summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
13 hoursMerge pull request #4420 from c-po/veth-mtuHEADcurrentChristian Breunig
virtual-ethernet: T7293: add support to define interface MTU
13 hoursMerge pull request #4424 from c-po/acme-race-T7299Christian Breunig
pki: T7299: race condition for acme requested certificates / CA chain
13 hoursMerge pull request #4425 from jestabro/submod-typoChristian Breunig
T7289: fix typo in git submodule status check
13 hoursMerge pull request #4426 from jestabro/restrict-opam-package-versionChristian Breunig
T7296: update hash for restrict opam ppx_deriving_yojson <= v3.9.1
31 hoursT7296: update hash for restrict opam ppx_deriving_yojson <= v3.9.1John Estabrook
33 hoursT7289: fix typo in git submodule status checkJohn Estabrook
35 hourspki: T7299: race condition for acme requested certificates / CA chainChristian Breunig
When using the VyOS internal PKI subsystem to request a certificate using ACME, the issuer CA is not automatically imported in the PKI subsystem on the first run due to a race condition. Issue is fixed by adding all newly requested and granted ACME certificates to the list of ACME certificates "on disk" which are used to extract the issuing CA certificate.
2 daysMerge pull request #4417 from jestabro/submod-libvyosconfigJohn Estabrook
T7289: add libvyosconfig as git submodule for builds from private repos
3 daysMerge pull request #4409 from woodsb02/patch-2Christian Breunig
syslog: T7270: fix typos in rsyslog.conf
3 daysMerge pull request #4416 from sever-sever/T7286Christian Breunig
T7286: Add CLI option to disable LDP establish packets
3 daysMerge pull request #4418 from kumvijaya/currentChristian Breunig
T7291: disabled codeowners review
3 daysMerge pull request #4423 from jestabro/preserve-symlinksChristian Breunig
T7294: preserve /config symlinks on image upgrade
3 daysT7286: Add CLI option to disable LDP establish packetsViacheslav Hletenko
If a router has not formed an LDP neighbor adjacency yet, it answers all received LDP Hello packets from non-neighbors with new Hello packets. This leads to flooding LDP packets to all routers for each LDP incoming packet. Add configuration option to disable this behavior ``` set protocols mpls ldp interface eth0 disable-establish-hello ```
3 daysT7294: preserve /config symlinks on image upgradeJohn Estabrook
The service certbot expects symbolic links for /config/auth/letsencrypt/live/<cert_name>/*.pem however, the default behavior of copytree copies the linked files during image upgrade. Set copytree argument to preserve symlinks.
3 daysvirtual-ethernet: T7293: add support to define interface MTUChristian Breunig
3 daysMerge pull request #4421 from dmbaturin/T7295-tzdata-dependencyDaniil Baturin
fixup: T7295: add an explicit dependency on tzdata > 2025 to prevent APT from pulling that package from buster
3 daysfixup: T7295: add an explicit dependency on tzdata > 2025Daniil Baturin
to prevent APT from pulling that package from buster
4 daysT7291: disabled codeowners reviewkumvijaya
4 daysT7289: attempt to update submodule if status inconsistentJohn Estabrook
4 daysT7289: set url as relative pathJohn Estabrook
5 daysT7289: update Makefile for libvyosconfig as git submoduleJohn Estabrook
5 daysT7289: add libvyosconfig as git submoduleJohn Estabrook
6 daysMerge pull request #4415 from jestabro/strip-versionJohn Estabrook
T7246: update hash for strip version on config load
6 daysT7246: update hash for strip version on config loadJohn Estabrook
6 daysMerge pull request #4413 from oniko94/fix/T7278-fix-cracklib-dep-buildJohn Estabrook
T7278: Remove cracklib hack from postconfig script template
7 daysMerge pull request #4326 from Embezzle/T5493Daniil Baturin
firewall: T5493: Implement remote-group
7 dayssyslog: T7270: improve descriptions of format optionsBen Woods
7 daysT7278: Remove cracklib hack from postinstall script templateoniko94
10 daysfirewall: T5493: Implement remote-groupAlex W
11 dayssyslog: T7270: fix SyslogProtocol23Format typo in rsyslog.confBen Woods
11 dayssyslog: T7270: fix octed-counted typo in rsyslog.confBen Woods
11 daysMerge pull request #4397 from c-po/T861-secure-boot-certsChristian Breunig
T861: rename Secure Boot MOK (Machine Owner Key) file
11 daysMerge pull request #4400 from l0crian1/currentChristian Breunig
T7138: Fix show qos
11 daysMerge pull request #4402 from c-po/wireguard-key-T7246Christian Breunig
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
11 dayswireguard: T7246: verify Base64 encoded 32byte boundary on keysChristian Breunig
Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not divide evenly by .75, so there's a padding character and the penultimate character does not include the whole base64 alphabet. Extend the base64 validator with an optional argument to define the length to match of the decrypted Base64 encoded string. Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html
11 daysMerge pull request #4407 from jestabro/relax-lexer-testJohn Estabrook
T7246: update libvyosconfig hash and add nosetest
12 daysT7246: update libvyosconfig hash and add nosetestJohn Estabrook
12 daysMerge pull request #4406 from jestabro/relax-lexerJohn Estabrook
T7246: do not pass unneeded version string to parser
13 daysT7246: do not pass unneeded version string to parserJohn Estabrook
Previously the parser would ignore lines beginning with '//', however this is unnecessarily restrictive. Pass only config information to parser, as the version string is saved separately for reconstruction on render.
14 daysMerge pull request #4398 from jestabro/commitdDaniil Baturin
T7121: Set up communication vyconfd to vyos-commitd
14 daysMerge pull request #4405 from c-po/certbot-T7249Daniil Baturin
pki: T7249: fix shebang to support CLI backend
14 daysT7121: T6946: update hash for commit algorithm/commitd messagingJohn Estabrook
14 daysMerge pull request #4399 from sever-sever/T7252Daniil Baturin
T7252: Allow vpptun and vpptap for constraint validator
14 daysbgp: T7157: Allow using route-maps for VRF route leaking in BGP (#4404)aapostoliuk
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP Added the possibility of using route-map in route leaking. * Improve the constraint error message --------- Co-authored-by: Daniil Baturin <daniil@baturin.org>
14 daysMerge pull request #4390 from ↵Viacheslav Hletenko
oniko94/feature/T6353-add-password-complexity-validation T6353: Add password complexity validation for system login user
14 dayspki: T7249: fix shebang to support CLI backendChristian Breunig
Fixes an error: interpreter/vyatta-cfg-run: line 162: `vyatta_config_commit-confirm': not a valid identifier Which prevented to renew the certificates. This will only fix renewing of the certificates. Nothing changed in how daemons will be restarted if a certificate is updated.
14 daysT6353: Change cli_commit to return the command outputoniko94
14 daysT6353: Add password strength check and user warningoniko94
2025-03-17Merge pull request #4401 from dmbaturin/T7217-generate-dropbear-keysChristian Breunig
console-server: T7217: generate Dropbear SSH keys if they do not exist
2025-03-17console-server: T7217: generate Dropbear SSH keys if they do not existDaniil Baturin
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-01 04:48:53 +0000