Pinging IPv6 hosts using an interface as a source specifier seems
troublesome. See https://bugs.openwrt.org/index.php?do=details&task_id=2897
for more detail.
Use the desired source interface's IP address instead.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit 6721587e8b)
Till now we could only ping http targets on port 80. With this change by
adding the config boolean config option httping_ssl we could also ping
https ping targets on port 443.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a689e168aa)
The variable IPT is not valid at this point. Set the variable usage to IPT4
fixes this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 581d7df844)
- Update to version with longer interface names.
- Add /etc/pingcheck/(on|off)line.d/ directories with an example
script. Closes#11263
Signed-off-by: Bruno Randolf <br1@einfach.org>
* add 'status_service' as workaround to init for 19.07
* fix 'wifionice' auto-login script
* fix autologin script matching
* change wifi scanning to logical interface name,
no longer use the radio device
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 59cca01a23)
This is to address the need for specifying dependency on a wget
implementation with ssl support.
Now we have a game of names for opkg
1. uclient-fetch: minimal version by openwrt project
2. wget-nossl: gnu wget w/o ssl support
3. wget-ssl: for the moment since this commit, gnu wget w/ ssl support
4. wget: uclient-fetch, wget-nossl, or wget-ssl
5. gnu-wget: wget-nossl or wget-ssl
By the time we provide some dummy package like uclient-fetch-ssl and
make it also provide wget-ssl, I guess by then we will also need
gnu-wget-ssl...
Ref: https://github.com/openwrt/packages/issues/11534
Ref: https://github.com/openwrt/packages/pull/9941
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 585e4a38fe)
The package wget should not say that it provides itself.
This also make gnu-wget provide general so it is not written in Makefile
twice.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 75f2be7d50)
* prevent processing of spurious line endings
that confuses (g)awk
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit e291d68055)
Add "use_stun" default to prevent sh: out of range error introduced by
c61614a84
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 0f1e7d32af)
This update fixes#11452 since LFS detection support was added upstream.
While at, update SPDX license tag to latest standard.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
(cherry picked from commit 2600255ecb)
Transmission should stop early on system shutdown to avoid
for example fstab unmount disks when transmission is writing.
Signed-off-by: Francesco G <gfrancesco@users.noreply.github.com>
(cherry picked from commit 4fcc44bc89)
Syscalls observered when running on arm32. Add them to seccomp rule.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3724ed3d68)
add missing 'peer_id_ttl_hours' and remove 'scrape_paused_torrents'
which is not exist in transmission wiki.
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
(cherry picked from commit 53fd02d62c)
* add a final sort step, this fixes dns reporting with
multiple pcap files as input
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1d8d456a55)
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 53e1692ae9)
* add 'ca-bundle' dependency
* fix a sort bug in report engine
* fix potential bugs in the f_extconf function
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit d6634b611a)
e921ca0a Add further commonly used protocols to the protocol file.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 5e140462e4)
MIPS16 is not needed here.
Removed configure patch and replaced with a configure var.
Removed autoreconf as configure is no longer being patched.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1ead64489b)
Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl>
Compile tested: ramips, Xiaomi Router 3G, fc54256
Run tested: ramips, Xiaomi Router 3G, 0f54d96
Description:
Mosh is "Remote terminal application that allows roaming, supports
intermittent connectivity, and provides intelligent local echo and line
editing of user keystrokes".
Project's site: https://mosh.org
Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt
updated by me
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
(Makefile cleanup and size optimizations)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5ac5cf0b98)
* new package dependencies: coreultis-sort and
a download util with SSL support
* focus on speed (multicore-support) to handle quite big lists
* include more than 40 pre-configured blocklist sources in a compressed
json file (/etc/adblock/adblock.sources.gz)
* dynamic SafeSearch support for google, bing, duckduckgo,
yandex, youtube and pixabay (CNAME (bind) & IP (dnsmaq, unbound))
* DNS backend autodetection
* Download Utility autodetection
* Report Interface autodetection
* Easy cron wrapper to set an adblock related auto-timer for
automatic blocklist updates
* raw domain/blocklist support (e.g. for dnscrypt support)
* re-add restrictive Jaillist support
* rework online doc
* Complete LuCI rewrite (migrated to client side JS)
Signed-off-by: Dirk Brenken <dev@brenken.org>
This minor version bump fixes:
CVE-2020-1934
CVE-2020-1927
Upstream added cross-compile compatibility to apxs, so we can drop a sed
script. Upstream also added the OpenWrt layout, so we can drop our local
copy.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This backports the following bug-fix commits from the master branch:
c6b4d7f367 ("acme: Include empty 'dns' config option by default")
983cc995a3 ("acme: Correctly handle domain state dir for ECC certificates")
Fixes#11675.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
This is a workaround to prevent the whole build from failing because of
the intree kmods are not supported yet by upstream project.
Root cause is that kernel version should not play a part when making
DEPENDS as the generated kconfig was for all targets that may have
different kernel versions.
One less than ideal effect of this change is that for an unsupported
kernel version, people can still select the intree kmod but it won't be
built. This may contradict expectation if the warning was not noticed
by them
Resolvesopenwrt/packages#9274
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit a6ec885522)
Add a conffiles-section for the /etc/swanctl folder, which is used by the swanctl util. This will keep the configfiles during an sysupgrade.
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
(cherry picked from commit 49f298eb74)
Newer versions of the kconfig generator require quotes. Prepare the
package for an eventual update.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 404c113bc2)
This package uses ld for linking and therefor does not support the
-specs option.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 3804006e60)
Compilation is broken on AArch64.
Reordered some things for consistency between packages.
Fixed license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b8b4e7e269)
Fixes compilation without OpenSSL deprecated APIs as well as
-Werror=implicit-function-declaration.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit b80b614f8f)
Reordered Makefile according to
https://github.com/openwrt/packages/pull/9399#issuecomment-508727872 .
Added PKG_BUILD_PARALLEL for faster compilation.
Remove duplicated conffiles section.
Install /etc/config/stubby using INSTALL_CONF, as is done elsewhere
Run init script through shellcheck and clean it up.
Added chmod for the stubby config file, to fix a LuCI issue.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eaf5225323)
Create an anonymous inode in /tmp using O_TMPFILE and attempt to link the
file in place using linkat(). Only fall back to the old file copy when
linking the tempfile fails.
Avoids double memory use if both the temporary upload file and the
destination file are located in /tmp.
Ref: https://github.com/openwrt/luci/issues/3654
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4f4a7e9532)
Allocate dynamic buffer memory for decoding post data and allow post
requsts up to 128KB compared to the previos 1KB limit.
Also support downloading /proc and /sys files by falling back to
chunked transfer encoding when the file size cannot be determined.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 39087eba18)
* ksmbd: update to 3.1.3
* ksmbd-tools: update to 3.2.1
* add new package build option "KSMBD_SMB_INSECURE_SERVER"
* enable smb1 support to kmod by default
* add new UCI option "allow_legacy_protocols" to section [globals]
* add avahi support package "ksmbd-avahi-service"
* ksmbd: release 3.1.3 version
* ksmbd: lock SMB2_QUERY_INFO_HE request with read lock
* ksmbd: fix potential racy between query_dir and ksmbd_vfs_empty_dir
* ksmbd: fix racy issue between deleting file and checking empty directory
* ksmbd: don't register interface which are member of bridge
* ksmbd: SO_REUSEADDR is no property of tcp_setsockopt
* ksmbd: release 3.1.2 version
* ksmbd: fix read caching buffer size as max_read_size
* ksmbd: fix the infinite loop of handling FSCTL_QUERY_ALLOCATED_RANGES
* ksmbd: use compounding for smb2 flush
* ksmbd: downgrade error message to debug in get_file_all_info
* ksmbd: rename usmbd to ksmbd.mountd in trvis-ci
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: update README file
* ksmbd-tools: release 3.2.1 version
* ksmbd-tools: revert "remove glib2.0 dependancy" patch
* ksmbd-tools: release 3.2.0 version
* ksmbd-tools: update how to restart ksmbd in README file
* Revert "ksmbd-tools: disable tbuf and rbuf caching by default"
* ksmbd-tools: disable tbuf and rbuf caching by default
* ksmbd-tools: replace usmbd prefix with ksmbd prefix
* ksmbd-tools: update README file
* ksmbd-tools: fix warning ignoring return value of 'fread'
* ksmbd-tools: downgrade unsupported command print to debug
* ksmbd-tools: remove GLIB_LIBS in Makefiles
* ksmbd-tools: rename usmbd, smbuseradd, smbshareadd to ksmbd.mountd, ksmbd.adduser and ksmbd.addshare
* ksmbd-tools: fix null pointer dereference in _list_remove
* ksmbd-tools: fix the sanity check fails depending on the password length
* ksmbd-tools: fix build error(not found glib.h)
* ksmbd-tools: remove glib-2.0 dependancy
* ksmbd-tools: update README to add libglib2.0-dev for Ubuntu preprequisite packages
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
$(FPIC) evaluates to -fpic on ARM64, breaking compilation:
The dnsdist build system handles it properly anyway. Added --with-pic to
make it explicit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7ddb2ddc45158669990374968da87a62a2e9e2e2)
This script notifies users about the changes that recently went into the
package, to prevent surprises.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Since commit a62c0e5 apu-1-config is no longer being stipped down with
regards to being called with "--link-libtool". Example:
$ ./staging_dir/target-mips_24kc_musl/usr/bin/apu-1-config --link-libtool
-L/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -R/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -laprutil-1
$
Before the mentioned commit the "-R" argument was stripped off. And when the
Makefile adds this to TARGET_LDFLAGS this then ends up in the compiler test, as
an argument for the compiler, causing build failure:
checking whether the C compiler works... no
configure: error: in `/builder/shared-workdir/build/sdk/build_dir/target-arm_mpcore+vfp_musl_eabi/subversion-1.13.0':
configure: error: C compiler cannot create executables
config.log shows what's wrong:
configure:3140: x86_64-openwrt-linux-musl-gcc -Os -pipe ... <snip> ... -R/home/sk/tmp/sdk/master-x86-64/staging_dir/target-x86_64_musl/usr/lib -laprutil-1 conftest.c >&5
x86_64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
This commit does away with these flags, they're not needed anyway. FPIC
is also removed, because it's detrimental to the applications [1] and
unnecessary as well.
Fixes: #11139
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This is a squash of the following cherry-picked commits:
14f4f0bef04e6bdd8a49c8aba5113b2d188fd37f31e0d618e539e68309e8a1472254dbd6476f30bb258967b0d2e94a08298e6bd63d24f066bb68a7b6d44ad09fcd
Short summary:
- version is bumped to 2.4.41
- httpd is renamed to apache2 to avoid overwriting of other servers (for
instance busybox's httpd)
- the name apache2 is now also used for directories, for instance
/etc/apache2 instead of /etc/apache
- a simple init script it added (/etc/init.d/apache2)
- a user "apache" is added upon package installation and used by default
- adds the Apache modules (in the main package as well as in additional
packages)
- Makefile and patches are updated and cleaned
- adds myself as maintainer
- improves the cross-compile setup (via configure variables, patches &
sed scripts)
- apxs is fixed up so that external modules can be added easily
For more details please check the individual commits provided above.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.
Signed-off-by: Robby K <robbyke@gmail.com>
* remove 'reg_cz' list (abandoned)
* add 'notracking' list (provided by @rcarmo)
* 19.07-only: fix/bring back status message
Signed-off-by: Dirk Brenken <dev@brenken.org>
Changelog:
* Fix OpenWRT with existing forwarder + fix dnsmasq restore issue
* Refactor service execution to better report errors
* Refactor merlin tz setup so it does not need to curl on boot
* Improve upgrade command for install.sh
* Do not mask curl error on install
* Fix timezone logging issue with Merlin
* Add support for Merlin John's fork
* Add raspbian support to installer
* Fix upgrade not reinstalling service
* Limit the aarch64 fix to merlin
* Reset DHCP DNS to self on Merlin router setup
* Fix memory issue with aarch64 based router
* Update Go version
* Allow override of detected env
* Setup timezone correctly on Merlin init script
* Don't ignore curl error on install
* Fix Asus Merlin John’s fork trust store issue
* Fix synology auto setup
* Fix report client info not enabled with setup-router option
* Add support for edgeos DHCP lease file locations
* Fix signal handling when running as a service
* Fix exit menu keyboard shortcut
* Do not fail on upgrade if uninstall failed
* Fix exit menu in installer
* Remove failing upx (for now)
* Make sure nextdns keeps running once ssh session is closed
* Add auto setup of Synology with DHCP server enabled
* Use router's DNS to discover more names
* Get A/AAAA from both answer and addition sections
* Ignore certain invalid names during discovery
* Fix activate with setup-router
* Fix serveral install issues
* Add exponential backoff to mdns probe retry
* Correctly end dhcp lease probing when discovery is cancelled
* Store DHCP/MDNS discovered addrs separately to avoid ping/pong
discovery
* Add DHCP lease support to client discovery
* Do not report mdns listen unreachable error as start will retry
* Reimplement mdns client discovery
* Fix installer GOARCH detection with arm6+
* Fix bin install on platforms needing sudo
* Correctly detect edgeos and ddwrt as routers
* Fix install.sh sudo
* Disable upx as it break many platforms
* Fix installer regression with merlin
* Fix mips64 detection
* Fix OpenWRT detection
* Fix UPX post build script
* Fix install with John's Asuswrt-Merlin fork
* Fix more DDWRT
* Fix DDWRT support
* Fix merlin service add/remove
* Use UPX to compress binaries typicially used on routers
* Revert "Remove direct dep on reflect"
* Use letters for installer menus
* Fix install script for upgrades not working if binary is running
* Do not return an error on mdns listen if at least one interface worked
* Fix installer for synology
* Fix pfSense support
* Remove the logs for each server on each connect
* Move install instructions to wiki
* Fix install.sh uid detection with merlin
* Fix install.sh for arm6+
* Add Synology init system support
* Fix install.sh
* Add a generic router setup that just changes the listen to public
* Update README
* Add auto setup support for EdgeOS
* Restore per OS install instruction in readme during installer beta
* Refactor install.sh
* Remove dep on golang.org/x/net/ipv[4|6]
* Remove direct dep on reflect
* Rewrite the zeroconf code to use dnsmessage instead miekg/dns
* Add auto setup support for DD-WRT
* Improve arch detection
* Add auto setup support for OpenWRT
* Add automatic router setup support
* Fix service
* Remove dep en seq on sysv style init scripts
* Add Entware init system support
* Report init system used on install and in UA
* Add EdgeOS support
* Reads /etc/hosts before forwarding queries to the upstream
* Fix localhost resolution with Linux arch empty /etc/hosts
* Use /etc/hosts file to resolve listen address and list on all IPs
listed
* Add support for multiple router firmware
* Fix hardened privacy disabling dual stack
* Add a config set sub command and refactor commands handling
* Add support for activate on freebsd
* Fix inverted MAC matching
* Add unit test for conf prefix match #35
* Activate uses listen address instead of static 127.0.0.1
* Improve FreeBSD integration
* Add FreeBSD support
* Fix a typo
* Use zip for windows archive
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Edited PKG_RELEASE to 1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a3b028b357)
Currently luci is broken in 19.07.
Changes done to fix this problem didn't merge in the
19.07 release.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* rename smbd->ksmbd (upstream name change)
* ksmbd-tools: build with static glib2 (usmbd = ~90kb, smbuseradd = ~40kb)
* new etc folder location = /etc/ksmbd/smb.conf
* new database name = /etc/ksmbd/ksmbdpwd.db
* fixes "map to guest = Bad User" while userdb is also used
* fixes missing ipv6 support
* update/rename to "luci-app-ksmbd"
* remove UCI samba compatibility code for section names (ksmbd uses [share] + [globals] not [sambashare] + [global])
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: release 3.1.0 version
* ksmbd: fix over 80 character warnings
* ksmbd: rename smbd-tools to ksmbd-tools in travis.yml
* ksmbd: fix password db file location in travis.yml
* ksmbd: rename smbd prefix function to ksmbd
* ksmbd: rename smbd prefix source files to ksmbd
* Revert "smbd: set connection status with SMBD_SESS_EXITING instead of direct destory"
* ksmbd: rename smbd to ksmbd in .travis.yml
* smbd: rename module name to ksmbd.ko
* smbd: set connection status with SMBD_SESS_EXITING instead of direct destory
* smbd: previous session with same user and same password should be deleted
* smbd: only use global session table in smb2 session
* smbd: add support for ipv6
* smbd: fix empty macro issue from smbd_debug
* cifsd: fix printing of file names in find_next
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry-picked from 0b04dd34a0)
Replaces OpenWrt patch with upstream patch. Also removes
0002-Fix-check-for-empty-string.patch as this is included in upstream
OpenSSL 1.1.0 patch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from 7d4f1b8589)
This commit makes
- the libgd dependency (as well as specifying libs and includes)
- the configure argument "--with-cgi"
dependant on whether the package nut-web-cgi is selected.
nut-web-cgi is also added to PKG_CONFIG_DEPENDS.
Resolves: #10641
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry-picked from cdd660a41d)
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 5ffc744018)
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry picked from commit 5bce9c3e1d)
PKG_RELEASE not bumped because this only affects package description.
We document that passlib and bcrypt are needed if one wishes to use
bcrypt encryption of passwords. These have not been added as dependencies
as Radicale2 can have a frontend webserver authenticate users rather than
radicale itself.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Makefile always checks the existence of host's NAT-PMP header,
which results in internal NAT-PMP code being used if it's missing.
Add a patch to make it check targets' header instead.
Use aligned_alloc() instead of valloc() in case of uclibc.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Repository was renamed to github.com/DNSCrypt/dnscrypt-proxy
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit cddf39cbd1)
In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit dde503da13)
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b2a890f6ad)
- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
While outwardly a major update, this mainly pulls in fixes related to
openssl verson changes that ensure this continues running on OpenWrt
Signed-off-by: Karl Palsson <karlp@etactica.com>
* remove 'ransomware' blocklist by abbuse.ch (discontinued)
from default adblock config
* fix/switch 'someonewhocares' config to https only
* fix curl download parameters to follow redirects and
suppress needless output
* made the tmp directory of sort operations configurable,
set 'adb_sorttmp' accordingly (only supported by 'coreutils-sort')
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 21a85fef22)
This is a bugfix release.
Full changelog available at:
https://mosquitto.org/blog/2019/11/version-1-6-8-released/
Many smaller fixes in various areas, nothing particularly standout as of
special interest to OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
* 5.01.9672 release
* Cedar: handle UDP acceleration and R-UDP versions
* Mayaqua: implement R-UDP version 2, powered by ChaCha20-Poly1305
* Cedar: implement UDP acceleration version 2, powered by ChaCha20-Poly1305
* Cedar: serve new web management interface
* Cedar: implement detailed protocol info
* Mayaqua: add Windows Server 2019 to the supported operating systems list
* Cedar: various fixes
* Cedar: add "DisableIPsecAggressiveMode" option
* Make install dir for unit files configurable
* Protocol.c: adapt ClientConnectGetSocket() for new proxy functions
* Wpc.c: adapt WpcSockConnectEx() for new proxy functions
* Protocol: add ProxyCodeToCedar()
* Move generic proxy stuff from Cedar to Mayaqua
* Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity
* Proto_OpenVPN.c: fix segmentation fault in OvsProceccRecvPacket()
* Addressing the UDP reflection amplification attack: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1001
* Mayaqua.h: include <stdarg.h> for "va_list" on Illumos
* Protocol.c: fix bug in ClientConnectGetSocket() causing custom HTTP header not to work
* Mayaqua: move HTTP functions from "Network" to "HTTP"
* Move GetMimeTypeFromFileName() and related structure to Mayaqua
* Mayaqua.h: include <stdio.h> for "FILE"
* Mayaqua.h: include <stddef.h>, for "wchar_t"
* Bump mixin-deep in /src/bin/hamcore/wwwroot/admin/default
* - Fixed the problem occurs when RPC messages between Cluster Members exceed 64Kbytes. - Fixed the RADIUS PEAP client to use the standard TLS versioning. - Implementation of a function to fix the MAC address of L3 VPN protocol by entering e.g. "MAC: 112233445566" in the "Notes" field of the user information. - Implementation of a function to fix the virtual MAC address to be assigned to the L3 VPN client as a string attribute from RADIUS server when authentication.
* Updating built-in Win32 libraries - OpenSSL 1.1.1 -> 1.1.1d - zlib 1.2.3 -> 1.2.11
* Update strtable_cn.stb
* Avoid using hardcoded paths in log file enumeration
* Fix buffer overflow during NETBIOS name resolution
* Update SEVPN.sln
* Create strtable_pt_br.stb
* ci: display error if vpntest failed
* Fix several compile warnings on MS VC++ 2008.
* Enables crash minidump for Win32 vpntest. Minidump files will be saved to the 'C:\Users\<username>\AppData\Local\Temp\vpn_debug' (for normal user) or 'src\bin\vpn_debug\' (for administrator user).
* OpenVPN: use new protocol interface
* Add interface for easy protocol implementation
* add "no-deprecated" to openssl builds "no-deprecated" is widely used in openwrt devices
* Fix LibreSSL support
* Switch to OpenSSL THREADID API
* travis-ci: update openssl, libressl
* enable sonar-scan in travis-ci builds
* Virtual: fix race condition in DHCP server which resulted in multiple clients receiving the same IP
* Mayaqua: Fix compilation without deprecated OpenSSL APIs
* Mayaqua: Replace GNU specific sys/poll.h header with POSIX poll.h
* systemd: replace deprecated CAP_SYS_ADMIN with CAP_SYSLOG
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* cifsd-tools: fix Assignment of a signed value which has type 'long'
* init: convert hide_dot_files to yes/no option
* 'read only = no' seems bugged for cifsd/smb.conf, so fix via 'writeable = yes'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* fix possible dns restart issue with DNS File Reset (race condition)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 219abdc5a1)
Some firewalls mandate a minimum size of 4k for SYN packets, which
transmission does not do by default. Upstream issue here:
https://github.com/transmission/transmission/issues/964
Cleanup:
Fixed license info.
Removed two unnecessary patches.
Ran shell script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 730a1697fe)
* Update nextdns to version 1.1.5 which adds IPv6 dual stack support.
* Add the ability to configure per host configuration id from uci.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* some init tweaks
* use the usual wifi wrapper for reloads
* compatibility fix for latest wifi-related changes
in master (dynamic wireless radio reconfiguration)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 05c3153bb7)
Upstream release message:
"Letsencrypt CA recent changed the CDN provider, which resulted in hanging issues.
Any downstream package should update.
This is important."
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Fix license info to use SPDX name.
Switched to wget instead of curl to avoid having a dependency on 2 SSL
libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* add missing logd dependency
* check if logd is enabled during runtime
* some more init tweaks
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit de149441a4)
Since the merge of the luci master branch into the luci openwrt.19.07 branch,
the ubus API was not in sync anymore. So all commits from the master
branch where backported into the openwrt-19.07 branch. But this could
not be done linear. There were already some fixes cherry-picked from the
master and the version does not match anymore. This commit syncronized
the PKG_VERSION and the PKG_RELEASE again to make clear that the
version in master and openwrt-19.07 are even again and have so the
same software version until to this commit.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Maintainer: Florian Eckert @feckert
Compile tested: not needed
Run tested: x86_64
Description:
Only two of the four IPs defined for wan are found in wanb, adding it so it is the same.
Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
(cherry picked from commit 1e97156adc)
Sometimes the return value of `ubus -S call network.interface.wan status`
cause `json_load` to return `Failed to parse message data` error.
To avoid this, the JSON data always should be quoted with double quotes.
Signed-off-by: Evren Yurtesen <eyurtese@abo.fi>
Removed quoatation marks from commit heading
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Update the version string from 2.8.1 (master) to 2.7.15 (openwrt-19.07)
(cherry picked from commit 94e0c78826)
Add required libevent2-pthreads dependency for all ntpd
subpackages.
Remove keygen-specific libevent2-core support as it is
automatically selected by the libevent2-pthreads dependency.
nptd: Bump PKG_RELEASE
Fixes: openwrt/packages#10307
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
(cherry picked from commit ded6468744)
* limit firewall hotplug trigger to certain wan 'INTERFACE' as well,
to prevent possible race conditions during boot
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 0dee2a92de)
