Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit d277e41e78)
Fixes CVEs:
CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.
CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 835b105151)
Fixes CVEs:
- CVE-2023-2828: The overmem cleaning process has been improved, to
prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for named
to enter an infinite callback loop and crash due to stack overflow.
The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 9ac79ad469)
this prevents the daemon exiting when a configured device
is not plugged in.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit dabeaa7643)
Harmless to carry this fix until procd.sh adds the param
This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:
"Apple LaserWriter Pro 630"
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit ac501c908d)
Commit driver_home defaults before continuing
Fix missing path for serial number acquisition
Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 5bc581e698)
replace -a with &&
shorten uci commands via variables
add optional ieee1284_id parameters
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 6e886cd434)
The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:
... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 069cc8dc81)
Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.
This way, all supplied parameters should be visible via e.g.:
ps
xargs -0 < /proc/{procid}/cmdline
Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 34a35c93ce)
* allow users to specify list of interfaces/networks to force the
DNS Hijacking on
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit eafdd63d67)
Update crowdsec to latest upstream release version 1.6.0
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested: not able to test run due to limited space (package is big)
Description: update to latest version of upstream
(cherry picked from commit c08dac5ec5)
Modify Makefile to combine tailscale and tailscaled according to
Tailscale documentatio (https://tailscale.com/kb/1207/small-tailscale)
This resulted for x86_64 in an exec of 31MB + the symlink. Before it
was 29MB (tailscaled) and 10MB (tailscale).
Signed-off-by: Thomas Kupper <thomas.kupper@gmail.com>
(cherry picked from commit 7bef195bba)
Maintainer: @neheb
Compile tested: armv7, cortexA15, OpenWRT 23.05
Run tested: Linksys EA8500
Compile tested: armv8, cortexA53, OpenWRT main
Run tested: Dynalink DL-WRX36
Description:
Script-security is always 2 and cannot be changed from the openvpn config file due to a missing rule in openvpn.init.
This is discussed in issue #23014
This patch adds the missing rule in openvpn.init to parse script-security from the openvpn config file.
Signed-off-by: Erik Conijn <egc112@msn.com>
(cherry picked from commit 7b40d179bc)
The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.
The `url: http://localhost:8000` is not a valid config option.
Additionally add a smale of configuring ingres rules.
The cloudflared.config has missing option token.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit b3580a76d8)
[23.05] yggdrasil: overhaul package with netifd support
Compile tested: none, see below
Run tested: all package compiling and qa testing done in snapshots
Description: we must backport v0.5 into 23.05 because the breaking protocol situation with v.0.4. the counterpart package, luci-proto-yggdrasil is already in 23.05 feeds.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The following fixes have been applied to Makefile:
* fix the nebula license type
* add PKG_CPE_ID
* remove unneeded call to Build/Compile
* add leading spaces to descriptions
* add Package/nebula/conffiles definition
* remove unneeded /lib/upgrade/keep.d files
* no longer install actual license file
* add the README file
Kudos to @BKPepe and @1715173329 for feedback which lead to these fixes
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit ae22bea8dd)
We need stable path to persist configurations and read log from LuCI.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 272cff0d1c)
Maintainer: @mkrkn @neheb
Compile tested: aarch64, cortex-a53, OpenWRT Master
Run tested: Dynalink DL-WRX36
Description:
[A previous commit](f8a8b71e26) has added more script event options.
However it looked like that commit was not complete as it stops the use of the script events route-up, route-pre-down, and ipchange when those are placed in the openvpn config file.
This PR fixes a regression that makes it problematic to specify certain event options in the OpenVPN configuration file.
Discussion in [this thread](https://forum.openwrt.org/t/openvpn-custom-route-up-script-in-23-05-rc2/167105/13) and [here](https://forum.openwrt.org/t/openvpn-route-up-and-route-pre-down-broken-in-23-05/176568)
Please have a look and consider implementing or make it possible to use all script event options in the openvpn config file in another way.
Pull request has been discussed and improved with the help of @AuthorReflex, see: https://github.com/openwrt/packages/pull/21732
Signed-off-by: Erik Conijn <egc112@msn.com>
(cherry picked from commit 7735cdfe60)
* somehow parts of the code of the init script got different between the
main branch and release branch, this PR fixes that.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
New features for v1.8.0:
1. Migrate cache file from Clash API to independent options
2. Introducing Rule Set
3. Add `sing-box geoip`, `sing-box geosite` and `sing-box rule-set` commands
4. Allow nested logical rules
5. Independent `source_ip_is_private` and `ip_is_private` rules
6. Add context to JSON decode error message
7. Reject internal fake-ip queries
8. Add GSO support for TUN and WireGuard system interface
9. The legacy LWIP stack has been deprecated and removed
10. Add `idle_timeout` for URLTest outbound
11. Added some new uTLS fingerprints
...
Release notes: https://github.com/SagerNet/sing-box/releases/tag/v1.8.0
The new version has some breaking changes and may stop working after upgrading if use the original config.
Please see the migration manual to migrate the config: https://sing-box.sagernet.org/migration/
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 8fe2f68485)
0cffba9458d3 treewide: add support for RADIUS Reply-Message
c9fb744fdee8 treewide: add support for 'lang=' & ChilliSpot-Lang
584a162cb19a handler-uam: ensure that 'seconds_remaining' is always set
bd1f7c5de1ae Makefile: align with packages feed one
0ea6ad3c4e54 Makefile: mark uspot-www and uspotfilter "PKGARCH:=all"
e6a286ccfdbf uspot/uspotfilter: use 'logger -t'
427ed16cfde5 uspot: expose ratelimits in client data
4ba1dd9c5135 uspot: don't send NAS-Port-Type
78a37ef49b85 templates: add id="replymsg" to reply msg header
e3f4e179fd17 templates: show remaining time in "connected"
398762dff711 radius-client: correctly use str_to_hex()
730ef800d9da templates: simplify HTML
6bb39282fd8f Documentation update
b6c802adac19 portal: handle_request() logic refactoring
1aa1a5eb28d7 uspotfilter: implement peer_lookup()
ba5547ec61f1 portal: speedup peer lookup by leveraging spotfilter
d551376c29bb templates: added html5 time tag to timeleft output
154c98e0b77b uspotfilter: mark client as active when set()
8dcb03a37a77 uspotfilter: rework neigh management
cfb2ce7909da uspotfilter: use client_remove() where applicable
8411314dbf90 Documentation update
8dacf3df9935 uspot: use a single operation for client removal
297b7857c1e0 uspotfilter: fix DELNEIGH processing
76003917c205 uspotfilter: client_set() only clear idle when allowing
f46a855c5085 uspotfilter: remove botched IPv6 "support"
4ff31cbf0e2b uspot: client_remove(): stay in sync with spotfilter
edc9ad7e60a3 uspot/uspotfilter: use ucode-mod-log for logging
52e24aecf2db uspotfilter: use ucode '??=' syntax
c4b6f2f0bb1e Update README
Update the package Makefile to reflect the changes from the following
above-listed commits:
0ea6ad3c4e54 Makefile: mark uspot-www and uspotfilter "PKGARCH:=all"
edc9ad7e60a3 uspot/uspotfilter: use ucode-mod-log for logging
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit ab20c1bd90)
* fix a possible re-connection issue/cornercase seen on single radio units
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 4518ecf60b)
* the pause command used to incorrectly cause block-lists reload, this
has been fixed in this version
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit dfeeabbebf)
* made the default mail template "responsive" to get a better view esp. on mobile devices
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 6c9cd77596)
* fix a station scanning issue on single radio units (mainly a LuCI/JS issue) reported in the forum by multiple users
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ce20f8d88b)
- package is bumped to 0.5.2
- new protocol changes prevent peering with 0.4.x peers
- @turretkeeper revamps package with netifd support
- do not use with luci-app-yggdrasil please install luci-proto-yggdrasil
Signed-off-by: William Fleurant <meshnet@protonmail.com>
(cherry picked from commit 99c7c36ce1)
Fixes#20848
Add interface triggers if interfaces to listen to are specified in
`/etc/config/ipsec`. This fixes the "running with no instances" scenario
after rebooting a router.
Signed-off-by: Joel Low <joel@joelsplace.sg>
(cherry picked from commit f2d209e4ff)
* rework the device/interface auto-detection (only layer-3 network devices will be detetcted correctly), disable the auto-detection e.g. for special tunnel interfaces
* supports now full gawk (preferred, if installed) and busybox awk
* raise the default boot timeout to 20 seconds (if 'ban_triggerdelay' is not set)
* various small fixes and improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5af101564a)
* provides an option to transfer log events on remote servers via cgi interface (disabled by default), see readme for details
* refine the allowlist check to support IP intervals as well before adding an IP to the blocklist
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit df81585cea)
Recent version of WolfSSL dropped CyaSSL shims and made the package not
compilable. Converting it to the WolfSSL library is simple enough as the
API used are very basic and can be converted directly. Add patch that
fully convert the package to WolfSSL and doesn't use the compat shim
anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b38e3cd257)
* move reload/restart logic from json() to config_cache()
* improve fw4 restart decision logic
* no longer store reload/restart info in ubus/status json file
* rename variables pointing to run-time information
* create dns_set_output_values to reuse code in principal all and luci app
* improve append_url to store collected URLs in an alternative variable
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit bab17f480c)
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
(cherry picked from commit 8d60419251)
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
(cherry picked from commit b4a31f92de)
* improve allow-listing reliability by running sed from the script-file
instead of the command-line
* fix user for smartdns files ownership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 693287e961)
* remove empty lines from the combined list to allo optimization code
to work properly
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 1914114ed3)
Switched back to tar.gz archive to avoid potential permission issue.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 255e244980)
* do not use standalone grep-package dependent syntax to get the remote
file size
* various bugfixes to prevent attempts to change/commit if dnsmasq/smartdns
are not installed
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 496d9b71ab)
This package was intended to provide the experimental multithreading
support for iperf3. With the update to 3.16, multithreading is available
in mainline iperf3. Thus, remove this package.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
(cherry picked from 4fb1bdc86c)
* bugfix: correct URL to config-update file
* bugfix: check if uci configs exist before chacking for changes
* add support for smartdns ipset-based blocking
* add support for smartfns nftset-based blocking
* disallow non-ascii symbols for smartdns blocking
* add check wherever fw4 restart is needed before calling
procd_set_config_changed firewall
* improve clean-up code in resolver()
* improve case code for different resolver settings
* modify load_validate_config to allow smartdns.ipset and smartdns.nftset
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 28cd5ecf6e)
uspot is an OpenWrt-native captive portal system.
It leverages existing OpenWrt tools such as uhttpd, dnsmasq, firewall4,
ucode, without needing any external kernel module.
It can achieve the maximum performance allowed by nftables (flow
offloading works).
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit e6e8e58ae0)
Fix the problem that cannot create new task after clearing checksum option
Other bug fix and user interface optimization
Support overriding aria2 global settings with empty content when create new download task (#712)
Other bug fix and user interface optimization
Update Traditional Chinese translation (#705, thx @ChiaYen-Kan)
Other bug fix and user interface optimization
Add check-integrity to task settings tab (#693, thx @raytrap)
Fix a spelling mistake (#696, thx @rusq)
fix due to the index.html (1.3.6) cite these 2 png files. To keep the page looks fine without 404, added these 2 png files.
Signed-off-by: Ariel Xiong <ArielHeleneto@outlook.com>
(cherry picked from commit 904438be39)
Changelog:
- update trust-dns to hickory
- never report an error when the syslog init fails
- dependency updates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 88ed83a55b)
Changes:
- add firewalld-reload subcommand
- bridge: force static mac on bridge interface
- dependency updates
- numerous fixes to test suite
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit aa3abde67e)
cni-protocol can be used for both cni and netavark
and also for many other things, such as vpn's that
lack customized protocol supports for openwrt as a
general externally managed protocol, so it was due
to rename it.
I also added one extra option, search domain, which
is optional and updated scripts retrieving ip address
and routing information.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit a0d7e40494)
This fixes the Invalid Resource Record: FATAL problem: ARRDATAIllegalIPv4Address error message described in https://forum.openwrt.org/t/route53v1-script-error/160068
Maintainer: @chris5560, @maxberger, @dibdot
Tested: Checked on local system
Signed-off-by: Max Berger <max@berger.name>
(cherry picked from commit 86a620f644)
* fix: accidently upload a faulty urlhaus feed regex in the former commit
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit e7979d6b04)
* fix boot()
* reintroduce procd_boot_delay variable to control delay of service
start on boot
* introduce `check_lists` command to check enabled block-lists for
domain(s)
* use config_get_bool instead of config_get for boolean options
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 96ad0ab6fd)
* fixes https://github.com/openwrt/packages/issues/22674
* rename resolver_health_check to is_resolver_running for readability
* reorder functions in the init file by name
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit f519b68401)
Changelog:
- Add Pagination for IdP Users Fetch by @bcmmbaga in #1210
- Rework peer connection status based on the update channel existence by @surik in #1213
- Fix nil pointer exception in group delete by @pappz in #1211
- Fix/key backup in config script by @pappz in #1206
Full changelog: https://github.com/netbirdio/netbird/compare/v0.23.8...v0.23.9
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 53dc7146f4)
A lot of changes since previous packaged openwrt version of netbird,
changes available at: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 1efe76cee4)
Update crowdsec to latest upstream release version 1.5.5
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested. not able to test run due to limited space (package is big)
Description: update to latest version of upstream
(cherry picked from commit 6ff496d113)
If pcre is built before freeradius, then freeradius' configure will
detect pcre and freeradius will be built with pcre functionality
enabled. This causes a "missing dependencies" error at the end of
package build.
This passes --without-pcre to configure to disable this autodetection.
This also removes the dependency on libpcre2 as freeradius v3 does not
have support for pcre2.
Fixes: 19ec30255f ("freeradius3: switch to pcre2")
Fixes: https://github.com/openwrt/packages/issues/22574
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 92aadf7e4a)
* ensure downloaded block-lists end with newline
* turn free/total RAM checks into functions calls
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 3787b41355)
* support backup/restore for remote allowlists
* report the used log variant in status message
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2411bcffaf)
* the log file monitor now supports standard log files used by other log daemons like syslog-ng
Set 'ban_logreadfile' accordingly, by default it points to /var/log/messages
* removed logd dependency, closes#21932
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c4e8140740)
* update Makefile copyright info
* organize functions shared between the init script, uci-defaults and
luci app in alphabetical order
* update error, warning and status messaging
* use single quotes instead double quotes for static text labels
* better warning for missing recommended packages
* rename dns function to resolver to better reflect its purpose
* improve resolver cleanup code
* move _resolver_config function inside resolver function to improve code readlibity
* rename _process_file_url to process_file_url_wrapper to better reflect its purpose
* add preflight check for available RAM vs total size of block lists
* move _config_add_url_size function inside adb_sizes function to improve code readlibity
* remove uci validation from status_service function to improve performance
* source init script from uci-defaults to include shared functions
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 11df396a18)
* added ujail for crowdsec-firewall-bouncer
* set nice to reduce priority for process
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0
(cherry picked from commit a8df73ce72)
The latest nmap version 7.9.3 currently fails to compile with OpenSSL 1.1 [1],
it required to backport upstream patch to fix the compilation. [2]
[1] https://github.com/nmap/nmap/issues/2516
[2] d6bea8dcde
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2c87004346)
This adds a multithreaded variant of iperf3 as a package. This variant
is still experimental, developed in the mt branch of the iperf
repository and expected to be merged when it is considered stable.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
(cherry picked from commit f369a2aaa9)
1. Add new options:
--http3 Enable HTTP/3 support (H3 first)
--timeout Timeout for outbound DNS queries to remote upstream servers in a human-readable form (default: 10s)
2. Allows listen on multiple interfaces and ports
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 47b4ebc5cb)
Backport patch merged upstream for PCRE2 support and move package to
pcre2.
Also add an additional patch pending to fix linking both pcre and pcre2
if autotools detect both library. (aircrack-ng prefer pcre2 in presence
of both)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit cb1f7c7ee4)
Bump aircrack-ng to release 1.7
Changelog from [1]
Airdecap-ng: Endianness fixes
Airdecap-ng: Output PCAP as little endian
Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2
Airodump-ng: Updated encryption filter (-t/--encrypt) for WPA3 and OWE
Airodump-ng: Fixed out-of-order timestamp captures
Airodump-ng: Ignore NULL PMKID
Airodump-ng: Fixed dropping management frames with zeroed timestamp
Airodump-ng: Fixed sorting where sometimes it started with a different field
Airodump-ng: Allow setting colors only in AP selection mode
Airodump-ng: Fix crash on 4K Linux console
Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting 'o'
Airodump-ng: Allow use of WiFi 6E 6GHz frequencies
Airodump-ng: Look for oui.txt in /usr/share/hwdata
Airgraph-ng: Fixed graphviz package conflict
Airgraph-ng: Fixed downloading OUI with python3
Airgraph-ng: Ensure support/ directory is created when installing
Aircrack-ng: Fixed static compilation
Aircrack-ng: Fix handshake replay counter logic
Aircrack-ng: Handle timeout when parsing EAPOL
Aircrack-ng: Fixed WEP display
Aircrack-ng: Fixed spurious EXIT messages
Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state
Aircrack-ng: Ignore NULL PMKID
Aircrack-ng: Added Apple M1 detection
Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver
Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth
Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number
Airmon-ng: Fix avahi killing
Airmon-ng: rewrite service stopping entirely
Airmon-ng: Codestyle fixes and code cleanup
Airmon-ng: Added a few Raspberry Pi hardware revisions
Airmon-ng: Fixes for 8812au driver
Airmon-ng: Fix iwlwifi firmware formatting
Airmon-ng: Remove broken KVM detection
Airmon-ng: Show regdomain in verbose mode
Airmon-ng: Updated Raspberry Pi hardware revisions
Airmon-ng: Document frequency usage
Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface
Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4
Airmon-ng: shellcheck fixes
Airmon-ng: support systemctl as some systems don't support 'service' anymore
Airmon-ng: Fixes for pciutils 3.8, backward compatible
Airbase-ng: use enum for frame type/subtype
Airbase-ng: remove a few IE in association responses
Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode
OSdep: Search additional IE for channel information
OSdep: Android macro fixes
Patches: Add missing patches that were on https://patches.aircrack-ng.org but not in repo
Patches: Updated freeradius-wpe patch for v3.2.0
Patches: Updated hostapd-wpe patch for v2.10
Patches: Added docker containers to test WPE patches
Autotools: make dist now creates VERSION file
Autotools: Added maintainer mode
Autotools: Initial support for Link Time Optimization (LTO) builds
Integration tests: Added a new test, and improved some existing ones
Airgraph-ng: switch airodump-join to Python 3
Manpages: Fixes (typos, tools name, etc.) and improvements
README: Updated dependencies and their installation on various distros in README.md and INSTALLING
README: Fixed typos and spelling in README.md and INSTALLING
Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE)
General: Fix compilation with LibreSSL 3.5
General: Fix issues reported by Infer
General: Updated buildbots
General: Add Linux uclibc support
General: Compilation fixes on macOS with the Apple M1 CPU
General: Removed TravisCI and AppVeyor
General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio)
General: Added vscode devcontainer and documentation
General: Fix warnings from PVS-Studio and build with pedantic (See PR2174)
General: Shell script fixes thanks to shellcheck
General: Fixes for GCC 10 and 11
General: Fixed cross-compilation
General: Code refactoring, deduplication, cleanup, and misc code improvements
General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues
General: PVS Studio improvements,fixes and updates
General: Code formatting/style fixes
General: Various fixes and improvements (code, CI, integration tests, coverity)
General: Update bug reporting template and update the process
[1] https://aircrack-ng.blogspot.com/2022/05/aircrack-ng-17.html
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 41922f33b5)
changes:
- fixes a bug where science notations (exponentials) are displayed during tests during high speed bursts
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 58d8f92721)
Move to PCRE2 as PCRE is EOL and won't receive any more security update
anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f25f4d395d)
Currently aircrack-ng try to link with libbsd if it does detect the
library in staging_dir. This is the case with buildbot where every
package is selected and compiled.
Fix this by adding a pending patch that permits to disable libbsd
inclusion even if detected and set the related config flag.
aircrack-ng use 2 function of libbsd and it's not worth to include the
entire library for 2 simple function for string manipulation.
Also add an additional patch that permits to use musl or glibc version
of these string functions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit bd21652b79)
use libpcre2 as dependency for freeradius3-common
because PCRE is EOL with no further updates
Compile & run tested on mediatek mt76 ubnt-ui6-lr-v1 with musl
Signed-off-by: Martin Strobel <arctus@crza.de>
(cherry picked from commit 19ec30255f)
* various vpn/wireguard improvements & fixes
* improved compatibility with new netifd
* added open STA improvements by @brianjmurrell
* closes#22227#22288#22357
Signed-off-by: Dirk Brenken dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 81658c5823)
* update to 2023-10-25 upstream version which fixes the crashes on logging on ath79
* remove no longer needed 030-src-logging.c-fix-crash.patch
* update 010-cmakelists-remove-cflags.patch to work with a new version
* update 020-src-options.c-add-version.patch to work with a new version
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 6b92b6c6d2)
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 2311e79218)
* update service triggers so that procd_add_raw_trigger is only
executed on boot and not on other service actions
* remove outdated iface hotplug script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 5dd08fe23f)
procd requires init script name, not the path to executable
Signed-off-by: ValdikSS ValdikSS <iam@valdikss.org.ru>
(cherry picked from commit af58942738)
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit db305165c9)
This package is not maintained anymore in the OpenWrt packages feed
and since we updated Go to 1.21 version, it is not compiled either.
Let's hope that with removing this package from our feed,
someone will step it and become a maintainer to take care of this package.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5a917a2a1c)
* fix sed to properly purge allowed domains from block-lists
* ensure resolver is restarted on allow command
* reduce pause default/max in attempt to make it work with luci
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 42cc50eec8)
The samples in the repo are useful for configuring cenrtain aspects of
ddns, and their inclusion is hinted at within their source code
Signed-off-by: Julian Grinblat <julian@dotcore.co.il>
(cherry picked from commit 565fda4105)
Signed-off-by: Daniel Pinto <danielpinto8zz6@gmail.com>
desec.io ddns update is not working, after testing the endpoint I got a 301, after a bit of search I found out we are
supposed to use https instead of http
more info here: https://talk.desec.io/t/301-from-update-dedyn-io/644/2
bump PKG_RELEASE
(cherry picked from commit f425e37fb0)
When using both ipv4 and ipv6 entries on the same host, ddns is clearing A
(or AAAA) record depending on the connection (ipv4 or ipv6).
see https://desec.readthedocs.io/en/latest/dyndns/update-api.html#determine-ip-addresses
Signed-off-by: Baptiste Fouques <bateast@duck.com>
Update comment and bump PKG_RELEASE number.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 1ea13ed8a1)