STAGING_DIR_HOST is for packages under tools/ , not host packages.
Reorganized Makefile for consistency between packages.
Added PKG/HOST_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added -Wno-error to fix.
Also added patch to fix compilation without deprecated OpenSSL APIs.
Added PKG_BUILD_PARALLEL for faster compilation.
Switched libcyassl to libwolfssl.
Reorganized makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
It seems there is a mistake in the version I sent upstream.
Cleaned up Makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* optimize the main scan/iwinfo call (performance & system load):
- remove a needless f_trim function call
- remove a redundant awk call
- reduce the scan buffer size and
make it configurable (trm_scanbuffer, default 1024 bytes)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
the latest update url format for deSEC is
http(s)://update.dedyn.io/update?username=[USERNAME]&password=[PWD]
Signed-off-by: James Qian <sotux82@gmail.com>
This applies to uClibc-ng and libiconv-full
Switched to building with uClibc++.
Fixed license information.
Fixed BUILD_DEPENDS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PowerDNS released two new versions which together add some features and address security issues.
Changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html
This release and 4.1.9 together fix the following security advisories:
PowerDNS Security Advisory 2019-04 (CVE-2019-10162)
PowerDNS Security Advisory 2019-05 (CVE-2019-10163)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Backported upstream patches that fix this.
Removed local patch that fixes libp11 with version 0.4.7, which is not
used anymore. Upstream has a different solution.
License fixes and Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The arc700 target (and probably others) uses uclibc as it's c-library. However,
uClibc's libcrypt seems to not support the crypt_data struct which broke
the build. This fix adds a new build-target to haproxy which does not use
libcrypt. Summing up, this commit does:
- Add support for uclibc to haproxy with libcrypt disabled
- Add detection of c-library to configure the correct build-target
- Silence additional warnings
- Update patches
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This service monitors (each 3s) switchdev ports and brings down CPU
ports when all related non-CPU vlan ports are also down. Otherwise,
it brings the port up.
In order to hide CPU ports from netifd, when a device is brought down,
the device is renamed adding the suffix "_down".
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
- Update haproxy download URL and hash
- Add new patches
- Add several CFLAGS (derived from haproxy Makefile) to make the build work with v1.9+
- Update default configuration
- Add check-command (for config) to init-script
- Add prometheus-service from contribs by default
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This change is inspired by commit openwrt/openwrt@38b22b1e ("nghttp2:
deduplicate files in libnghttp2")
The packages in this commit are identified with the following command
grep -rin -E 'INSTALL_(DATA|BIN)' | grep -F '.so' | grep -F '*'
Some of them do not have symlinks and are not affected, but the change
is still applied for consideration of best practices just in case
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/9255
This seems to fail the build for this package only.
So, this change patches the build, to add `-lssp` to the LDFLAGS of this
package, in case the build uses GCC's libssp.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The nsh.ko requirement was introduced in kernel 4.15. Currently there
are 3 kernel versions in base system, 4.9, 4.14, 4.19
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is a workaround to prevent the whole build from failing because of
the intree kmods are not supported yet by upstream project.
Root cause is that kernel version should not play a part when making
DEPENDS as the generated kconfig was for all targets that may have
different kernel versions.
One less than ideal effect of this change is that for an unsupported
kernel version, people can still select the intree kmod but it won't be
built. This may contradict expectation if the warning was not noticed
by them
Resolvesopenwrt/packages#9274
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Change log for v3.11.1716:
[IMP] Replaced libhttpd with libevent, therefore commented thread
related parameters in wifidogx conf file
[IMP] Added REQUEST_TYPE_COUNTERS_V2 to wifidog protocol
[IMP] Sent online and offline client's counter info to auth server
[FIX] Fixed missing setting online_time parameter bug
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
- treat RFC6762 'local.' as nxdomain because avahi and other services
will disable if SOA or NS records appear in central DNS.
- allow two threads to be enabled with the 'heavy traffic' variant of
Unbound packages.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* refine 'refresh' mode, add normal processing/download as fallback
* remove needless reload trigger
* fix various ipset warnings
* fix timer in 'refresh' mode
* adapt ssbl regex to new source list format
Signed-off-by: Dirk Brenken <dev@brenken.org>
seafile-seahub's build is a mess.
It hijacks some OpenWrt mk files into the build.
This can be avoided by provided some of the required parameters via
env-vars and patching the env-vars into the build.
Which is what this patch does.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The change is mostly organizational.
More packages will be moved to have python- or python3- prefixes.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
remove unused patches
Add patch to:
Automatically detect whether Curve25519 is available in NSS for USE_DH31
Signed-off-by: Antony Antony <antony@phenome.org>
enable libunbound, along with dependency
add kmod-crypto-aead kmod-crypto-gcm dependency to support AES GCM
disable libseccomp
/git/openwrt/build_dir/target-mips_24kc_musl/libreswan-3.27/include/lswseccomp.h:24:10: fatal error: seccomp.h: No such file or directory
#include <seccomp.h>
^~~~~~~~~~~
add missing dependency nspr
add nss-utils dependency to able to import x509 Certificates to fix the error
ipsec import west.p12
/usr/sbin/ipsec: line 239: pk12util: not found
/usr/sbin/ipsec: line 84: certutil: not found
remove libnss dependency, nss-utils util will pull it.
remove unused build option KERNELSRC not necesscay since b4b98e2922.
Signed-off-by: Antony Antony <antony@phenome.org>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed PowerDNS server links correctly against libraries. I'm unable to test
all the backend modules as I don't have suitable backing stores set up for each.
Description:
PowerDNS is a versatile nameserver which supports a large number of different
backends ranging from simple zonefiles to relational databases and load
balancing/failover algorithms. PowerDNS tries to emphasize speed and security.
This commit includes the authoritative nameserver, backends and additional tools
https://www.powerdns.com/auth.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
Change log for v2.88:
[IMP] Added support for search and replace privacy expressions.
[IMP] Added support for masking external addresses with private address ranges.
[IMP] When enabled, trigger a sink update on start-up.
[IMP] Added flow hash cache.
[IMP] Added HTTPS as a super-protocol of SSL.
[IMP] Add ability to save DNS hint cache to non-volatile (persistent) memory.
[IMP] Save sink responses when "json_save" is enabled.
[IMP] Added dynamic sink URL cloud configuration.
[IMP] Implemented per-detection-thread packet capture queue.
[IMP] Added support for a loadable serial UUID.
[IMP] Added configuration option to override sink connection timeout.
[IMP] Idle flow TTLs tunable via configuration directives.
[IMP] Added idle TCP flow multiplier to keep TCP flows in memory longer.
[IMP] Added new flow metadata "first_update_at" timestamp.
[IMP] Added complete reference sample configuration file.
[IMP] Various optimizations and fixes for FreeBSD.
[IMP] Employ advisory locking when writing output files.
[FIX] Ensure all configuration files are preserved on upgrades.
[FIX] Fixed automatic interface role detection for nethserver/shorewall.
[FIX] Memory usage fixes using profiling tools.
[UPD] Updated to nDPI v2.9.0-dev-709a87c.
[OPT] Flush and compress upload queue as soon as possible.
[OPT] Significantly reduced detection thread locking times.
[DEV] Added example plugin submodule to repository.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Use link-time optimization and --gc-sections --as-needed ldflags
Reduces ipk size by 20%
Remove unnecessary dependencies
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Fix license info to use SPDX name.
Switched to wget instead of curl to avoid having a dependency on 2 SSL
libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in bridge-utils.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[PKG_RELEASE bump]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
OpenWrt toolchains already use correct CFLAGS for every ARM target
There is no reason to use conservative CFLAGS now
It also causes compile error with GCC 9.1.0
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Moving the DNSDIST package into the IP Addresses and Names subcategory under Network. This will make it easier to find since it will be with other DNS tools.
Signed-off-by: James Taylor <james@jtaylor.id.au>
With this change it is now possible to combine interface action events.
If an interface action is generated by netifd or mwan3 for example ifup,
ifdown, connectd or disconnected and this action is configured in the inteface
uci section, then the conntrack table is flushed by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This fixes a crash that happens when dhcpd is configured with a failover
peer, and the failover peer goes down. The crash is due to a dereference
of a freed object. When tracing is enabled (which is the default) the
object in question is referenced by the tracing code and so doesn't get
freed prematurely. I have observed this crash on two different target
platforms (mips and x86_64), and it is reproducible on non-OpenWRT
distros by building isc-dhcpd using --disable-tracing.
This has been reported to ISC, but their response was that it's a low
priority as the simple work-around is to leave tracing enabled.
Re-enabling the tracing code only increases the size of the executable
by about 24KB.
Signed-off-by: Heath Kehoe <yaheath@gmail.com>
Current version in OpenWrt (3.16.2) fails against the Arch Linux
in System Rescue CD's NBD as rootfs (to allow sharing ISO across
network). Based on resolved issues and web searching it seems
nbd had endianness issues (which affected my ath79 device).
This updates to 3.19 which allows System Rescue CD PXE boot with
NBD rootfs to work.
Removed patches no longer required due to upstream changes, and
added new configure option (--without-libnl) required to avoid
linking against full libnl and libnl-genl (if present in build).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* change iptables whitelist target from 'ACCEPT' to 'RETURN'
to stop traversing the banIP chain and resume at the next chain
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add patch that detects when -latomic is needed.
Fix compilation without deprecated OpenSSL APIs.
Hard-code lua to avoid luajit dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit 32aaaaa led to failures when openwrt ARCH did not match kernel
ARCH, and this may not be its only side-effect.
This restores the previous Build/Compile and Build/Install, using the
default ones only when using external toolchain; in this case, ARCH is
set to LINUX_KARCH.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Two seperate package names were chosen instead of menu selected options
because dependents need a ready (large) package in release directory.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete.
POSIX allows few arguments to test, so long expressions are not
portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
This removes radicale-py2, the Py2 variant, and renames radicale-py3 to
radicale.
This also makes a number of changes:
* Actually use the Python package build system (from python3-package.mk)
* Download source from PyPI instead of GitHub git repo
* Remove unnecessary PKG_DEFAULT_DEPENDS definition
* Depend on python3-urllib instead of python3-email (now that urllib is
separate from python3-light and has python3-email as a direct
dependency)
* Move package description from menuconfig help to the actual
description field
* Remove unnecessary preinst script (default prerm will stop the
service now that the package name matches the init.d script name)
* Remove unnecessary lib/upgrade/keep.d entry (changed conffiles are
preserved by sysupgrade by default)
* Remove unnecessary postinst script (Python build system will set the
correct shebang)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
libevhtp 1.2.18 made API changes, and unbundled oniguruma.
To adapt seafile-server, some patches from Alexandre Rossi's debian
packaging at http://sousmonlit.zincube.net/~niol/repositories.git/
were applied.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Instead, use @jow-'s suggestion of just checking for the presence of the
executables to find the installed web servers.
Fixes#8529.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Libevhtp is building a static library, used by seafile-server.
Every time the libevhtp binary changes, seafile-server needs a release
bump.
Leave a note in the libevhtp Makefile, as a reminder.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The Makefile currently redefine the Compile and Install functions.
This is not working when using an external toolchain because some
flags are not interpreted, like CROSS_COMPILE. It is possible to
override the MAKE_FLAGS and MAKE_INSTALL_FLAGS instead.
Signed-off-by: Sébastien Blin <sebastien.blin@savoirfairelinux.com>
Update to latest stable release 5.54
Add new options ticketKeySecret and ticketMacSecret to uci validation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed dnsdist links correctly against dependencies and doesn't experience
errors at run-time when enabling features.
Description:
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is
to route traffic to the best server, delivering top performance to legitimate
users while shunting or blocking abusive traffic.
dnsdist is dynamic, its configuration language is Lua and it can be changed at
runtime, and its statistics can be queried from a console-like interface or an
HTTP API.
https://dnsdist.org/Closes: PowerDNS/pdns#3294
Signed-off-by: James Taylor <james@jtaylor.id.au>
Simplified the Makefile and fixes compilation with uClibc-ng. Also added
IPv6 support.
Took the time to clean up the Makefile with other useful options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
BIND now requires POSIX thread and IPv6 support to build
Add filter-AAAA plugin
Remove unrecognized options
Remove patch that no longer needed
- 002-autoconf-ar-fix.patch
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* remove needless sort step to reduce system load
* change maxqueue default in backend and LuCI frontend
to '4' to reduce (default) system load
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Major new release of mosquitto.
This release rolls up the initial 1.6.0 release, plus the subsequent
build/bug fixes of 1.6.1 and 1.6.2.
Original upstream changelogs:
https://mosquitto.org/blog/2019/04/version-1-6-released/https://mosquitto.org/blog/2019/04/version-1-6-1-released/https://mosquitto.org/blog/2019/04/version-1-6-2-released/
Major features of interest:
* MQTTv5 support
* performance improvements
* ALPN support
* OCSP staping support
* OpenSSL Engine support
* TLSv1.0 support dropped
Currently adds two patches to continue supporting OpenSSL engine support
being disabled, and a missing header include. These are both tracked
upstream and are expected to be dropped in a subsequent release.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Commit b32f8d4ff0 broke compilation
of Subversion on systems where unixodbc package is present.
This partial revert fixes issue #8975.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
gnunet-reclaim-sqlite is no more in 0.11.4.
Also remove duplicate files also contained in gnunet-utils package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Plugin options are properties of shadowsocks deployment as a whole,
including both server and each client components. Multiple client
instances accessing the same server will need to share the same plugin
settings
With this change, plugin options will need to specified to "server" and
"ss-server" section, not to each component section.
Fixes: c19e949 ("shadowsocks-libev: add plugin options support")
Reference: https://github.com/openwrt/packages/issues/8903#issuecomment-489674137
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add a package for the Semtech lora-gateway-hal.
This package includes three sub packages which
are libloragw, lora-gateway-tests and lora-gateway-utils.
Signed-off-by: Xue Liu <liuxuenetmail@gmail.com>
- update to 1.0.77
- apply patches from Rosen Penev for compatibility with uClibc-ng
- add an option for rotation_rate selection
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
It seems ever since the switch to uClibc-ng, this builds perfectly fine.
Moved PKG_MAINTAINER variable for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since no Python packages are produced by this package, including
python-package.mk is unnecessary.
This removes the reference to python-package.mk. (PKG_RELEASE is
unchanged as this should have no effect on the build.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For some reason, several C++ headers are not included. Include them.
Also added const fixes to get it to build with uClibc++.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change changes the maintainer to
`Alexandru Ardelean <ardeleanalex@gmail.com`
for all Python packages owned by
`Gergely Kiss <mail.gery@gmail.com>`
No functional changes.
Bumping PKG_RELEASE on each package that is updated.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The code was all there but the call do the function containing it was missing,
so call the function so that forced (UPS) shutdown occurs on a battery critical
or manually requested FSD situation.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
NUT's upsmon is rather peculiar in that it has a child process that runs as
a regular user and a parent process that runs as root (in order to facilitate
shutting down the device if needed). procd doesn't deal well with this and
doing 'normal' procd stop / restart / etc results in the child process still
hanging around but with not parent, which causes undesired behaviour. Therefore,
add the use of 'upsmon -c stop' during process shutdown / restart in order to
ensure that upsmon is actually fully stopped.
Also fixes nut-monitor going into crashloop on network changes (due to
trigger that restarted upsmon but failed due to orphan child from before
restart).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Reorganized and cleaned up Makefile for consistency between packages.
Disabled relro and pie. The build system already handles those.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
busybox ps and procps-ng ps have different outputs. Force busybox ps usage
to fix this.
Also cleaned up the script using shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
By default the buildbot does not build the bindings and thus misses this.
The BUILD_DEPENDS is totally broken. Removing the + sign should fix it.
The SWIG directories are wrong. Fix them.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change removes a series of Python packages that are added to
seafile-seahub and are not needed.
After some investigation into seafile, there are no references for it.
These are some of the low-hanging fruits.
They're not used [not sure when they were], and these packages were born
out of some weird sprints somewhere and forgotten on web and left
un-maintained.
So, remove them.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Some of these hacks were needed when uClibc++ was used. Now that it is not
we can remove them.
Remove libpthread dependency. Not only is it unneeded, package-defaults
already specifies it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Old API compatibility was kept with a compatiblity shim.
Detect wget --timestamping support to make it compatible with
uclient-fetch implementation of wget.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
remove building kernel module, it is not used and is not working with 4.19
rework the ready to use l2tp-ipsec example
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Avoid Hetzner hosted servers due to availability (.ru users)
and try to keep availability as good as possible without
sacrificing performance for the majority of users.
Update upstream project download URL
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Switched to CMake. This allows getting rid of several patches and hacks.
Added PKG_LICENSE information
Rearranged some stuff for consistency between packages.
Added some linked flags for smaller size. Saves around 500 bytes on MIPS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Refreshed patch.
Added PKG_LICENSE_FILES.
Added --as-needed linker flag for slightly smaller size.
Removed -O2 hack to get it to compile. As part of this, removed a bunch of
CFLAGS that are normally passed which potentially affect compilation with
Os.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Bruno Pena <brunompena@gmail.com>
tac_plus: Updated to the latest commit from upstream. Updated URL to reference Facebook's GitHub repository. Tweaked Makefile to include the date on the source package filename.
Signed-off-by: Bruno Pena <brunompena@gmail.com>
1.) Fix the handling of XTinyproxy option to avoid syntax error when starting tinyproxy:
example:
Syntax error on line 15
Unable to parse config file. Not starting.
Signed-off-by: Mathieu Coupe <eagle.pounains@gmail.com>
The protobuf 3.7 update broke ola due to API changes. Backported a few
patches from upstream to deal with this.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Correct option is "password_file" not "passwd_file"
Originally reported as: https://github.com/openwrt/packages/pull/8642
Added the package bump.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Buildbots are failing on kea because kea/host is failing:
checking for OpenSSL library... configure: error: OpenSSL auto detection
failed
I'm guessing the buildbots do not have OpenSSL installed and the
configure script does not find the proper location for OpenSSL.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* add a 'Net Error Check' which treats a missing
internet availability as an error (disabled by default)
* add a 'List Auto Expiry' which automatically resets
the 'Faulty Stations' list after n minutes,
default is '0' which means no expiry (old behaviour).
* rework major parts of the check subroutine
* add both features to LuCI frontend (separate PR/commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Libreswan is a free software implementation of the most widely
supported and standardized VPN protocol based on ("IPsec") and
the Internet Key Exchange ("IKE"). These standards are produced
and maintained by the Internet Engineering Task Force ("IETF").
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
This is causing linking errors on i3486 and maybe other platforms. Linking
with LD does not seem to be very portable.
Also cleaned up the Makefile by getting rid of whitespace, HTTPS,
duplicated entries, etc...
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove libopenssl dep from NGINX_HTTP_CACHE and NGINX_HTTP_AUTH_BASIC config flag
The documentation doesn't mention that openssl is required for this 2 modules. This also permit to use nginx no-ssl variant without libopenssl as this 2 module are selected by default. Also make OPENSSL_ENGINE flag a dep to recompile nginx on change of openssl compilation flag.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This patch updates the aircrack-ng package to their git revision
42f2b48d. This commit is the latest for the upcoming 1.6 release.
Signed-off-by: Joseph Benden <joe@benden.us>
There's a build race condition with other packages which sometimes results in:
Package libnetsnmp is missing dependencies for the following libraries:
libpci.so.3
Add ability to configure a static remote ip in pptp config file
This change has backward compatibility with old config files
Also remove the MAINTAINER as intructed
Signed-off-by: Thiago Pereira Ricciardi <thiago.ricciardi@gmail.com>
Kea is an open source DHCPv4/DHCPv6 server being developed by
Internet Systems Consortium. Kea is a high-performance, extensible
DHCP server engine that is designed to be easily modified and extended
with hooks libraries.
Kea is free open source, and we welcome community engagement, via the
Kea-users mailing list, this wiki, and our Github
repository. There is a small core team of dedicated software engineers
developing it and we need your contributions and support
contracts to support them.
DHCP Standardization efforts: The lead developer on KEA is
co-chair of the Dynamic Host Configuration working group in the
IETF. We are committed to providing a standards-compliant
implementation and are closely tracking developments in this working
group and evaluating them for inclusion in KEA.
wiki : http://kea.isc.org/wiki
official : https://www.isc.org/kea/
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
ENGINE_cleanup is unavailable when deprecated APIs and ENGINE support are
disabled. The cleanup functions are unnecessary with OpenSSL 1.1.
The getm functions use a faulty if directive. Work around it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Openssl 1.1.1 package in openwrt enabled more than just the devcrypto
engine, so the engine support in openssh should be enabled when general
engine support is enabled in openssl.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Added a dependency to OPENSSL_WITH_EC to prevent any build failures.
Switched URLs to HTTPS.
Added PKG_CPE_ID for proper CVE tracking.
Some Makefile reorganization for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Packages such as Perl, Lua, shell scripts don't generate binary files.
Add PKGARCH:=all to them.
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Django 1.11 is supported, but seafile-admin was still looking for v. 1.8.
Replaced current patch with the patch from haiwen/seafile-server#147.
Cleaned up unsupported configure options, including riak backend.
Check that the seafile-server version is the same as seafile-seanet's at
build time, removing the static EXTRA_DEPENDS check done at install
time.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Fixes compilation when both libbsd and ptunnel-ng are selected.
libbsd is used for arc4random with a fallback to /dev/random. musl does
not support arc4random.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also lets procd trigger the validation function directly, and
removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Note: this should prevent wget to writing to /root/.wget-hsts
which can lead to flash memory degradation.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
The variables can be empty if not set in the UCI config.
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This bug was introduced since dd206b7d0b
mwan3_remon_ipv4 and mwan3_remon_ipv6 is command to run not a variable
I add some comments on them hopefully people will notice it
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
The Go compiler can now manage the build dependencies by itself, as
obfs4proxy has been ported to a Go module.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* fix a json related ressource leak
* add a reload trigger when the wireless config gets changed
* set an interface default 'trm_wwan' (like the LuCI frontend)
* reordered nested loops to optimize the connection handling
Signed-off-by: Dirk Brenken <dev@brenken.org>
Yggdrasil builds end-to-end encrypted networks with IPv6. Beyond the
similarities with cjdns is a different routing algorithm. This
globally-agreed spanning tree uses greedy routing in a metric space.
Back-pressure routing techniques allow advanced link aggregation bonding
on per-stream basis. In turn, a single stream will span across multiple
network interfaces simultaneously with much greater throughput.
Authored by: William Fleurant <meshnet@protonmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
This one contains only a few CVEs + bugfixes.
* CVE-2019-8381 memory access in do_checksum() (#538)
* CVE-2019-8376 NULL pointer dereference get_layer4_v6() (#537)
* CVE-2019-8377 NULL pointer dereference get_ipv6_l4proto() (#536)
* Rename Ethereal to Wireshark (#545)
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
trafficshaper create QoS rules to limit (or reserve) traffic used
by classes of clients.
Uplink and downlink can be controled (or not controlled) independently.
Client classes are defined by its network addresses (IPv4 or IPv6). Each
client class can define absolute or relative (to wan) bandwith, and also
the use (or not) of spare wan bandwidth when avaiable.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Using shorewall-lite {en|dis}able instead of completely restarting
Shorewall is much more efficient.
But it also makes sense to move the starting of Shorewall from init
to an interface hotplug event. The "lan" interface should be a good
indicator that networking it ready. Besides, Shorewall won't start
until br-lan is available.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
When the server hostname resolved to both IPv4 and IPv6 addresses,
connecting would fail with nothing in syslog. This corrects that oversight.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* fix for #8357
* fix unexpectedy calling option_cb() during wireless config_load
* react immediately when the current active uplink connection
gets deleted
Signed-off-by: Dirk Brenken <dev@brenken.org>
The following patches are in upstream now
0100-netdev-linux-Use-unsigned-int-for-ifi_flags.patch
0103-ovs-ctl-fix-setting-hostname.patch
0106-ovs-save-compatible-with-busybox-ip-command.patch
0107-datapath-use-KARCH-when-building-linux-datapath-modu.patch
As for 0001-musl-compatibility.patch, the net/if_packet.h part does not
apply anymore. And musl is not relevant as we use libatomic from gcc
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* switch to git, until we can consume manual created source releases again
* Fix compilation without OpenSSL ENGINE
* remove unnecessary stop_service() triggers
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* add patch for tmsize overflow (https://bugzilla.samba.org/show_bug.cgi?id=13622)
* re-enable netbios by default
(Some users still need netbios and its just a minor size increase 50kb)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Switch to v0.11 release sources (plus patches to still get it to build)
gnunet-social was out-sourced into a separate repository and hence
new OpenWrt package gnunet-secushare.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Before this change two disconnected events were generated. This is wrong!
The disconnected event is impliciet generated by the hotplug script on ifdown
event. The mwan3track script is notified by a USR1 signal which
generates the disconnectd event. The additional "disconnectd" event on
ifdown is not required.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also moves the generated config file to /var/etc and adds a
service_triggers() function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The speedtest-netperf.sh script measures the network throughput while
monitoring latency under load and capturing key CPU usage and frequency
statistics. The script can emulate a web-based speed test by downloading
and then uploading from an internet server, or perform simultaneous
download and upload to mimic the stress of the FLENT test program.
It simplifies tasks such as validating ISP provisioned speeds or setting
up and fine-tuning SQM, directly on the router. The CPU usage details
can also help determine if the demands of SQM, routing and other tasks
such as the test itself are exhausting the device's CPUs.
This script leverages earlier scripts from the CeroWrt project used for
bufferbloat mitigation, betterspeedtest.sh and netperfrunner.sh. They are
used with the permission of the author, Rich Brown.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* add captive portal domains automatically to the related
domain whitelist (dhcp option 'rebind_domain'),
if rebind protection/RFC1918 is enabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
This updates the package to use the default PyBuild/Compile, instead of
defining a custom Build/Compile.
This also updates the source url and adds a src package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the Python 2 twisted package to python-twisted, and updates
dependents (i.e. obfsproxy) to reference the updated name.
This also fixes conflicts between the Python 2 and 3 packages. Twisted
installs some scripts to /usr/bin, and previously scripts for both
packages used the same names. This adds a "3" suffix to scripts
installed by python3-twisted.
This also adds python[3]-setuptools as a dependency, as the scripts
installed to /usr/bin depend on pkg_resources (part of setuptools).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When OpenSSL is built without deprecated APIs, pkg-config first tries
OpenSSL in the staging directory but fails as it cannot find the
deprecated SSL_library_init function and ends up finding the system one.
Added PKG_BUILD_PARALLEL for faster compilation.
Added -Wl,--gc-sections to LDFLAGS to save ~10KB from the resulting ipk.
Reworked configure section as some of those options were renamed or
removed.
Removed EXTRA_* hacks that are no longer necessary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Using an external toolchain, it was discovered that net-snmp would
link with the Perl library (-lperl) from the host rather than from the
target.
Since we do not provide Perl as a dependency to net-snmp, the solution
is to disable support for it.
Fixes issue #8217.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also replaces space indentation with tabs, and removes trailing
whitespace and unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a validate section to service_triggers(), and fixes some
variable name typos in qosdef_init_static().
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Changes:
-remove old patch(part of 0.0.9 release)
-change the canonical upstream repo location to gitlab
-change source to gitlab
-change source package to golang-gitlab-yawning-obfs4-dev
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and updates the timeout
value to the new max timeout in ipset 7.0.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.
Always call post_checks when returning from issue_cert.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
git is hard. :-(
Reported-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fixes: 4629f043e0 ("znc: update to 1.7.2")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also fixes some validation, makes variable declarations local,
removes unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Refresh patches
Remove --enable-static and --enable-dynamic because they're enabled by default
Enable parallel compilation
Fix compile without IPv6
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
It is increasingly likely 240/4 and 0/8 netblocks will be allocated as
unicast globally rout-able and reachable address space
240/4 is already enabled throughout linux and openwrt.
Permit these address blocks under bcp38 address validation, ie. remove
those ranges from the block list:
list match '0.0.0.0/8' # RFC 1700
list match '240.0.0.0/4' # RFC 5745
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[bump package - minor tweaks to commit message - remove commented lines]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and removes some
unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also fixes a variable name typo ("CONFIGFILE" instead of
"config_file").
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and removes some
unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Switched URL to @SAVANNAH for more mirrors.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_LICENSE info.
Minor reorganization for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- fix reporting for bogus hostnames with underscores
- no longer accidently overwrite existing 'serversfile' entries in dhcp
config which reference to the adblock jail list
- remove needless 'no_mail' flag
- refined log message regarding tcpdump requirement for reporting
Signed-off-by: Dirk Brenken <dev@brenken.org>
gitweb is missing a dependencies on perlbase-filetest and
perlbase-storable. It fails to start without these packages.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also corrects a variable name typo ("proxy" instead of
"proxy_host").
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Since the functions in procd.sh invoke "initscript" variable which is
not defined when imported procd.sh from hotplug scripts. And this
results in error when calling basename utility.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:50 2019 user.notice nft-qos-monitor: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 250 192.168.11.109/60566 reply www.google.com is 216.58.215.68
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mtalk.google.com is <CNAME>
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mobile-gtalk.l.google.com is 173.194.222.188
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 user.notice nft-qos-dynamic: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Signed-off-by: Rosy Song <rosysong@rosinson.com>
- Add new patches (see https://www.haproxy.org/bugs/bugs-1.8.17.html)
- Raise PKG_RELEASE to 2
- Prefix patches with 3-digit numbers instead of 4-digit numbers
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also lets procd trigger the validation function directly, and
removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The reworked init script:
* Loads and validates options using uci_validate_section() (through
uci_load_validate())
* Allows service options be specified in the globals section
* Hard-codes less global options (debug, syslog), as their default
values already work
* Adds support for almost all options (up to the current package
version, 5.49)
* Moves the pid file into a subdirectory (/var/run/stunnel) so that it
can be created successfully when setuid is used
Certain options are omitted:
* chroot - requires more setup than the init script can manage
* fips, libwrap - disabled at compile-time
* iconActive, iconError, iconIdle, taskbar - gui/win32 only
* verify - obsolete, verifyChain and/or verifyPeer should be used
instead
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Current dropbear is sufficient for gitolite purposes, so don't
require openssh (we don't do a dependency on either dropbear or
openssh as they are not yet drop-in replacements in terms of
packaging for the functions shared between them). To achieve
tihs we also eliminate the dependency on ssh-keygen. Previously
gitolite used ssh-keygen to generate fingerprints from OpenSSH
keys to ensure non-duplication of keys when processing them to
create / manage user ssh access to the git repositories.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The previous solution was incorrect. The issue was that the macro was not
defined as the header defining it was not included. GCC warns if -Wunder
is passed and does not error by default, leading to the confusion.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add a forgotten patch which was part of the original PR to switch ct tools
to libtirpc.
Fixes: ecebe0ed1 ("conntrack-tools: update to 1.4.5 and link against libtirpc")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In order to allow for the switch from librpc to libtirpc, we need to
relocate the conntrack-tools package here.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Small but important tweaks to fix the operation of the nut initscripts
and hotplug scripts. All hail shellcheck and proofreading and
dogfooding.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This upstream release adds support for trust_anchors_backoff_time
configuration parameter. UCI support has been added for this.
This commit also includes a number of clean-ups:
o change START=50 to START=30 in init file
Starting earlier in the boot means less chance of missing interface
trigger events. See: https://github.com/openwrt/packages/pull/4675
o remove unused variables from init file
o separate local declarations and assignments in init file
o add defensive quoting in init file
o use default values for procd respawn in init file
o make use of {} in variables consistent in init file
o remove unused variable from init file
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
* the DNS Report now displays the hostname, MAC-Address or
client IP (CLI & LuCI)
* Filter the DNS Query result set for a particular domain, client or
time frame (CLI & LuCI)
* remove needless XHR.Poll-Events from Reporting page in LuCI
* remove needless 'force sort' option in LuCI
Signed-off-by: Dirk Brenken <dev@brenken.org>
The configure script uses a deprecated function to check for libssl. I tried patching configure.ac
and adding PKG_FIXUP:=autoreconf but that causes a different error. This is the simplest fix.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
lighttpd-mod-auth has to be installed with lighttpd-mod-authn_file,
otherwise an error will appear even when auth.backend is not "plain".
(plugin.c.229) dlopen() failed for: /usr/lib/lighttpd/mod_authn_file.so Error loading shared library /usr/lib/lighttpd/mod_authn_file.so: No such file or directory
Signed-off-by: David Yang <mmyangfl@gmail.com>
Since 4.9.3, Samba AD-DC with MIT Kerberos will refuse to build unless
--with-experimental-mit-ad-dc is provided to the configure command.
The mandatory requirement was introduced in response to a report that
a user in a Samba AD domain can crash the KDC when Samba is built in
the non-default MIT Kerberos configuration:
https://www.samba.org/samba/security/CVE-2018-16853.html
This requirement was introduced in Samba commit
c5370a4349d381ba3b64b063dc28a2c54cfacdfc.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
* fix launcher.sh installation for client, bridge
* link libreadline as static for host helper (hamcorebuilder)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* enhance the query function to search in adblock backups as well,
to get back the set of blocking lists sources for a certain domain
* add "Latest DNS Queries" report to commandline version as well
(already in LuCI)
* made the tld compression (the error handling) more robust,
remove the needless 'adb_forcesrt' option
* removed abandoned 'feodo' list source
* updated readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Radicale 2.x adds support for many new clients,
bug-fixes, etc so add v2 of this application.
We do it as a separate package for those not
ready to switch (it's not an straight inplace
upgrade from 1.x).
We do however CONFLICT with 1.x as they can't
be run side-by-side on the same host (without
containers for somesuch).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This is not supported by letsencrypt, so issuing the certificate will fail.
Instead, add 3072 bits as an intermediate option.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
As pointed out by @andersk, acme.sh already supports ECC certificates, and
they can be set manually in the uci file, just not in Luci. Fix this by
changing the key size selector into a listbox, and adding ECC certs as
options.
Fixes#7825.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Under certain circumstances nutshutdown was causing a forced
shutdown of the UPS even though killpower was not indicated.
Prevent that. Also clarify the logic for powering off server
by avoiding && || chains.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Fix a crashloop under procd when attempting to bind
to any address when no interfaces are yet available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
It hasn't been maintained for years and doesn't have recent features such as AEAD crypto and IPv6.
(The "recent" update is fix compilation without deprecated OpenSSL APIs, which is made by Rosen Penev)
It has been superseded by shadowsocks-libev, which is recently maintained by community and has LuCI frontend.
Despite its smaller size, it depends on OpenSSL, which is way larger than MbedTLS, the one shadowsocks-libev used. Thus, it doesn't really fit in space-constrained devices.
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
The configure script checks for the existence of OpenSSL by checking a
deprecated function. This works around it. The other changes have been done
previously
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Now that the library has been updated, we can also update this.
Switched to codeload as we don't need the submodule anymore.
Various other Makefile consistency updates.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* add automatic blocklist backup & restore, they will be used
in case of download errors or during startup in backup mode
* add a 'backup mode' to re-use blocklist backups during startup,
get fresh lists via reload or restart action
* procd interface trigger now supports multiple WAN interfaces
* change URL for abuse.ch/feodo list source in default config
* small fixes
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
This package install both server client and bridge app... This is useless if someone needs to run only the server on the device. Split the package in 3 subpackage and a base package that contains file needed by all 3. This also upgrade the package to latest release to fix some bug and memory leak.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Update to 1.15.8. Also use HTTPS
PKG_VERSION (nginx version) in 3rd-party modules tarball filename is dispensable and can be dropped to avoid unnecessary downloading
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
PKG_SOURCE_DIR and PKG_BUILD_DIR are just the default, so remove them
from the gitolite Makefile
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This is a new package to add tooling for IPv6 Neighbor Discovery
Protocol, ndptool. Builds libndp and ndptool.
Signed-off-by: Thomas Guyot-Sionnest <dermoth@aei.ca>
I am no longer able to support maintaining the stubby daemon for openwrt. I suggest Jonathan Underwood <jonathan.underwood@gmail.com> as a replacement.
