Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When libevhtp is added to a package's PKG_BUILD_DEPENDS (i.e. for
seafile-server), libevhtp's target package dependencies are not
automatically selected, in particular libevent2-openssl and
libevent2-pthreads.
Moreover, if libevent-openssl and libevent2-pthreads are not selected,
OpenSSL and thread support are disabled when compiling libevent2, which
in turn causes a compile error when building libevhtp.
This adds a config option, LIBEVHTP_BUILD_DEPENDS, that will select
libevent2-openssl and libevent2-pthreads (via LIBEVHTP_BUILD_SELECT)
when it is selected.
Other build dependencies are moved to PKG_BUILD_DEPENDS.
This also updates seafile-server to remove the (indirect) dependencies
added in 13d843fec1 and instead select
LIBEVHTP_BUILD_DEPENDS.
This also updates the maintainer's email address and adds myself as
another maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
If BI_PARM is never set, it's "" and causes
infinite loop (before my PR sent upstream) or
error out (after my PR sent upstream).
Append -b option only if it's valid.
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
More threads can lead to a problem if a luci-app makes a fork
(e.g. for executing a command). Parallelism is still achieved
by using `processes = 3`.
Make the log more verbose by filtering only standard messages
for start/stop/reload out (leaving one line each).
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.
> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
As wifidog-ng builds a kernel module, it must use a PKG_BUILD_DIR in
KERNEL_BUILD_DIR instead of BUILD_DIR, otherwise old build artifacts may
be incorrectly reused when switching between different targets of same
architecture without a full clean.
Instead of fixing up the override, just remove it and instead move the
kernel.mk include above package.mk, so PKG_BUILD_DIR is set up correctly
by default.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
fix mips runtime by backporting some yang changes from master
added commited fixes to 7.3
also add option for snmp support
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of uacme.
This helps users with more complex use-cases to utilize uacme to update
certificates without adding complexity to the provided run.sh script.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of acme.
This helps users with more complex use-cases to utilize acme to update
certificates without adding complexity to the provided run.sh script.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
An interface can have both a /64 and a /128 from a provider.
In such a case, use the address from the /64 to do the ping check, not
the /128.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Since 19.07, netifd will not try to bring a device up
after someone brought it down. This way, there is no need
to rename the device.
It also fixes a rename error on 19.07 when the *_down device
was being in use (by netifd?).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* Remove preinst, the default prerm script will stop the service
* Use default Python package filespec and shebang fix
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates the package to use the default Python package build recipe,
adds a src package, and changes to download from PyPI (using pypi.mk).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
And libevent2-pthreads to DEPENDS.
While building with -j12 I seem to get:
[ sometimes this also includes libevent2-openssl ]
```
-- EVHTP_VERSION : 1.2.18
-- EVHTP_DISABLE_SSL : OFF
-- EVHTP_DISABLE_EVTHR : OFF
-- EVHTP_DISABLE_REGEX : OFF
-- EVHTP_BUILD_SHARED :
-- EVHTP_USE_JEMALLOC :
-- EVHTP_USE_TCMALLOC :
-- CMAKE_BUILD_TYPE : Release
-- CMAKE_INSTALL_PREFIX : /usr
-- CMAKE_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_CURRENT_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_CURRENT_SOURCE_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- PROJECT_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- PROJECT_SOURCE_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_MODULE_PATH : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/cmake
-- CMAKE_SYSTEM_NAME : Linux
-- CMAKE_SYSTEM_VERSION : 1
-- CMAKE_C_COMPILER : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc
-- CMAKE_AR : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc-ar
-- CMAKE_RANLIB : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc-ranlib
-- CFLAGS : -Os -pipe -march=pentium4 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -ffile-prefix-map=/home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18=libevhtp-1.2.18 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro
-DNDEBUG
-- Configuring done
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
LIBEVENT_THREAD
linked by target "evhtp" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
linked by target "test_proxy" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_basic" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_client" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_https_client" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_vhost" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_basic" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_extensive" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_chunked" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_query" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_perf" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_pause" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_https_server" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_vhost" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_request_fini" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
-- Generating done
CMake Warning:
Manually-specified variables were not used by the project:
CMAKE_ASM_COMPILER
CMAKE_ASM_COMPILER_ARG1
CMAKE_MODULE_LINKER_FLAGS
CMAKE_SHARED_LINKER_FLAGS
DL_LIBRARY
CMake Generate step failed. Build files cannot be regenerated correctly.
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Error was:
The domain 'example.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
Signed-off-by: David Yang <mmyangfl@gmail.com>
* add 'status_service' as workaround to init for 19.07
* fix 'wifionice' auto-login script
* fix autologin script matching
* change wifi scanning to logical interface name,
no longer use the radio device
Signed-off-by: Dirk Brenken <dev@brenken.org>
On some platforms where interfaces come up very slowly, this can
cause a race-condition with dhcpd coming up before all the interfaces
have finished initializing.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This removes Python build variants and adds PYTHON3_PKG_BUILD:=0 (where
appropriate) for the Seafile packages.
This also updates the way the Python bindings packages are packaged,
using automake installation instead of manual install recipes.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This removes Python-related build variants, and adds
PYTHON3_PKG_BUILD:=0 and minor build adjustments (where appropriate),
for non-Python packages. There should be no changes to build output.
This also updates some include paths for python3-package.mk and/or
python3-host.mk to be relative to the package Makefile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames "internal" recipes to use the Python3/ prefix and clarifies
the names (RunTarget to Run, Mod to ModSetup, Shebang to FixShebang).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This changes the recipe name prefix from Build/Compile/HostPy3 to
HostPython3, and clarifies some of the names (RunHost to Run, Mod to
ModSetup).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
HostPython3 only adds a few environment variables before running host
Python. It has only two users, Build/Compile/HostPy3RunHost and
Build/Compile/HostPy3RunTarget.
HostPython3 also accesses $(PYTHON3PATH), even though python3-host.mk
does not include python3-package.mk, where the variable is defined.
This removes HostPython3 and has its two users run host Python directly.
This also combines the environment variables of HostPython3 and the two
users into HOST_PYTHON3_VARS and PYTHON3_VARS.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
If set_hostapd_nr config flag is set, dawn will insert the nr reports
to allow the hostapd to answer to nr requests from clients.
Improve the synchronization of rcpi and rsni in the network.
Further, clients with bad 802.11k were sending beacon reports with
bssid 00:00:00:00:00:00. Catch those corner cases.
Signed-off-by: Nick Hainke <vincent@systemli.org>
If one file is a hard link to another, `mv` will not overwrite it;
`rm -f` the destinations beforehand.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
DAWN has a race condition with umdns that prevents dawn from surviving
a reboot.
Increase procd start and stop of dawn to 81.
Further, network is sometimes not ready. Add utimer to check if socket
binds correctly.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is to address the need for specifying dependency on a wget
implementation with ssl support.
Now we have a game of names for opkg
1. uclient-fetch: minimal version by openwrt project
2. wget-nossl: gnu wget w/o ssl support
3. wget-ssl: for the moment since this commit, gnu wget w/ ssl support
4. wget: uclient-fetch, wget-nossl, or wget-ssl
5. gnu-wget: wget-nossl or wget-ssl
By the time we provide some dummy package like uclient-fetch-ssl and
make it also provide wget-ssl, I guess by then we will also need
gnu-wget-ssl...
Ref: https://github.com/openwrt/packages/issues/11534
Ref: https://github.com/openwrt/packages/pull/9941
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* new upstream version 7.16.6
* fixing platform identifier for openwrt x86
(boinc issue https://github.com/BOINC/boinc/issues/3595)
* protected configuration from update
Signed-off-by: Christian Dreihsig <christian.dreihsig@t-online.de>
* add 'ca-bundle' dependency
* fix a sort bug in report engine
* fix potential bugs in the f_extconf function
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is cosmetic only, since openssl is the first one being defined, but
it avoids a warning in scripts/config, after upgrading to kconfig-v5.6:
tmp/.config-package.in:102839:warning: choice default symbol
'DNSDIST_OPENSSSL' is not contained in the choice
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
glibc needs an extra header included.
Also cast time values to 64-bit in preparation for 64-bit time_t for
32-bit platforms.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Transmission should stop early on system shutdown to avoid
for example fstab unmount disks when transmission is writing.
Signed-off-by: Francesco G <gfrancesco@users.noreply.github.com>
This minor version bump fixes:
CVE-2020-1934
CVE-2020-1927
Upstream added cross-compile compatibility to apxs, so we can drop a sed
script. Upstream also added the OpenWrt layout, so we can drop our local
copy.
The OpenSSL patch to remove deprecated symbols doesn't apply anymore and
gets removed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* removed 'hphosts' from sources (discontinued)
* fixed a "out of range" bug and another small issue
in the f_dnsup function
* add three new sources: 'anudeep', 'stopforumspam' and 'youtube'
* changed 'list' behaviour, the source file has now
a higher precedence than the archive file (see readme)
* update readme, added missing parameters & more
Signed-off-by: Dirk Brenken <dev@brenken.org>
Change dependency requirements based on kernel version. Ultimately in a
post Linux 4_14 world the differentation can be removed. In the short
term this allows post 4_14 kernels to use in-tree versions of the cake
shaper.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* fixed an oversight introduced in the last 3.99 pre-release series,
only relevant for "raw" mode e.g. dnscrypt-proxy users
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix dependency issue
* fix query timeouts in web frontend (seen with many selected lists),
now the query comes back latest after 30 seconds, to prevent any
timeouts, with all results to this point.
* add missing parameter in readme.md
Signed-off-by: Dirk Brenken <dev@brenken.org>
This version of obfsproxy will cease to function once Python 2 is
removed from the feed. Upstream has indicated[1] that this package will
not be updated to use Python 3.
This package will be added to the abandoned packages feed.
[1]: https://trac.torproject.org/projects/tor/ticket/31057
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This version of danish will cease to function once Python 2 is removed
from the feed. The maintainer has indicated[1] that this package will
not be updated to use Python 3.
This package will be added to the abandoned packages feed.
[1]: https://github.com/openwrt/packages/issues/8893#issuecomment-489312682
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In preparation for generating nftables-no/json variants, swap dependency
order to prevent following recursive dependency warnings:
tmp/.config-package.in:73879:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:73879: symbol PACKAGE_luci-app-nft-qos depends on PACKAGE_luci-app-nft-qos
tmp/.config-package.in:854:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:854: symbol PACKAGE_nft-qos depends on PACKAGE_nft-qos
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When building with strongswan-ipsec disabled, strongswan fails to build
because the ipsec.conf file does not exist. Fix this by moving the
ipsec.* files and directories to the strongswan-ipsec package.
Closes#10879 while keeping ipsec.conf to avoid breaking existing
setups, as opposed to #11709.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Fix proto_notify_error usage. In this function only a definition shall
be returned, which will later appear in the ubus status output of the
interface and not a whole string.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* Update to 7.80
* Add "full" variants for nmap and ncat that support Lua scripts (and
OpenSSL)
* Replace libcxx fix with upstream patch[1] (CHANGELOG change was
removed)
* Switch ndiff to use Python 3 (using a patch from Debian[2], which
comes from an upstream PR[3] plus a port of ndiff/setup.py)
[1]: ea4e2d6657
[2]: 0510c602dd/debian/patches/0004-Python3-port-of-ndiff.patch
[3]: https://github.com/nmap/nmap/pull/1807
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Dawn is a decentralized WiFi controller.
Just install dawn and the APs will find each other via umdns.
They periodically exchange information about connected clients, wireless
statistics and other needed information. With that, the daemon load
balances clients between different APs through association control.
Further, the daemon exposes through ubus the hearing map and the
complete wireless network overview. The hearing map is the list of all
probe requests seen from a client from all APs that are running the
controller.
Hearing map:
ubus call dawn get_hearing_map
Network overview:
ubus call dawn get_network
Dawn has a graphical user interface called luci-app-dawn. With that, the
load balancing and other useful settings can be controlled.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* new package dependencies: coreultis-sort and
a download util with SSL support
* focus on speed (multicore-support) to handle quite big lists
* include 38 pre-configured blocklist sources in a compressed
json file (/etc/adblock/adblock.sources.gz)
* dynamic SafeSearch support for google, bing, duckduckgo,
yandex, youtube and pixabay (CNAME (bind) & IP (dnsmaq, unbound))
* DNS backend autodetection
* Download Utility autodetection
* Report Interface autodetection
* Easy cron wrapper to set an adblock related auto-timer for
automatic blocklist updates
* raw domain/blocklist support (e.g. for dnscrypt support)
* re-add restrictive Jaillist support
* rework online doc
* Complete LuCI rewrite (migrated to client side JS)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Phase 2 buildbots with this option enabled will cleanup openvswitch
build dir which is needed later when building ovn
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add a conffiles-section for the /etc/swanctl folder, which is used by the swanctl util. This will keep the configfiles during an sysupgrade.
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
This is to address the need that openvswitch starting with 2.13 now
depends on libunwind for handling SIGSEGV (upstream commit e2ed6fbeb18
("fatal-signal: Catch SIGSEGV and print backtrace"))
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Compared to original packaging scheme within openvswitch, we removed
ovn-trace, ovn-detrace from openvswitch-ovn-common package. ovn-detrace
requires python libs to run, so it does not actually work out of box in
previous builds anyway.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
python2 library is now removed as the transition has been done by the
upstream project
OVN is now a separate project released with its own release plan and
it's not included within openvswitch starting with ovs 2.13.
openvswitch.mk is split out from the main Makefile for adding ovn
packages back in following commits.
The following two patches are already included in 2.13
- ovsdb-idlc-fix-dict-change-during-iteration.patch
- compat-Include-confirm_neigh-parameter-if-needed.patch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
