Trying to compile libffi now that automake has been updated to 1.17 will
fail, however there is no reason for us to be calling autoreconf as libffi
release tarballs already contain the generated configure script.
So, drop the unnecessary autoreconf that seems to be leftover from the
previous 3.4.2 bump as we dont have any patches targeting configure.ac nor
libffi in general.
Fixes: openwrt/openwrt#18041
Signed-off-by: Robert Marko <robimarko@gmail.com>
This redirects the debug output to stderr, allowing `mwan3 use` to be used in
scripts without polluting stdout.
Before:
mwan3 use wan curl -fsSL https://ifconfig.co/json | jq -er '.country_iso'
jq: parse error: Invalid numeric literal at line 1, column 8
curl: (23) Failure writing output to destination, passed 389 returned 0
After:
mwan3 use wan curl -fsSL https://ifconfig.co/json | jq -er '.country_iso'
Running 'curl -fsSL https://ifconfig.co/json' with DEVICE=eth2 SRCIP=192.168.0.1 FWMARK=0x3f00 FAMILY=ipv4
DE
Signed-off-by: Philipp Schmitt <philipp@schmitt.co>
3.4.7 Feb-8-2024
Add static trampoline support for Linux on s390x.
Fix BTI support for ARM64.
Support pointer authentication for ARM64.
Fix ASAN compatibility.
Fix x86-64 calls with 6 GP registers and some SSE registers.
Miscellaneous fixes for ARC and Darwin ARM64.
Fix OpenRISC or1k and Solaris 10 builds.
Remove nios2 port.
Signed-off-by: John Audia <therealgraysky@proton.me>
Updated and removed upstreamed patch.
Highlights relating to security:
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
Full release notes: https://www.openssh.com/txt/release-9.9p2
Signed-off-by: John Audia <therealgraysky@proton.me>
This propagates the exit code of the command wrapped by `mwan3 use` and
allows for example to use `mwan3 use` in monitoring scripts.
Before change:
shell command:
mwan3 use wan false >/dev/null && echo ok || echo fail
result:
ok
After change:
shell command:
mwan3 use wan false >/dev/null && echo ok || echo fail
result:
fail
Signed-off-by: Philipp Schmitt <philipp@schmitt.co>
* No more `/sbin/uci: Invalid argument output` when set to not update
dnsmasq instances (thanks @tmcqueen-materials for investigation!)
* Do not wait for interface.up on boot, hopefully this resolves the
boot-up start for everyone
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Move working directory from `/var/adguardhome` to
`/var/lib/adguardhome`, according to Linux FHS.
Add option to store PID file, defaulting to `/run/adguardhome.pid`.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
This commit updates the mstflint package to the
latest 4.31.0 release.
It also includes patches to fix some build errors
that have been merged into their development branch [1]
but are not inside the current release version.
[1] https://github.com/Mellanox/mstflint/pull/1131
Signed-off-by: Til Kaiser <mail@tk154.de>
* properly handle forced DNS ports <> 53,
no longer make bogus local redirects, reject them instead (fixed#25897)
* support the jail mode for smartdns
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* optimized the f_nftload function
* reduced the prerouting priority to -175
* optimized the output of the f_survey function
* removed a needless fw4 call/check
* no longer skips regular blocklist feeds in "allowlist only" mode
* optimized init checks
* turris feed: enable IPv6 parsing, too (prvided by @curbengh)
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
If an interface that is being used (or tracked) by a VRRP instance goes to
down state, the VRRP instance(s) will, by default, immediately transition to
FAULT state, and when all relevant interfaces are back up again the VRRP
instance(s) will immediately transition to BACKUP state.
This can cause problems if interfaces are bouncing, and so delays can be
specified between the interface state change and the transition to
FAULT/BACKUP state. If the interface returns to its original state before
the delay expires, no associated VRRP instance state transition will occur.
New uci section 'interface_up_down_delay':
config interface_up_down_delays
option device <device>
option down_delay <number in seconds>
option up_delay <number in seconds>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* Improve verbose output on start
* Allow to not create ip rule for WG server
* Improve boot up start (take 2)
* Improve verbose output when setting triggers
* Override DNS hijack with DNS policies from pbr
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: working start on boot when interfaces are up
(thanks @tmcqueen-materials and @b1ackbeat)
* improvement: better output when setting triggers on start
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If the modem loses the connection, an attempt is made to re-establish the
connection via the report-down script.
Until now, the modem was disabled when the modem processed the teardown of
the modemmanager protohandler. The immediate up events of netifd renables
the modem right away. This takes time, which is not necessary.
This commit changes the behavior so that the modem is not disabled when
the modemmanager is disconnected via the report-down script.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
