Changes in version v2.4.3 - 2023-01-16
- Fix version number in version.go
(Changes for v2.5.1 are missing)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ac9027aebb)
Fixes CVEs:
- CVE-2022-3924: Fix serve-stale crash when recursive clients
soft quota is reached.
- CVE-2022-3736: Handle RRSIG lookups when serve-stale is
active.
- CVE-2022-3094: An UPDATE message flood could cause named to
exhaust all available memory. This flaw was addressed by adding
a new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been added to
record events when the update quota is exceeded, and the XML and
JSON statistics version numbers have been updated.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 47fcec43ab)
release notes:
0.20.1
- container: ignore error when resetting the SELinux label for the keyring.
0.21
- when compiled with krun, automatically use it if the current executable file is called "krun"
- cgroup: lookup pids controller as well when the memory controller is not available
- status: add fields for owner and created timestamp
- honor memory swappiness set to 0
1.0
- Fix symlink target mangling for tmpcopyup targets.
- Makefile.am: fix link error when using directly libcrun.
- cgroup: add support for setting memory.use_hierarchy on cgroup v1.
- linux: treat pidfd_open failures EINVAL as ESRCH.
- cgroup: chown the current container cgroup to root in the container.
1.1
- utils: retry openat2 on EAGAIN. If the openat2 syscall is interrupted, try again.
- criu: fix save of external descriptors. Now restored containers attach correctly their standard streams.
- criu: Add support for external PID namespace.
- container: Set primary process to 1 via LISTEN_PID by default if user configuration is missing.
- exec: refuse to exec in a paused container/cgroup.
- cgroup: use cgroup.kill when available. It is faster to kill a container through its cgroup as there is no need to recurse over the cgroup pids and terminate each one of them.
1.2
- criu: add support for external ipc, uts and time namespaces.
- exec: fix regression in 1.1 where containers are being wrongly reported as paused.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 3873a850a5)
list of changes: https://github.com/containers/podman/releases
Added patch for compiling with musl. Patch can be removed on next
release as it is already merged to podman git but not on this release.
Patch moves definition in source so definition is available before it
is being used.
Patch source: https://github.com/containers/podman/pull/12564
Patch re-created with quilt.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 5ff3b25509)
ksmbd requires ASN.1 grammar compiler so it depends on CONFIG_ASN1. It
should select kmod-asn1-decoder for above reason.
Due to some problems with kmod-asn1-decoder in the past ksmbd was
selecting kmod-nf-nathelper-extra instead. That was affecting network
performance in kernel as each loaded conntrack module adds some overhead
to packets processing.
Fix this unwanted side effect by depending on kmod-asn1-decoder
directly.
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
They were added in these commits [1] [2] and if they are not included,
the RIPE Atlas SW Probe does not work correctly.
This should also prevent this from happening in the future as it now. We include all
files with .sh extension file type.
[1] 70ced29fc3
[2] 71a4ff0e68
Fixes: https://github.com/openwrt/packages/issues/20338
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1a368a5409)
NTRU support has been removed in wolfssl 5.0 so it is required to
mask NTRU specific code if wolfssl >= 5.0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 9913c0899a)
Needs an extra header. pthread.h is also no longer implicitly included.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 4605f98b41)
NTRU support has been removed in wolfssl 5.0 so it is required to
mask NTRU specific code if wolfssl >= 5.0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 9a9f26796b)
Changes in version v2.4.2 - 2023-01-13
- Issue 40208: Enhance help info for capacity flag
- Issue 40232: Update README and fix help output
- Issue 40173: Increase clientIDAddrMapCapacity
- Issue 40177: Manually unlock mutex in ClientMap.SendQueue
- Issue 40177: Have SnowflakeClientConn implement io.WriterTo
- Issue 40179: Reduce turbotunnel queueSize from 2048 to 512
- Issue 40187/40199: Take ownership of buffer in QueuePacketConn QueueIncoming/WriteTo
- Add more tests for URL encoded IPs (safelog)
- Fix server flag name
- Issue 40200: Use multiple parallel KCP state machines in the server
- Add a num-turbotunnel server transport option
- Issue: 40241: Switch default proxy STUN server to stun.l.google.com
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 5435ddb8f8)
go1.18.10 (released 2023-01-10) includes fixes to cgo, the compiler,
the linker, and the crypto/x509, net/http, and syscall packages.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Nick Hainke