Release notes: https://www.openssh.com/txt/release-9.8
* 9.8p1 fixes CVE-2024-6387
* Adjusted Makefile to provide /usr/lib/sshd-session
* Given the troubles with -fzero-call-used-regs and all the
broken checks, makes sense to skip it
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 75674f0439)
* removed an accidentally commited flag of the upcoming adblock 5.x, this fixes a startup regression without trigger interface
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b76f6e1c16)
* corrected the documentation links for upstream
* fixed style to be correctly rendered
* add reference to OpenWrt tutorial
Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
(cherry picked from commit 8b08b29271)
Update jool to version 4.1.10 and remove a no longer needed patch.
There was also a need to backport a patch to fix compile in some archs.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(cherry picked from commit 26bf35bb43)
Fix incorrect uci config syntax, caused by a careless newbie contributer.
Modify function append_param_arg() in init script, to support hyphenated
arguments.
Add more command parameters as uci options, no value is set to keep it default.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
(cherry picked from commit 2d711c8fbd)
[rebased upon 23.05 branch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* made the DNS Reporting / tcpdump parsing code more capable
* small init fixes
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit a029f01d81)
* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit d17f661aee)
This change will provide the necessary dependency resolution, fixing:
Package lighttpd is missing dependencies for the following libraries:
libcrypto.so.3
Fixes: #23794
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit a300185d49)
Currently, it is not feasible to configure lighttpd to use OpenSSL as
its internal crypto library. Instead, one must rely on alternative
crypto libraries such as Nettle or mbedTLS. This setup is not ideal in
scenarios where a single crypto library is preferred. To address this
issue, lets propose introducing OpenSSL as an additional configuration
option. Similarly, propose GnuTLS as additional configuration option.
Closes: #24004
Co-developed-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8c9597f1dc)
* fixed a regression in the split Set function (reported in the forum)
* fixed regex for urlhaus feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2cc7cf3ca0)
* fixed a possible "Argument list too long" error in the f_log function
* fixed multiple, incomplete digit character classes
* fixed/optimized split file handling
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 059a530329)
* adblock-fast can generate the compatible adb_list-file, but it's
only pulled if net/adblock installed, this patch also pulls in the
adb_list file if net/adblock-fast is installed.
* also bump PKG_RELEASE
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit d7d1743c83)
* made sure, that the domain lookup always add the found IPs to the underlying allow-/blocklist-Set
* major readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit cc709768b5)
* fixed concurrent, too high nft loads during feed processing (seen in LuCI frontend)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 3584187f69)
libxml2 restructured includes, thus another include is now required
otherwise build fails.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 7009c6be73)
* fix regex for nixspam and sslbl feed
* list the pre-routing limits in the banIP status
* small fixes and log improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 27e86ef42e)
fixes CVE-2024-25583; also includes changes from 4.8.7 that
fix regressions introduced with the security fixes in 4.8.6
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
