f79b7f4665ce32d)
This also removes the dependency on gnupg as there are two packages for
gpg, gnupg and gnupg2; this library should work with either one.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 67af34188d)
This adds new build dependencies as the package switched to
pyproject.toml-based builds.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e1ef13a30c)
* Add separate packages for each tool (semodule-*)
* Update the semodule-utils package as a meta-package that installs all
tools, keeping it functionally the same as the current semodule-utils
package
* Remove host build (not used by any other package)
* Update package titles, descriptions, and license files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit aa4085a13f)
* Added packages:
* python3-seobject
Contains the seobject.py library file which was previously included
in selinux-semanage
* selinux-sepolicy
Contains the sepolicy and sepolgen tools which were previously
included in python3-sepolicy
* selinux-sepolgen-ifgen
Contains the sepolgen-ifgen tool which was previously included in
selinux-audit2allow
* selinux-python
A meta-package to install all tools
* Change the python3-sepolgen data_dir from /usr/share/sepolgen to
/etc/sepolgen (updated 0001-sepolgen-adjust-data_dir.patch), and add
the directory to conffiles
By default, the sepolgen-ifgen tool writes to a file named
"interface_info" in the data directory, to be read by the audit2allow
tool. The header comment in the perm_map file also suggests that the
file is customizable.
The best place for these files would be in /var/lib, but /etc is more
appropriate than /usr.
* Remove gui files from python3-sepolicy (0003-sepolicy-no-gui.patch)
* Fix ModuleNotFoundError raised by sepolicy
(0004-sepolicy-fix-get_os_version-except.patch)
Patch has been submitted upstream:
https://lore.kernel.org/selinux/20230619063217.3165462-1-jeffery.to@gmail.com/
* Update package titles, descriptions, and dependencies
* Use Py3Package to build Python bytecode and source packages
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 6bd71dac0c)
This also moves the python3-selinux dependency from the default section
into each util package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 61e79aad69)
