Since my previous post a similar issue was discovered for DTLS and 1.6.2
was released. CVE numbers were also assigned for these two
vulnerabilities:
CVE-2012-4523 refers to the TLS issue, fixed in radsecproxy 1.6.1
CVE-2012-4566 refers to the DTLS issue, fixed in radsecproxy 1.6.2
So it would be good to bump to 1.6.2, applying this patch on top of
r34484.
Signed-off-by: Zenon Mousmoulas <zmousm@noc.grnet.gr>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34535 3c298f89-4303-0410-b956-a3cf2f4a3e73
The init script expects uci-style 1/0 and not Yes/No or On/Off in the config.
Amend the commented-out configuration directives accordingly.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34494 3c298f89-4303-0410-b956-a3cf2f4a3e73
Busybox's ash doesn't pass unexported environment variables to processes
started from within a function, so a service started with
MMM=xyz service_start blablabla
will never see the MMM variable.
Fix this by exporting the important variables.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34493 3c298f89-4303-0410-b956-a3cf2f4a3e73
file
I cleaned up the patch so line do not overflow and removed some white
space in hope to get it accepted or revised.
As isc-dhcp-relay does not come with an init script, I made one based
on sysntpd init.d file for both ipv4 and ipv6.
If you need more arguments from isc-dhcp-relay to be included in the
config file, I'll be able to add them.
This patch has been applied to trunk and compiles/install on my side.
The script for ipv4 and ipv6 have been tested with the
isc-dhcp-relay-ipv6 binary and work well (start/stop with the right
settings).
Signed-off-by: Jérôme Poulin <jeromepoulin@gmail.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34485 3c298f89-4303-0410-b956-a3cf2f4a3e73
An issue has been found where radsecproxy accepts TLS clients when it
should not, due to the way it performs client verification after a TLS
handshake.
See for more details:
https://project.nordu.net/browse/RADSECPROXY-43https://project.nordu.net/browse/RADSECPROXY-44
A (short term) fix for this issue has been released as version 1.6.1.
Other changes in previously released version 1.6 mostly apply to F-Ticks
logging, an optional feature that is not enabled in the OpenWRT package,
due to a build dependency on nettle, a library that has not been ported/
packaged (yet).
Signed-off-by: Zenon Mousmoulas <zmousm@noc.grnet.gr>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34484 3c298f89-4303-0410-b956-a3cf2f4a3e73
Similar to r33906, use the functions directly to allow compilation for
linux 3.6.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34319 3c298f89-4303-0410-b956-a3cf2f4a3e73
be able to reduce it's footprint and allow nginx to be built with
support for lua.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34223 3c298f89-4303-0410-b956-a3cf2f4a3e73
the patch 100-olsrd-fix-stack-corruption-in-net_output.patch was merged upstream in the olsrd repository with commit f4d250ad4fad5fcfe5b5feaac3f3e121adef3fba
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34181 3c298f89-4303-0410-b956-a3cf2f4a3e73
Repairs path to iptables in snortsam sources from /sbin/iptables to /usr/sbin/iptables.
Without this patch Snortsam does not know the path to iptables binary.
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33823 3c298f89-4303-0410-b956-a3cf2f4a3e73
Redsocks is a daemon running on the local system, that will transparently
tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It
uses the system firewall's redirection facility to intercept TCP connections,
thus the redirection is system-wide, with fine-grained control, and does
not depend on LD_PRELOAD libraries.
Signed-off-by: Sebastian Muszynski <basti@linkt.de>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33799 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch repairs init script for Snort. Current version can start snort, but
cannot stop it.
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33798 3c298f89-4303-0410-b956-a3cf2f4a3e73
New package shorewall-core, current stable release 4.5.7
The Shoreline Firewall, is high-level tool for configuring Netfilter.
This package provides the core Shorewall libraries installed in
/usr/share/shorewall/,
which are required for the rest of the Shorewall packages to work.
Signed-off-by: Edy Corak <info@loenshotel.de>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33797 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch updates shorewall-lite to current stable release 4.5.7
Please note:
The new package shorewall-core 4.5.7 is required by this shorewall-lite version and perlbase-digest.
Signed-off-by: Edy Corak <info@loenshotel.de>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33796 3c298f89-4303-0410-b956-a3cf2f4a3e73
this patch includes ODBC support for Asterisk18 package.
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33793 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch updates xtables-addons and removes the 3.3 compatibility patch and
the powerpc include as it is not required.
Signed-off-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33792 3c298f89-4303-0410-b956-a3cf2f4a3e73
I would like to introduce you Snortsam, plugin for Snort. This patch was
accidentally superseded due to lack of my explanation (snortsam needs to be
supported by snort - it is supported now). It's in the same state as was
introduced before. Support for snortsam was introduced in Snort in
http://patchwork.openwrt.org/patch/2491/. Current version of Snort (2.9.2.2)
supports Snortsam.
SnortSam is a plugin for Snort, an open-source light-weight Intrusion
Detection System (IDS).
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33791 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch update wifidog to the latest svn version
It correct a bufferoverflow and some segfaults
Tested on openwrt x86 kvm
Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33790 3c298f89-4303-0410-b956-a3cf2f4a3e73
Major changes since v0.15 currently in trunk
* SSL/TLS support across the board, broker, clients and client library
* TLS-PSK support if openssl version is new enough
* thread support in client library
* lots and lots of bug fixes
Because prior versions of mosquitto didn't have any SSL support,
I've made the openssl dependency optional (but on by default)
Includes basic UCI config support, originally from:
https://github.com/remakeelectric/owrt_pub_feeds/tree/master/luci-app-mosquitto
Tested with both all -nossl and all regular packages.
(Have to run a "make package/mosquitto/clean" between builds)
[Florian: fix for real variant building, remove check on backfire]
Signed-off-by: Karl Palsson <karlp@remake.is>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33787 3c298f89-4303-0410-b956-a3cf2f4a3e73
Currently it is the only package in the 'Web' submenu. Move it
to 'Web Servers/Proxies', where all other packages are.
Signed-off-by: Jonh Wendell <jonh.wendell@oiwifi.com.br>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33784 3c298f89-4303-0410-b956-a3cf2f4a3e73
