* provides an option to transfer log events on remote servers via cgi interface (disabled by default), see readme for details
* refine the allowlist check to support IP intervals as well before adding an IP to the blocklist
Signed-off-by: Dirk Brenken <dev@brenken.org>
* improve allow-listing reliability by running sed from the script-file
instead of the command-line
* fix user for smartdns files ownership
Signed-off-by: Stan Grishin <stangri@melmac.ca>
New features for v1.7.x:
1. Support excluding custom routes
2. `udp_disable_domain_unmapping` for inbound listen option
3. `HTTPUpgrade` transport
4. Migrate multiplex and UoT server to inbound and multiplexing support is no longer enabled by default and needs to be turned on explicitly in inbound options.
5. TCP Brutal support for multiplex
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
Changelog: https://github.com/snort3/snort3/releases/tag/3.1.76.0
,,_ -*> Snort++ <*-
o" )~ Version 3.1.76.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-12-03
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
* do not use standalone grep-package dependent syntax to get the remote
file size
* various bugfixes to prevent attempts to change/commit if dnsmasq/smartdns
are not installed
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: correct URL to config-update file
* bugfix: check if uci configs exist before chacking for changes
* add support for smartdns ipset-based blocking
* add support for smartfns nftset-based blocking
* disallow non-ascii symbols for smartdns blocking
* add check wherever fw4 restart is needed before calling
procd_set_config_changed firewall
* improve clean-up code in resolver()
* improve case code for different resolver settings
* modify load_validate_config to allow smartdns.ipset and smartdns.nftset
Signed-off-by: Stan Grishin <stangri@melmac.ca>
uspot is an OpenWrt-native captive portal system.
It leverages existing OpenWrt tools such as uhttpd, dnsmasq, firewall4,
ucode, without needing any external kernel module.
It can achieve the maximum performance allowed by nftables (flow
offloading works).
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* add support for smartdns
* switch from using `uci` commands to `uci_` functions
* rename `_resolver_config` to `_dnsmasq_instance_config`
* introduce `_smartdns_instance_config`
* improve resolvers restart code on changes
* update load_validate_config to allow for smartdns option
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If no GSM but only 4G is available and a special APN must be used, it
is necessary to set an inital EPS bearer beforehand. If this is not set,
then modem cannot log in and register in the mobile network.
The new option 'init_epsbearer' could be set to the following options.
* none: No init EPS bearer is used and the old one is deleted (default)
* default: Use init EPS bearer with the following config options
'iptype', 'allowedauth', 'password', 'user' and 'apn' as for the
connection bearer.
* custom: Other parameters are used that do not match those of the
default connection bearer. These have an 'init_' prefix and are named
in the same way as the default connection bearer config options.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
With this change the following modem 'state' are checked before a
connection attempt setup.
* failed: Stop connection attempt because of sim-missing
* locked: Stop connection attempt if no pincode is set
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
- Add many options to config file.
- Move rules and generated snort.lua to /tmp.
- Add script for downloading rules.
- Add preliminary reporting capabilites.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Fix the problem that cannot create new task after clearing checksum option
Other bug fix and user interface optimization
Support overriding aria2 global settings with empty content when create new download task (#712)
Other bug fix and user interface optimization
Update Traditional Chinese translation (#705, thx @ChiaYen-Kan)
Other bug fix and user interface optimization
Add check-integrity to task settings tab (#693, thx @raytrap)
Fix a spelling mistake (#696, thx @rusq)
fix due to the index.html (1.3.6) cite these 2 png files. To keep the page looks fine without 404, added these 2 png files.
Signed-off-by: Ariel Xiong <ArielHeleneto@outlook.com>
Add experimental PCRE2 support patch as PCRE is EOL and won't receive
any new updates anymore.
Since PCRE2 API changed, also snort plugins API changed and require some
tweka for any user downstream that compile custom plugins. The examples
are all updated and conversion patch contains additional info on the
changes required to the plugins.
Plugins needs to be compiled and require updates anyway so there isn't a
problem with user trying to load incompatible plugins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This package was intended to provide the experimental multithreading
support for iperf3. With the update to 3.16, multithreading is available
in mainline iperf3. Thus, remove this package.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Upstream bump
,,_ -*> Snort++ <*-
o" )~ Version 3.1.75.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-11-20
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Changelog:
- update trust-dns to hickory
- never report an error when the syslog init fails
- dependency updates
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Changes:
- add firewalld-reload subcommand
- bridge: force static mac on bridge interface
- dependency updates
- numerous fixes to test suite
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
cni-protocol can be used for both cni and netavark
and also for many other things, such as vpn's that
lack customized protocol supports for openwrt as a
general externally managed protocol, so it was due
to rename it.
I also added one extra option, search domain, which
is optional and updated scripts retrieving ip address
and routing information.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
This fixes the Invalid Resource Record: FATAL problem: ARRDATAIllegalIPv4Address error message described in https://forum.openwrt.org/t/route53v1-script-error/160068
Maintainer: @chris5560, @maxberger, @dibdot
Tested: Checked on local system
Signed-off-by: Max Berger <max@berger.name>
* fix boot()
* reintroduce procd_boot_delay variable to control delay of service
start on boot
* introduce `check_lists` command to check enabled block-lists for
domain(s)
* use config_get_bool instead of config_get for boolean options
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* fixes https://github.com/openwrt/packages/issues/22674
* rename resolver_health_check to is_resolver_running for readability
* reorder functions in the init file by name
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Based on the discussion on GitHub [1], we found out that quassel irssi is not maintained anymore, thus it is dead and confirmed by developers [2]. There is no reason to keep this package anymore here in our repositories, because otherwise we will need to take care of it and thats not what is going to happen.
[1] https://github.com/openwrt/packages/pull/22605
[2] https://github.com/phhusson/quassel-irssi/issues/36
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
The built-in swig/python detection does not works well
when system-wide m4 macros are available with same name
but different content.
So make the configure stuff compatible, resp. workaround
a little bit.
It seems also necessary to pass the PYTHON_LIBS environment
during the compile phase.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This is a bugfix release containing security fixes.
Security Fixes (included in 2.6.7):
CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer
after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer.
All configurations using TLS (e.g. not using --secret) are affected by this issue.
CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration
in some circumstances, leading to a division by zero when --fragment is used.
On platforms where division by zero is fatal, this will cause an OpenVPN crash.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
If pcre is built before freeradius, then freeradius' configure will
detect pcre and freeradius will be built with pcre functionality
enabled. This causes a "missing dependencies" error at the end of
package build.
This passes --without-pcre to configure to disable this autodetection.
This also removes the dependency on libpcre2 as freeradius v3 does not
have support for pcre2.
Fixes: 19ec30255f ("freeradius3: switch to pcre2")
Fixes: https://github.com/openwrt/packages/issues/22574
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Update crowdsec to latest upstream release version 1.5.5
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested. not able to test run due to limited space (package is big)
Description: update to latest version of upstream
libudev seems to be required only for cm108gpio gensio
which is a relatively special one. Let's disable it
and also the libudev lookup, so that there is no need
to link/use libudev.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
- package is bumped to 0.5.2
- new protocol changes prevent peering with 0.4.x peers
- @turretkeeper revamps package with netifd support
- do not use with luci-app-yggdrasil please install luci-proto-yggdrasil
Signed-off-by: William Fleurant <meshnet@protonmail.com>
Buildbots spottet this error that when dns_sd library is
available, then gensio's configure will pick it up.
This is not desired since we already link to libavahi
for the mdns stuff, so let's disable dnssd lookup explicitly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Current version of atftpd daemon does automatically start when installed.
This commit adds 'enable' option to config file to
have control over atftpd daemon.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
Although init script did consist of default value for missing 'port' field,
add it to configuration file for consistency.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
After 1.0.18, this project moved from SourceForge to gitlab
Also, since 1.0.19, the configure script is not present
by default anymore, so we need to add autoreconf to generate it
Release notes:
https://gitlab.com/sstp-project/sstp-client/-/releases
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Upstream bump
,,_ -*> Snort++ <*-
o" )~ Version 3.1.74.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-11-08
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
When selecting both iperf3 and iperf3 ssl, there is a problem that
both packages install same binary file.
This patch fixes this issue by adding conflict between those packages.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
* update Makefile copyright info
* organize functions shared between the init script, uci-defaults and
luci app in alphabetical order
* update error, warning and status messaging
* use single quotes instead double quotes for static text labels
* better warning for missing recommended packages
* rename dns function to resolver to better reflect its purpose
* improve resolver cleanup code
* move _resolver_config function inside resolver function to improve code readlibity
* rename _process_file_url to process_file_url_wrapper to better reflect its purpose
* add preflight check for available RAM vs total size of block lists
* move _config_add_url_size function inside adb_sizes function to improve code readlibity
* remove uci validation from status_service function to improve performance
* source init script from uci-defaults to include shared functions
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Add patch fixing compilation error with new version of irssi where the
renamed some functions.
Fixes: #22384
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fetch Ed25519 public keys from UCI host sections.
Update options and syntax to current version.
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
This major update not only updates the ser2net daemon version,
but also migrates the UCI configuration handling to the newer
YAML configuration file format.
If you only configured ser2net using UCI, then there should
be no noticable difference and your configuration should
still work as before.
If you modified /etc/ser2net.conf before, or used custom adaptions
etc., then you must migrate to newer /etc/ser2net.yaml on your
own and/or double-check your installation - there is no automatic
migration logic during package upgrade path.
The latest nmap version 7.9.3 currently fails to compile with OpenSSL 1.1 [1],
it required to backport upstream patch to fix the compilation. [2]
[1] https://github.com/nmap/nmap/issues/2516
[2] d6bea8dcde
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This major update not only updates the ser2net daemon version,
but also migrates the UCI configuration handling to the newer
YAML configuration file format.
If you only configured ser2net using UCI, then there should
be no noticable difference and your configuration should
still work as before.
If you modified /etc/ser2net.conf before, or used custom adaptions
etc., then you must migrate to newer /etc/ser2net.yaml on your
own and/or double-check your installation - there is no automatic
migration logic during package upgrade path.
Signed-off-by: Morgan Christiansson <git@mog.se>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* the log file monitor now supports standard log files used by other log daemons like syslog-ng
Set 'ban_logreadfile' accordingly, by default it points to /var/log/messages
* removed logd dependency, closes#21932
Signed-off-by: Dirk Brenken <dev@brenken.org>
1. Add new options:
--http3 Enable HTTP/3 support (H3 first)
--timeout Timeout for outbound DNS queries to remote upstream servers in a human-readable form (default: 10s)
2. Allows listen on multiple interfaces and ports
Signed-off-by: Anya Lin <hukk1996@gmail.com>
This adds a multithreaded variant of iperf3 as a package. This variant
is still experimental, developed in the mt branch of the iperf
repository and expected to be merged when it is considered stable.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Use PKG_NAME in PKG_SOURCE AND PKG_BUILD_DIR instead of hardcoding to
privoxy to make the Makefile cleaner.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* added ujail for crowdsec-firewall-bouncer
* set nice to reduce priority for process
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0
changes:
- fixes a bug where science notations (exponentials) are displayed during tests during high speed bursts
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
use libpcre2 as dependency for freeradius3-common
because PCRE is EOL with no further updates
Compile & run tested on mediatek mt76 ubnt-ui6-lr-v1 with musl
Signed-off-by: Martin Strobel <arctus@crza.de>
Currently aircrack-ng try to link with libbsd if it does detect the
library in staging_dir. This is the case with buildbot where every
package is selected and compiled.
Fix this by adding a pending patch that permits to disable libbsd
inclusion even if detected and set the related config flag.
aircrack-ng use 2 function of libbsd and it's not worth to include the
entire library for 2 simple function for string manipulation.
Also add an additional patch that permits to use musl or glibc version
of these string functions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
