* cifsd: fix uninitialized fp could be freed
* cifsd: fix potential uninitialized spnego_blob could be freed
* cifsd: smbd: replace spinlock_irqsave with spinlock
* cifsd: smbd: avoid the lack of client's send credits
* cifsd-tools: add version generation script
* cifsd-tools: do not abbrev git describe
* cifsd-tools: use 'unknown' version string if git describe fails
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* Update nextdns to version 1.1.5 which adds IPv6 dual stack support.
* Add the ability to configure per host configuration id from uci.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* some init tweaks
* use the usual wifi wrapper for reloads
* compatibility fix for latest wifi-related changes
in master (dynamic wireless radio reconfiguration)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix breaking change introduced in the main tree with a commit
7519a36774ca ("base-files,procd: add generic service status") where the
old service `status` callback function doesn't work anymore and needs to
be renamed to `status_service`. This name was chosen for consistency
with start and stop function callbacks, which are using `start_service`
and `stop_service` naming schemes.
While at it, fix whitespace issues in the status_service as well.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-September/019035.html
Reported-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This change:
* Removes building of Lua bindings. These bindings were already removed
upstream[1].
* Fixes building of Python bindings:
* Fix SWIG_DIR path (note that SWIG_VERSION will need to be updated
whenever the swig package is upgraded)
* Fix Python module paths and filenames
* Packages the Python bindings in a new package (python3-sysrepo) and
builds it by default, instead of depending on a config option.
[1]: https://github.com/sysrepo/sysrepo/pull/1429
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When the user requests 'any' as 'iptype', we may get either IPv4 or
IPv6 settings.
Simplify the logic by not requiring any explicit iptype before loading
the method reported by the bearer object for IPv4 and IPv6; just load
the methods right away and setup settings based on those.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Till now we could only ping http targets on port 80. With this change by
adding the config boolean config option httping_ssl we could also ping
https ping targets on port 443.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Sometimes the return value of `ubus -S call network.interface.wan status`
cause `json_load` to return `Failed to parse message data` error.
To avoid this, the JSON data always should be quoted with double quotes.
Signed-off-by: Evren Yurtesen <eyurtese@abo.fi>
Removed quoatation marks from commit heading
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There is an issue with the included build scripts which improperly check for a
requirement on libboost-thread where another implementation is available.
Fixes#10273.
Signed-off-by: James Taylor <james@jtaylor.id.au>
seafile-server uses libevhtp pthreads support. libevhtp needs
libevent2-pthreads for that. However, since there is no installable
package for libevhtp--the library is build static-only--then
seafile-server, its consumer, needs to add the dependecy.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Current version of ubus module have some problem with list method. Update the module to fix this problem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* limit firewall hotplug trigger to certain wan 'INTERFACE' as well,
to prevent possible race conditions during boot
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a logical glitch in the hotplug event handler
* properly handle fatal iptables errors - even in subshells
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Migrated init-script to procd.
- Removed the old hotplug script as it is unnecessary and
caused long boot-times for r7800 and possibly others.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
The procd based init setup uses a custom `pidfile` parameter, but the
used MODEMMANAGER_PID_FILE was not being defined anywhere.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Since ModemManager 1.10.2, per-device carrier mapping configuration
files may be installed, providing support for automatic carrier config
selection.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
The bearer status wasn't being loaded in key/value mode, and therefore
would always fail to load the IPv4 config method.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
* print to stdout if 'logger' is not available
* add support to set the service nice level (default is 0)
* small fixes / polish up for forthcoming 19.07 release
Signed-off-by: Dirk Brenken <dev@brenken.org>
* more startup tweaks
* re-use f_log function in helper scripts
* small fixes / polish up for forthcoming 19.07 release
Signed-off-by: Dirk Brenken <dev@brenken.org>
* more startup tweaks
* re-use f_log function in helper scripts
* small fixes / polish up for forthcoming 19.07 release
Signed-off-by: Dirk Brenken <dev@brenken.org>
A set of scripts that parse RSS feeds and downloads files for you.
Recipes are available to send download links to transmission and aria2.
Signed-off-by: Leong Hui Wong <wong.leonghui@gmail.com>
Makefile cleanups for consistency between packages.
Placed libsysrepo in Libraries instead of Utilities.
Removed InstallDev as it is implied by CMAKE_INSTALL.
Added .patch at the end of patch files.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This fixes a runtime startup error on system which does not have a
toplevel runtime directory for the pid file. On openwrt the pid is
located at /var/run and not on /run. To fix that add a configure option to
move the pid location to /var/run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This fixes a runtime startup error for system, which does not have enabled the
kernel config option CONFIG_PROC_EVENTS.
This workaround was published on github under the following URL.
https://github.com/acassen/keepalived/issues/1119
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fix race condition in download utility detection during boot
* fix multiple possible bugs in ipset creation
* prevent parallel service starts
* refine service trigger handling
* add ssh daemon auto detection
* print to stdout if 'logger' is not available
Signed-off-by: Dirk Brenken <dev@brenken.org>
MBIM and QMI support (necessary for modern and
high-performance LTE modems) should be default
y otherwise the only way to use modemmanager
with these protocols is to recompile the package.
This is very inconvenient for most end users.
Also fix typo in PKG_HASH definition.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Fixed license information.
Use xz archives.
Use PKG_SOURCE_DATE instead of PKG_VERSION, which evaluates to the same.
Use HTTPS, which goes through firewalls more easily.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Adds ubus module to nginx
- Select module by default
- Adds script to detect ubus module and append config for luci
- Switch all external module to xz
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Switched to standard PKG_INSTALL.
Added PKG_BUILD_PARALLEL for faster compilation.
Added some size optimizations.
Added license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
OpenSSL is already built as part of tools (LibreSSL actually) and can be
used instead for the host build.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This updates all Python packages that download their source from PyPi to
use pypi.mk.
This will allow future improvements/changes to pypi.mk to affect all
relevant packages.
This also makes it easier for future Python packages to start using
pypi.mk, when it's clear how it is used in existing packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
the patches 010-Fix-compilation-when-OpenSSL-has-no-ENGINE-support
and 020-Fix-compilation-without-deprecated-OpenSSL-APIs are now
merged upstream, so they must be dropped from the OpenWrt pkg
Signed-off-by: Saverio Proto <zioproto@gmail.com>
MM has a problem with cross-compiling. It needs to run some
tools during compilation (glib-mkenums & gdbus-codegen) but uses
pkg-config to detect them. But like this it finds the wrong tools, the
ones in $(STAGING_DIR). The correct tools are in
$(STAGING_DIR_HOSTPKG)/bin.
As a workaround this commit patches configure.ac so the correct tools
are used, the ones from glib2/host. The latter is also added to
PKG_BUILD_DEPENDS to reflect this.
libxslt/host is also added to PKG_BUILD_DEPENDS and the related
RequireCommand call is removed. This is OK to do since we have
libxslt/host available since a few days ago.
Resolves#10249
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- rename the section instance to yggdrasil (feat. request)
- allow zone to cover both ip4 and ip6 fam
Signed-off-by: William Fleurant <meshnet@protonmail.com>
After many failed attempts at upgrading Django to 2.2.6, the solution seems
to be to split a `python-django1` package that works with Python2 and
upgrade `python3-django` to the latest 2.2[.6] LTS release.
This also means that all Python2 Django packages will be stuck & based on
Django 1.11[.24] LTS release. But, it's currently the sanest approach I
could find to be able to perform an upgrade of Django to 2.2, and not break
Seafile.
Upgrading Seafile is also pretty difficult, as their Python3 support is not
yet finished & released. And in the meantime, we want to allow people to
use newer Django versions.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Upstream release message:
"Letsencrypt CA recent changed the CDN provider, which resulted in hanging issues.
Any downstream package should update.
This is important."
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Add required libevent2-pthreads dependency for all ntpd
subpackages.
Remove keygen-specific libevent2-core support as it is
automatically selected by the libevent2-pthreads dependency.
nptd: Bump PKG_RELEASE
Fixes: openwrt/packages#10307
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
argp-standalone is only needed for non GLIBC targets.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed unnecessary C/LDFLAGS.
Remove libstdcpp depends. It's included with libfmt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes following errors:
main.c:458:37: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:463:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
main.c:518:35: error: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:157:3: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result]
main.c:763:3: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
- add uwsgi patch to add option to don't follow simbolic link but call it directly (waiting to be approved)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
lightweight client for the RFC8555 ACMEv2 protocol, written in plain C code
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* the WAN auto detection now supports multiple interfaces, too
* no longer filter out possible LAN devices
* add a new DoH (DNS over HTTPS) blocklist source with public
DoH DNS server addresses, to effectively block client side DoH
communication, e.g. via Firefox or Chrome
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new 'ca-bundle' dependency as all https connections
are now validated by default
* automatically select the download utility: 'aria2', 'curl',
'uclient-fetch' with libustream-* or wget are supported
* track & ban failed LuCI login attempts as well
* add a small log/banIP background monitor to block
SSH/LuCI brute force attacks in realtime (disabled by default)
* add a config version check (please update your default config!)
* made the automatic wan detection more stable
* fix the IPv6 logfile parser
* fix the service status message
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix kea-admin dependency where if procps-ng-ps wasn't available busybox
would output an error casuse it does't support showing a processe's PID
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Fix an issue where the Makefile wouldn't allow kea to show up in the
menuconfig Also added some description to the packages
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Condition testing for Linux version 4.14 is spelled LINUX_4_14, not
LINUX_4.14, so the checks were ineffective up to this change.
This Fixes the following error which appeared after update to 2.12.0,
when built against kernel 4.14:
Package kmod-openvswitch-intree is missing dependencies for the
following libraries:
tunnel6.ko
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
debug is boolean option/flag so setting it to 9 doesn't work, while at
it I've synchronized boolean options from source code and sorted it
alphabeticaly with following command:
grep flag src/cmdline.ggo | cut -d \" -f2 | sort | tr '\n' '|'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Code in option_cb was referencing $chilli_inst variable which was
declared as local, thus the instance startup logic in start_chilli was
referencing variable which would always get value of 1, effectively
making `disabled` config option useless.
So I've fixed it with simpler config_get_bool and while at it, I've simplified the
surrounding code little bit as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
apcupsd's configure script looks up paths to sh, wall and mail on the
host system, but intends to use them on the target system. OpenWrt
replaces apcupsd's scripts by its own versions, so those paths don't
really matter, however, if the host system doesn't have wall installed,
the build fails. This is the case on Gentoo when util-linux is built
with USE=-tty-helpers (default). Prevent such failures by providing
explicit stub paths to sh, wall and mail to configure script.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Before the CMake update, either protobuf was being installed to HOST
instead of HOSTPKG by mistake or some other problem.
This adds a linker flag to look in the proper location.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some firewalls mandate a minimum size of 4k for SYN packets, which
transmission does not do by default. Upstream issue here:
https://github.com/transmission/transmission/issues/964
Cleanup:
Fixed license info.
Removed two unnecessary patches.
Ran shell script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to CMAKE_INSTALL to get rid of InstallDev.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Several other cleanups.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed PKG_INSTALL as cmake.mk already defines it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This can be helpful for example in hotels where you need to
enter a new user/password combination every week.
Signed-off-by: Johannes Rothe <mail@johannes-rothe.de>
Compile Tested: yes, selects lua as implementation and doesn't pick up luajit
Run Tested: no, minor change
Maintainer: me
Description:
On some architectures PowerDNS was preferring Luajit over Lua, which wasn't added
as a dependency. On previous versions this was controlled by passing `--with-lua`
and `--without-luajit` however this isn't functional anymore.
On the 4.2 series, it is instead possible to define the lua implementation to be
used by passing `--with-lua=[implementation]` ie `--with-lua=lua`
Signed-off-by: James Taylor <james@jtaylor.id.au>
nut uses gdlib-config to find libgd, which happens to be deprecated. This
switches it to use pkgconfig and allows a fallback to gdlib-config, same
as the libusb check.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bump PowerDNS Authoritative DNS Server to 4.2.0. Release changelong can be found at
https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.0
Compile Tested: OpenWRT Snapshot - armv7
Run Tested: Linksys WRT1900ACS - package runs correctly, not all functionality has been tested.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705
For seahub this was omitted, since the Python dependencies are prefixed
with `python-`, so it was missed during the grep search.
And grepping just for `mysql` yields many results.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
commit 0c090fde68b2 ("scons: move host build tool to a proper place")
has moved scons into the packages feeds, so switch to that package
include and adjust build dependency to a new scons home.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.
The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
The package on PyPi is named `mysqlclient`.
This should have been named `python-mysqlclient` from the start.
There is a `mysql` package on PyPi already but that's a different
code/package.
Doing this should avoid any future confusion.
There is no good time to do this rename; at least 19.07 has been branched
already and this can go into the next release [in a year or so].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl>
Compile tested: ramips, Xiaomi Router 3G, fc54256
Run tested: ramips, Xiaomi Router 3G, 0f54d96
Description:
Mosh is "Remote terminal application that allows roaming, supports
intermittent connectivity, and provides intelligent local echo and line
editing of user keystrokes".
Project's site: https://mosh.org
Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt
updated by me
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
(Makefile cleanup and size optimizations)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Correct SPDX License Identifier
- Move MAINTAINER, SUBMENU to more appropriate place
- Use HTTPS in URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
As discussed on GitHub[0] the package should be removed.
[0]: https://github.com/openwrt/packages/issues/7832
> The package is effectively orphaned upstream and has been for some
time. Given the security-sensitive nature of the package, an active
maintainer community is essential for safe usage. Racoon's lack of
support for IKEv2, despite it being stable for a long time, and the
availability of next-generation tunneling systems such as wireguard,
also would seem to limit its future value. Setkey's functionality
has been subsumed by 'ip xfrm'.
> If you disagree that ipsec-tools should be removed from OpenWRT,
please say so now. If there are still use cases for it that are
not met by other IKE implmenentations that would be good to
know. But more importantly, I think you'll need to convince us
that ipsec-tools is actually safe to operate on today's Internet
given its current state of development.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* fix a dns restart issue if 'flush dns cache' is set
* fix a suspend/resume issue, the status wasn't properly updated
* fix a long standing query issue
* rework return code handling, mostly for debugging
* various cleanups & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Development moved to GitHub. Update URLs.
Cleaned up Makefile a bit for consistency between packages.
Added patch that removes deprecated bzero.
Ran init script through shellcheck. Fixed minor warnings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bidirectional Forwarding Detection (BFD) is a network protocol that is used to
detect faults between two forwarding engines connected by a link.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* update to git (2019-08-19)
* use new "kill_server" sysfs option on stop
* ensure reload_service() works correctly
* add inherit owner, force create mode, force directory mode UCI options
* add patches for mips target (vfree, vmalloc)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* background service: no longer miss "signal" events for the
dns backend (to trigger adblock)
* fix a dns backend reload issue during switch between
different blocking modes
* domain query: report found domains only once in
"null" blocking mode with IPv4 & IPv6 list entries
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a possible race condition during DNS file reset on slow hardware
* optimize DNS restart behaviour in 'null' blocking mode
* mute useless warnings
Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit updates:
- bump version to v20190809
- fix PKG_LICENSE_FILES
- rename package names to kcptun-server, kcptun-client
- refactor Makefile
- merge config and service scripts
- add more config options to support all features
- add additional options: gogc, syslog, user
- add README.md
Reference:
- package shadowsocks-libev
Signed-off-by: Chao Liu <expiron18@gmail.com>
* add support for 'DNS File Reset', where the final DNS blockfile
will be purged after DNS backend loading (save storage space).
A small background service will be started to trace/handle
dns backend reloads/restarts
* add support for the 'null' blocking variant in dnsmasq
(via addn-hosts), which may provide better response times
in dnsmasq
* enhance the report & search engine to support
the new blocking variants. Search now includes
backups & black-/whitelist as well
* compressed source list backups are now mandatory (default to '/tmp')
* speed up TLD compression
* E-Mail notification setup is now integrated in UCI/LuCI
* update the LuCI frontend to reflect all changes (separate PR)
* drop preliminary dnscrypt-proxy-support (use dnsmasq instead)
* drop additional 'dnsjail' blocklist support (not used by anyone)
* procd cleanups in init
* various shellcheck cleanups
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
iotivity's scons build script is not compatible with python3, so use
python2.7 from python/host to run it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Otherwise compilation fails when clang-tidy is found in the host:
-- clang-tidy found: /usr/lib/llvm/7/bin/clang-tidy
error: unknown argument: '-fhonour-copts' [clang-diagnostic-error]
error: unknown argument:'-iremap[...]:https_dns_proxy-2018-04-23'
[clang-diagnostic-error]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This avoids copying /usr/include, unversioned *.so files, pkgconfig,
/usr/lib/*.la, and the build-time libs/cflags configuration utility
clamav-config.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f5420af phantap: do not capture vlans
5d1bd13 phantap-learn: improve the BPF filter, exclude vlans
be6f7d9 Readme.md: we now support talking to the victim.
8789da5 README.md: fix typo
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Full changelog here: https://mosquitto.org/blog/2019/08/version-1-6-4-released/
Fixes a regression in persistent session handling, and various other
regressions related to the mqtt5 support.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Changelog prepared by upstream project
* osport.h: replace SUSv3-specific functions by POSIX variants [Fabrice Fontaine]
* avp: Error Code field in Result Code AVP is optional [Pau Espin Pedrol]
* network_thread: Early continue in loop to remove huge indented block [Pau Espin Pedrol]
* network_thread: Simplify while loop using for loop [Pau Espin Pedrol]
* network: connect_pppol2tp: early return to avoid huge indentation block [Pau Espin Pedrol]
* xl2tpd: start_pppd: Fix truncation of last character [Pau Espin Pedrol]
* handle_packet: Remove unneded else clause when handling payload [Pau Espin Pedrol]
* control: Split control message handling into its own function [Pau Espin Pedrol]
* handle_packet: Rearrange code flow to simplify it [Pau Espin Pedrol]
* avp: Early failure if no handler to remove indent block [Pau Espin Pedrol]
* xl2tpd: Mark internal symbols as static [Pau Espin Pedrol]
* Fix indentation and whitespace in code block [Pau Espin Pedrol]
* xl2tpd: Remove unused variable [Pau Espin Pedrol]
* network: Add missing close(kernel_fd) on init network failure [Pau Espin Pedrol]
* network: Add missing close(server_fd) on init network failure [Pau Espin Pedrol]
* Add 'cap backoff' option, limiting exponential backoff retries will
be delayed by exponentially longer time, unless that time is capped
by configuration. [Bart Trojanowski]
* Add program to show status icon in system tray. [Github user: username34]
* Add info on building and installing xl2tpd [Samir Hussain]
* Update formatting of README.md [Samir Hussain]
* Rename README.xl2tpd to README.md [Samir Hussain]
* Update Debian changelog [Samir Hussain]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This should fixopenwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
