We need always three of the firewall mask value for
* default routing table
* blackhole
* unreachable
the other will be used for the interfaces.
* If we have set the mmx_mask to max 0xFF00 (8 bit set) we could use max 252
interfaces.
* If we have set the mmx_mask to min 0x0E00 (3 bit set) we could use max 4
interfaces.
Only the ones are counting from the firewall mask value.
Minimal three firewall mask bit vaules must be set.
Maximal eight firewall mask bit vaules could be set.
Table overview mmx_mask value bits vs. max interfaces
mmx_mask value bits set 1 -> not usefull
mmx_mask value bits set 2 -> not usefull
mmx_mask value bits set 3 -> 4 Interfaces (mask example 0x0E)
mmx_mask value bits set 4 -> 12 Interfaces
mmx_mask value bits set 5 -> 28 Interfaces
mmx_mask value bits set 6 -> 60 Interfaces
mmx_mask value bits set 7 -> 124 Interfaces
mmx_mask value bits set 8 -> 252 Interfaces (mask example 0xFF)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a new ACTIONs:
* connected ACTION is called once if mwan3track reach all configured track_ips
* disconnected ACTION is called once if mwan3track is unable to reach the track_ips
The connected/disconnected will called only by mwan3track in opposite
the ACTIONs ifup/ifdown will also be called by netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
As it currently stands, the version of coova-chilli the packages feed
will not compile against 4fd87220567f1ae3ad209da1f602dc81c6b4d6b1
I've quasi-backported (could not find a single commit which fixes these
particular issues) https://github.com/coova/coova-chilli 's formatting
on the impacted sections, and it compiles.
Once a new version is added to the feed this patch can likely be
dropped.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
The code assumes pre-C99 inlining. This causes issues with GCC7 which assumes C11. Add std=gnu89 to restore proper behavior.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Changes since 2.8.2 as recorded in NEWS-2.8.2
- NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
- Bug fixes
0006-adapt-ovs-scripts.patch was splited into two separate patches as
the original patch does not apply against 2.8.2 anymore. Other patches
are just re-numbered without actual function change
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
From the package description:
PageKite is a system for running publicly visible servers (generally
web servers) on machines without a direct connection to the Internet,
such as mobile devices or computers behind restrictive firewalls.
PageKite works around NAT, firewalls and IP-address limitations by
using a combination of tunnels and reverse proxies.
This package provides an implementation of the PageKite Protocol in C,
optimized for high-performance or embedded applications.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
* The mwan3 scripts sources ". /usr/share/libubox/jshn.sh"
* Mwan3 only works if ip-full is installed
Error -> "ip: invalid argument '0xfd00/0xff00' to 'fwmark'"
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
ppp has multiple variants, so selecting one of them introduces a
recursive dependency for any packge selecting it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- TARGET_CFLAGS were missing for haproxy which caused issue #4606 (https://github.com/openwrt/packages/issues/4606)
- All targets finally have Lua support again
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Use ppp-mod-pppoe instead of shipping its own broken plugin
Always use rp-pppoe.so instead of the (not packaged) pppoe user space
implementation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At the time of this writing, Open vSwitch official website suggests
http://openvswitch.org whose https couterpart uses a self-signed
certificate, but it redirects to http://www.openvswitch.org, which has a
working https equivalent.
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- KCONFIG: bridge compatibility was removed since Open vSwitch 1.10.
See Open vSwitch FAQ.md for details
- The module does not depend on kmod-gre, kmod-vxlan
- Use AutoProbe to remove dependecy on specific priority
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Open vSwitch needs to run python on build machine to make build-time
required files. python-six library is only required by the openvswitch
python library on target machine, not a build dependency.
We override host PYTHONPATH by overriding it in MAKE_VARS. This way we
can remove 0003-override-pythonpath-via-make-vars.patch
This also fixes shebang wrongly pointing to python on host
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The python library is a standalone unit. Remove dependency on
PACKAGE_openvswitch to allow users to use it with maybe remote
openvswitch services.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This subdir contains multiple pid, unix domain socket files. It's a
custom to put them in it's own subdir
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Quote from Open vSwitch FAQ.md
Open vSwitch userspace should also work with the Linux kernel module
built into Linux 3.3 and later.
Open vSwitch userspace is not sensitive to the Linux kernel version. It
should build against almost any kernel, certainly against 2.6.32 and
later.
The SUPPORTED_KERNEL dependency for openvswitch kernel module only
makes sense when we are building it from the ovs release tarballs
against mainline kernels. Now that we are using the module from vanilla
kernel itself, the dependency does not exist anymore
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Update haproxy download URL and hash
- Update the haproxy homepage
- Add libatomic to the dependencies as 1.8 needs it
- Make USE_REGPARM an x86-only option as this fixes many warnings and does not do much on non-x86 platforms
- Add USE_GETADDRINFO=1 to use getaddrinfo() to resolve IPv6 host names
- Add USE_TFO=1 to enable TCP fast open
- Unbreak CFLAGS, LD and LDFLAGS by adding the missing backslash after $(ADDON)
- Unbreak IGNOREGIT=1 option (typo)
- Rework LDFLAGS and add libatomic
- Add MEDIUM+ patches (see https://www.haproxy.org/bugs/bugs-1.8.4.html)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- the Lua-support logic was cleaned up to unbreak Lua-support on non-mips(el) targets. Previously, no target had Lua-support.
- mips and mipsel are both known to currently not build with Lua-support enabled => disable both.
- mips64 and mips64el were tested fine with Lua-support enabled.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
HTTPS verification is totally broken in Transmission. Unclear why. Disabling as a result.
Safari exposes a JavaScript bug that makes it not load. Fixed.
Portcheck was backported to HTTPS for testing initially. Seems like a good idea.
Makefile was also fixed to use the external libnatpmp. Smaller binary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The script removes the UCI option ucitrack.@sqm[0] if present and then
returns success. If that UCI option is already absent however, the
script incorrectly returns failure, which blocks upgrade of the
luci-app-sqm package.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Currently the Makefile creates a v---.tar.gz file which can conflict with other packages. Standardize the format.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently the Makefile creates a v---.tar.gz file, which can conflict with other packages. Change to a standard format.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bump version plus changes to address concerns regarding default config for stubby provided with this package
Signed-off-by: David Mora <iamperson347+public@gmail.com>
* checks continuously the signal quality for conditional
uplink (dis-) connections
* captive portal detection with internet online check and
a 'heartbeat' function to keep the uplink connection up & running
Signed-off-by: Dirk Brenken <dev@brenken.org>
OpenSSL grew the ability to turn off TLS-PSK support. Make sure that
mosquitto turns on/off TLS-PSK support based on this OpenSSL config.
Fixes https://github.com/openwrt/packages/issues/5633
Signed-off-by: Karl Palsson <karlp@etactica.com>
Sysrepo version 0.7.3 features following improvements:
* possibility to uninstall more modules in one command with sysrepoctl
* several bugfixes
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Fix breakage caused by 44df061c48 by removing the leftover
usage of the removed SUPPORTED_KERNELS variable
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
libnatpmp was added as a dependancy to avoid built-in version.
Makefile went through a few adjustments to make it simpler.
CMake support is not happening since Travis is using a broken Ubuntu install.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For a while now OVS has been using the kernel's kmod.
So it doesn't make sense to limit the package build for a specific set of
kernels anymore.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
pixiewps has its own CFLAGS setting and uses LDFLAGS from
environment variable. When PKG_ALSR_PIE was enabled, objects were not
compiled with -fPIC supplied from the build system and the final link
step would fail because of the -pie option
Fixes#5590
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Move all shell commands which are executed during /lib/mwan3/mwan3.sh
sourceing into a seperate init function which must be called at first.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In some situation it is not enough to send a SIGTERM to mwan3track to
ask service to stop accurate. If this does not work send him a SIGKILL
to prevent mwan3track running more then once per interface.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Notable changes since 3.1.2
afce1b3 eliminate timered delay between handshake and data stream #1572
539bf6e sni in redir removed and no disable_sni option #1876
1d94442..29ff5d3 udprelay fix (no idea what's the problem...) #1883
Now disable_sni=true is the default. Existing uci configs setting it
will be a nop
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Ran the transmission init script through shellcheck and fixed errors. Also cleaned up a bit.
Removed ionice support. Will reintroduce if procd adds support.
Removed config_overwrite debugging variable. No need for it.
Enabled TLS verify by default. Added a dependancy to ca-bundle as a result. This is a default in current trunk.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* major performance boost: add a flexible 'Download Queue' to handle
downloads & list processing in parallel, default queue size is '4',
you can raise this e.g. to '8' or '16' to get it really fast
* replace former 'whitelist mode': the new 'Jail' option
builds an additional 'adb_list.jail' list in parallel
which can be used manually for guest wifi or kidsafe configurations
* regex parser & query function now fully support IDN domains
with non-ASCII characters
* add error handling in tld compression,
to handle OOM conditions better
* adblock.notify sends now html emails,
to get a better look & feel, even on mobile devices
* add czech regional blocklist maintained by turris omnia users
* LuCI: Support new 'Download Queue' & 'Jail' options
* LuCI: fix field width in "Runtime Information" section
Signed-off-by: Dirk Brenken <dev@brenken.org>
The original patch that forced internal usage hid an actual issue in the build system. Replace patch with upstream one.
Also reorganized the Makefile a bit and removed some cruft.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
v2: Previous maintainer relied on git version of Transmission for mbedtls support. Backport it to the stable instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
If a service section is not presented in the configuration then stunnel will
always start anyway. This ends in a crash loop because the configuration is not
valid.
Checking in "uci" mode if a service section is presented and only then
start the stunnel service will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Do not send a SIGHUP on reload configuration let procd restart the
service with stop/start. This is saver.
Add uci generated stunnel file to procd "file" attribute to
reload/restart the stunnel service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* add config_path option since the controller mode needs a persisting path to be used
* add patch to fix a bug in the controller code (https://github.com/zerotier/ZeroTierOne/issues/553)
* disable zerotier by default, as the default settings let it connect to a public network
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Remove unsupported "notify" script during uci config generation.
This change will remove keepalived warnings on startup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Append use_vmac with no_val_ so that the uci generation will treat this
as an boolean option. If the option is set then a interface with
vrrp.{virtual_router_id} is added to the system.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If ip is referenced in the instance section it is not necessary to add a
device option on every "ip_address". In most sitution it es enough to
add only an ip. Allow empty device option will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the option 'use_vmac' is selected in a keepalived config and
kmod-macvlan is not installed then keepalived raise an error.
Netlink: error: Not supported, type=(16), seq=1510647577, pid=0
vmac: Error creating VMAC interface vrrp.42 for vrrp_instance xxx!!!
Add 'kmod-macvlan' to the package dependency list fixes this error.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
That is, since we don't require gssapi or libpskc, avoid
accidental builds with it.
Closes#5474
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
matrixssl is still in the oldpackages repo,
so coova-chilli should not depend on it.
Remove the config option for selecting matrixssl lib
and the dependency declaration.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
When using the configuration under "Unbound and odhcpd" in the package's
README.md, the scripts generated a malformed config file for unbound, due
to an "ip route" command giving extra output lines with the string
"anycast" where the awk script expects an address. These are now filtered.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
New upstream release fixes the following security issues:
* CVE-2017-3145: BIND was improperly sequencing cleanup operations on
upstream recursion fetch contexts, leading in some cases to a use-after-free
error that can trigger an assertion failure and crash in named.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The iptables-mod-geoip is usually used in conjunction with some
wrapper scripts which manipulate the GeoIP database and then kick out
one or more iptables rules. This package contains (1) the script to
download the most recent version of the MaxMind freemium database and
(2) another script which mangles the database into sets up iptables
rules.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit moves xtables-addons from
https://github.com/openwrt/openwrt/tree/master/package/network/utils/xtables-addons
into the package feed repository to allow for dependencies on other feed
packages, such as Perl.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[fix commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Make most dependencies depend on the selection state of the respective
plugins requiring them. This cuts down compile time considerably when
plugins like MySQL support are disabled.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Write *.ip file with current registered IP, whenever "get_registered_IP" is called (used by next luci-app-ddns version)
Changed detection of cURL proxy support #3876
Reread data from ubus if "get_local_ip" from "ip_network" #5004#3338
Fix godaddy_com_v1 #5285
Implement "param_opt" for "cloudflare_com_v4" #5097
Inside logfile "*password*" printed in stead of real password #5281 and others
Add ipv4 service "dnsever.com" #5178
Add ipv4 service "myip.co.ua" #5199
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
This guarantees for the package feeds that
the mk files will always be available for all packages.
Will need to see about external-feed Python packages
a bit later.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
openvswitch fails to build on my Arch Linux system, as it tries to use my build
host's sphinx-build with OpenWrt's python. Add an override to ensure this can't
happen.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Build depends refer to source package names, not binary package names.
In many cases, PKG_BUILD_DEPENDS simply duplicated runtime dependencies of
a source package's binary packages; as the corresponding source packages
are implicitly added as bulid dependencies, PKG_BUILD_DEPENDS can simply be
dropped in these cases. In the other cases, *_BUILD_DEPENDS is fixed to
refer to the correct source package name.
Dependency of mysql-server is adjusted from libncursesw to libncurses
(as libncursesw is a virtual package provided by libncurses), so the build
dependency on ncurses is emitted unconditionally.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
A + sign does not have meaning in build depends. This Makefile was
overlooked in the previous treewide commit.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* enable code to support Turris Omnia forthcoming upstream change
(new kresd 'keep_cache' option) to preserve kresd DNS cache
* fix a 'status' race condition while the adblock process
is running in parallel
* various small speed improvements
* rework debug output
* refine blacklist handling
* enable the (empty) blacklist source in the default config
* email notification supports mstmp, even without sendmail symlink
* email notification writes minimal status to log (one-liner)
* LuCI: refine logfile search term
* LuCI: Textarea 'autoscroll down' in logfile view
* LuCI: Left-align blocklist source table plus a more compact design
Signed-off-by: Dirk Brenken <dev@brenken.org>
It's an option that is supposed to be fed by ss-manager. It can be
in the form of host:port or path to unix dgram socket. Drop it now with
the assumption that it has no real user at the moment
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If we're built with CONFIG_LIGHTTPD_SSL then mod_openssl.so should
be included into the base package. Fixes issue #5343.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* corner case fix with multiple (partly disabled) radios
* LuCI: BSSID will be ignored by default in 'wireless add' dialog
* LuCI: Textarea 'autoscroll down' in logfile view
* LuCI: refine logfile search term
Signed-off-by: Dirk Brenken <dev@brenken.org>
Notable changes since 3.1.1
- 57ab828 fix possible use-after-free in ss-server
- 65e9d23 filter through acl first before doing sni detection
- b26cbc2 another attack on null ref
- d237a05 udprelay: fix off-by-one bug
- 0c3cf8b fix runtime TFO detection
- d445ea9 Linux 4.11 TFO socket option support
--no-delay is a new cmdline argument introduced in 3.1.0 to NOT turn off
TCP_NODELAY socket option, i.e. keeping it's default value without
setting it explicitly. This can be potentially useful for interactive
traffics
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* preserve DNS cache after adblock processing,
- 'unbound' and 'named' support this (please check readme)
- 'dnsmasq' now uses the 'servers-file' directive
to minimize the reload disruption,
even though the dns cache will be cleared after SIGHUP
- 'kresd' dns cache is persistent by upstream default, anyway
Turris Omnia devices need a small upstream software change
which is not accepted/implemented yet
* email notification in case of an error or domain count < n
(default 0, check readme)
* removed securemecca from default config (service has been closed)
* new separate functions for hash compare and list/overall count
* add missing package dependencies
* various clean-ups
* update documentation
Signed-off-by: Dirk Brenken <dev@brenken.org>
It will let reaver to save session file to cwd of the process instead of
/etc/reaver. This has the same effect as the old patch
0002-Use-the-current-directory-for-storing-and-loading-se.patch
which was removed in the transition to reaver-wps-t6x-fork
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This patch add's a new cmakefile which builds other cmakefiles and
simplifies the Makefile, also it renames the yang files so
sysrepoctl does not create duplicates.
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
This pppd feature does not make sense in L2TP case because the
tunnel is already connected when xl2tpd launch pppd process. If
a dial-on-demand feature is to be implemented, trigger interface
would have to be provided by xl2tpd, not pppd.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
All of the bugs for which we had patches have been fixed upstream
in 1.4.46, so the patches can be dropped.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* limit sta interface selection/handling
to defined travelmate interface (trm_iface) only
* check eap capabilities and ignore enterprise uplinks
as long as eap support is not available
* documentation update
* cosmetics
* LuCI: various cleanups
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add an enabled option for the service section, so you could keep your
configuration in place without apply this section on startup or service reload.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The interface config option allows users to configure logical OpenWRT
interface names in the ipsec section; it allows StrongSwan to listen
and send traffic on specified interface(s). It translates to interfaces_use
StrongSwan option which is a comma sepearted list of network devices
that should be used by charon.
Since StrongSwan can only be started when one of the specified logical
OpenWRT interface is up procd interface triggers are installed to
trigger the reload script.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Based on the ipsec running state reload_service is either reloading ipsec
or starting ipsec. However in the latter case it calls ipsec start which
bypasses the procd start_service function which means the running ipsec
instance is not managed by procd.
Fix this by calling start in case ipsec is not running; at the same time
add service_running function which is used by procd provided running
function.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The arpa/nameser.h header of musl libc indirectly depends on the endian.h
header but fails to explicitely include it to properly define
`__BYTE_ORDER` and `__BIG_ENDIAN` prior to declaring the DNS `HEADER`
structure.
When both the appropriate `__BYTE_ORDER` and `__BIG_ENDIAN` defines are
unset, the `#if __BYTE_ORDER == __BIG_ENDIAN` condition in `nameser.h`
evaluates to true, causing it to declare a bad (big endian) DNS packet
header structure on little endian systems.
Work around this musl bug by forcibly passing `-include endian.h` through
the `osflags` file.
An upstream fix for musl libc has been submitted with
http://www.openwall.com/lists/musl/2017/12/04/3
This should solve iodine packet corruption on little endian musl systems
reported at
http://lists.infradead.org/pipermail/lede-dev/2017-November/010085.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to latest Git HEAD in order to solve a number of issues.
- Improves MAC address lookup reliability
- Properly counts DNAT-ed connections (e.g. for port forwards)
- Fixes stack corruption when parsing netlink records
- Fixes deletion of gzipped databases
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove build timestamp. Using currently proposed upstream patch.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Karl Palsson <karlp@etactica.com>
Can't use DEPENDS:= +libname when libname is now a virtual package.
Switch to plain DEPENDS:= libname.
Fixes Github issue 4751
Signed-off-by: Karl Palsson <karlp@etactica.com>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Add package Danish. A middle box implementation of RFC 6698 for HTTPS.
<https://github.com/smutt/danish>
This package installs /usr/sbin/danish(the Danish executable), /etc/init.d/danish and /etc/config/danish.
Tested with LEDE x86_64
Signed-off-by: Andrew McConachie <andrew@depht.com>
If metric of member interface is bigger then 256, it is not
appended to policy, now at least warn message is printed into
syslog
Signed-off-by: Jakub Janco <kubco2@gmail.com>
"token_mode" add support for "script", which execute "token_script" to
get the password. Some token is not supported by OpenConnect natively,
e.g. "MobilePass" or "Softoken II" used in Cisco VPN
Signed-off-by: Gavin Ni <gisngy@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
gzip create a header by default containing the filename
and the timestamp of the file.
This timestamp will break reproducible builds [0].
[0] https://reproducible-builds.org/docs/timestamps/
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* new function to set/delete options in external uci config files
* kresd: automated 'rpz_file' handling in /etc/config/resolver
* firewall: automated 'force_dns' handling if you
enable or disable adblock
* support sha256sum (default) and md5sum for blocklist
comparison & conditional dns restarts
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Currently `polipo.h` uses the conditional
`(__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2)` to decide
whether to enable IPv6 support.
This used to work for OpenWrt CC which uses uClibc disguising itself
as Glibc 2.x but it does not work with Musl libc anymore as this library
does not export any Glibc defines.
Forcibly enable IPv6 support by passing `-DHAVE_IPv6` unconditionally
through the build flags in the OpenWrt/LEDE Makefile.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
At least one of libjson|libxml2 is required for bind
statistics to function.
Selecting libjson|libxml2 will result in an additional
dependency required to build and install bind-libs.
Signed-off-by: Hal Martin <hal.martin@gmail.com>
The init script runs transmission with the foreground parameter for procd to control it. However, if transmission is ran in the foreground, nothing is logged to syslog. Added a patch to remove this restriction.
Also added a sysctl file that removes these warnings:
UDP Failed to set receive buffer: requested 4194304, got 262142 (tr-udp.c:75)
UDP Please add the line "net.core.rmem_max = 4194304" to /etc/sysctl.conf (tr-udp.c:80)
UDP Failed to set send buffer: requested 1048576, got 262142 (tr-udp.c:86)
UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (tr-udp.c:91)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Notable changes since 3.1.0
26ae365: fix possible socks5 exchange corruption caused by bad
state transition when parsing responses
f19a96e: fix segfault when presented with config {"mode": null}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If the date is changed by ntp the age value of mwan3 on ubus could jitter.
Use instead the uptime value from /proc/uptime which will not change during
system run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Report SHA256 checksums in addition to the MD5 ones to make cgi-io suitable
for sysupgrade image verification.
Also allow stat(), md5sum and/or sha256sum to fail and respond with a JSON
null value instead, leaving it to the frontend to handle errors as needed.
Fixes#4790.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
During keepalived config generation for the vrrp_instance and vrrp_sync_group
the notify_* sections are automatic added to the runtime keepalived.conf.
This could be used for service which want to react on keepalived notifications.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Interfaces of some PtP protocols do not have a real gateway. In that
case ubus may fill them with '0.0.0.0' or even leave it blank. This
will cause error when adding new routing rule.
Signed-off-by: David Yang <mmyangfl@gmail.com>
* please note: config file update required!
* add 'whitelist only' mode, block access to all domains
except those explicitly listed in the whitelist file
* rework awk regex for all blocklist sources
* include 'third-party' domains for all regional lists
* change adguard url and refine filter ruleset
* use POSIX character classes
* fix regex for whitelist preparation
* fix corner case parsing issues
* fix enable/disable behavior
* various other small fixes
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Disable linkage to libunistring with a hack: advice configure
to use included libunistring when there is actually none.
This avoids libunistring detection in buildbot the the need
for dependency.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
In a vrrp_instance the track_interface could not be referenced similar
to a track_script. The uci track_interface section must be always set
into every vrrp_instance.
During config generation use the already prepared function
"print_track_elem_indent" to write the track_interface section into every
vrrp_instance which references this.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If you add a notify_* script which is not only a path to a script or
to a bin file, it is necessary to quote to whole string. If you do not
quote this the config will not get accepted by keepalived and so will
not start. This will fix this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
mikrotik-btest is a bandwidth test client compatible with Mikrotik's RouterOS BTest server.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
As jool builds a kernel module, a PKG_BUILD_DIR under KERNEL_BUILD_DIR must
be used to avoid reusing build artifacts when switching to a different
target of the same architecture. Otherwise, kernel ABI mismatches may
result, leading to an unusuable module, or build failures like the
following:
Package kmod-jool is missing dependencies for the following libraries:
crypto_hash.ko
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Get rid of gnutls dependency introduced in 5bca84b. Needs patching
configure script to make gnutls existence test optional.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
I should have packaged the OVN stuff, VTEP and what-not
earlier, but was not inspired to do this earlier.
I made some time now to package those parts.
Disabling flake8 & python3 explicitly.
They might get detected and cause weird build errors.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Maintainer: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Run tested: LEDE Reboot 17.01.3 r3533-d0bf257c46
Description:
user.err ddns-scripts: IP update not accepted by DDNS Provider
dynv6.com response "unchanged" is OK
Signed-off-by: Ernest Moshkov <e.moshkov@gmail.com>
Fixes bug where sslh was being linked against libconfig, but libconfig
CPPFLAGS were being ignored.
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
1.) pkg version bumped from 6.4.3 to 6.11.5
2.) maintainer changed to me (#4944 dhcpcd: needs a new maintainer)
3.) source changed from bz2 to xz
4.) removed old unnecessary patch
5.) minor style improvements
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
mtu 1400, mru 1400 - on ppp devices, usually we need lower mtu, the existing link mabye is already under a lower MTU
require-mschap-v2 - most of the time l2tp is used in conjunction with windows client who will use this kind of auth
lcp-echo-interval 20, lcp-echo-failure 5 - keep alive 20 seconds interval and dead peer detection after 100 seconds
connect-delay 5000 - wait for up to 5 seconds after the connect script finishes for a valid PPP packet from the peer
nodefaultroute - prevent users from creating default routes with pppd
nodefaultip - disables the default behavior when no local IP address is specified
proxyarp - this will have the effect of making the peer appear to other systems to be on the local ethernet
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
lock is no longer needed and it breaks the setup
explicit added PKG_BUILD_DEPENDS:=libpcap, an indirect depend included in ppp and needed for pfc
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
ClamAV's configure script uses grep to check for bugy zlib version
1.2.1. Since current OpenWrt zlib version is 1.2.11 this check passes
and build fails. This patch will disable this unneeded check and make
sure we are looking for zlib on the right location.
clamdtop was beeing built without it's ncurses dependency. Build system
would link it to the host's ncurses making the program fail at run time.
This patch will disable building of optional clamdtop, otherwise we need
to add ncurses as a dependency and fix the search path.
Increase PKG_RELEASE to reflect changes.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
