CVE-2025-40775: Prevent assertion when processing TSIG algorithm. DNS messages
that included a Transaction Signature (TSIG) containing an invalid value in the
algorithm field caused named to crash with an assertion failure. This has been
fixed.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The emailrelay-filter-copy was removed and --filter=copy: can be used instead.
Minor improvement of description.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
--as-client mode.
dnsbl: to reject bad IPs.
spool_dir and delivery_dir: to set storage on USB disk.
filter: for SpamAssassin.
POP3 options.
Specify interface.
Use --forward-to-some by default.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Since v2.3.1 --server-tls-certificate and --client-tls-certificate may be comma separated list of privkey and fullchain so users don't need to merge the both files.
The privkey must be firts, the cert second.
Reflect this in config samples.
Alternatively instead of comma separated the emailrelay allows just pass two --server-tls-certificate options: one for a privkey and second time for a cert.
So the server_tls_certificate option may be a list. But instead to make it easier to configure from UCI let's add a separate option server-tls-key which is dedicated for a privkey.
Similarly, the client-tls-key is a private key part for the --client-tls-certificate
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Add me as a second maintainer.
Remove outdated README.md but put a link to a Wiki instead.
Use Onion Service instead of Hidden Service.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Mark the /etc/tor folder to keep during sysupgrade.
The folder contains hidden_services folder with keys.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
On each tor-hs service restart it generates a config file /etc/tor/torrc_generated.
The /etc/ is stored on a disk and kills it and slow.
Instead create a dedicated tor service Runtime Dir in the temp /var/run/.
It will be accessible only to the tor user.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Remove unused description.
Quote variables.
Use hostname_file variable.
Remove unnecessary quotes around "common".
Use echo -n to truncate a TORRC_FILE.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Replace boolean "true"/"false" with more frequently used 1/0.
This may avoid configuration mistakes which is critical for Tor.
The Luci app anyway will set it as 1/0.
Make sections named. This is not required but again safes from mistakes when executing uci command.
Uncomment sections but disable them by default.
Then in a Luci app a user can quickly figure out what to change.
Ideally a user may just enable the config and start using it.
In the nextcloud config use a single 80 instead of 80;80.
This simpler configuration is now supported.
Instead of "Hidden service" the Tor team now uses "Onion service".
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Using substring instead of awk.
It changes behaviour when only one port is specified.
Previously:
value="80" => public="80" local=""
Now:
value="80" => public="80" local="80"
It simplifies configuration of one-to-one ports.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Fscrypt is a high-level tool for the management of Linux native
filesystem encryption. fscrypt manages metadata, key generation, key
wrapping, PAM integration, and provides a uniform interface for creating
and modifying encrypted directories.
Upstream url: https://github.com/google/fscrypt/blob/master/README.md
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Change package source to github codeload.
Trim "Release" prefix from upstream versioning
to make it at least somewhat semantic compliant.
Add two additional folders and two default
config files based on upstream changes.
Signed-off-by: Jonathan Smith <sphere_accompany616@simplelogin.com>
Change source URL to reflect active mirror as old one has not been
updated in ~4 years and bump to latest upstream release.
% sensors --version
sensors version 3.6.2 with libsensors version 3.6.2
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
UCI plugin in strongswan has been broken for years, and now its causing
strongswan to fail compilation.
So, instead of the whole strongswan package to be failing and missing from
feeds simply make UCI plug depend on @BROKEN.
Signed-off-by: Robert Marko <robimarko@gmail.com>
We used to rely on opkg to install the CLI tool for testing
PHP modules, but when opkg is not available anymore, we have to
use apk. The (simple) switch logic assumes, that only one
of both package manager tools is installed.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
