Running as a dedicated user is better from both a security and an
isolation perspective than running as root.
Signed-off-by: John Audia <therealgraysky@proton.me>
Major change is:
- set server signing to auto by default.
In recent versions of Windows 11, server signing is required.
However, server signing is disabled by default in ksmbd server.
So It is recommended to set server signing = auto as default,
so that it is used whenever it is required.
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Add a comment to the package description to inform users that the build
system will not automatically pick gperftools-runtime and vectorscan-
runtime when building from source.
References to performance benefits of using them:
c1b4e80825b6b2d1e305
Signed-off-by: John Audia <therealgraysky@proton.me>
Release notes: https://github.com/snort3/snort3/releases/tag/3.9.6.0
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.9.6.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.21
Using Vectorscan version 5.4.12 2025-10-06
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.6.0 1 Oct 2025
Using PCRE2 version 10.46 2025-08-27
Using ZLIB version 1.3.1
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Since vectorscan-runtime was dropped in the following commit, need to
replace references to it with just vectorscan in order to compile
snort3 against it: 8a3c7a69e6
Without this change, even having CONFIG_PACKAGE_vectorscan=y in the
.config will result in a failure to compile against it, e.g:
...
Feature options:
DAQ Modules: Dynamic
libatomic: User-specified
Hyperscan: OFF
...
Signed-off-by: John Audia <therealgraysky@proton.me>
Remove 'boost-system' from the dependencies. The 'boost-system' is a
header-only library since version update of boost to '1.89.0'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove 'boost-system' from the dependencies. The 'boost-system' is a
header-only library since version update of boost to '1.89.0'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
domoticz only links to boost headers since boost version update to '1.89.0'.
Remove 'boost-system' from the dependencies and add boost as build
dependency.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- drop iwinfo, use iw/ip instead
- support passive wlan scanning (active scanning is still the default)
- drop qrencode, use the LuCI internal qrcode js library instead
- more vpn fixes
- various LuCI changes/enhancements
- fix#27599
- disable proactive scanning in the default config
Signed-off-by: Dirk Brenken <dev@brenken.org>
* currently the package is build with the latest kernel version in a branch
* if package version is bumped if can no longer be installed on older point releases as userland and kmod does not match
Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
Also packages isaset and isadump for x86 target only:
isadump:
Is a small helper program to examine registers visible through the ISA bus.
isaset:
Is a small helper program to set registers visible through the ISA bus.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
GNUnet 0.25 dropped the autotools based build system and now requires
being built with Meson. As expected there are some cross-compiling
related issues which have been fixed using downstream patches by now.
v0.25.1:
- transport: hotfix incorrect communicator key derivations
- tests: make failing tests work again
- util: Change to assigned HPKE codepoint for DHKEM+Elligator. See https://www.iana.org/assignments/hpke/
- fs: service failed to start because of PILS addition
v0.25.0:
- util: Removed authkem from HPKE implementation as it is going to be removed from the RFC9180bis spec and is unused in GNUnet anyway.
- core: New AKE implementation.
- pils: New service.
- gns: Various improvements to performance and DNS migration tooling.
- build: Retired autotools.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The gperftools and vectorscan packages have been simplified by removing
their -runtime and -headers splits. Update snort3 to use the new package
names.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The vectorscan-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).
- Rename vectorscan-runtime to vectorscan to simplify things
- Add ABI_VERSION:=5 to track library soname versioning
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The gperftools-headers package installed headers to the target device,
but headers are only needed during the build process (via Build/InstallDev).
- Remove gperftools-headers package
- Rename gperftools-runtime to gperftools
- Add ABI_VERSION for tracking ABI changes
While looking for e.g. on repology, there is only gperftools package [1]
and not gperftools-runtime and gperftools-headers.
[1] https://repology.org/project/gperftools/versions
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bugfix: remove IPKG_INSTROOT check
* bugfix: do not attempt to download config update if package is disabled
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Makefile:
* stop shipping/dealing with the firewall hotplug (obsolete)
* install a third user-script (dnsprefetch) by @betonmischer
Config:
* remove obsolete options
* include the new user script
Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* rename options to better reflect their function:
* procd_lan_device to lan_device
* procd_wan_interface to uplink_interface
* procd_wan6_interface to uplink_interface6
* procd_wan6_metric to uplink_interface6_metric
* wan_ip_rules_priority to uplink_ip_rules_priority
* wan_mark to uplink_mark
* visually separate run-time variables from variables loaded from config options
* use ${IPKG_INSTROOT} when sourcing files
* fix typo in str_to_dnsmasq_nftset()
* use pidof to kill dnsmasq in dnsmasq_kill()
* add helper function uci_add_list_if_new()
* add helper function uci_changes()
* add helper function ubus() so that service delete does not produce "Command not found"
* implement the dnsmasq features check similar to dnsmasq init script
* add get_url() function similar to luci package
* add/modify error and warning messages
* change how mktemp is used for more reliable file creation
* unset non-true boolean package config options on load for easier checks later
* improve handling of nft/nft set options
* fewer calls to resolver() and resolver() optimization to speed up the service
* use softlinks instead of duplicating dnsmasq nftset files into each instance
* prevent duplication of dnsmasq nftset elements
* option to target a specific dest dns port in DNS policies
* bugfix: more reliable interface reloads
* display README links to errors/warnings sections if any errors/warnings discovered
Uci-defaults:
* transition from old options to new ones
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This fixes version detection issues when other packages (like snort3)
try to find the tcmalloc library using CMake's find_package(). Without
the headers in the staging directory, CMake cannot read the version
information from tcmalloc.h, resulting in empty version strings.
Fixes:
Found TCMalloc: /builder/staging_dir/target-x86_64_musl/usr/lib/libtcmalloc.so (found version "")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This simplifies checks enabling/disabling features, if packages are present
instead of having checks for specific architectures.
TCMALLOC_LIBRARIES is removed as it's auto-detected, unlike vectorscan
which requires explicit HS_INCLUDE_DIRS.
Fixes: 126364e105 ("snort3: refactor architecture-specific dependencies and CMake options")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Makefile:
* update to latest upstream: 7b27ecd559
* update version, release
* drop CONFIGURE_ARGS as the build is curl-independent
* update the link to the documentation
README:
* add small README with the link to documentation
Config:
* rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning
* add heartbeat_domain, heartbeat_sleep_timeout, heartbeat_wait_timeout options
* add default user, group and listen_addr options to the main config
* drop the user, group and listen_addr options from the instance configs
Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* new options handling where the global config options can be used for instance options
* some renaming of global/instance variables due to abovementioned redesign
* new open port detection, no longer relying on netstat
* new uci_changes() logic where it returns 0 or 1 instead of text
* new append_parm logic for not adding default value options to CLI
* new boolean options handling logic
* move config loading to load_package_config() function
* new logic for calling procd_set_config_changed firewall based solely on "$force_dns"
* source network.sh based on "${IPKG_INSTROOT}" path
* rename procd_fw_src_interfaces to force_dns_src_interface to better reflect meaning
* rename use_http1 to force_http1
* rename use_ipv6_resolvers_only to force_ipv6_resolvers
Uci-defaults:
* migrate to new option names
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Config/uci files were not being included in -full variant.
Config files were also being lost in firmware upgrades for all variants.
Both issues fixed, including correct file permissions for config files.
Signed-off-by: Antonio Pastor <antonio.pastor@gmail.com>
Config file:
* add debug_init_script and debug_performance options
* remove led (default should be empty) option
* remove procd_boot_delay (obsolete) option
Init Script:
* reinstate IPKG_INSTROOT check
* change capitalization in status messages
* unset default value for led option on load_package_config
* bugfix: unset bool options which are later checked for non-empty
* bugfix: create compressed cache only if block-file exists
* adjust errors output/storing errors for later display in multuple cases
* produce information about cache/compressed cache files in service
status output when service is stopped
* attempt to create compressed cache in service_started only if block-
file exists
* bugfix: run service_started from the dl command (to create compressed
cache file)
* rename StripToDomains variables for readability
* improve open port detection
Uci-Defaults:
* improve readability of debug options migration
Signed-off-by: Stan Grishin <stangri@melmac.ca>
