With the newer wget version, wget-nossl can not be compiled due to
missing library, so let's revert it.
Package wget-nossl is missing dependencies for the following libraries:
libnettle.so.8
This reverts commit 5075f5b701.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit contains the following:
* Update binary to version 1.6.1
* Update README URLs in the Makefile to link OpenWrt-specific info
* Separate the binary, the init script and netifd script into 3 packages:
nebula, nebula-service and nebula-proto accordingly
* implement yml parser for init script to fetch variables from it
* add the netifd script for nebula protocol
* update test file to address all built packages
* make the PKG_VERSION variable of init/proto scripts readonly
Signed-off-by: Stan Grishin <stangri@melmac.ca>
add new package keepalived-sync to synchronize files and data
between master and backup node. The master node uses SSH over rsync
to send and the backup node will use inotifywatch to watch received files.
The master node can track rsync.sh script to send configuration file on
a backup node based on the vrrp_script configuration of the same script.
The backup node will have a keepalived-inotify service, which would watch
for newly received files and it would call hotplug event. Each service
can keep its respective script under the keepalived hotplug directory and
executes commands to stop, start service or update any config in real-time.
Whenever a switchover will happen, the backup node would have the latest
config and data files from the master node.
Hotplug events can be used to apply config when files are received.
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
tailscale version, tailscaled -version and the web UI reported the wrong
version number which doesn't cause any issues, but it can be confusing.
This is fixed by specifying the version in go ldflags similar to how
it's done in many other go packages and the official tailscale Dockerfile.
version.Long version can not be specified in GO_PKG_LDFLAGS_X because it
contains a space and GO_PKG_LDFLAGS_X is always split at a space.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
* ddns-scripts-services: provide ddns-scripts_service
* ddns-scripts-cloudflare: provide ddns-scripts_digitalocean.com-v2
* ddns-scripts-freedns: provide ddns-scripts_freedns_42_pl
* ddns-scripts-godaddy: provide ddns-scripts_godaddy.com-v1
* ddns-scripts-noip: provide ddns-scripts_no-ip_com
* ddns-scripts-nsupdate: provide ddns-scripts_nsupdate
* ddns-scripts-route53: provide ddns-scripts_route53-v1
* ddns-scripts-cnkuai: provide ddns-scripts_cnkuai_cn
https://github.com/openwrt/packages/pull/13509 renamed many ddns-scripts
packages, but didn't include a PROVIDES for the old package names to
make updates work well.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
When we explicitly declare, that we would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then we should
make sure, that we either endup with curl having that support, or it
shouldn't be available at all, otherwise we risk, that we end up with
regressions like following:
configure:25299: checking for wolfSSL_Init in -lwolfssl
configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
from conftest.c:47:
target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
#include <wolfssl/wolfcrypt/sp_int.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
and in the end thus produce curl without https support:
curl: (1) Protocol "https" not supported or disabled in libcurl
So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:
checking for wolfSSL_Init in -lwolfssl... no
configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
References: #19005, #19547
Upstream-Status: Accepted [https://github.com/curl/curl/pull/9682]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
* update to upstream version 2022-08-12
* add ca_certs_file option for CA certs file for curl
* add procd_add_interface_trigger for wan6 (hopefully fixes
https://github.com/openwrt/packages/issues/19531)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
There are many places in the packages' install recipes whith multiple
commands being executed in the same shell invocation, separated with a
semicolon (;). The return status will depend only on the last command
being run. The same thing happens in loops, where only the last file
will determine the result of the command.
Change the ';' to '&&', and exit the loop if any operation fails.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
There are six places pointing to files that do not exist any more:
- gns-import.sh in package gnunet-gns (dropped in v0.11.0)
- libgnunetdnsstub.so* in gnunet-vpn (integrated into util in v0.11.0)
- libgnunettun.so* in gnunet-vpn (integrated into util in v0.11.0)
- gnunet-service-ats-new in package gnunet (dropped in v0.12.0)
- libgnunetreclaimattribute.so.* (integrated into reclaim in v0.13.0)
- libgnunetabe.so.* in gnunet-reclaim (dropped in v0.17.2)
They were not noticed because their failing copy commands were part of
loops in which only the last operation had its exit status checked.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
According to the package's configure.ac, reclaimID OpenID Connect plugin
depends on jose. It is installed by the gnunet-rest plugin package:
libgnunnetrest_openid_connect.so.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* add setting to enable/disable blocking access to iCloud Private Relay resolvers
* add setting to enable/disable blocking access to Mozilla resolvers
* rename variables loaded from config in the init script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fix bug in download_lists and adb_allow to prevent unintended exclisions from
the block-lists of domains containing allowed domain. Fixes issue:
https://github.com/stangri/source.openwrt.melmac.net/issues/160
* add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains,
disabled by default
Signed-off-by: Stan Grishin <stangri@melmac.ca>
It was a bit confusing to use *verbosity* level for Dry Run mode. Add
explicity switch for it and designed DRY_RUN variable to make code
easier to understand.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename variable to make code easier to understand. This variable
specifies how many times in row ddns script tried to update IP without a
success.
Previous name ("ERR_UPDATE") didn't suggest it was for counting
anything. It also didn't specify was error was it related to.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Local suggests something related to the local network or available
locally only. All that code related to the "local" IP was actually
dealing with *current* device external IP address. Using name "current"
should make code a bit easier to understand.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rename variable to make code easier to understand. This variable
specifies how many times ddns script should try to send a request.
Previous name ("retry_count") suggested it was for *counting* attempts.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
* remove obsolete block-lists from config
* add removal of obsolete lists to config-update
* add AdGuard team's block-list to config
* improve allow command
* improve nftset support
* move config load to uci_load_validate, which required some code refactoring which
looks dramatic, but isn't
* always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options
for dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.ca>
snowflake-proxy doesn't write any files
=> run in read-only rootfs environment
the process needs to read SSL certs but no other files
=> only exposed path is /etc/ssl/certificates (read-only)
running as unpriviledged user with no additional capabilities
=> set no-new-privs bit
By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Gatling is a high-performance webserver from fefe. It gives a
fairly decent feature-set at really small size. And its fast.
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
mausezahn is a multicast traffic generator which is part of the
netsniff-ng sources. This utility is needed for the upcoming
kernel-selftests-net-forwarding package. Add a new package for it.
netsniff-ng will automatically detect all installed dependencies and
build only the utilities whose dependencies are installed (meaning:
mausezahn is not build when for example libcli is not installed and
other tools are not build if for example zlib is missing). Depending
on the selected packages (netsniff-ng or mausezahn) the OpenWrt build
system has to trigger netsniff-ng's configure script, which will then
pick up and automatically build the programs (mausezahn, netsniff-ng,
trafgen, ...) for which all dependencies are installed.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
The new package would help measuring one-way delays using ICMP type 13
packets. This is important for various scripts that automatically adjust
CAKE shaper bandwidth based on the observed bufferbloat. They need to
understand whether the delay is on the way up or on the way down, so
that they can adjust the bandwidth of the proper part of the shaper.
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth-historic/108848https://forum.openwrt.org/t/cake-w-adaptive-bandwidth/135379
V2: refreshed patches
Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
Fixes multiple security issues:
CVE-2022-38178 - Fix memory leak in EdDSA verify processing
CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query
CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected
CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer
CVE-2022-2795 - Prevent excessive resource use while processing large
delegations
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This version better decodes SSID names which contain emoji, control
characters, and other non-ascii characters.
https://github.com/awilliams/wifi-presence/pull/8
Signed-off-by: Adam Williams <pwnfactory@gmail.com>
Update the mdio-netlink kmod and userspace mdio-tools to version 1.2.0.
This allows dropping the time64 musl patch which was upstreamed.
[v1.2.0] - 2022-09-15
---------------------
- mdio: A new addressing mode "mmd-c22": Used to access MMDs attached
to MDIO controllers without Clause 45 support by using registers 13
and 14 in the device's Clause 22 register space
- mdio: Pretty print gigabit link capability information from a PHY's
extended status register
- mdio: Pretty print lots of status information from MMDs (C45 PHYs)
- mvls: Decode priority override information of ATU entries
- mvls: Table listings now always prints out the device information,
even on single chip systems.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Use an upstream commit to ensure time_t is defined in upsclient.h,
fixing a compile failure in collectd.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Add --without-linux-i2c to configure arguments to avoid using i2c if
found in the staging dir.
Switch to AUTORELEASE.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
- enable json by default to generate json stats
- add rpc to generate json status
- add kmod-nf-ipvs dependencies for virtual servers
- set default vip labels on virtual interfaces
- set process name for keepalived child processes
Signed-off-by: Jaymin Patel <jem.patel@gmail.com>
In the Makefile the library installation was accidentally called
"Package/iperf3/install" and not "Package/libiperf3/install". Fix this
typo. Thanks to Hartmut spotting this.
Also the iperf3-ssl does not need to depend on libiperf3.
Fixes ae48be8e21 ("iperf3: add shared libiperf library and link iperf3 dynamically")
Signed-off-by: Nick Hainke <vincent@systemli.org>
The metrics and weight need to be the same. A 50% balanced would be
require member policies of the same metric and weight value.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add library for creating own functions with iperf3 functionality.
Example: https://github.com/esnet/iperf/blob/master/examples/mis.c
This library is needed by python3-iperf3.
Build iperf3 binary with dynamically linked libiperf3. However, still
build iperf3-ssl as static binary due to a lack of shipping two libiperf
versions.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Re-mount '$config_file' inside the '$config_dir' will cause aria2 process unable to start.
Signed-off-by: Naraku J <74468372+Narakuku@users.noreply.github.com>
* some more cleanups, forgotten with the last update
* optimized unbound syntax ('always_nxdomain' & 'always_transparent')
* optimized oisd download sources (use wilcard variants which are much smaller)
* removed superfluous version information/function
Signed-off-by: Dirk Brenken <dev@brenken.org>
-- Release Message Snippet https://networkupstools.org/ --
After a long and windy trip since the last official release v2.7.4 half
a dozen years ago ... NUT v2.8.0! ... the new release includes numerous
new drivers, sub-drivers, protocols and bug-fixes, with many companies
and individuals chipping in with contributions of code. ...
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* dnsmasq upstream has changed the code for domain handling
and recommends the 'local' syntax for large blocklists
* remove pipefail command, see #19043 for reference
* removed the unused 'adb_dnsinotify' parameter
* removed the 'adb_maxqueue' parameter,
the queue size will be automatically set by the number of cpu cores
* various cleanups, mostly shellcheck related
Signed-off-by: Dirk Brenken <dev@brenken.org>
This package uses the macro
AC_PROG_LEX(yywrap)
which in new versions of GNU Autoconf
specifically looks for the yywrap function in the libraries,
and considers lex/flex not present if the function is not found.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Project V is a set of network tools that help you to build your own computer network.
It secures your network connections and thus protects your privacy.
For more details, see https://www.v2fly.org/en_US/guide/faq.html
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Beware that switching to the new major version 0.17.x results in
incompatibility with clients still running 0.16.x.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(LoRa) Basicstation is an implementation of a LoRa packet forwarder and is
intended to be run on the host of a LoRa-based gateway. Basicstation forwards
RF packets recieved by a concentrator to a LoRaWAN network server (LNS).
It also transmits RF packets received from the LNS to one or multiple LoRa
end devices. Further information: https://lora-developers.semtech.com/build/
software/lora-basics/lora-basics-for-gateways
Signed-off-by: Marcus Schref <mschref@web.de>
- Bump to the latest Git version in order to increase the package version
for simpler opkg upgrade of the broken version
- (Re-)Introduce PKG_RELEASE into the package, omitting it may lead to
opkg segmentation faults under certain circumstances
- Utilize automatic include hooks to drop the isolated miniupnpd table
in favor to chains within the main inet fw4 table, otherwise PCP is
unreliable as the upnp table might accept traffic which is later
rejected by fw4
- Install a fw4 script hook to restart miniupnpd on fw4 restarts and
reloads in order to repopulate the upnp chains with forward rules
- Register the used miniupnpd configuration file and the firewall uci
configuration as change sources, otherwise `/etc/init.d/miniupnpd reload`
has no effect if the firewall or upnpd config was changed
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default
is to disable engine support as engine support is deprecated. For ath79 architecture
build with autodetection engine support fails, so explicitly set off for now.
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Update the package to a commit that fixes an issue with removing PCP
mappings from nftables.
This also allows us to fix the nftables miniupnpd implementation on
openwrt.
In this new implementation, a table is created at the start of miniupnpd
and it is dedicated to miniupnpd with a priority above the firewall4
table. This allows miniupnpd to go ahead of the drop rules of firewall4
and forward traffic as needed. There was the possibility of adding a
chain inside the firewall4 table, but this would raise an issue where
if firewall4 was reloaded the port forwardings would be lost and
miniupnpd could be out of sync. When miniupnpd is stopped the table is
deleted, taking the port forwardings with it.
Some of this commit is based of msylgj's work, mainly the logic of the
init/hotplug scripts and the makefile build parameters.
Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Always use pthread_mutexattr_settype() the
pthread_mutexattr_setkind_np() function is not available in the
glibc and musl version used by OpenWrt.
This fixes the following compile error:
arc-openwrt-linux-gnu/bin/ld: gnunet_fuse-mutex.o: in function `GNUNET_mutex_create':
mutex.c:(.text+0x14): undefined reference to `pthread_mutexattr_setkind_np'
arc-openwrt-linux-gnu/bin/ld: mutex.c:(.text+0x14): undefined reference to `pthread_mutexattr_setkind_np'
arc-openwrt-linux-gnu/bin/ld: mutex.c:(.text+0x76): undefined reference to `pthread_mutexattr_setkind_np'
arc-openwrt-linux-gnu/bin/ld: mutex.c:(.text+0x76): undefined reference to `pthread_mutexattr_setkind_np'
collect2: error: ld returned 1 exit status
This patch was taken from:
https://aur.archlinux.org/cgit/aur.git/plain/pthread_mutexattr_settype.patch?h=gnunet-fuse
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add a patch which removes a call in Libxml2Parser.cc to 'xmlSetFeature'.
This function belongs to the 'depreciated' API part and is not
available in OpenWrt builds.
According to my understanding, this call can be removed safely since
it disables the feature "substitute entities" which is disabled by default.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
