* major performance boost: add a flexible 'Download Queue' to handle
downloads & list processing in parallel, default queue size is '4',
you can raise this e.g. to '8' or '16' to get it really fast
* replace former 'whitelist mode': the new 'Jail' option
builds an additional 'adb_list.jail' list in parallel
which can be used manually for guest wifi or kidsafe configurations
* regex parser & query function now fully support IDN domains
with non-ASCII characters
* add error handling in tld compression,
to handle OOM conditions better
* adblock.notify sends now html emails,
to get a better look & feel, even on mobile devices
* add czech regional blocklist maintained by turris omnia users
* LuCI: Support new 'Download Queue' & 'Jail' options
* LuCI: fix field width in "Runtime Information" section
Signed-off-by: Dirk Brenken <dev@brenken.org>
The original patch that forced internal usage hid an actual issue in the build system. Replace patch with upstream one.
Also reorganized the Makefile a bit and removed some cruft.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
v2: Previous maintainer relied on git version of Transmission for mbedtls support. Backport it to the stable instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
If a service section is not presented in the configuration then stunnel will
always start anyway. This ends in a crash loop because the configuration is not
valid.
Checking in "uci" mode if a service section is presented and only then
start the stunnel service will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Do not send a SIGHUP on reload configuration let procd restart the
service with stop/start. This is saver.
Add uci generated stunnel file to procd "file" attribute to
reload/restart the stunnel service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* add config_path option since the controller mode needs a persisting path to be used
* add patch to fix a bug in the controller code (https://github.com/zerotier/ZeroTierOne/issues/553)
* disable zerotier by default, as the default settings let it connect to a public network
Signed-off-by: Moritz Warning <moritzwarning@web.de>
That is, since we don't require gssapi or libpskc, avoid
accidental builds with it.
Closes#5474
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
matrixssl is still in the oldpackages repo,
so coova-chilli should not depend on it.
Remove the config option for selecting matrixssl lib
and the dependency declaration.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
When using the configuration under "Unbound and odhcpd" in the package's
README.md, the scripts generated a malformed config file for unbound, due
to an "ip route" command giving extra output lines with the string
"anycast" where the awk script expects an address. These are now filtered.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
New upstream release fixes the following security issues:
* CVE-2017-3145: BIND was improperly sequencing cleanup operations on
upstream recursion fetch contexts, leading in some cases to a use-after-free
error that can trigger an assertion failure and crash in named.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The iptables-mod-geoip is usually used in conjunction with some
wrapper scripts which manipulate the GeoIP database and then kick out
one or more iptables rules. This package contains (1) the script to
download the most recent version of the MaxMind freemium database and
(2) another script which mangles the database into sets up iptables
rules.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
