- include SAN in the certificate
- trying to follow AsusWRT
- harcoding valid dates via giving an unix time no longer works, as I got rid of setstartsecs support
- Updated to include -startdate & -enddate arguments for req command that was added into OpenSSL
- Certificate set to be valid from 01/01/2017 until 12/31/2027 GMT
Thx AndreDVJ!
This binary / code used to drive GPIO LAN led on WS800 for example. Also, blink_5g_interface also defined for EA6500V1, TDN60 in init.c. Thx Nikk Gitanes!
- This script once hung up on me, so modified logic to issue SIGTERM in case TIMEOUT is less than 10, and SIGKILL in case TIMEOUT is greater or equal than 10.
- That way, in case for some reason the daemon won't go down even after a SIGKILL, more SIGKILL attempts will be made, instead of a single one.
- Each termination or killing attempt will be logged as well, in case this script is hung up, user can look after logs and see what the script is doing.
Patched with changes up to March 17th, 2017.
Not everything was ported, and only actual code as much as possible. Manual pages per example were left out.
List of what was ported to Tomato's 2.76. All of this will be eventually updated/replaced when dnsmasq 2.77 is released or any correction that may come from upstream is necessary.
- Calculate length of TFTP error reply correctly.
- Zero newly malloc'ed memory.
- Check return of expand() always.
- Fix bad behaviour with some DHCP option arrangements.
- Fix logic error in Linux netlink code.
- Fix problem with --dnssec-timestamp
- malloc(); memset() -> calloc() for efficiency.
- Zero packet buffers before building output, to reduce risk of information leakage.
- Don't reset packet length on transmission, in case of retransmission.
- Compile-time check on buffer sizes for leasefile parsing code.
- auth-zone: allow to exclude ip addresses from answer.
- Bump auth zone serial when reloading /etc/hosts and friends.
- Handle v4-mapped IPv6 addresses sanely for --synth-domain.
- Suppress useless warning about DHCP packets of interfaces without addresses.
- Handle binding upstream servers to an interfaces
- Improve --address and --ipset docs, fix --help output
- Log ipset errors.
- Fix crash introduced in 2675f2061525bc954be14988d64384b74aa7bf8b
- Bump TCP connection backlog from 5 to 32.
- Additional syntax check on MAC wildcards.
- Fix getsockname error return check.
- Tweak start-up logging
- Detect and error loops in --cname configuration.
- Fix rrfilter bug leading to malformed replies.
- Make --localise-queries apply to names from --interface-name.
- Stop treating SERVFAIL as a successful response from upstream servers.
- Improve connection handling when talking to TCP upsteam servers.
- Add forthcoming 2017 root zone trust anchor to trust-anchors.conf.
- Decrease the number of individual sites listed in log.
- Implement RFC-6842 (Client-ids in DHCP replies.)
- Make --bogus-priv apply to IPv6
- Allow wildcard CNAME records in authoritative zones.
- Fix CNAME wildcard in auth-mode.
- Fix rev-server with /32 prefix.
- Improve error checking for --rev-server.
- When forwarding a query to a non-DNSSEC nameserver, don't verify the lack of DNSSEC.
A previous commit introduces a line of code which requires Tor to be built, which isn't the case for VPN builds.
So script was modified to only have that said line of code called "externally", inside a case called ln_Tor, and rootprep script is called again in the Makefile but this time specifying ln_Tor as a parameter whenever TOR is included.
AndreDVJ: Even though I don't have that router, the change to grey out USB 3.0 support in Webpage in case router does not have an USB 3.0 port if usb_usb3=-1 is very useful.
kille72
pedro
lancethepants
AndreDVJ
M_ars
tsynik
Jeremy Chadwick