In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit dde503da13)
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b2a890f6ad)
Also fix the license information: in older versions the test programs
were GPL 3 licensed, but meanwhile it changed to BSD license.
But since this package only packages the library itself, we can
safely focus only on the LGPL here which covers the library itself.
While at, fix a minor nitpick during library symlink installation.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
While outwardly a major update, this mainly pulls in fixes related to
openssl verson changes that ensure this continues running on OpenWrt
Signed-off-by: Karl Palsson <karlp@etactica.com>
* remove 'ransomware' blocklist by abbuse.ch (discontinued)
from default adblock config
* fix/switch 'someonewhocares' config to https only
* fix curl download parameters to follow redirects and
suppress needless output
* made the tmp directory of sort operations configurable,
set 'adb_sorttmp' accordingly (only supported by 'coreutils-sort')
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 21a85fef22)
This adds a host as well as a target package.
meson.mk is provided to build packages using meson.
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit d83cba79c1)
This adds a host as well as a target package.
ninja.mk is provided to execute ninja.
The two patches have been taken from upstream to fix compile issues.
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 5ead78be5a)
Removed findutils-xargs dependency due to added busybox support in version 2.8
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2c22dcd3dc)
Disable the init script by default to avoid log pollution; motion is
very verbose when it cannot open the configured camera.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry-picked from eaa1d5aa18)
This is a bugfix release.
Full changelog available at:
https://mosquitto.org/blog/2019/11/version-1-6-8-released/
Many smaller fixes in various areas, nothing particularly standout as of
special interest to OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Update collectd to 5.10.0
* leave new plugins as disabled for now (procevent, sysevent)
* refresh patches. Remove unenecessary version fix
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry-picked for 19.07. PKG_RELEASE=2 as cpufreq was already backported)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Adjust the reaction to a polling interval timestamp that references
to a past time.
Past timestamps can happen when ntpd adjusts router's time after network
connectivity is obtained after boot. Collectd shows warnings for each plugin
as it tries to enter new values with the same timestamp as the previous one.
This patch adjusts the next polling time to be now+2 seconds for the main
loop and for the plugin-specific read loops. That avoids the warnings, but
does not overreact in case there are shorter polling intervals or the time
gets adjusted for other reasons.
Additionally some debug statements are aded, but they are visible only
when --enable-debug configure option is used in Makefile.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry-picked for 19.07)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Update collectd to 5.9.2
Mainly bug fixes:
dfb9dd09fe/ChangeLog
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry-picked for 19.07)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
