* update to 2023-10-25 upstream version which fixes the crashes on logging on ath79
* remove no longer needed 030-src-logging.c-fix-crash.patch
* update 010-cmakelists-remove-cflags.patch to work with a new version
* update 020-src-options.c-add-version.patch to work with a new version
Signed-off-by: Stan Grishin <stangri@melmac.ca>
At mm_report_modem_wait a wait status is set. When attempting to report
an event (via hotplug or during startup) and the DBus is not yet available,
the status in the sysfs cache is set to 'processed' incorrectly, even
if mmcli fails.
This is fixed by aborting the operation and logging an error when
the kernel report fails.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
The mm_report_events_from_cache method is called during the startup and
informs the ModemManager of kernel events. Additionally, hotplug scripts
inform the ModemManager of kernel events. Processed events are stored in
the sysfs cache. It is possible for a hotplug script to write to the
sysfs cache while the mm_report_events_from_cache method is still waiting
for the ModemManager to be available on the bus during startup.
This could lead to a misbehavior where modems are not recognized.
To ensure a clean state on startup, the sysfs cache is cleared after the
ModemManager is available, ensuring reliable processing of kernel events.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
* various vpn/wireguard improvements & fixes
* improved compatibility with new netifd
* added open STA improvements by @brianjmurrell
* closes#22227#22288#22357
Signed-off-by: Dirk Brenken dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
* update service triggers so that procd_add_raw_trigger is only
executed on boot and not on other service actions
* remove outdated iface hotplug script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This plugin acts as a proxy that dynamically selects an EAP method that is
supported/preferred by the client. If the original EAP method initiated by
the plugin is rejected with an EAP-NAK message, it will select a different
method that is supported/requested by the client.
For example it is possible to configure eap-tls as preferred
authentication method for your connection while still allow eap-mschapv2.
Signed-off-by: Tarvi Pillessaar <tarvip@gmail.com>
This package is not maintained anymore in the OpenWrt packages feed
and since we updated Go to 1.21 version, it is not compiled either.
Let's hope that with removing this package from our feed,
someone will step it and become a maintainer to take care of this package.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* fix sed to properly purge allowed domains from block-lists
* ensure resolver is restarted on allow command
* reduce pause default/max in attempt to make it work with luci
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. For more details see:
https://www.samba.org/samba/history/samba-4.18.8.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
ipcalc.sh no longer outputs invalid ranges and fails with an error code in
such cases. React to the error.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
With #12925, 'BROADCAST' will no longer be set if there is no local
broadcast address (rather than holding the global broadcast address).
Prepare for the merge but stay compatible with the old version of ipcalc.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Changelog:
- Add Pagination for IdP Users Fetch by @bcmmbaga in #1210
- Rework peer connection status based on the update channel existence by @surik in #1213
- Fix nil pointer exception in group delete by @pappz in #1211
- Fix/key backup in config script by @pappz in #1206
Full changelog: https://github.com/netbirdio/netbird/compare/v0.23.8...v0.23.9
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Add pending patch fixing compilation error for missing pcre.h.
This is caused by a bug on their end by trying to add pcre.h even if we
are using the PCRE2 library.
Fixes: f0754531c4 ("nginx: move to PCRE2")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.
This also:
* Give cargo/x.py the build directory instead of having to change the
current directory (and opening subshells)
* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
the use of make's jobserver
[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This consolidates all environment variables for cargo into:
* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS
These contain all cargo-specific environment variables, i.e. without
"common" variables like CC.
* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)
These contain all environment variables to be passed to cargo.
This also:
* Set the CARGO_BUILD_TARGET environment variable instead of using the
--target command-line option
* Update Python include files to use CARGO_HOST_CONFIG_VARS /
CARGO_PKG_CONFIG_VARS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For detailed changes, see https://curl.se/changes.html#8_4_0
Switching to tar.bz2 for the time being as tar.xz is not yet available.
Fixes CVE-2023-38546 and CVE-2023-38545.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
The package should not only depend on a package dropbear but on the dbclient.
Otherwise the dbclient may be disabled during compilation and the dependency will be not satisfied.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
"Iran Hosted Domains" is a comprehensive list of Iranian domains and services that are hosted within the country.
Signed-off-by: Kaveh Dadgar <Kavehdadgar666@protonmail.com>
Changes to protocol file and it's description.
Works better now and restarts firewall automaticly
when tunnel comes available. More informative/guiding
description.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* Enable `with_ech` and `with_dhcp`, just like upstream
* See changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.5.2
Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: ShadowsocksR is marked as deprecated since v1.5.0
Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: remove dhcp by default
Signed-off-by: Leo Douglas <douglarek@gmail.com>
A user may have some host configured in the .ssh/config with user and port.
But we anyway have to specify them in the sshtunnel.
The change fixes this
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The dbclient doesn't support the -o StrictHostKeyChecking but it has it's own -y option:
-y Always accept remote host key if unknown
-y -y Don't perform any remote host key checking (caution)
So we can add these options to make the StrictHostKeyChecking working.
The dbclient will ignore -o StrictHostKeyChecking but use the -y or -yy instead.
The only problem is that the -y flag is also used by the openssh-client:
-y Send log information using the syslog(3) system module. By default this information is sent to stderr.
This is not critical and once the dbclient start to support the StrictHostKeyChecking we can remove the -y flag.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Without the option the ssh will propt a user to accept the host key.
So a user should perform a connection manualy and accept before useing the sshtunnel.
The accept-new is a reasonable trade off.
Also the LogLevel is INFO by default.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Simplify comment and make it shorter.
Remove triling tab after retrydelay.
Use a full path for IdentityFile because otherwise the uci validation fails with the relative path ~/.ssh
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The samples in the repo are useful for configuring cenrtain aspects of
ddns, and their inclusion is hinted at within their source code
Signed-off-by: Julian Grinblat <julian@dotcore.co.il>
This package does not receive any update since 2015. [1]
It seems unmaintained and most likely not used at all.
[1] https://gitweb.torproject.org/tor-fw-helper.git/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* drop packets silently on input and forwardwan chains or actively reject the traffic, set 'ban_blocktype' accordingly
* optimized banIP boot/reload handling
* removed pppoe quirk in device detection
* small fixes and optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
changelog:
- iptables: improve error when ip6?tables commands are missing
- docs: Convert markdown with go-md2man instead of mandown
- iptables: drop invalid packages
- bump rust edition to 2021
- Add ACCEPT rules in firewall for bridge network with internal dns
- Add vrf support for bridges
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
A lot of changes since previous packaged openwrt version of netbird,
changes available at: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Backport patch merged upstream for PCRE2 support and move package to
pcre2.
Also add an additional patch pending to fix linking both pcre and pcre2
if autotools detect both library. (aircrack-ng prefer pcre2 in presence
of both)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bump aircrack-ng to release 1.7
Changelog from [1]
Airdecap-ng: Endianness fixes
Airdecap-ng: Output PCAP as little endian
Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2
Airodump-ng: Updated encryption filter (-t/--encrypt) for WPA3 and OWE
Airodump-ng: Fixed out-of-order timestamp captures
Airodump-ng: Ignore NULL PMKID
Airodump-ng: Fixed dropping management frames with zeroed timestamp
Airodump-ng: Fixed sorting where sometimes it started with a different field
Airodump-ng: Allow setting colors only in AP selection mode
Airodump-ng: Fix crash on 4K Linux console
Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting 'o'
Airodump-ng: Allow use of WiFi 6E 6GHz frequencies
Airodump-ng: Look for oui.txt in /usr/share/hwdata
Airgraph-ng: Fixed graphviz package conflict
Airgraph-ng: Fixed downloading OUI with python3
Airgraph-ng: Ensure support/ directory is created when installing
Aircrack-ng: Fixed static compilation
Aircrack-ng: Fix handshake replay counter logic
Aircrack-ng: Handle timeout when parsing EAPOL
Aircrack-ng: Fixed WEP display
Aircrack-ng: Fixed spurious EXIT messages
Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state
Aircrack-ng: Ignore NULL PMKID
Aircrack-ng: Added Apple M1 detection
Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver
Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth
Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number
Airmon-ng: Fix avahi killing
Airmon-ng: rewrite service stopping entirely
Airmon-ng: Codestyle fixes and code cleanup
Airmon-ng: Added a few Raspberry Pi hardware revisions
Airmon-ng: Fixes for 8812au driver
Airmon-ng: Fix iwlwifi firmware formatting
Airmon-ng: Remove broken KVM detection
Airmon-ng: Show regdomain in verbose mode
Airmon-ng: Updated Raspberry Pi hardware revisions
Airmon-ng: Document frequency usage
Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface
Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4
Airmon-ng: shellcheck fixes
Airmon-ng: support systemctl as some systems don't support 'service' anymore
Airmon-ng: Fixes for pciutils 3.8, backward compatible
Airbase-ng: use enum for frame type/subtype
Airbase-ng: remove a few IE in association responses
Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode
OSdep: Search additional IE for channel information
OSdep: Android macro fixes
Patches: Add missing patches that were on https://patches.aircrack-ng.org but not in repo
Patches: Updated freeradius-wpe patch for v3.2.0
Patches: Updated hostapd-wpe patch for v2.10
Patches: Added docker containers to test WPE patches
Autotools: make dist now creates VERSION file
Autotools: Added maintainer mode
Autotools: Initial support for Link Time Optimization (LTO) builds
Integration tests: Added a new test, and improved some existing ones
Airgraph-ng: switch airodump-join to Python 3
Manpages: Fixes (typos, tools name, etc.) and improvements
README: Updated dependencies and their installation on various distros in README.md and INSTALLING
README: Fixed typos and spelling in README.md and INSTALLING
Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE)
General: Fix compilation with LibreSSL 3.5
General: Fix issues reported by Infer
General: Updated buildbots
General: Add Linux uclibc support
General: Compilation fixes on macOS with the Apple M1 CPU
General: Removed TravisCI and AppVeyor
General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio)
General: Added vscode devcontainer and documentation
General: Fix warnings from PVS-Studio and build with pedantic (See PR2174)
General: Shell script fixes thanks to shellcheck
General: Fixes for GCC 10 and 11
General: Fixed cross-compilation
General: Code refactoring, deduplication, cleanup, and misc code improvements
General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues
General: PVS Studio improvements,fixes and updates
General: Code formatting/style fixes
General: Various fixes and improvements (code, CI, integration tests, coverity)
General: Update bug reporting template and update the process
[1] https://aircrack-ng.blogspot.com/2022/05/aircrack-ng-17.html
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add upstream patch adding support for pcre2 and update dependency to
require libpcre2 instead of libpcre.
--with-pcre2-8 is now needed to exclude support for pcre and only
require pcre2 as net-snmp still use and try to use pcre by default.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This package is no longer maintained in OpenWrt even though it is maintained by upstream.
The last update was done in August 2016 and because we have 2023, drop this package
without replacement.
If anyone from the community wants to step in and retake the maintainership together with the update,
feel free to do it.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Fixes CVEs:
CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.
CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
From release notes:
"This release is the first of our regular quarterly releases.
It includes a new feature (multi-domain synchronization for phc2sys)
and several minor bug fixes. Users are encouraged to upgrade."
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@westermo.com>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
,,_ -*> Snort++ <*-
o" )~ Version 3.1.71.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.12
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.11 19 Sep 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.2.13
Using Hyperscan version 5.4.2 2023-09-23
Signed-off-by: John Audia <therealgraysky@proton.me>
The PKG_RELEASE was not incremented during the last merge, the commit shows
that it is incremented by one, but this was already done during the last
change. Very strange. Hence this commit which increments PKG_RELEASE by
one.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
opkg requires monotonically increasing version numbers to know which
version of a package is newer. As git commit IDs do not satisfy this
condition, PKG_SOURCE_DATE must be set to the date of the referenced
commit, resulting in the complete version number '2021-03-08-4f72b305-1'.
As the source date also becomes part of the paths inside the download
archive, the source hash must be updated as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* bugfix: better detect ABP lists
* update Makefile with BUSYBOX features dependencies
* update the type of dnsmasq_instance setting
* add error message when file type can't be detected
* add reporting when file type can't be detected
* bugfix: include URL on errors related to URL processing/parsing
* rename resolver function to resolver_config to better reflect its use
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Update crowdsec to latest upstream release version 1.5.4
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space
Description: update to latest version of upstream
The openvswitch build trips over a number of warnings during the
manpage-check step if groff 1.23 is installed on the build host,
resulting in a failed build.
As this check is optional, and we don't even install the manpages, simply
override the groff configure check to never detect groff.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Move nginx to PCRE2 now that lua modules supports it.
nginx ebaled PCRE2 by default so we simply revert the config to revert
it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add nginx-mod-lua-resty-core and nginx-mod-lua-resty-lrucache new module
required for the lua module to correctly works.
The module are based on luajit2 from Openresty.
Signed-off-by: Javier Marcet <javier@marcet.info>
[ improve commit description/tile and fix redundant dependency ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bug Fixes
- Fixed mbedTLS crashes and TLS handshake errors when the nDPI-bundled libgcrypt "lite" version conflicts with the system version (via libcurl).
- Fixed linking order issue with libini.
- Fixed non-portable static linking warning with libndpi.
- Write flows to sockets regardless if "add_flows" is true.
- Fixed compilation error if _DIRENT_HAVE_D_RECLEN isn't defined.
- Fixed Agent path.
- [OpenWrt] Switch to "grep -E" as "egrep" is deprecated.
- Fixed possible ndAddr crash: return a const reference for cached strings.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
The tracking and interface status was mixed up in the report. To fix
this, the interface status and the tracking status are now used
directly. The online, uptime and error information are appended to the
status line if needed. If certain routing tables and routing rules are
missing, the error number is also given.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The tracker state is not shown via ubus. Only if the tracker was in
active state, then the boolean running was set or not. By adding the
tracking state to the ubus information we could also evaluate the state
of the tracker. To remain compatible, the runnig flag of the tracker is
not removed, which in fact displays the same information, but only if
the tracker is in state 'active' or not.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The expression 'disabled' is more meaningful than 'not enabled' and can
therefore be better processed in the ubus output, since it is only one
word.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The function 'get_mwan3_status' is reading the internal state from the
tracker via the status file. Do not use the state 'notracking' status
anymore. If the mwan3track is not running always return 'unknown'
and not 'notracking'. There is already an other function that evaluates
the external state of the tracker.
We have now the following states of the tracker:
internal (mwan3track):
- offline
- online
- diconnecting
- connecting
- disabled
- unknown
external (via pgrep and config):
- paused
- active
- down
- not enabled
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This changes the default firewall method used by Tailscale to nftables.
The 'autodetection' mode is only supported by arm64 and amd64 for now[1].
This causes mips devices to not do proper detection and incorrectly default back to
iptables.
I added a fw_mode variable to the tailscale.conf file that could be
set to iptables for easy conversion for someone still using iptables.
I was able to test on an older mips device and my current aarch64
without issues.
Also a few readme updates to bring it up to the current status.
1. dc7aa98b76/util/linuxfw/linuxfw_unsupported.go (L4C58-L4C58)
Signed-off-by: Tyler Young <git@yfh.addy.io>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
,,_ -*> Snort++ <*-
o" )~ Version 3.1.70.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.12
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.10 1 Aug 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.2.13
Using Hyperscan version 5.4.2 2023-09-07
Signed-off-by: John Audia <therealgraysky@proton.me>
During the renameing of mwan3_connected_v4 to mwan3_connected_ipv4 and
mwan3_connected_v6 to mwan3_connected_ipv6 the adjustment in the ubus
call was forgotten. This commit fixes this.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
To begin with, there are only a couple of .conf files, and
one of them is for testing, and the other is only installed
when MBIM is enabled, so if you build without MBIM you'll
have a failing install:
install -m0644 /home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/ipkg-install/usr/share/ModemManager/*.conf /home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/.pkgdir/modemmanager/usr/share/ModemManager
install: cannot stat '/home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/ipkg-install/usr/share/ModemManager/*.conf': No such file or directory
make[2]: *** [Makefile:161: /home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/.pkgdir/modemmanager.installed] Error 1
make[2]: Leaving directory '/home/pprindeville/work/openwrt/feeds/packages/net/modemmanager'
So make sure there's anything there to copy over first.
Signed-off-by: Philip Prindeville <pprindeville@netgate.com>
Signed-off-by: Daniel Pinto <danielpinto8zz6@gmail.com>
desec.io ddns update is not working, after testing the endpoint I got a 301, after a bit of search I found out we are
supposed to use https instead of http
more info here: https://talk.desec.io/t/301-from-update-dedyn-io/644/2
bump PKG_RELEASE
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* fix dns resolution not working on boot
* add hotplug-online script
* reorganizes files/ and Makefile to reflect files destinations
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update jool to version 4.1.10 and remove a no longer needed patch.
There was also a need to backport a patch to fix compile in some archs.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Modified the code to correctly determine modem availability based on the
sysfs path provided in the 'device' option, instead of relying on the
'proto' value. This ensures proper configuration for custom-made protos
that do not match the "modemmanager" identifier.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
The proto_send_update function is sending a notification to netifd
during the teardown section. However, netifd filters link update
notifications executed during teardown, as indicated here:
https://git.openwrt.org/?p=project/netifd.git;a=blob;f=proto-shell.c#l515
This was leading to a Permission Denied error due to its behavior,
making proto_send_update ineffective during teardown.
To address the issue, the proto_send_update function has been removed
from the teardown section. This prevents the Permission Denied error
while ensuring proper operation during teardown.
Additionally, in the 10-report-down helper script, a check has been
implemented to determine if the interface is already down. This check
is crucial to avoid triggering a Permission Denied error, especially
in cases where netifd is already aware of a controlled ifdown operation.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
croc is a tool written in Go for sending files from one device to
another over the internet using a relay. It runs on multiple platforms,
provides end-to-end encryption and works without port forwarding and
fixed IP/DynDNS.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
* this package replaces simple-adblock package
* it was impossible to keep existing config structure and continue
improving the simple-adblock the way I wanted, hence the new
package name
* the migration script for existing simple-adblock config is included in
the uci-defaults file
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* remove firewall4.include file as it is not needed and procuces a firewall
error on service miniupnpd restart
* remove the uci-defaults file as its sole purpose was to install the
firewall include file
* modify the Makefile to reflect the deleted files
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This release breaks the noexit patch, because the code for removing old
now returns an error when no interfaces are configured. As it is run on
startup, the daemon exits in this case. To avoid this, add an additional
check so an error is only returned in an actual error case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes#2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes#2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Update the mdio-netlink kmod and userspace mdio-tools to version 1.3.0.
[v1.3.0] - 2023-07-24
---------------------
Primarily widen the gamut of supported kernel versions, now supporting
all kernels from 5.2 and onwards.
- mvls: Support for 88E6320/88E6321
- mdio-netlink: Adapt to the upstream C22/C45 refactor.
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
* quic-go v0.36.x cannot be compiled with Go 1.21. Update that
AdGuardHome dependency to latest one from v0.37 series.
* It fixes following compilation error:
go-mod-cache/github.com/quic-go/quic-go@v0.36.2/internal/qtls/go121.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet. For more details, please see https://github.
com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet.
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Everything is working on pure upstream code.
Patching is not longer needed.
Added entire /etc/tailscale/ directory to conffiles for persistent ssh
host key & https certificate across sysupgrades.
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Add new option to a config bridge section to indicate
if a bridge port added to the bridge should be isolated
or not. The default is 0 (no isolation).
example
config bridge
option interface 'br-mybridge1446'
option mtu '1446'
option isolate '1' # default '0'
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
In order to use the dbus interfaces via the command gdbus-codegen, the
xml files must be copied into the building staging directory, so that other
programmes can use them during compilation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fix validation for force_dns_port when missing in config
* fix validation for dns_instance when * or - are used
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Add a new package for the OpenThread Border Router. Comes with a netifd
protocol handler. See README.md for more information.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
v0.19.4:
- No changes
v0.19.3:
- We now detect MySQL's strange, version-dependent my_bool type on configure.
- Add pkg-config definitions for gnunet messenger.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
I've noticed my AppleTV's refresh their leases ever minute unless
I explicitly force their renewal time higher, because it doesn't
default to 50% of the lease time.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit updates openvpn to version 2.6.5 and add DCO support.
There are several changes:
- Starting with version 2.6.0, the sources are only provided as .tar.gz
file.
- removed OPENVPN_<variant>_ENABLE_MULTIHOME:
multihome support is always included and cannot be disabled anymore
with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_DEF_AUTH:
deferred auth support is always included and cannot be disabled
anymore with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_PF:
PF (packet filtering) support was removed in 2.6.x.
- The internal lz4 library was removed in 2.6.x; we now use the liblz4
package if needed
- To increase reproducibility, _DATE_ is only used for development
builds and not in release builds in 2.6.x.
- wolfSSL support was integrated into upstream openvpn
- DES support was removed from openvpn
The first two wolfSSL patches were created following these 2 commits:
4cf01c8e43028b501734
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The line to generate the argument list for 'simple connect' is quite
long and is not maintainable. To improve the handling a function
'append_param' was added for appending the 'simple connect' options.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Francisco Jose Alvarez <francisco.alvarez@galgus.net>
* Update commit head
* Rebase patch to the latest changes
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If on teardown the 'proto_notify_error' is set to 'MM_TEARDOWN_IN_PROGRESS',
then an error which is set on 'setup' is not visible in the ubus
network.interface.<iface> status output.
{
"up": false,
"pending": false,
"available": true,
"autostart": false,
"dynamic": false,
"proto": "modemmanager",
"data": {
},
"errors": [
{
"subsystem": "dualsim",
"code": "MM_TEARDOWN_IN_PROGRESS"
}
]
}
It alway shows the code 'MM_TEARDWON_IN_PROGRESS'!
By removing the line 'proto_notify_error "${interface}" MM_TEARDOWN_IN_PROGRESS'
in teardown, the last error is show in the proto stack from setup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The tag is now prefixed with v; update PKG_SOURCE_URL and PKG_BUILD_DIR
to reflect this.
Drop upstreamed patches. Refresh leftover patch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fix permission to dnsmasq files for ad-blocking
* add pause function to pause the ad-blocking temporarily
* introduce pause_timeout option to control default pause time
* update default config and config-update file
* use $param instead of $1 in adb_start()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Tor projects tries to migrate away from git.torproject.org [0,1]. We
need to adjust PKG_SOURCE and GO_PKG name. Further, we need to backport
patches to fix compiling on riscv64, so add:
- 0001-Bump-minimum-required-version-of-go.patch
- 0002-Update-dependencies.patch
Changelog:
2fa8fd9188
[0] - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86
[1] - 82cc0f38f7
Signed-off-by: Nick Hainke <vincent@systemli.org>
* supports allowing / blocking of certain VLAN forwards in segregated network environments,
set 'ban_vlanallow', ''ban_vlanblock' accordingly
* simplified the code/JSON to generate/parse the banIP status
* enclose nft related devices in quotation marks , e.g. to handle devices which starts with a number '10g-1'
* made the new vlan options available to LuCI (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This version includes support for Go 1.20 (specifically 1.20.5).
This also:
* Adds a workaround for musl 1.2.4 compatibility in mattn/go-sqlite3[1]
* Sets GO_PKG_BUILD_PKG to build the main binary (ooniprobe) only
* Updates the package license; the project was relicensed in 3.13.0[2]
[1]: https://github.com/mattn/go-sqlite3/issues/1164
[2]: https://github.com/ooni/probe-cli/pull/446
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* prevent superflous etag function calls during start action (on start backups will be used anyway)
* changed the ipthreat feed download URL (load a compressed file variant to save bandwidth)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added HTTP ETag or entity tag support to download only ressources that have been updated on the server side,
to save bandwith and speed up banIP reloads
* added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme)
* updated the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add new package to debug multicast setups. This is required to use
kselftests script for network testing.
net-mtools is used instead of mtools as it does conflicts with another
package that is also called mtools.
Some additional patch from Vladimir Oltean are added to make the tool
works on kernel selftests scripts.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
We currently have a more or less circular dependency with nginx ssl and
full variant.
FULL variant depends on every nginx module. Every nginx module depends
on nginx-ssl.
Since nginx-full depends on an nginx module, nginx-ssl is installed as
module depends on it and then the installation fails as nginx-full
conflicts with nginx-ssl.
nginx-full in it's meaning is nginx built with every config selected and
it should not have module as dependency. In fact an user should always
install them separetly as while other things, local modification to the
nginx config file are required to include the just installed module.
To fix this circular dependency problem, drop the dependency of every
nginx module for FULL variant.
Fixes: #21300
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit adds support for http/3. This is an experimental version
and isn't fully supported because nginx is being built with the regular
OpenSSL and the regular one doesn't support quic.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Update nginx to 1.25.1.
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[ improve commit title and add nginx changelog ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
