* fix dns resolution not working on boot
* add hotplug-online script
* reorganizes files/ and Makefile to reflect files destinations
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update jool to version 4.1.10 and remove a no longer needed patch.
There was also a need to backport a patch to fix compile in some archs.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Modified the code to correctly determine modem availability based on the
sysfs path provided in the 'device' option, instead of relying on the
'proto' value. This ensures proper configuration for custom-made protos
that do not match the "modemmanager" identifier.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
The proto_send_update function is sending a notification to netifd
during the teardown section. However, netifd filters link update
notifications executed during teardown, as indicated here:
https://git.openwrt.org/?p=project/netifd.git;a=blob;f=proto-shell.c#l515
This was leading to a Permission Denied error due to its behavior,
making proto_send_update ineffective during teardown.
To address the issue, the proto_send_update function has been removed
from the teardown section. This prevents the Permission Denied error
while ensuring proper operation during teardown.
Additionally, in the 10-report-down helper script, a check has been
implemented to determine if the interface is already down. This check
is crucial to avoid triggering a Permission Denied error, especially
in cases where netifd is already aware of a controlled ifdown operation.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
croc is a tool written in Go for sending files from one device to
another over the internet using a relay. It runs on multiple platforms,
provides end-to-end encryption and works without port forwarding and
fixed IP/DynDNS.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
* this package replaces simple-adblock package
* it was impossible to keep existing config structure and continue
improving the simple-adblock the way I wanted, hence the new
package name
* the migration script for existing simple-adblock config is included in
the uci-defaults file
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* remove firewall4.include file as it is not needed and procuces a firewall
error on service miniupnpd restart
* remove the uci-defaults file as its sole purpose was to install the
firewall include file
* modify the Makefile to reflect the deleted files
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This release breaks the noexit patch, because the code for removing old
now returns an error when no interfaces are configured. As it is run on
startup, the daemon exits in this case. To avoid this, add an additional
check so an error is only returned in an actual error case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes#2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes#2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Update the mdio-netlink kmod and userspace mdio-tools to version 1.3.0.
[v1.3.0] - 2023-07-24
---------------------
Primarily widen the gamut of supported kernel versions, now supporting
all kernels from 5.2 and onwards.
- mvls: Support for 88E6320/88E6321
- mdio-netlink: Adapt to the upstream C22/C45 refactor.
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
* quic-go v0.36.x cannot be compiled with Go 1.21. Update that
AdGuardHome dependency to latest one from v0.37 series.
* It fixes following compilation error:
go-mod-cache/github.com/quic-go/quic-go@v0.36.2/internal/qtls/go121.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet. For more details, please see https://github.
com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet.
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Everything is working on pure upstream code.
Patching is not longer needed.
Added entire /etc/tailscale/ directory to conffiles for persistent ssh
host key & https certificate across sysupgrades.
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Add new option to a config bridge section to indicate
if a bridge port added to the bridge should be isolated
or not. The default is 0 (no isolation).
example
config bridge
option interface 'br-mybridge1446'
option mtu '1446'
option isolate '1' # default '0'
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
In order to use the dbus interfaces via the command gdbus-codegen, the
xml files must be copied into the building staging directory, so that other
programmes can use them during compilation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fix validation for force_dns_port when missing in config
* fix validation for dns_instance when * or - are used
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Add a new package for the OpenThread Border Router. Comes with a netifd
protocol handler. See README.md for more information.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
v0.19.4:
- No changes
v0.19.3:
- We now detect MySQL's strange, version-dependent my_bool type on configure.
- Add pkg-config definitions for gnunet messenger.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
I've noticed my AppleTV's refresh their leases ever minute unless
I explicitly force their renewal time higher, because it doesn't
default to 50% of the lease time.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit updates openvpn to version 2.6.5 and add DCO support.
There are several changes:
- Starting with version 2.6.0, the sources are only provided as .tar.gz
file.
- removed OPENVPN_<variant>_ENABLE_MULTIHOME:
multihome support is always included and cannot be disabled anymore
with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_DEF_AUTH:
deferred auth support is always included and cannot be disabled
anymore with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_PF:
PF (packet filtering) support was removed in 2.6.x.
- The internal lz4 library was removed in 2.6.x; we now use the liblz4
package if needed
- To increase reproducibility, _DATE_ is only used for development
builds and not in release builds in 2.6.x.
- wolfSSL support was integrated into upstream openvpn
- DES support was removed from openvpn
The first two wolfSSL patches were created following these 2 commits:
4cf01c8e43028b501734
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The line to generate the argument list for 'simple connect' is quite
long and is not maintainable. To improve the handling a function
'append_param' was added for appending the 'simple connect' options.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Francisco Jose Alvarez <francisco.alvarez@galgus.net>
* Update commit head
* Rebase patch to the latest changes
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If on teardown the 'proto_notify_error' is set to 'MM_TEARDOWN_IN_PROGRESS',
then an error which is set on 'setup' is not visible in the ubus
network.interface.<iface> status output.
{
"up": false,
"pending": false,
"available": true,
"autostart": false,
"dynamic": false,
"proto": "modemmanager",
"data": {
},
"errors": [
{
"subsystem": "dualsim",
"code": "MM_TEARDOWN_IN_PROGRESS"
}
]
}
It alway shows the code 'MM_TEARDWON_IN_PROGRESS'!
By removing the line 'proto_notify_error "${interface}" MM_TEARDOWN_IN_PROGRESS'
in teardown, the last error is show in the proto stack from setup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The tag is now prefixed with v; update PKG_SOURCE_URL and PKG_BUILD_DIR
to reflect this.
Drop upstreamed patches. Refresh leftover patch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fix permission to dnsmasq files for ad-blocking
* add pause function to pause the ad-blocking temporarily
* introduce pause_timeout option to control default pause time
* update default config and config-update file
* use $param instead of $1 in adb_start()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Tor projects tries to migrate away from git.torproject.org [0,1]. We
need to adjust PKG_SOURCE and GO_PKG name. Further, we need to backport
patches to fix compiling on riscv64, so add:
- 0001-Bump-minimum-required-version-of-go.patch
- 0002-Update-dependencies.patch
Changelog:
2fa8fd9188
[0] - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86
[1] - 82cc0f38f7
Signed-off-by: Nick Hainke <vincent@systemli.org>
* supports allowing / blocking of certain VLAN forwards in segregated network environments,
set 'ban_vlanallow', ''ban_vlanblock' accordingly
* simplified the code/JSON to generate/parse the banIP status
* enclose nft related devices in quotation marks , e.g. to handle devices which starts with a number '10g-1'
* made the new vlan options available to LuCI (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This version includes support for Go 1.20 (specifically 1.20.5).
This also:
* Adds a workaround for musl 1.2.4 compatibility in mattn/go-sqlite3[1]
* Sets GO_PKG_BUILD_PKG to build the main binary (ooniprobe) only
* Updates the package license; the project was relicensed in 3.13.0[2]
[1]: https://github.com/mattn/go-sqlite3/issues/1164
[2]: https://github.com/ooni/probe-cli/pull/446
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* prevent superflous etag function calls during start action (on start backups will be used anyway)
* changed the ipthreat feed download URL (load a compressed file variant to save bandwidth)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added HTTP ETag or entity tag support to download only ressources that have been updated on the server side,
to save bandwith and speed up banIP reloads
* added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme)
* updated the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add new package to debug multicast setups. This is required to use
kselftests script for network testing.
net-mtools is used instead of mtools as it does conflicts with another
package that is also called mtools.
Some additional patch from Vladimir Oltean are added to make the tool
works on kernel selftests scripts.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
We currently have a more or less circular dependency with nginx ssl and
full variant.
FULL variant depends on every nginx module. Every nginx module depends
on nginx-ssl.
Since nginx-full depends on an nginx module, nginx-ssl is installed as
module depends on it and then the installation fails as nginx-full
conflicts with nginx-ssl.
nginx-full in it's meaning is nginx built with every config selected and
it should not have module as dependency. In fact an user should always
install them separetly as while other things, local modification to the
nginx config file are required to include the just installed module.
To fix this circular dependency problem, drop the dependency of every
nginx module for FULL variant.
Fixes: #21300
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit adds support for http/3. This is an experimental version
and isn't fully supported because nginx is being built with the regular
OpenSSL and the regular one doesn't support quic.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Update nginx to 1.25.1.
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[ improve commit title and add nginx changelog ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport a patch from upstream fixing wrong args handling with musl.
Before this patch non args must be passed at the end of the command due
to a musl limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* update binaries to 1.7.2
* move sharedMemoryOutput variable declaration into output function as it doesn't
need to be global
* rename parse_yaml function to yaml_parse
* add TODOs for future development
* update copyright datestamps
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Fixes CVEs:
- CVE-2023-2828: The overmem cleaning process has been improved, to
prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for named
to enter an infinite callback loop and crash due to stack overflow.
The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
`dnsdist-full` has all optional features enabled, but is a big package
in term of both flash and memory footprint.
`dnsdist` only keeps the features that make the most sense
on embeded devices, but can also be customised to match the
user's needs, up to the point where it matches `dnsdist-full`.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Major changes since version 3.1.1:
* Officially supports the 2019 version of IEEE 1588
* Improved unicast messaging
* Enhanced G.8275.2 profile
* More flexible Pulse Per Second (PPS) handling
* Virtual clock support
* Power profile support
* VLAN over bond support.
* Parallel Redundancy Protocol (PRP) trailer handling.
* Non-privileged read-only monitoring port.
* New statistics reporting.
[V2]
* reset package release
* adapt license name to the new format
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@westermo.com>
* Support MAC-/IPv4/IPv6 ranges in CIDR notation
* Support concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme)
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
OpenELP is an open source EchoLink proxy for Linux and Windows. It aims
to be efficient and maintain a small footprint, while still implementing
all of the features present in the official EchoLink proxy.
Signed-off-by: Scott K Logan <logans@cottsay.net>
If an alias name is used for the modem, then a check if the device exists
in sysfs does not work. To fix this remove the check if the sysfs device
exists. The protocoll handler already checks if the modem is responsible
for this device on the next line.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
On small systems with many virtual devices, the modem manager sometimes
could not start because it took too long until all devices for the modem
were recognised. This is because all system events that are stored in
the file events.cache have to be processed. To speed up the processing,
all devices under /sys/devices/virtual are now filtered out so that they
do not have to be processed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Fix a bug on installation of nginx-mod-luci where module.d directory
is not found and luci.module creation fails.
Correctly create empty directory for module.d include for dynamic module
loading by placing file in this directory.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When using both ipv4 and ipv6 entries on the same host, ddns is clearing A
(or AAAA) record depending on the connection (ipv4 or ipv6).
see https://desec.readthedocs.io/en/latest/dyndns/update-api.html#determine-ip-addresses
Signed-off-by: Baptiste Fouques <bateast@duck.com>
Update comment and bump PKG_RELEASE number.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In mesh communities, tunneldigger is widely used to create L2TPv3 tunnels
and mesh via them. Since the broker is typically installed on other
distributions, the openwrt broker package has not received any
maintenance in recent years [0]. I take now care of the further maintaince
of this package. Furthermore, I consulted with the maintainers to ensure
that they were comfortable with the change [1].
This PR is just a refactoring of the already existing opkg package from
wlanslovenija. It fixes config parsing and in general the config, adapts
to the new python syntax and fixes dependency handling.
- [0] https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger-broker
- [1] https://github.com/wlanslovenija/firmware-packages-opkg/issues/24
Signed-off-by: Nick Hainke <vincent@systemli.org>
netavark v1.6.0 was released, so instead of using
git version, use release. Does not contain very
much of changes, but list is available from netavark's
commit log.
Software now comes with additional tool named
netavark-dhcp-proxy-client which is now included
in package.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fix compilation error on kernel 6.1.
Fix compilation error:
In file included from /mnt/Data/Sources/openwrt/x-wrt/build_dir/target-aarch64_cortex-a72_musl/linux-bcm27xx_bcm2711/xtables-addons-3.24/extensions/LUA/controller.h:24,
from /mnt/Data/Sources/openwrt/x-wrt/build_dir/target-aarch64_cortex-a72_musl/linux-bcm27xx_bcm2711/xtables-addons-3.24/extensions/LUA/xt_LUA_target.c:27:
/mnt/Data/Sources/openwrt/x-wrt/build_dir/target-aarch64_cortex-a72_musl/linux-bcm27xx_bcm2711/xtables-addons-3.24/extensions/LUA/lua/lua.h:12:10: fatal error: stddef.h: No such file or directory
12 | #include <stddef.h>
| ^~~~~~~~~~
compilation terminated.
The error is caused by commit 04e85bbf71c9 ("isystem: delete global
-isystem compile option") present upstream from kernel 5.16. This
commit dropped the inclusion of system headers by default and caused
error on LUA module.
Following what is done in the commit for the required code, modify the
LUA Kbuild to include these header and restore correct compilation of
the LUA module.
Fixes: #21294
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
aardvark-dns v1.6.0 was released,
so instead of using git version, use release -
similarly like netavark.
Very much hasn't changed but list of changes
is in git commit log of aardvark-dns.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Bump nginx to new 1.25.0 release.
Changes:
*) Feature: experimental HTTP/3 support.
Every patch automatically refreshed.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fix some problem with migration of uci conf template and include of
module.d directive.
Fix 2 case:
- uci.conf.template not versioned but with the include module.d
resulting in double include module.d
- uci.conf.template version 1.1 with the include module.d at the end
of the config. This is problematic for nginx as modules must be
included before any http directive.
Handle this 2 case to restore a working uci.conf.template configuration
on migrated config.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bump uci conf template version to 1.2 to sync with nginx version
handling some migration problem.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It's not possible to configure custom Transmission web home as corresponding
env var gets overwritten by the command that sets CA bundle env var.
Signed-off-by: Leonid Bogdanov <leonidbogdanov86@gmail.com>
In f8a8b71e26 openvpn introduced new hotplug events.
For server config, ipchange hotplug event produces an error.
So, make ipchange hotplug event for client only
Fixes https://github.com/openwrt/packages/issues/21200
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Update crowdsec to latest upstream release version 1.5.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Description: update to latest version of upstream
* Optionally auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the
monitored suspicious IP, set 'ban_autoblocksubnet' accordingly (disabled by default).
For more information regarding RDAP see
https://www.ripe.net/manage-ips-and-asns/db/registration-data-access-protocol-rdap for reference.
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
speedtestcpp is a fork of Taganaka's speedtest, rewritten.
It has some improvements such as
- interactive result show
- use server recommended profiles, which makes it faster (can be disabled)
- and more..
It also provides it's functions in shared and static libraries
and offers development headers for integrating speedtest to
features to another projects.
This commit replaces speedtestpp since this fork has
all the same features + more.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Make modules follow a naming convention, which enables:
1. Inline ADDITIONAL_MODULES into CONFIGURE_ARGS
2. Consolidate some parts of Quilt and Download for each module into
BuildModule
Signed-off-by: Glen Huang <me@glenhuang.com>
[ fix conflict error ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
OpenWrt core has a package called ustp which is an OpenWrt adaptation (from
mstpd) for OpenWrt (using libubox, libubus, etc).
No sense in keeping mstpd anymore.
We can just update ustp.
Also, if mstpd has any updates, they can be ported over to ustp too.
Abandoned PR:
https://github.com/openwrt/packages-abandoned/pull/30
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* update to a new upstream commit, fixes#19366
* update patches/010-cmakelists-remove-cflags.patch as upstream file was update
* remove patches/020-cmakelists-add-version.patch as version is now set elsewhere
* add patches/020-src-options.c-add-version.patch to set the version information
* adjust PROCD START time to 95
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This version includes support for Python 3.11.
This also:
* Updates Build/Compile to only build selected subpackages.
* Removes the submenu in menuconfig; there are too few subpackages to
justify the extra complexity.
Fixes: https://github.com/openwrt/packages/issues/21163
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
and also fix build error:
Package ocserv is missing dependencies for the following libraries:
liboath.so.0
Signed-off-by: Thlv Alivs <zgmzzzz18@gmail.com>
Without it, nginx could complain about incompatible dynamic modules
Signed-off-by: Glen Huang <me@glenhuang.com>
[ fix conflict error on cherry-pick ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Introduce support for migration of old uci conf template to new version.
Uci conf template are saved in config backup. This cause problem on config
restore as old config template might have compatibility problem with new
nginx implementation.
Add logic to migrate the template script at runtime to correctly align
to latest change from nginx and nginx-util.
Fixes: 65a676ed56 ("nginx: introduce support for dynamic modules")
Fixes: #20904
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add versioning to UCI conf template as a commented version.
This permits the introduction of migration script since the template is
saved and restored config restore. The migration script are handled by
nginx init.d script.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
OpenVPN supports more hooks than just 'up' and 'down'. Especially
reacting to 'route-up' and 'route-pre-down' events could be important.
When routing table changes, it can make sense to adapt firewall, run
some tests or change even more routes. This change passes those events
to hotplug, so it is easy to react to them without changing
configuration files provided by VPN provider.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Allows user to provide a token for Cloudflare tunnel.
When provided along with credentials, this will take precedence.
Signed-off-by: Scott McKenzie <scott@noizyland.net>
If the build host has the Go compiler installed, then configure will
detect this and will try to compile gensio's Go support, leading to a
build failure.
This disables Go support entirely to fix this build failure.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Update crowdsec to latest upstream release version 1.5.1
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Description: update to latest version of upstream
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
keylength, being an acme.sh value type, uses pure numbers for rsa keys.
This can be disorienting for other acme clients. This change introduces
a new option "key_type" that aims to remove this ambiguity, and makes
all key type names follow the same pattern, making acme-common more
client agnostic.
Signed-off-by: Glen Huang <me@glenhuang.com>
_LARGEFILE64_SOURCE has to be defined in the source, or CFLAGS can be used
to pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Fixes errors in the form of:
Building targets
github.com/mattn/go-sqlite3
sqlite3-binding.c:35901:42: error: 'pread64' undeclared here (not in a function); did you mean 'pread'?
35901 | { "pread64", (sqlite3_syscall_ptr)pread64, 0 },
| ^~~~~~~
| pread
sqlite3-binding.c:35919:42: error: 'pwrite64' undeclared here (not in a function); did you mean 'pwrite'?
35919 | { "pwrite64", (sqlite3_syscall_ptr)pwrite64, 0 },
| ^~~~~~~~
| pwrite
sqlite3-binding.c: In function 'seekAndRead':
sqlite3-binding.c:35905:49: error: unknown type name 'off64_t'; did you mean 'off_t'?
35905 | #define osPread64 ((ssize_t(*)(int,void*,size_t,off64_t))aSyscall[10].pCurrent)
| ^~~~~~~
sqlite3-binding.c:38767:11: note: in expansion of macro 'osPread64'
38767 | got = osPread64(id->h, pBuf, cnt, offset);
| ^~~~~~~~~
sqlite3-binding.c:35905:58: error: expected ')' before 'aSyscall'
35905 | #define osPread64 ((ssize_t(*)(int,void*,size_t,off64_t))aSyscall[10].pCurrent)
| ~ ^~~~~~~~
sqlite3-binding.c:38767:11: note: in expansion of macro 'osPread64'
38767 | got = osPread64(id->h, pBuf, cnt, offset);
| ^~~~~~~~~
sqlite3-binding.c: In function 'seekAndWriteFd':
sqlite3-binding.c:35923:57: error: unknown type name 'off64_t'; did you mean 'off_t'?
35923 | #define osPwrite64 ((ssize_t(*)(int,const void*,size_t,off64_t))\
| ^~~~~~~
sqlite3-binding.c:38896:17: note: in expansion of macro 'osPwrite64'
38896 | do{ rc = (int)osPwrite64(fd, pBuf, nBuf, iOff);}while( rc<0 && errno==EINTR);
| ^~~~~~~~~~
sqlite3-binding.c:35924:21: error: expected ')' before 'aSyscall'
35924 | aSyscall[13].pCurrent)
| ^~~~~~~~
sqlite3-binding.c:38896:17: note: in expansion of macro 'osPwrite64'
38896 | do{ rc = (int)osPwrite64(fd, pBuf, nBuf, iOff);}while( rc<0 && errno==EINTR);
| ^~~~~~~~~~
sqlite3-binding.c:35923:21: note: to match this '('
35923 | #define osPwrite64 ((ssize_t(*)(int,const void*,size_t,off64_t))\
| ^
sqlite3-binding.c:38896:17: note: in expansion of macro 'osPwrite64'
38896 | do{ rc = (int)osPwrite64(fd, pBuf, nBuf, iOff);}while( rc<0 && errno==EINTR);
| ^~~~~~~~~~
make[2]: *** [Makefile:153: /home/nick/openwrt/build_dir/target-aarch64_cortex-a53_musl/crowdsec-1.4.6/.built] Error 1
make[2]: Leaving directory '/home/nick/openwrt/feeds/packages/net/crowdsec'
Signed-off-by: Nick Hainke <vincent@systemli.org>
ACME clients shouldn't deal with deprecated values. They should be
processed by acme-common.
Reformatting is done by shfmt.
Signed-off-by: Glen Huang <me@glenhuang.com>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
OpenSSH 9.1p1 removed remaining dependencies and stopped linking sftp,
sftp-server and scp against libcrypto or libz. This change moves those
package dependencies from the default to those that still need them.
In particular, this will allow sftp-server to be installed for use with
Dropbear without needing to install zlib or openssl.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
fa35c29 Xtables-addons 3.24
9db4d8d DHCPMAC: resolve cppcheck warnings
4599c30 ipv4options: resolve cppcheck warnings
5a714b6 geoip: set autoflush on stdout
f16ed5c geoip: Use stdout for output and stderr for errors/diag
a711985 build: resolve compiler warnings with gcc-13
97181e3 doc, src: improve spelling
30ddb4f doc, src: improve spelling
f3f8155 xt_geoip: bump number of territories per rule
e426ad9 Xtables-addons 3.23
51761c3 build: support for Linux 6.2
409cb5a build: replace `AC_DISABLE_STATIC` macro with an argument to `LT_INIT`
0454ff6 build: replace obsolete `AC_PROG_LIBTOOL` macro with `LT_INIT`
5b3fae8 Xtables-addons 3.22
71396f9 build: support for Linux 6.1
7ad55ad build: eliminate geoip/ make recursion
b950dae build: fix failure to recurse into asn/
cd77880 xt_asn: new module
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
[ add changelog from 3.21 to 3.24 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Use kcalloc and remove conflicting #include <stdarg.h> to fix
the following build warnings treated as errors since b2d1eb7:
error: ISO C90 forbids variable length array 'buf' [-Werror=vla]
error: "va_start" redefined [-Werror]
error: "va_arg" redefined [-Werror]
error: "va_copy" redefined [-Werror]
getstr(s)==NULL is always false
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/byte_array.c: In function 'byte_array_to_string':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/byte_array.c:110:9: error: ISO C90 forbids variable length array 'buf' [-Werror=vla]
110 | uint8_t buf[(array->length * 3) + 255];
| ^~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/byte_array.c:112:9: error: ISO C90 forbids variable length array 'res' [-Werror=vla]
112 | char res[255 + (array->length * 3)]; /* make sure the buffer is big enough*/
| ^~~~
cc1: all warnings being treated as errors
In file included from ./include/linux/string.h:9,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/include/string.h:1,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/ldebug.c:10:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
CC [M] /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lstrlib.o
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/ldebug.c:8:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
CC [M] /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/ltable.o
In file included from ./include/linux/kernel.h:5,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/luaconf.h:16,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:15,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/ldump.c:12:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:12:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
In file included from ./include/linux/kernel.h:5,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/luaconf.h:16,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:15,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lfunc.c:13:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:12:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
In file included from ./include/linux/kernel.h:5,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/luaconf.h:16,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:15,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lmem.c:13:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:12:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
In file included from ./include/linux/kernel.h:5,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/include/stdio.h:1,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lobject.c:10:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lobject.c:7:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
In file included from ./include/linux/kernel.h:5,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/luaconf.h:16,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:15,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/llimits.h:12,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lopcodes.h:10,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lopcodes.c:11:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:12:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
In file included from ./include/linux/kernel.h:5,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/luaconf.h:16,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:15,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lstate.c:13:
./include/linux/stdarg.h:6: error: "va_start" redefined [-Werror]
6 | #define va_start(v, l) __builtin_va_start(v, l)
|
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/lua.h:12:
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:47: note: this is the location of the previous definition
47 | #define va_start(v,l) __builtin_va_start(v,l)
|
./include/linux/stdarg.h:8: error: "va_arg" redefined [-Werror]
8 | #define va_arg(v, T) __builtin_va_arg(v, T)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:49: note: this is the location of the previous definition
49 | #define va_arg(v,l) __builtin_va_arg(v,l)
|
./include/linux/stdarg.h:9: error: "va_copy" redefined [-Werror]
9 | #define va_copy(d, s) __builtin_va_copy(d, s)
|
/home/ansuel/openwrt-ansuel/openwrt/staging_dir/toolchain-aarch64_cortex-a53_gcc-12.2.0_musl/lib/gcc/aarch64-openwrt-linux-musl/12.2.0/include/stdarg.h:52: note: this is the location of the previous definition
52 | #define va_copy(d,s) __builtin_va_copy(d,s)
|
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/ldump.c: In function 'DumpString':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/xtables-addons-3.21/extensions/LUA/lua/ldump.c:63:26: error: the comparison will always evaluate as 'false' for the pointer operand in 's + 24' must not be NULL [-Werror=address]
63 | if (s==NULL || getstr(s)==NULL)
| ^~
cc1: all warnings being treated as errors
Fixes: #20993Fixes: #21006
Co-developed-by: Chen Minqiang <ptpt52@gmail.com>
Co-developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
aardvark-dns is companion for netavark, recent cni replacement on podman
git version used instead of release, to maintain maximal compatibility
with netavark, also using git version.
Description:
Aardvark-dns is an authoritative dns server for A/AAAA container records.
It can forward other requests to configured resolvers.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
podman is moving from cni to netavark. Netavark supports currently
only iptables, so I was in touch some time ago with mainstream
maintainer and provided a "none" firewall driver - to make it possible
to use netavark without firewalling features. Driver cannot be selected
at this time without environment variable that selects it, so I made
a config file for openwrt and a wrapper script that takes advantage of
it.
Available options are iptables, nftables and none - but selecting
nftables just tells user that nftables isn't yet supported.
firewall "none" driver is not yet included in release, so that's why
we use git version instead. I chose latest commit instead of commit
with none driver.
Description:
Netavark is a rust based network stack for containers.
It is being designed to work with Podman but is also applicable for other OCI container management applications.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fix compilation warning for stack limit and variable length array.
Fix compilation warning:
CC [M] /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/siit-1.2/siit.o
../siit-1.2/siit.c: In function 'ip4_fragment':
../siit-1.2/siit.c:988:9: error: ISO C90 forbids variable length array 'buff' [-Werror=vla]
988 | char buff[FRAG_BUFF_SIZE+hdr_len]; /* buffer to form new fragment packet */
| ^~~~
../siit-1.2/siit.c: In function 'siit_xmit':
../siit-1.2/siit.c:1359:1: error: the frame size of 2144 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
1359 | }
| ^
cc1: all warnings being treated as errors
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
wolfssl has been the base TLS library in openwrt since 21.02
mbedtls will once again be the base TLS library in openwrt 23.??
Default to mbedtls for digest functions in lighttpd
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
The next version of lighttpd will move HTTP/2 support from the lighttpd
base executable into a separate module: mod_h2
Include patch to do so now, and update packaging to handle it.
HTTP/2 support is enabled by default since lighttpd 1.4.59, but if
HTTP/2 support is explicitly disabled in the configuration, then mod_h2
will not be loaded, thereby reducing lighttpd memory use.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
wolfssl has been a base TLS library in openwrt since 21.02
Default to wolfssl instead of Nettle for digest functions in lighttpd
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* made the fetch utility function/autodetection more bullet proof
* no longer add suspicious IPs to the local blocklist when the nft set timeout has been set
* restructure internal functions & small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add missing space in str_contains
* unquote variable to make sure IPv6 rotues are added
* add IPv6 routes display to status output in nft mode
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Function start_service() is called whenever service may need reloading.
If SMB server is not running it could be simply because it has been
stopped. Reloading service in such case is not an error so:
1. Don't log error as it isn't one
2. Don't exit with error code as it was confusing procd
This change fixes scenario like:
/etc/init.d/ksmbd stop
/etc/init.d/wsdd2 reload
(previously above wasn't stopping wsdd2)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Set the score value to the maximum value when the connected function is
called. The same happens with a disconnected event, the score value is
there set to zero.
Suggested-by: Anna Tikhomirova <vamp@vampik.ru>
Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Refactoring the score handling, so that only one action could take place
during run. The behaviour should be more comprehensible, since several
score actions are not processed at the same time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* use shared memory to store output data
* add family option to firewall json objects, due to reports that IPv6 hijacking
doesn't work without explicit family declaration
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* add support for external allowlist URLs to reference additional IPv4/IPv6 feeds, set 'ban_allowurl' accordingly
* make download retries in case of an error configurable, set 'ban_fetchretry' accordingly (default 5)
* small fixes
* readme update
* LuCI update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix compilation error for stream module not converted to use the PACKAGE
config flag and a missing required dependency for the DAV ext module.
Drop additional config for STREAM module since they are now included and
built by default.
Fixes: 65a676ed56 ("nginx: introduce support for dynamic modules")
Fixes: #20906
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* add housekeeping to the autoallow function, only the current uplink will be held
* fix small issues
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Addition of routes to mwan3_connected ipset is broken. The ipset name was
changed from mwan3_connected_v4/6 to mwan3_connected_ipv4/6, but this
change was not reflected in mwan3rtmon.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Addition of iptables rules for mwan3 sticky rules is broken, resulting
in non-working sticky rules. The required parameters for the function
'mwan3_set_sticky_iptables' were passed in the wrong order.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
* Quoting function arguments
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* add the option 'ban_autoallowuplink' to limit the uplink autoallow function: 'subnet' (default), 'ip' or 'disable'
Signed-off-by: Dirk Brenken <dev@brenken.org>
*** MAKEFILE ***
* remove libubus dependency as it was causing issues
https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318
* move firewall hotplug directory/file creation out of default section into
pbr and pbr-iptables packages sections in preparation for dropping it from pbr
* fix no new line after output when uninstalling packages
*** UCI-DEFAULTS ***
* only add firewall include to firewall config if the include file exists
* add shellcheck exception to netifd uci-defaults file
*** SCRIPTS ***
* more informative logging for firewall and iface hotplug scripts
* more informative logging for firewall include script
*** SERVICE ***
* introduce lock-file to prevent package starting on external events if it hasn't
been auto- or manually started before
* use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02
* parse firewall WAN zone to append list of interfaces
* append error and warning "arrays" with new messages
* used shared memory to store the service output/logging messages
* improve is_ovpn function to filter out false positives when interface names started
with `tun`
* introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config
matches the device name in network config
* introduce opkg_get_version to compare versions of principal and luci packages
* better code to obtain AdGuardHome version with betas installed
* optimize code and add better logging for errors when inserting policies with iptables
* optimize code and add better logging for errors when inserting policies with nft
* bugfix: insert policies in all specified protocols
* bugfix: support using physical devices in policies in nft mode
* bugfix: use iptPrefix, not nftPrefix in iptables commands
* implement Tor support in nft mode
* bugfix: fix spelling for User File Syntax error
* restart service fully (instead of quick reload) for OpenVPN interface events, as
the order/number of supported interfaces
* more verbose output (showing handles) of status in nft mode
* improve `icmp_interface`, `ignored_interface`, `supported_interface` validation
regexes
* improve `interface`, validation regex
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Rename nginx-all-module to nginx-full to follow pattern used by other
package and other projects.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Update lua module to latest openrestry version. Additional config are
required to correctly use it.
Switch it to luajit from liblua as this is what is currently supported
for the module since plain lua support was dropped from the module.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Start building sub package that provide dynamic modules.
Each module needs to be loaded using load_modules.
Refer to nginx documentation on how to use this.
This should result in lower memory usage as only used module are loaded.
Also fix the uci-default scripts to add the required ubus module for
luci module.
-fvisibility=hidden is needed to be dropped to correctly support loading
dynamic modules.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add support for loading dynamic module in uci template by adding .module
file in module.d directory.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
opkg runs uci-defaults if a package installs one, in acme-common's case
that's identical to postinst.
prerm shouldn't be run a image builder, so it's unnecessary to check
IPKG_INSTROOT
Signed-off-by: Glen Huang <me@glenhuang.com>
This fixes "permission denied" error when access files as a normal user.
Reported-by: Anya Lin <hukk1996@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The root user is usually the user that clients ssh into with, so in most
cases its authorized_keys determines what clients are allowed to ssh
into this device. Without preserving this file, they could potentially
be locked out after upgrading.
Signed-off-by: Glen Huang <me@glenhuang.com>
Without these charon will warn with messages like:
plugin 'kdf': failed to load - kdf_plugin_create not found and no plugin file available
plugin 'drbg': failed to load - drbg_plugin_create not found and no plugin file available
Signed-off-by: Glen Huang <me@glenhuang.com>
This package requires poetry to build using the new Python build process
but poetry is not available, so force the old build process for now.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This package isn't compatible with the new Python build process yet, so
force the old build process for now.
This also adds a call to Py3Build/Install, for when the new build
process can be used.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Without nonce, charon won't start, so it's not an optional plugin. I
asked one of the strongSwan maintainers (ecdsa), and he confirmed this:
> It definitely has to be enabled unconditionally. The only other
> provider for the NONCE_GEN plugin feature is in charon-tkm, so
> completely irrelevant on OpenWrt
Signed-off-by: Glen Huang <me@glenhuang.com>
* add support for a custom feeds file (/etc/banip/banip.custom.feeds). Add new or edit existing banIP feeds on your own with the integrated custom feed editor (LuCI-component
* add a new option 'ban_blockpolicy' to overrule the default bblock policy (block all chains), see readme for details
* change the feed file format and add a new ipthreat feed, see readme
* refine (debug) logging
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Split DAV_EXT from standard nginx DAV config as additional WebDAV
methods are provided by an external module.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add push external module. This is very useful for an IRC Bounder as this
module permits to register various services and receive a push
notification on the registered service.
One example is attaching a telegram bot and receive notification on your
phone when an user tags you in one of the connected channels.
Bump and drop AUTORELEASE from PKG_RELEASE since we are adding a new
module.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
We currently inclde the playback external module with a separate patch.
This is ugly and can be better handled.
Add required changes to download the external module from his own github
repository. Then create a link in the znc modules to reference the cpp
source.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
See commit 07730ff3 "treewide: add support for "lto" in PKG_BUILD_FLAGS"
on the main repository.
Note: Some packages only added `-flto` to CFLAGS and not LDFLAGS. This
fixes it and properly enables LTO.
Signed-off-by: Andre Heider <a.heider@gmail.com>
See commit da370098 "treewide: add support for "gc-sections" in
PKG_BUILD_FLAGS" on the main repository.
Note: This only touches packages which use all three parts
(-ffunction-sections, -fdata-sections and -Wl,--gc-sections) enabled by
this build flag. Some packages only use a subset, and these are left
unchanged for now.
Signed-off-by: Andre Heider <a.heider@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* add the new init command 'lookup', to lookup the IPs of domain names in the local lists and update them
* significant acceleration of the domain lookup function
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* curl_additional_param: to pass additional parameters (like proxy) to curl
* compressed_cache_dir: where to store compressed cache in non-volitile memory
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This adds the respondd package, a protocol used primarily with Freifunk
and the Gluon mesh-framework for collecting statistics.
For more information, see the project readme.
Ref: https://github.com/freifunk-gluon/respondd/
Tested: mpc85xx-p1020 / mediatek-filogic
Signed-off-by: David Bauer <mail@david-bauer.net>
The host build replaces the use of the host pip requirements file. This
also updates the dependants of setuptools-scm to depend on the host
build.
This also removes the toml host pip requirements file as toml is not
used by any other package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* fixed missing version number when installed as separate package (not in build)
* fixed cornercase init and mailing issues
* sorted Country list by country names ascending
* fixed some shellcheck findings
Signed-off-by: Dirk Brenken <dev@brenken.org>
The commands in the function 'stop_service' do not stop the service.
Rather, they are commands that are to be executed when the service has
already been stopped. By renaming the function, the commands are now
executed after the service has been stopped.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Release Notes
Management
- Introduce a new ACL engine based on Rego (Open Policy Agent) for firewall control
- Personal access tokens generation as a first iteration toward public API release
- Add Keycloak support as an IDP manager
Agent
- Introduce a Firewall interface to apply granular access control (e.g., connection direction, port, or protocol level)
- Make the agent run on Android (mobile support)
Changelog
- Feat rego default policy
- Don't drop Rules from file storage after migration to Policies
- Add version info command to signal server
- Feat firewall controller interface
- Adding Personal Access Token generation
- Exchange proxy mode via signal
- Fix connstate indication
- Mobile
- PAT persistence
- Add Keycloak Idp Manager
- Adjustments for the change server flow
- Disable peer expiration of peers added with setup keys
- Add JWT middleware validation failure log
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
- Update haproxy PKG_VERSION and PKG_HASH
- This release includes a fix for an OOB write. The official notes
do not list a CVE entry but I guess there is a chance for
security implications
- See changes: http://git.haproxy.org/?p=haproxy-2.6.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
* raise max. timeouts from 10 to 30 seconds to stabilize the autodetection on slow hardware
* made interface trigger action configurable, set 'ban_triggeraction' accordingly (default: 'start')
* made E-Mail notifications configurable to receive status E-Mais with every banIP run,
set 'ban_mailnotification' accordingly (default: disabled)
* small fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix cornercase issue with duplicate entries in black- and whitelist
* change cpbl source URL
* firewall redirects now blocks IPv4 and IPv6 (set family to "any")
Signed-off-by: Dirk Brenken <dev@brenken.org>
We need the host build of swig only.
And the binding uses libgensiocpp - not the plain
C library, so fix the dependency.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
zerotier as default has executable stack.
[ 11.343143] process '/usr/bin/zerotier-one' started with executable stack
executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.
Stack is executable on x86_64, but not on all archs, such as ramips.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
- changed Config.in to enable unix sockets support by default
- release number bumped
Description:
socket support is very handy when communicating with
various REST APIs.
Size increases are very small, nearly unnoticiable.
Tested-by: Stan Grishin <stangri@melmac.ca>
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* move network.sh and jshn.sh includes into load_validate_config function
to prevent errors when adding the package to image with the Image Builder
* add @bongochong compressed domains block-list to the config
Signed-off-by: Stan Grishin <stangri@melmac.ca>
- Explicitly request the C++11 standard (codebase is not C++17 compliant).
- Removed categories.json from conffiles -- it's not a configuration
file.
- Removed commented-out convenience git hash place-holder -- for some
reason it irritates people.
- Added radix header file to devel files.
- Removed redundant call to Build/Configure (not needed).
Co-authored-by: Tianling Shen <cnsztl@gmail.com>
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* fix the auto-detection for pppoe and 6in4 tunnel interfaces
* add the new 'ban_nftpolicy' option to expose the nft set policy, values: memory (default), performance
* add the new 'ban_nftlogevel' option to expose the nft syslog level, values: emerg, alert, crit, err, warn (default),
notice, info, debug, audit
* status optimizations
* logging optimizations
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Added `cgroupsns` to jail, otherwise you get this failure:
```
Mon Mar 6 14:46:05 2023 user.err : jail: Not using namespaces, capabilities or seccomp !!!
```
Error is here, seems to indicate that we're running a jail without using any capability.
https://lxr.openwrt.org/source/procd/jail/jail.c#L2847
Decided to use minimal effort approach
Signed-off-by: BackSlasher <nitz.raz@gmail.com>
simple protocol support script for netifd.
netifd protocol support for cni networks makes
defining network for podman and other similar
systems using cni networking much easier and simpler.
with cni protocol support, on a cni network, where firewall
and portmapper is disabled, you may control firewalling
with openwrt's standard firewall configuration.
for example, create a container that hosts web content on
port 80 with static ip on your cni network, if your
network is 10.88.0.0/16, use for eg. 10.88.0.101 as
your containers static ip address. Create a zone, cni
to your firewall and add your interface to it.
Now you can easily set up redirectiong to 10.88.0.101:80
to expose it's port 80 to wan for serving your website.
Protocol has only one setting: device, on podman this
often is cni-podman0. This protocol may also be used
on other equillavents, such as netavark (cni replacement
in podman), where device as default is podman0.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* update to 4.17.5
* changelog: https://www.samba.org/samba/history/samba-4.17.5
* refresh patch
* CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
* CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
* CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
* CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
This resolves errors logged during macOS TimeMachine backups.
https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
* major performance improvements: clean-up/optimize all nft calls
* add a new "ban_reportelements" option,
to disable the (time consuming) Set element count in the report (enabled by default)
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Currently compilation fails because of:
```
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
```
What's interesting package gets built but when trying to access UI there's
`404: page not found` error.
It has been reported in multiple places:
* https://github.com/AdguardTeam/AdGuardHome/issues/5559
* https://github.com/AdguardTeam/AdGuardHome/issues/4595
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Backport a pending PR to add nftables support.
Upstream PR: https://github.com/v2rayA/v2rayA/pull/805
As nftables merged ipv4/ipv6 support into a single command, so simply
enable ipv6 support by default.
While at it, backport a upstreamed fix for simple-obfs plugin.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* finalized the LuCI frontend preparation (this is the minmal version to use the forthcoming LuCI frontend)
* added a Set survey, to list all elements of a certain set
* changed the default logterm for asterisk
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Netbird is similar vpn service as tailscale and zerotier.
Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
These patches should not be backported to OpenWrt, otherwise tproxy
won't work for devices connected to br-lan (bypassed by the fw rules).
We have introduced a new compile-time flag for new version (which
is not released yet), but it's unnecessray to backport redudant
patches as here is still at the old version.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Also added patch that is from alpine's same package to assist building on musl.
Hostpkg build on musl also kept failing, so I added few more overrides, which
made it work perfectly.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* add oisdbig as new feed
* LuCI frontend preparation:
- the json feed file points always to /etc/banip/banip.feeds (and is no longer compressed)
- supply country list in /etc/banip/banip.countries
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
easydns.com has supported IPv6 for awhile now using
the same update URL as IPv4. This duplicates the IPv4
entry for IPv6 to enable support for it.
Signed-off-by: James Buren <braewoods+mgh@braewoods.net>
