CVE-2017-1000472 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000472

Fixes these CVE
Security advisory https://irssi.org/security/irssi_sa_2018_01.txt

CVE-2018-5206 - NULL pointer dereference
CVE-2018-5205 - access data beyond the end of the string.
CVE-2018-5207 - heap buffer overflow

read rundir path from kresd uci config
remove debug print from dhcp_host_domain_ng.py
fix removing unbound static leases

Marc Elser authored 7 years ago and Jan Pavlinec committed 7 years ago

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>

Note: Clearing cache after every restart is no longer needed.

This reverts commit b5c840ba.

Not needed anymore, bypass should be working correctly now.

From version 60.0.3 we are using system certificates and there is
possibility that user doesn't have them (because for some stupid reason
did opkg install --force-reinstall or upgrade ca-certificates which at
first removes ca-certificates and then tries to download new version
which fails. This ensures that updater when it's updating to new version
also installs ca-certificates before it if they are missing.

iptables table mangle POSTROUTING/PREROUTING is not triggered for
traffic incoming to/outgoing from localhost, so CONNMARK was not set

this fix moves setting CONNMARK to filter:suricata table