The package should not only depend on a package dropbear but on the dbclient.
Otherwise the dbclient may be disabled during compilation and the dependency will be not satisfied.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
"Iran Hosted Domains" is a comprehensive list of Iranian domains and services that are hosted within the country.
Signed-off-by: Kaveh Dadgar <Kavehdadgar666@protonmail.com>
Changes to protocol file and it's description.
Works better now and restarts firewall automaticly
when tunnel comes available. More informative/guiding
description.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* Enable `with_ech` and `with_dhcp`, just like upstream
* See changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.5.2
Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: ShadowsocksR is marked as deprecated since v1.5.0
Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: remove dhcp by default
Signed-off-by: Leo Douglas <douglarek@gmail.com>
A user may have some host configured in the .ssh/config with user and port.
But we anyway have to specify them in the sshtunnel.
The change fixes this
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The dbclient doesn't support the -o StrictHostKeyChecking but it has it's own -y option:
-y Always accept remote host key if unknown
-y -y Don't perform any remote host key checking (caution)
So we can add these options to make the StrictHostKeyChecking working.
The dbclient will ignore -o StrictHostKeyChecking but use the -y or -yy instead.
The only problem is that the -y flag is also used by the openssh-client:
-y Send log information using the syslog(3) system module. By default this information is sent to stderr.
This is not critical and once the dbclient start to support the StrictHostKeyChecking we can remove the -y flag.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Without the option the ssh will propt a user to accept the host key.
So a user should perform a connection manualy and accept before useing the sshtunnel.
The accept-new is a reasonable trade off.
Also the LogLevel is INFO by default.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Simplify comment and make it shorter.
Remove triling tab after retrydelay.
Use a full path for IdentityFile because otherwise the uci validation fails with the relative path ~/.ssh
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The samples in the repo are useful for configuring cenrtain aspects of
ddns, and their inclusion is hinted at within their source code
Signed-off-by: Julian Grinblat <julian@dotcore.co.il>
This package does not receive any update since 2015. [1]
It seems unmaintained and most likely not used at all.
[1] https://gitweb.torproject.org/tor-fw-helper.git/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* drop packets silently on input and forwardwan chains or actively reject the traffic, set 'ban_blocktype' accordingly
* optimized banIP boot/reload handling
* removed pppoe quirk in device detection
* small fixes and optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
changelog:
- iptables: improve error when ip6?tables commands are missing
- docs: Convert markdown with go-md2man instead of mandown
- iptables: drop invalid packages
- bump rust edition to 2021
- Add ACCEPT rules in firewall for bridge network with internal dns
- Add vrf support for bridges
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
A lot of changes since previous packaged openwrt version of netbird,
changes available at: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Backport patch merged upstream for PCRE2 support and move package to
pcre2.
Also add an additional patch pending to fix linking both pcre and pcre2
if autotools detect both library. (aircrack-ng prefer pcre2 in presence
of both)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bump aircrack-ng to release 1.7
Changelog from [1]
Airdecap-ng: Endianness fixes
Airdecap-ng: Output PCAP as little endian
Airodump-ng: Fixed blank encryption field when APs have TKIP (and/or CCMP) with WPA2
Airodump-ng: Updated encryption filter (-t/--encrypt) for WPA3 and OWE
Airodump-ng: Fixed out-of-order timestamp captures
Airodump-ng: Ignore NULL PMKID
Airodump-ng: Fixed dropping management frames with zeroed timestamp
Airodump-ng: Fixed sorting where sometimes it started with a different field
Airodump-ng: Allow setting colors only in AP selection mode
Airodump-ng: Fix crash on 4K Linux console
Airodump-ng: Fixed issue where existing clients not linked to an AP become hidden when hitting 'o'
Airodump-ng: Allow use of WiFi 6E 6GHz frequencies
Airodump-ng: Look for oui.txt in /usr/share/hwdata
Airgraph-ng: Fixed graphviz package conflict
Airgraph-ng: Fixed downloading OUI with python3
Airgraph-ng: Ensure support/ directory is created when installing
Aircrack-ng: Fixed static compilation
Aircrack-ng: Fix handshake replay counter logic
Aircrack-ng: Handle timeout when parsing EAPOL
Aircrack-ng: Fixed WEP display
Aircrack-ng: Fixed spurious EXIT messages
Aircrack-ng: Improved handshake selection by fixing EAPOL timing and clearing state
Aircrack-ng: Ignore NULL PMKID
Aircrack-ng: Added Apple M1 detection
Aireplay-ng: In test mode, detect tampering of sequence number by firmware/driver
Aireplay-ng: Fixed incorrectly rewritten loops affecting fragmentation attack, and in some cases, SKA fake auth
Aireplay-ng: Fixed a bunch of instances where packets had their duration updated instead of the sequence number
Airmon-ng: Fix avahi killing
Airmon-ng: rewrite service stopping entirely
Airmon-ng: Codestyle fixes and code cleanup
Airmon-ng: Added a few Raspberry Pi hardware revisions
Airmon-ng: Fixes for 8812au driver
Airmon-ng: Fix iwlwifi firmware formatting
Airmon-ng: Remove broken KVM detection
Airmon-ng: Show regdomain in verbose mode
Airmon-ng: Updated Raspberry Pi hardware revisions
Airmon-ng: Document frequency usage
Airmon-ng: Add a sleep to help predictable names due to udev sometimes renaming interface
Airmon-ng: Added warning for broken radiotap headers in kernel 5.15 to 5.15.4
Airmon-ng: shellcheck fixes
Airmon-ng: support systemctl as some systems don't support 'service' anymore
Airmon-ng: Fixes for pciutils 3.8, backward compatible
Airbase-ng: use enum for frame type/subtype
Airbase-ng: remove a few IE in association responses
Besside-ng: Support and detect all channels in 5GHz in Auto-Channel mode
OSdep: Search additional IE for channel information
OSdep: Android macro fixes
Patches: Add missing patches that were on https://patches.aircrack-ng.org but not in repo
Patches: Updated freeradius-wpe patch for v3.2.0
Patches: Updated hostapd-wpe patch for v2.10
Patches: Added docker containers to test WPE patches
Autotools: make dist now creates VERSION file
Autotools: Added maintainer mode
Autotools: Initial support for Link Time Optimization (LTO) builds
Integration tests: Added a new test, and improved some existing ones
Airgraph-ng: switch airodump-join to Python 3
Manpages: Fixes (typos, tools name, etc.) and improvements
README: Updated dependencies and their installation on various distros in README.md and INSTALLING
README: Fixed typos and spelling in README.md and INSTALLING
Packages: Packages on PackageCloud now support any distro using .deb and .rpm, however, it requires reinstalling repo (BREAKING CHANGE)
General: Fix compilation with LibreSSL 3.5
General: Fix issues reported by Infer
General: Updated buildbots
General: Add Linux uclibc support
General: Compilation fixes on macOS with the Apple M1 CPU
General: Removed TravisCI and AppVeyor
General: Use Github Actions for CI (Linux, Win, macOS, code style, and PVS-Studio)
General: Added vscode devcontainer and documentation
General: Fix warnings from PVS-Studio and build with pedantic (See PR2174)
General: Shell script fixes thanks to shellcheck
General: Fixes for GCC 10 and 11
General: Fixed cross-compilation
General: Code refactoring, deduplication, cleanup, and misc code improvements
General: Coverity Scan fixes, which includes memory leaks, race conditions, division by 0, and other issues
General: PVS Studio improvements,fixes and updates
General: Code formatting/style fixes
General: Various fixes and improvements (code, CI, integration tests, coverity)
General: Update bug reporting template and update the process
[1] https://aircrack-ng.blogspot.com/2022/05/aircrack-ng-17.html
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add upstream patch adding support for pcre2 and update dependency to
require libpcre2 instead of libpcre.
--with-pcre2-8 is now needed to exclude support for pcre and only
require pcre2 as net-snmp still use and try to use pcre by default.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This package is no longer maintained in OpenWrt even though it is maintained by upstream.
The last update was done in August 2016 and because we have 2023, drop this package
without replacement.
If anyone from the community wants to step in and retake the maintainership together with the update,
feel free to do it.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Fixes CVEs:
CVE-2023-3341 - Previously, sending a specially crafted message over the
control channel could cause the packet-parsing code to run out of available
stack memory, causing named to terminate unexpectedly.
CVE-2023-4236 - A flaw in the networking code handling DNS-over-TLS queries
could cause named to terminate unexpectedly due to an assertion failure under
significant DNS-over-TLS query load.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
From release notes:
"This release is the first of our regular quarterly releases.
It includes a new feature (multi-domain synchronization for phc2sys)
and several minor bug fixes. Users are encouraged to upgrade."
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@westermo.com>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
,,_ -*> Snort++ <*-
o" )~ Version 3.1.71.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.12
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.11 19 Sep 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.2.13
Using Hyperscan version 5.4.2 2023-09-23
Signed-off-by: John Audia <therealgraysky@proton.me>
The PKG_RELEASE was not incremented during the last merge, the commit shows
that it is incremented by one, but this was already done during the last
change. Very strange. Hence this commit which increments PKG_RELEASE by
one.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
opkg requires monotonically increasing version numbers to know which
version of a package is newer. As git commit IDs do not satisfy this
condition, PKG_SOURCE_DATE must be set to the date of the referenced
commit, resulting in the complete version number '2021-03-08-4f72b305-1'.
As the source date also becomes part of the paths inside the download
archive, the source hash must be updated as well.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* bugfix: better detect ABP lists
* update Makefile with BUSYBOX features dependencies
* update the type of dnsmasq_instance setting
* add error message when file type can't be detected
* add reporting when file type can't be detected
* bugfix: include URL on errors related to URL processing/parsing
* rename resolver function to resolver_config to better reflect its use
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
Update crowdsec to latest upstream release version 1.5.4
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Build tested: package build checked, no run test due to limited space
Description: update to latest version of upstream
The openvswitch build trips over a number of warnings during the
manpage-check step if groff 1.23 is installed on the build host,
resulting in a failed build.
As this check is optional, and we don't even install the manpages, simply
override the groff configure check to never detect groff.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Move nginx to PCRE2 now that lua modules supports it.
nginx ebaled PCRE2 by default so we simply revert the config to revert
it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add nginx-mod-lua-resty-core and nginx-mod-lua-resty-lrucache new module
required for the lua module to correctly works.
The module are based on luajit2 from Openresty.
Signed-off-by: Javier Marcet <javier@marcet.info>
[ improve commit description/tile and fix redundant dependency ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bug Fixes
- Fixed mbedTLS crashes and TLS handshake errors when the nDPI-bundled libgcrypt "lite" version conflicts with the system version (via libcurl).
- Fixed linking order issue with libini.
- Fixed non-portable static linking warning with libndpi.
- Write flows to sockets regardless if "add_flows" is true.
- Fixed compilation error if _DIRENT_HAVE_D_RECLEN isn't defined.
- Fixed Agent path.
- [OpenWrt] Switch to "grep -E" as "egrep" is deprecated.
- Fixed possible ndAddr crash: return a const reference for cached strings.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
The tracking and interface status was mixed up in the report. To fix
this, the interface status and the tracking status are now used
directly. The online, uptime and error information are appended to the
status line if needed. If certain routing tables and routing rules are
missing, the error number is also given.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The tracker state is not shown via ubus. Only if the tracker was in
active state, then the boolean running was set or not. By adding the
tracking state to the ubus information we could also evaluate the state
of the tracker. To remain compatible, the runnig flag of the tracker is
not removed, which in fact displays the same information, but only if
the tracker is in state 'active' or not.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The expression 'disabled' is more meaningful than 'not enabled' and can
therefore be better processed in the ubus output, since it is only one
word.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The function 'get_mwan3_status' is reading the internal state from the
tracker via the status file. Do not use the state 'notracking' status
anymore. If the mwan3track is not running always return 'unknown'
and not 'notracking'. There is already an other function that evaluates
the external state of the tracker.
We have now the following states of the tracker:
internal (mwan3track):
- offline
- online
- diconnecting
- connecting
- disabled
- unknown
external (via pgrep and config):
- paused
- active
- down
- not enabled
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This changes the default firewall method used by Tailscale to nftables.
The 'autodetection' mode is only supported by arm64 and amd64 for now[1].
This causes mips devices to not do proper detection and incorrectly default back to
iptables.
I added a fw_mode variable to the tailscale.conf file that could be
set to iptables for easy conversion for someone still using iptables.
I was able to test on an older mips device and my current aarch64
without issues.
Also a few readme updates to bring it up to the current status.
1. dc7aa98b76/util/linuxfw/linuxfw_unsupported.go (L4C58-L4C58)
Signed-off-by: Tyler Young <git@yfh.addy.io>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
,,_ -*> Snort++ <*-
o" )~ Version 3.1.70.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.12
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.10 1 Aug 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.2.13
Using Hyperscan version 5.4.2 2023-09-07
Signed-off-by: John Audia <therealgraysky@proton.me>
During the renameing of mwan3_connected_v4 to mwan3_connected_ipv4 and
mwan3_connected_v6 to mwan3_connected_ipv6 the adjustment in the ubus
call was forgotten. This commit fixes this.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
To begin with, there are only a couple of .conf files, and
one of them is for testing, and the other is only installed
when MBIM is enabled, so if you build without MBIM you'll
have a failing install:
install -m0644 /home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/ipkg-install/usr/share/ModemManager/*.conf /home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/.pkgdir/modemmanager/usr/share/ModemManager
install: cannot stat '/home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/ipkg-install/usr/share/ModemManager/*.conf': No such file or directory
make[2]: *** [Makefile:161: /home/pprindeville/work/openwrt/build_dir/target-x86_64_musl/modemmanager-1.20.6/.pkgdir/modemmanager.installed] Error 1
make[2]: Leaving directory '/home/pprindeville/work/openwrt/feeds/packages/net/modemmanager'
So make sure there's anything there to copy over first.
Signed-off-by: Philip Prindeville <pprindeville@netgate.com>
Signed-off-by: Daniel Pinto <danielpinto8zz6@gmail.com>
desec.io ddns update is not working, after testing the endpoint I got a 301, after a bit of search I found out we are
supposed to use https instead of http
more info here: https://talk.desec.io/t/301-from-update-dedyn-io/644/2
bump PKG_RELEASE
Since February 2023, I decided to no longer work with Turris, I mean CZ.NIC company
due to some reasons how the development goes and since that day my work address is not
available and not sure if there is some redirect to someone else, but if anyone wants to
reach me, use my email address, where they can find me.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* fix dns resolution not working on boot
* add hotplug-online script
* reorganizes files/ and Makefile to reflect files destinations
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update jool to version 4.1.10 and remove a no longer needed patch.
There was also a need to backport a patch to fix compile in some archs.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Modified the code to correctly determine modem availability based on the
sysfs path provided in the 'device' option, instead of relying on the
'proto' value. This ensures proper configuration for custom-made protos
that do not match the "modemmanager" identifier.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
The proto_send_update function is sending a notification to netifd
during the teardown section. However, netifd filters link update
notifications executed during teardown, as indicated here:
https://git.openwrt.org/?p=project/netifd.git;a=blob;f=proto-shell.c#l515
This was leading to a Permission Denied error due to its behavior,
making proto_send_update ineffective during teardown.
To address the issue, the proto_send_update function has been removed
from the teardown section. This prevents the Permission Denied error
while ensuring proper operation during teardown.
Additionally, in the 10-report-down helper script, a check has been
implemented to determine if the interface is already down. This check
is crucial to avoid triggering a Permission Denied error, especially
in cases where netifd is already aware of a controlled ifdown operation.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
croc is a tool written in Go for sending files from one device to
another over the internet using a relay. It runs on multiple platforms,
provides end-to-end encryption and works without port forwarding and
fixed IP/DynDNS.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
* this package replaces simple-adblock package
* it was impossible to keep existing config structure and continue
improving the simple-adblock the way I wanted, hence the new
package name
* the migration script for existing simple-adblock config is included in
the uci-defaults file
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* remove firewall4.include file as it is not needed and procuces a firewall
error on service miniupnpd restart
* remove the uci-defaults file as its sole purpose was to install the
firewall include file
* modify the Makefile to reflect the deleted files
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This release breaks the noexit patch, because the code for removing old
now returns an error when no interfaces are configured. As it is run on
startup, the daemon exits in this case. To avoid this, add an additional
check so an error is only returned in an actual error case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes#2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes#2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Update the mdio-netlink kmod and userspace mdio-tools to version 1.3.0.
[v1.3.0] - 2023-07-24
---------------------
Primarily widen the gamut of supported kernel versions, now supporting
all kernels from 5.2 and onwards.
- mvls: Support for 88E6320/88E6321
- mdio-netlink: Adapt to the upstream C22/C45 refactor.
Signed-off-by: Zhi-Jun You <hujy652@protonmail.com>
* quic-go v0.36.x cannot be compiled with Go 1.21. Update that
AdGuardHome dependency to latest one from v0.37 series.
* It fixes following compilation error:
go-mod-cache/github.com/quic-go/quic-go@v0.36.2/internal/qtls/go121.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.21 yet. For more details, please see https://github.
com/quic-go/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.21 yet.
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
Everything is working on pure upstream code.
Patching is not longer needed.
Added entire /etc/tailscale/ directory to conffiles for persistent ssh
host key & https certificate across sysupgrades.
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Add new option to a config bridge section to indicate
if a bridge port added to the bridge should be isolated
or not. The default is 0 (no isolation).
example
config bridge
option interface 'br-mybridge1446'
option mtu '1446'
option isolate '1' # default '0'
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
In order to use the dbus interfaces via the command gdbus-codegen, the
xml files must be copied into the building staging directory, so that other
programmes can use them during compilation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fix validation for force_dns_port when missing in config
* fix validation for dns_instance when * or - are used
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Most distros allow dropping site configuration files into
/etc/sshd_config.d/ so that you don't have to tweak the main
server configuration file.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Add a new package for the OpenThread Border Router. Comes with a netifd
protocol handler. See README.md for more information.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
v0.19.4:
- No changes
v0.19.3:
- We now detect MySQL's strange, version-dependent my_bool type on configure.
- Add pkg-config definitions for gnunet messenger.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
I've noticed my AppleTV's refresh their leases ever minute unless
I explicitly force their renewal time higher, because it doesn't
default to 50% of the lease time.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit updates openvpn to version 2.6.5 and add DCO support.
There are several changes:
- Starting with version 2.6.0, the sources are only provided as .tar.gz
file.
- removed OPENVPN_<variant>_ENABLE_MULTIHOME:
multihome support is always included and cannot be disabled anymore
with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_DEF_AUTH:
deferred auth support is always included and cannot be disabled
anymore with 2.6.x.
- removed OPENVPN_<variant>_ENABLE_PF:
PF (packet filtering) support was removed in 2.6.x.
- The internal lz4 library was removed in 2.6.x; we now use the liblz4
package if needed
- To increase reproducibility, _DATE_ is only used for development
builds and not in release builds in 2.6.x.
- wolfSSL support was integrated into upstream openvpn
- DES support was removed from openvpn
The first two wolfSSL patches were created following these 2 commits:
4cf01c8e43028b501734
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The line to generate the argument list for 'simple connect' is quite
long and is not maintainable. To improve the handling a function
'append_param' was added for appending the 'simple connect' options.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Francisco Jose Alvarez <francisco.alvarez@galgus.net>
* Update commit head
* Rebase patch to the latest changes
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If on teardown the 'proto_notify_error' is set to 'MM_TEARDOWN_IN_PROGRESS',
then an error which is set on 'setup' is not visible in the ubus
network.interface.<iface> status output.
{
"up": false,
"pending": false,
"available": true,
"autostart": false,
"dynamic": false,
"proto": "modemmanager",
"data": {
},
"errors": [
{
"subsystem": "dualsim",
"code": "MM_TEARDOWN_IN_PROGRESS"
}
]
}
It alway shows the code 'MM_TEARDWON_IN_PROGRESS'!
By removing the line 'proto_notify_error "${interface}" MM_TEARDOWN_IN_PROGRESS'
in teardown, the last error is show in the proto stack from setup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The tag is now prefixed with v; update PKG_SOURCE_URL and PKG_BUILD_DIR
to reflect this.
Drop upstreamed patches. Refresh leftover patch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fix permission to dnsmasq files for ad-blocking
* add pause function to pause the ad-blocking temporarily
* introduce pause_timeout option to control default pause time
* update default config and config-update file
* use $param instead of $1 in adb_start()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Tor projects tries to migrate away from git.torproject.org [0,1]. We
need to adjust PKG_SOURCE and GO_PKG name. Further, we need to backport
patches to fix compiling on riscv64, so add:
- 0001-Bump-minimum-required-version-of-go.patch
- 0002-Update-dependencies.patch
Changelog:
2fa8fd9188
[0] - https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/86
[1] - 82cc0f38f7
Signed-off-by: Nick Hainke <vincent@systemli.org>
* supports allowing / blocking of certain VLAN forwards in segregated network environments,
set 'ban_vlanallow', ''ban_vlanblock' accordingly
* simplified the code/JSON to generate/parse the banIP status
* enclose nft related devices in quotation marks , e.g. to handle devices which starts with a number '10g-1'
* made the new vlan options available to LuCI (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This version includes support for Go 1.20 (specifically 1.20.5).
This also:
* Adds a workaround for musl 1.2.4 compatibility in mattn/go-sqlite3[1]
* Sets GO_PKG_BUILD_PKG to build the main binary (ooniprobe) only
* Updates the package license; the project was relicensed in 3.13.0[2]
[1]: https://github.com/mattn/go-sqlite3/issues/1164
[2]: https://github.com/ooni/probe-cli/pull/446
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* prevent superflous etag function calls during start action (on start backups will be used anyway)
* changed the ipthreat feed download URL (load a compressed file variant to save bandwidth)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added HTTP ETag or entity tag support to download only ressources that have been updated on the server side,
to save bandwith and speed up banIP reloads
* added 4 new feeds: binarydefense, bruteforceblock, etcompromised, ipblackhole (see readme)
* updated the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add new package to debug multicast setups. This is required to use
kselftests script for network testing.
net-mtools is used instead of mtools as it does conflicts with another
package that is also called mtools.
Some additional patch from Vladimir Oltean are added to make the tool
works on kernel selftests scripts.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
We currently have a more or less circular dependency with nginx ssl and
full variant.
FULL variant depends on every nginx module. Every nginx module depends
on nginx-ssl.
Since nginx-full depends on an nginx module, nginx-ssl is installed as
module depends on it and then the installation fails as nginx-full
conflicts with nginx-ssl.
nginx-full in it's meaning is nginx built with every config selected and
it should not have module as dependency. In fact an user should always
install them separetly as while other things, local modification to the
nginx config file are required to include the just installed module.
To fix this circular dependency problem, drop the dependency of every
nginx module for FULL variant.
Fixes: #21300
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit adds support for http/3. This is an experimental version
and isn't fully supported because nginx is being built with the regular
OpenSSL and the regular one doesn't support quic.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Update nginx to 1.25.1.
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[ improve commit title and add nginx changelog ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport a patch from upstream fixing wrong args handling with musl.
Before this patch non args must be passed at the end of the command due
to a musl limitation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* update binaries to 1.7.2
* move sharedMemoryOutput variable declaration into output function as it doesn't
need to be global
* rename parse_yaml function to yaml_parse
* add TODOs for future development
* update copyright datestamps
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Fixes CVEs:
- CVE-2023-2828: The overmem cleaning process has been improved, to
prevent the cache from significantly exceeding the configured
max-cache-size limit.
- CVE-2023-2911: A query that prioritizes stale data over lookup
triggers a fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for named
to enter an infinite callback loop and crash due to stack overflow.
The complete list of changes is available in the upstream release
notes at
https://ftp.isc.org/isc/bind9/cur/9.18/doc/arm/html/notes.html#notes-for-bind-9-18-16
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
* process local lists in strict sequential order to prevent possible race conditions
* support ranges in the IP search, too
* fix some minor search issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
`dnsdist-full` has all optional features enabled, but is a big package
in term of both flash and memory footprint.
`dnsdist` only keeps the features that make the most sense
on embeded devices, but can also be customised to match the
user's needs, up to the point where it matches `dnsdist-full`.
Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>
Major changes since version 3.1.1:
* Officially supports the 2019 version of IEEE 1588
* Improved unicast messaging
* Enhanced G.8275.2 profile
* More flexible Pulse Per Second (PPS) handling
* Virtual clock support
* Power profile support
* VLAN over bond support.
* Parallel Redundancy Protocol (PRP) trailer handling.
* Non-privileged read-only monitoring port.
* New statistics reporting.
[V2]
* reset package release
* adapt license name to the new format
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@westermo.com>
* Support MAC-/IPv4/IPv6 ranges in CIDR notation
* Support concatenation of local MAC addresses with IPv4/IPv6 addresses, e.g. to enforce dhcp assignments (see readme)
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
OpenELP is an open source EchoLink proxy for Linux and Windows. It aims
to be efficient and maintain a small footprint, while still implementing
all of the features present in the official EchoLink proxy.
Signed-off-by: Scott K Logan <logans@cottsay.net>
If an alias name is used for the modem, then a check if the device exists
in sysfs does not work. To fix this remove the check if the sysfs device
exists. The protocoll handler already checks if the modem is responsible
for this device on the next line.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
On small systems with many virtual devices, the modem manager sometimes
could not start because it took too long until all devices for the modem
were recognised. This is because all system events that are stored in
the file events.cache have to be processed. To speed up the processing,
all devices under /sys/devices/virtual are now filtered out so that they
do not have to be processed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Fix a bug on installation of nginx-mod-luci where module.d directory
is not found and luci.module creation fails.
Correctly create empty directory for module.d include for dynamic module
loading by placing file in this directory.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When using both ipv4 and ipv6 entries on the same host, ddns is clearing A
(or AAAA) record depending on the connection (ipv4 or ipv6).
see https://desec.readthedocs.io/en/latest/dyndns/update-api.html#determine-ip-addresses
Signed-off-by: Baptiste Fouques <bateast@duck.com>
Update comment and bump PKG_RELEASE number.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In mesh communities, tunneldigger is widely used to create L2TPv3 tunnels
and mesh via them. Since the broker is typically installed on other
distributions, the openwrt broker package has not received any
maintenance in recent years [0]. I take now care of the further maintaince
of this package. Furthermore, I consulted with the maintainers to ensure
that they were comfortable with the change [1].
This PR is just a refactoring of the already existing opkg package from
wlanslovenija. It fixes config parsing and in general the config, adapts
to the new python syntax and fixes dependency handling.
- [0] https://github.com/wlanslovenija/firmware-packages-opkg/tree/master/net/tunneldigger-broker
- [1] https://github.com/wlanslovenija/firmware-packages-opkg/issues/24
Signed-off-by: Nick Hainke <vincent@systemli.org>
netavark v1.6.0 was released, so instead of using
git version, use release. Does not contain very
much of changes, but list is available from netavark's
commit log.
Software now comes with additional tool named
netavark-dhcp-proxy-client which is now included
in package.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Fix compilation error on kernel 6.1.
Fix compilation error:
In file included from /mnt/Data/Sources/openwrt/x-wrt/build_dir/target-aarch64_cortex-a72_musl/linux-bcm27xx_bcm2711/xtables-addons-3.24/extensions/LUA/controller.h:24,
from /mnt/Data/Sources/openwrt/x-wrt/build_dir/target-aarch64_cortex-a72_musl/linux-bcm27xx_bcm2711/xtables-addons-3.24/extensions/LUA/xt_LUA_target.c:27:
/mnt/Data/Sources/openwrt/x-wrt/build_dir/target-aarch64_cortex-a72_musl/linux-bcm27xx_bcm2711/xtables-addons-3.24/extensions/LUA/lua/lua.h:12:10: fatal error: stddef.h: No such file or directory
12 | #include <stddef.h>
| ^~~~~~~~~~
compilation terminated.
The error is caused by commit 04e85bbf71c9 ("isystem: delete global
-isystem compile option") present upstream from kernel 5.16. This
commit dropped the inclusion of system headers by default and caused
error on LUA module.
Following what is done in the commit for the required code, modify the
LUA Kbuild to include these header and restore correct compilation of
the LUA module.
Fixes: #21294
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
aardvark-dns v1.6.0 was released,
so instead of using git version, use release -
similarly like netavark.
Very much hasn't changed but list of changes
is in git commit log of aardvark-dns.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Bump nginx to new 1.25.0 release.
Changes:
*) Feature: experimental HTTP/3 support.
Every patch automatically refreshed.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fix some problem with migration of uci conf template and include of
module.d directive.
Fix 2 case:
- uci.conf.template not versioned but with the include module.d
resulting in double include module.d
- uci.conf.template version 1.1 with the include module.d at the end
of the config. This is problematic for nginx as modules must be
included before any http directive.
Handle this 2 case to restore a working uci.conf.template configuration
on migrated config.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bump uci conf template version to 1.2 to sync with nginx version
handling some migration problem.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
It's not possible to configure custom Transmission web home as corresponding
env var gets overwritten by the command that sets CA bundle env var.
Signed-off-by: Leonid Bogdanov <leonidbogdanov86@gmail.com>
In f8a8b71e26 openvpn introduced new hotplug events.
For server config, ipchange hotplug event produces an error.
So, make ipchange hotplug event for client only
Fixes https://github.com/openwrt/packages/issues/21200
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Update crowdsec to latest upstream release version 1.5.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.5
Description: update to latest version of upstream
* Optionally auto-add entire subnets to the blocklist Sets based on an additional RDAP request with the
monitored suspicious IP, set 'ban_autoblocksubnet' accordingly (disabled by default).
For more information regarding RDAP see
https://www.ripe.net/manage-ips-and-asns/db/registration-data-access-protocol-rdap for reference.
* small fixes & cosmetics
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
speedtestcpp is a fork of Taganaka's speedtest, rewritten.
It has some improvements such as
- interactive result show
- use server recommended profiles, which makes it faster (can be disabled)
- and more..
It also provides it's functions in shared and static libraries
and offers development headers for integrating speedtest to
features to another projects.
This commit replaces speedtestpp since this fork has
all the same features + more.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Make modules follow a naming convention, which enables:
1. Inline ADDITIONAL_MODULES into CONFIGURE_ARGS
2. Consolidate some parts of Quilt and Download for each module into
BuildModule
Signed-off-by: Glen Huang <me@glenhuang.com>
[ fix conflict error ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
OpenWrt core has a package called ustp which is an OpenWrt adaptation (from
mstpd) for OpenWrt (using libubox, libubus, etc).
No sense in keeping mstpd anymore.
We can just update ustp.
Also, if mstpd has any updates, they can be ported over to ustp too.
Abandoned PR:
https://github.com/openwrt/packages-abandoned/pull/30
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* update to a new upstream commit, fixes#19366
* update patches/010-cmakelists-remove-cflags.patch as upstream file was update
* remove patches/020-cmakelists-add-version.patch as version is now set elsewhere
* add patches/020-src-options.c-add-version.patch to set the version information
* adjust PROCD START time to 95
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This version includes support for Python 3.11.
This also:
* Updates Build/Compile to only build selected subpackages.
* Removes the submenu in menuconfig; there are too few subpackages to
justify the extra complexity.
Fixes: https://github.com/openwrt/packages/issues/21163
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
and also fix build error:
Package ocserv is missing dependencies for the following libraries:
liboath.so.0
Signed-off-by: Thlv Alivs <zgmzzzz18@gmail.com>
Without it, nginx could complain about incompatible dynamic modules
Signed-off-by: Glen Huang <me@glenhuang.com>
[ fix conflict error on cherry-pick ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Introduce support for migration of old uci conf template to new version.
Uci conf template are saved in config backup. This cause problem on config
restore as old config template might have compatibility problem with new
nginx implementation.
Add logic to migrate the template script at runtime to correctly align
to latest change from nginx and nginx-util.
Fixes: 65a676ed56 ("nginx: introduce support for dynamic modules")
Fixes: #20904
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
