When issuing an ECC certificate, acme.sh for some reason changes the name
of the directory used for the certificate state. Handle this correctly when
moving directories and updating config files.
Fixes#7941.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
--log-error in the init script was overriding it.
Added several optimizations to the init script for speed and correctness.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Update xtables-addons to 3.7
Remove linux 4.9 compatible patch as OpenWrt master no longer supports it
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Extend (and rename) the existing mii-tool package to also support
the net-tools route command.
This may be needed if you want to support other address families than
inet/inet6 like x.25.
Also bump to version 2018-11-03.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Things were done in the wrong order, leading to config_dir not being
chown'ed and subdirectories not being created in case of download_dir
being inside config_dir.
Fixes: 609109fa9 ("transmission: add seccomp filter and improve jail")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
"fg" and "pidfile" parameters are already used in the init script,
so they are not controllable by config file anyway.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
The package doesn't need to install _everything_ to staging. This commit
reduces the amount of files that get copied over to staging. Currently
there's no package depending on apache anyway.
This adds sed scripts from buildroot (thanks!) to fix two files that are
important for cross-compiling external modules. This has been tested and
was confirmed to work with mod_gnutls taken as an example package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Also preinst and postrm are removed. busybox's httpd isn't installed by
default, so these gimmicks seem antiquated.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This adds extra packages for certain modules (basically the ones that
incur further dependencies), support files etc. This is pretty much
follows Alpine's example.
This updates the httpd.conf patch to _not_ uncomment MIMEMagicFile
(because the module isn't loaded by default) and removes that changes
that aren't needed anymore (because of the added module support). The
patch now only changes the default user.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This gets rid of flags. For instance $(FPIC) shouldn't be forced onto
applications (see [1]).
And CONFIGURE_ARGS + CONFIGURE_VARS are broken out of Build/Configure.
This way more arguments can be added easily in the future.
The target is changed from apache to apache2 (which is used by upstream
by default). the CONFIGURE_ARGS are changed where need to enable
modules.
This also renames one patch that fixes scoreboard location (the name
004-pidfile_fix.patch didn't describe what it's doing).
Now with the OpenWrt layout in place 003-logdir_fix.patch can be
removed.
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- version bump
- update license description
- add PKG_BUILD_PARALLEL:=1
- remove two cross-compile patches and replace them with the
cross-compile patch from buildroot (adds autoreconf to get this going)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Provide the minimal applications and plugins for: cgi, filelog, syslog and
python3. More plugins can be added if needed by other packages. Autostart
uwsgi in emperor mode loading vassals on demand.
For now, include luci-support (maybe it will be moved to another package),
which uses the syslog plugin by default.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Luci nginx config file for non ssl varian had user as nobody nogroup. This cause some problem with ubus use.
Luci file support package depends on uwsgi-cgi. As this package will be renamed shortly to a more generic version, make the subpackage depends on the uwsgi subpackage only.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_RELEASE not bumped because this only affects package description.
We document that passlib and bcrypt are needed if one wishes to use
bcrypt encryption of passwords. These have not been added as dependencies
as Radicale2 can have a frontend webserver authenticate users rather than
radicale itself.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
All the computationally expensive stuff is in the libraries, not the
package itself.
Saves several kilobytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If snmpd fails to open files, like /dev/kmem or /dev/mem, it exits.
Avoid this by adding the -r argument.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The ModemManager protocol handler checks for the pppd daemon during
the initialization, and if it doesn't exist, the protocol handler is
not even loaded by netifd.
This is because the IP method to use on the connection of a given
modem is not known until ModemManager reports via its interfaces how
the modem should be connected (either using PPP, with DHCP, or with
explicit IP settings).
Fixes https://github.com/openwrt/packages/issues/10802
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
0.12.0 tarballs aren't out yet, I accidentally committed the changed
version in commit b6a9bd3bf3
("gnurl: update to version 7.67.0").
Revert gnunet back to 0.11.8.
Reported-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The package wget should not say that it provides itself.
This also make gnu-wget provide general so it is not written in Makefile
twice.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* Added optional ipv4 resolvers UCI config option
* Added logging to logd
* Refactored verbosity UCI config option
* Filtered out any address from being added to dnsmasq
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
The build needs protoc, otherwise it fails.
checking if we need to link in protobuf... yes
checking for PROTOBUF... yes
checking for protoc... no
configure: error: Protobuf requested but the protobuf compiler was not found
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently dnsdist is failing at packaging stage when lmdb is in staging:
make[4]: Leaving directory '/builder/shared-workdir/build/sdk/build_dir/target-x86_64_musl/dnsdist-1.4.0'
Package dnsdist is missing dependencies for the following libraries:
liblmdb.so
Makefile:109: recipe for target '/builder/shared-workdir/build/sdk/bin/packages/x86_64/packages/dnsdist_1.4.0-2_x86_64.ipk' failed
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
When present on the build system dnsdist will try to make use of libcap. This
change adds an explicit dependency to ensure it's present at build time, to
prevent build failures when another package brings the dependency in.
Signed-off-by: James Taylor <james@jtaylor.id.au>
* remove 'ransomware' blocklist by abbuse.ch (discontinued)
from default adblock config
* fix/switch 'someonewhocares' config to https only
* fix curl download parameters to follow redirects and
suppress needless output
* made the tmp directory of sort operations configurable,
set 'adb_sorttmp' accordingly (only supported by 'coreutils-sort')
Signed-off-by: Dirk Brenken <dev@brenken.org>
This new release also installs additional 'shared utils' loadable
libraries in /usr/lib/ModemManager, so make sure we include them in
the packaging.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Update dnsdist to next major release 1.4.0. This release introduces
dependencies on libh2o-evloop and libwslay for support of DNS over
HTTPS.
Release Blog Post: https://blog.powerdns.com/2019/11/20/dnsdist-1-4-0/
Changelog: https://dnsdist.org/changelog.html#change-1.4.0
Also removes compatibility patches required for previous release that have
been incorporated upstream.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Maintainer: Darryl Sokoloski / @dsokoloski
Compile tested: arm_cortex-a15_neon-vfpv4, TP-Link Archer C2600, master
Run tested: TP-Link Archer C2600
Change log for v2.98:
[FIX] OpenWrt: Silence ABI warnings.
[FIX] Fixed socket buffer dead-lock (pop < 0 bytes).
[FIX] Silenced site UUID errors (moved to debug level).
[FIX] Updated to SPDX identifier for GPL license.
[IMP] Migrated from libjson-c to nlohmann JSON for Modern C++.
[IMP] Updated agent status with CPU utilization and sink service status.
[IMP] Reformatted sink queue utilization status output.
[IMP] Support OS-specific restarting.
[IMP] Added payload upload and update frequency control.
[IMP] Added MAC addresses to JSON interface list.
[IMP] Added option to send established flows to connecting clients.
[IMP] Added offline capture processing script.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Updates pdns-recursor to current stable 4.2.1. Also includes more complete fix
for boost.m4 BOOST::THREAD detection, removing dependency on boost-thread.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Upgraded to pdns-4.2.1 and corrected issues with dependency management on
modules, in addition to moving zone2ldap under the ldap backend (It's only
compiled if ldap backend is enabled)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Periodic update of the list of Google domains using
https://www.google.com/supported_domains
as a reference.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
Per discussion in https://github.com/openwrt/openwrt/pull/1804, iputils is
moving from the main openwrt repository to the packages feed, and is switching
from the abandoned skbuff.net upstream to github.com/iputils/iputils
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This is a bugfix release.
Full changelog available at:
https://mosquitto.org/blog/2019/11/version-1-6-8-released/
Many smaller fixes in various areas, nothing particularly standout as of
special interest to OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
