When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* fix for #8357
* fix unexpectedy calling option_cb() during wireless config_load
* react immediately when the current active uplink connection
gets deleted
Signed-off-by: Dirk Brenken <dev@brenken.org>
The following patches are in upstream now
0100-netdev-linux-Use-unsigned-int-for-ifi_flags.patch
0103-ovs-ctl-fix-setting-hostname.patch
0106-ovs-save-compatible-with-busybox-ip-command.patch
0107-datapath-use-KARCH-when-building-linux-datapath-modu.patch
As for 0001-musl-compatibility.patch, the net/if_packet.h part does not
apply anymore. And musl is not relevant as we use libatomic from gcc
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* switch to git, until we can consume manual created source releases again
* Fix compilation without OpenSSL ENGINE
* remove unnecessary stop_service() triggers
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* add patch for tmsize overflow (https://bugzilla.samba.org/show_bug.cgi?id=13622)
* re-enable netbios by default
(Some users still need netbios and its just a minor size increase 50kb)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Switch to v0.11 release sources (plus patches to still get it to build)
gnunet-social was out-sourced into a separate repository and hence
new OpenWrt package gnunet-secushare.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Before this change two disconnected events were generated. This is wrong!
The disconnected event is impliciet generated by the hotplug script on ifdown
event. The mwan3track script is notified by a USR1 signal which
generates the disconnectd event. The additional "disconnectd" event on
ifdown is not required.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also moves the generated config file to /var/etc and adds a
service_triggers() function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The speedtest-netperf.sh script measures the network throughput while
monitoring latency under load and capturing key CPU usage and frequency
statistics. The script can emulate a web-based speed test by downloading
and then uploading from an internet server, or perform simultaneous
download and upload to mimic the stress of the FLENT test program.
It simplifies tasks such as validating ISP provisioned speeds or setting
up and fine-tuning SQM, directly on the router. The CPU usage details
can also help determine if the demands of SQM, routing and other tasks
such as the test itself are exhausting the device's CPUs.
This script leverages earlier scripts from the CeroWrt project used for
bufferbloat mitigation, betterspeedtest.sh and netperfrunner.sh. They are
used with the permission of the author, Rich Brown.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* add captive portal domains automatically to the related
domain whitelist (dhcp option 'rebind_domain'),
if rebind protection/RFC1918 is enabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
This updates the package to use the default PyBuild/Compile, instead of
defining a custom Build/Compile.
This also updates the source url and adds a src package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the Python 2 twisted package to python-twisted, and updates
dependents (i.e. obfsproxy) to reference the updated name.
This also fixes conflicts between the Python 2 and 3 packages. Twisted
installs some scripts to /usr/bin, and previously scripts for both
packages used the same names. This adds a "3" suffix to scripts
installed by python3-twisted.
This also adds python[3]-setuptools as a dependency, as the scripts
installed to /usr/bin depend on pkg_resources (part of setuptools).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When OpenSSL is built without deprecated APIs, pkg-config first tries
OpenSSL in the staging directory but fails as it cannot find the
deprecated SSL_library_init function and ends up finding the system one.
Added PKG_BUILD_PARALLEL for faster compilation.
Added -Wl,--gc-sections to LDFLAGS to save ~10KB from the resulting ipk.
Reworked configure section as some of those options were renamed or
removed.
Removed EXTRA_* hacks that are no longer necessary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Using an external toolchain, it was discovered that net-snmp would
link with the Perl library (-lperl) from the host rather than from the
target.
Since we do not provide Perl as a dependency to net-snmp, the solution
is to disable support for it.
Fixes issue #8217.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also replaces space indentation with tabs, and removes trailing
whitespace and unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a validate section to service_triggers(), and fixes some
variable name typos in qosdef_init_static().
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Changes:
-remove old patch(part of 0.0.9 release)
-change the canonical upstream repo location to gitlab
-change source to gitlab
-change source package to golang-gitlab-yawning-obfs4-dev
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and updates the timeout
value to the new max timeout in ipset 7.0.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.
Always call post_checks when returning from issue_cert.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
git is hard. :-(
Reported-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fixes: 4629f043e0 ("znc: update to 1.7.2")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also fixes some validation, makes variable declarations local,
removes unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Refresh patches
Remove --enable-static and --enable-dynamic because they're enabled by default
Enable parallel compilation
Fix compile without IPv6
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
It is increasingly likely 240/4 and 0/8 netblocks will be allocated as
unicast globally rout-able and reachable address space
240/4 is already enabled throughout linux and openwrt.
Permit these address blocks under bcp38 address validation, ie. remove
those ranges from the block list:
list match '0.0.0.0/8' # RFC 1700
list match '240.0.0.0/4' # RFC 5745
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[bump package - minor tweaks to commit message - remove commented lines]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and removes some
unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also fixes a variable name typo ("CONFIGFILE" instead of
"config_file").
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and removes some
unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Switched URL to @SAVANNAH for more mirrors.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_LICENSE info.
Minor reorganization for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- fix reporting for bogus hostnames with underscores
- no longer accidently overwrite existing 'serversfile' entries in dhcp
config which reference to the adblock jail list
- remove needless 'no_mail' flag
- refined log message regarding tcpdump requirement for reporting
Signed-off-by: Dirk Brenken <dev@brenken.org>
gitweb is missing a dependencies on perlbase-filetest and
perlbase-storable. It fails to start without these packages.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also corrects a variable name typo ("proxy" instead of
"proxy_host").
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Since the functions in procd.sh invoke "initscript" variable which is
not defined when imported procd.sh from hotplug scripts. And this
results in error when calling basename utility.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:50 2019 user.notice nft-qos-monitor: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 250 192.168.11.109/60566 reply www.google.com is 216.58.215.68
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mtalk.google.com is <CNAME>
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mobile-gtalk.l.google.com is 173.194.222.188
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 user.notice nft-qos-dynamic: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Signed-off-by: Rosy Song <rosysong@rosinson.com>
- Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.17.html)
- Raise PKG_RELEASE to 2
- Prefix patches with 3-digit numbers instead of 4-digit numbers
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also lets procd trigger the validation function directly, and
removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The reworked init script:
* Loads and validates options using uci_validate_section() (through
uci_load_validate())
* Allows service options be specified in the globals section
* Hard-codes less global options (debug, syslog), as their default
values already work
* Adds support for almost all options (up to the current package
version, 5.49)
* Moves the pid file into a subdirectory (/var/run/stunnel) so that it
can be created successfully when setuid is used
Certain options are omitted:
* chroot - requires more setup than the init script can manage
* fips, libwrap - disabled at compile-time
* iconActive, iconError, iconIdle, taskbar - gui/win32 only
* verify - obsolete, verifyChain and/or verifyPeer should be used
instead
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Current dropbear is sufficient for gitolite purposes, so don't
require openssh (we don't do a dependency on either dropbear or
openssh as they are not yet drop-in replacements in terms of
packaging for the functions shared between them). To achieve
tihs we also eliminate the dependency on ssh-keygen. Previously
gitolite used ssh-keygen to generate fingerprints from OpenSSH
keys to ensure non-duplication of keys when processing them to
create / manage user ssh access to the git repositories.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The previous solution was incorrect. The issue was that the macro was not
defined as the header defining it was not included. GCC warns if -Wunder
is passed and does not error by default, leading to the confusion.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add a forgotten patch which was part of the original PR to switch ct tools
to libtirpc.
Fixes: ecebe0ed1 ("conntrack-tools: update to 1.4.5 and link against libtirpc")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In order to allow for the switch from librpc to libtirpc, we need to
relocate the conntrack-tools package here.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Small but important tweaks to fix the operation of the nut initscripts
and hotplug scripts. All hail shellcheck and proofreading and
dogfooding.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This upstream release adds support for trust_anchors_backoff_time
configuration parameter. UCI support has been added for this.
This commit also includes a number of clean-ups:
o change START=50 to START=30 in init file
Starting earlier in the boot means less chance of missing interface
trigger events. See: https://github.com/openwrt/packages/pull/4675
o remove unused variables from init file
o separate local declarations and assignments in init file
o add defensive quoting in init file
o use default values for procd respawn in init file
o make use of {} in variables consistent in init file
o remove unused variable from init file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
* the DNS Report now displays the hostname, MAC-Address or
client IP (CLI & LuCI)
* Filter the DNS Query result set for a particular domain, client or
time frame (CLI & LuCI)
* remove needless XHR.Poll-Events from Reporting page in LuCI
* remove needless 'force sort' option in LuCI
Signed-off-by: Dirk Brenken <dev@brenken.org>
The configure script uses a deprecated function to check for libssl. I tried patching configure.ac
and adding PKG_FIXUP:=autoreconf but that causes a different error. This is the simplest fix.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
lighttpd-mod-auth has to be installed with lighttpd-mod-authn_file,
otherwise an error will appear even when auth.backend is not "plain".
(plugin.c.229) dlopen() failed for: /usr/lib/lighttpd/mod_authn_file.so Error loading shared library /usr/lib/lighttpd/mod_authn_file.so: No such file or directory
Signed-off-by: David Yang <mmyangfl@gmail.com>
Since 4.9.3, Samba AD-DC with MIT Kerberos will refuse to build unless
--with-experimental-mit-ad-dc is provided to the configure command.
The mandatory requirement was introduced in response to a report that
a user in a Samba AD domain can crash the KDC when Samba is built in
the non-default MIT Kerberos configuration:
https://www.samba.org/samba/security/CVE-2018-16853.html
This requirement was introduced in Samba commit
c5370a4349d381ba3b64b063dc28a2c54cfacdfc.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
* fix launcher.sh installation for client, bridge
* link libreadline as static for host helper (hamcorebuilder)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* enhance the query function to search in adblock backups as well,
to get back the set of blocking lists sources for a certain domain
* add "Latest DNS Queries" report to commandline version as well
(already in LuCI)
* made the tld compression (the error handling) more robust,
remove the needless 'adb_forcesrt' option
* removed abandoned 'feodo' list source
* updated readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Radicale 2.x adds support for many new clients,
bug-fixes, etc so add v2 of this application.
We do it as a separate package for those not
ready to switch (it's not an straight inplace
upgrade from 1.x).
We do however CONFLICT with 1.x as they can't
be run side-by-side on the same host (without
containers for somesuch).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
