* fix a race condition in the process scheduler
* sync the banIP country file with ipdeny feed
* refine etag handling with country/asn feeds
* refine logging with country/asn feeds
* refine the banIP status output (incl. LuCI changes)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix an out of bound error reported in the forum
* set always a default for "adb_dnsdir" to prevent cornercase issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
Linking conserver with FreeIPMI enables it to manage
serial-over-LAN (SOL) consoles in addition to the already
supported tty and tcp/telnet consoles.
The FreeIPMI library is huge. Adding a separate package
variant for this feature.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
This reverts commit 7fdb92b59a.
Now that the actual issue has been found and fixed, this is incorrect
so revert it.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Currently, we are using Download recipes to download the various modules,
however we are using then with PROTO:=git but SOURCE_VERSION is not set,
only VERSION variable so thus the dl_github_archive.py scripts gets called
with --version="" instead of being actually passed the desired commit hash
and thus actually the git head is fetched.
This explains why currently buildbots are failling with
nginx-mod-njs/104-endianness_fix.patch failling to apply since buildbots
are using prepackaged tarballs which are different than what we get when
manually building.
So, lets set SOURCE_VERSION to make sure we actually fetch the desired
git commit hash.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add "option tcp_ip '0.0.0.0'" to config.
Changelog:
62688e4 tcpsocket: add option to bind to specific ip
be63ed4 ubus: actually deny association when no probe entry is found
6361df6 datastorage: fix debug message regarding client kick condition
af593cc ci: fix and improve ci
Signed-off-by: Nick Hainke <vincent@systemli.org>
Script will exit when an error occurred.
Modify write_log 14 to write_log 4,
write_log 14 and write_log 4 can also print the same message,
but write_log 14 will exist script when printed.
Signed-off-by: Lehua Zhang <sxlehua@qq.com>
* optimized uci config processing (list options)
* optimized icmp rules in pre-routing (thanks @brada)
* set inbound marker in pre-routing only if inbound logging is enabled (fixes#26044)
* fix cornercase in Set removal function
* print chain-, set- and rules-counter in the banIP status
* clean up logging und download queue handling
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Currently, the 104-endianness_fix.patch does not apply, so lets manually
refresh it to apply and thus fix buildbot nginx builds.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This change introduces an optional configuration
of the netifd integration in the ModemManager package.
When disabled, it removes the NETIFD dependency and
other unwanted components from the root filesystem
during the build phase.
Additionally, in the modemmanager.common the netifd-proto.sh
inclusion line can be savely removed as there is no usage
of it in its functions.
Signed-off-by: Gilles Lenaerts <gilles.lenaerts_ext@softathome.com>
* add memory measurements:
- free memory in MB (MemAvailable from /proc/meminfo)
- script run max. used RAM in MB (VmHWM from /proc/$$/status)
* removed the obsolete (domain) lookup command in init script
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
This redirects the debug output to stderr, allowing `mwan3 use` to be used in
scripts without polluting stdout.
Before:
mwan3 use wan curl -fsSL https://ifconfig.co/json | jq -er '.country_iso'
jq: parse error: Invalid numeric literal at line 1, column 8
curl: (23) Failure writing output to destination, passed 389 returned 0
After:
mwan3 use wan curl -fsSL https://ifconfig.co/json | jq -er '.country_iso'
Running 'curl -fsSL https://ifconfig.co/json' with DEVICE=eth2 SRCIP=192.168.0.1 FWMARK=0x3f00 FAMILY=ipv4
DE
Signed-off-by: Philipp Schmitt <philipp@schmitt.co>
Updated and removed upstreamed patch.
Highlights relating to security:
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
Full release notes: https://www.openssh.com/txt/release-9.9p2
Signed-off-by: John Audia <therealgraysky@proton.me>
This propagates the exit code of the command wrapped by `mwan3 use` and
allows for example to use `mwan3 use` in monitoring scripts.
Before change:
shell command:
mwan3 use wan false >/dev/null && echo ok || echo fail
result:
ok
After change:
shell command:
mwan3 use wan false >/dev/null && echo ok || echo fail
result:
fail
Signed-off-by: Philipp Schmitt <philipp@schmitt.co>
* No more `/sbin/uci: Invalid argument output` when set to not update
dnsmasq instances (thanks @tmcqueen-materials for investigation!)
* Do not wait for interface.up on boot, hopefully this resolves the
boot-up start for everyone
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Move working directory from `/var/adguardhome` to
`/var/lib/adguardhome`, according to Linux FHS.
Add option to store PID file, defaulting to `/run/adguardhome.pid`.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
