Release Notes
Management
- Introduce a new ACL engine based on Rego (Open Policy Agent) for firewall control
- Personal access tokens generation as a first iteration toward public API release
- Add Keycloak support as an IDP manager
Agent
- Introduce a Firewall interface to apply granular access control (e.g., connection direction, port, or protocol level)
- Make the agent run on Android (mobile support)
Changelog
- Feat rego default policy
- Don't drop Rules from file storage after migration to Policies
- Add version info command to signal server
- Feat firewall controller interface
- Adding Personal Access Token generation
- Exchange proxy mode via signal
- Fix connstate indication
- Mobile
- PAT persistence
- Add Keycloak Idp Manager
- Adjustments for the change server flow
- Disable peer expiration of peers added with setup keys
- Add JWT middleware validation failure log
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 12f8ebc4b1)
Netbird is similar vpn service as tailscale and zerotier.
Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit a4d8d2459a)
Update crowdsec to latest upstream release version 1.5.4
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space
Description: update to latest version of upstream
(cherry picked from commit 7528bf7682)
It seems like the libpcre dependency was added by mistake.
While checking in the source code of czmq (Makefile.am, CMakeLists.txt),
I see there are several dependencies, but there isn't PCRE.
Fixes: 936a48a ("czmq: add new package")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e3ab95185c)
This backports a change from postfix 3.8, I do not know exactly why it
detects Linux 6 here, but this is needed to fix compilation with glibc
2.36.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 33786efe66)
A compiler bug (suspiciously) blocks gnulib compilation for
mipsel_24kc_24kf. While we had this patch to disable gnulib, it was
accidentally removed by 5d27631d9f. Add it
back to fix the long broken build for mipsel_24kc_24kf.
Fixes: #19511
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 68f23a9c33)
If buildsystem does not have a internet connection, then the build
fails. This is because of the fact, that glib2 is downloading and building
the missing dependencies during host compilation.
This cannot be allowed to happen. The package must also be built without
an internet connection.
Adding the missing host build dependency and removing the 'forcefallback'
fixes this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c664b83535)
This commit fixes two issues on macos:
1. Added a patch to fix 'echo -n' issue with MacOS shell
(backported from upstream)
2. Redefined sys.platform='linux' for target build if build host is
MacOS (otherwise, build script tries to use MacOS logic for
OpenWrt(Linux) target build)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 510d44d988)
The patch seems not needed anymore.
Also remove deprecated PKG_RELEASE:=$(AUTORELEASE)
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit 735cba83ce)
Parallel build does not work because it may reach a point where OSTYPE
might be needed before it is actually built. They appear to run
parallel to each other:
echo slx > OSTYPE
[...]
cat: OSTYPE: No such file or directory
sh: line 1: test: too many arguments
cat: OSTYPE: No such file or directory
Already built for -- you must do "make clean" first
make[6]: *** [Makefile:706: rebuild] Error 1
make[6]: *** Waiting for unfinished jobs....
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0e652e2449)
This package lacks proper maintenance in both upstream and here.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 72c8977b3b)
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 1e1b2051db)
