samba.org has apparently started to enforce https-only downloads,
so update the download links for rsync and cifs-utils.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed renamed option in stop_service
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed typo in makefile, switch FW_MARK to 0x010000 to play nice with SQM/mwan (thanks Hannu)
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: proper masking in setting mark
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: separating luci-app-vpnbypass into different tree
Signed-off-by: Stan Grishin <stangri@melmac.net>
vpnbypass: fixed incorrect use of procd_add_reload_interface_trigger according to http://wiki.prplfoundation.org/wiki/Procd_reference
Signed-off-by: Stan Grishin <stangri@melmac.net>
Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.
- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'
README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).
The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.
/etc/config/dhcp
config odhcpd 'odhcpd'
option leasetrigger '/usr/lib/unbound/odhcpd.sh'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The virtual package declared by PROVIDES must not have the same name as the
variant declaring it, otherwise buildroot will fail with errors like:
cp: '.../pkginfo/mosquitto.provides' and '.../pkginfo/mosquitto.provides' are the same file
In order to fix the above error, rename the existing "mosquitto" and
"libmosquitto" packages into "mosquitto-ssl" and "libmosquitto-ssl"
respectively.
Also substitute use of $(PKG_NAME) with literal "mosquitto" in
Package/* defines to improve readability of the Makefile.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Compile tested: LEDE HEAD
If unixodbc package is present in the environment, subversion
fails to compile due to missing dependencies.
Fixes the dependency on unixodbc if unixodbc package is selected.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
Update the pen package to upstream release v0.34.0 in order to fix the
following build error reported by the buildbot:
ssl.o: In function `ssl_create_context':
ssl.c:(.text+0x9c): undefined reference to `SSLv3_method'
collect2: error: ld returned 1 exit status
Also switch from PKG_MD5SUM to PKG_HASH with SHA256 while we're at it.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The buildbots fail to build socat due to the following error:
nestlex.c:14:7: error: unknown type name 'ptrdiff_t'
It appears that certain source files do not include all required headers,
depending on the configure options passed to socat.
Work around the error by passing `-include stddef.h` via `TARGET_CFLAGS` to
forcibly inject this header file into all compilation units.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adding PROVIDES to both the daemon and library and -nossl variants allow
downstream packages to simply declare a single dependency.
mosquitto-client however, still needs to explicitly depend on the ssl or
nossl variant however.
Signed-off-by: Karl Palsson <karlp@etactica.com>
use ntpq to check the status of the ntp server as all other status scripts included in the ntp tarball are
based on perl which would dramatically increase the footprint of ntpd
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Wondershaper has been superseded by both qos-scripts and sqm-scripts, it's time to retire it for good.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Mark the directories containing the keys for hidden services as
conffiles to preserve them over sysupgrade.
Fixes: #2247
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In addition update some configure options and use EXTRA_CFLAGS.
Setting RunAsDaemon to 1 will be overwritten by the init script option
"--runasdaemon 0" anyway and we want it in foreground for procd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Adds configuration option for NFQ capture, moves often written
configuration files to /var/etc.
Signed-off-by: Jonathan Bennett <JBennett@incomsystems.biz>
Released version 1.7.2 with the following main changes :
- BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
- SCRIPTS: git-show-backports: fix a harmless typo
- SCRIPTS: git-show-backports: add -H to use the hash of the commit message
- BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
- DOC: lua: documentation about time parser functions
- DOC: lua: section declared twice
- BUG/MINOR: lua/cli: bad error message
- DOC: fix small typo in fe_id (backend instead of frontend)
- BUG/MINOR: Fix the sending function in Lua's cosocket
- BUG/MINOR: lua: memory leak executing tasks
- BUG/MINOR: lua: bad return code
- BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
- BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
- BUG/MINOR: stats: fix be/sessions/current out in typed stats
- BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
- BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
- BUG/MINOR: systemd: potential zombie processes
- DOC: Add timings events schemas
- BUILD: lua: build failed on FreeBSD.
- BUG/MINOR: option prefer-last-server must be ignored in some case
- MINOR: stats: Support "select all" for backend actions
- BUG/MINOR: sample-fetches/stick-tables: bad type for the sample fetches sc*_get_gpt0
- BUG/MAJOR: channel: Fix the definition order of channel analyzers
- BUG/MINOR: http: report real parser state in error captures
- BUILD: scripts: automatically update the branch in version.h when releasing
- BUG/MAJOR: http: fix risk of getting invalid reports of bad requests
- MINOR: http: custom status reason.
- MINOR: connection: add sample fetch "fc_rcvd_proxy"
- BUG/MINOR: config: emit a warning if http-reuse is enabled with incompatible options
- BUG/MINOR: tools: fix off-by-one in port size check
- BUG/MEDIUM: server: consider AF_UNSPEC as a valid address family
- MEDIUM: server: split the address and the port into two different fields
- MINOR: tools: make str2sa_range() return the port in a separate argument
- MINOR: server: take the destination port from the port field, not the addr
- MEDIUM: server: disable protocol validations when the server doesn't resolve
- BUG/MEDIUM: tools: do not force an unresolved address to AF_INET:0.0.0.0
- BUG/MINOR: ssl: EVP_PKEY must be freed after X509_get_pubkey usage
- MINOR: proto_http.c 502 error txt typo.
- DOC: add deprecation notice to "block"
- BUG/MINOR: Reset errno variable before calling strtol(3)
Signed-off-by: heil <heil@terminal-consulting.de>
We believe snmpd-static isn't useful, but download stats show it's still
being downloaded. Instead of dropping it, make it a dummy package that
depends on snmpd.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
This fixes a bug when mosquitto is crosscompiled in LEDE on OS X.
UNAME is explicitly executed on the host, when we want it to be treated
as a regular linux build.
This patch passes the proper UNAME=Linux variable to the mosquitto
make file in order to respect linux as cross-compiler.
Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de>
Reviewed-by: Karl Palsson <karlp@tweak.net.au>
This change fixes multiple denial-of-service vulnerabilities:
* CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
* CVE-2016-9147: An error handling a query response containing
inconsistent DNSSEC information could cause an assertion failure
* CVE-2016-9444: An unusually-formed DS record response could cause
an assertion failure
* CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure
in db.c
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Per user request ship the sample upsset.conf file so that
upsset functionality can be used with nut-cgi
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Current maintainer (Martin Rowe) offered to hand over
maintership because I'm interested in doing more with
the package than he requires for his own use, so he
felt it made sense for me to maintain the package.
I accepted, hence this commit.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Use /var/run/nut as statepath and set appropriate owner
and permissions on /var/run/nut in order to avoid pidfile
for nut being world-readable.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
It looks like serial support was accidentally dropped due to missing
pieces on Config.in and Makefile. Add back serial support by fixing
that.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
With a LuCI app (of which I have one written) ucification makes
sense (and is in fact needed), so ucify the initscripts.
Also, rather than making selection of things to include an image
a matter of selecting compile-time config options, make optional
things into seperate packages that are built in default builds,
and leave selection of what to include or not up to the user
(e.g. using ImageBuilder, or adding packages via opkg).
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- fix ip extraction if knot host is used together with glue records
- fix ip extraction from nslookup if reverse dns record has ip with dot reported at http://forum.lede-project.org/t/ddns-scripts-error/909
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Add a few mirrors in-front of main site for offloading
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Before this change logging was always activated and then IoTivity wrote
a lot of debug messages. Make it now configurable.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Install the header files needed to build something against IoTivity.
This will have it easier to build an application using IoTivity library.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These patches are making it possible to provide the compiler settings
from the environment so LEDE can change them. This replaces the old
patches with the versions send for upstream inclusion.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This does the following changes:
* update to version 1.2.1
* add iotivity-resource-directory-lib, this is needed by most
applications now
* do not activate security support by default, this caused some
problems and needs some more settings to setup.
* use sqlite version from normal package feed instead of using an own
version
* build against LEDE version of mbedtls
* update example security configuration
* remove some patches that went upstream
* add some new patches fixing problems observed in my environment, most
of them are on their way upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- cloudflare v1 change syntax of option domain to "host.sub@example.com" like already cloudflare v4 and godaddy to prepare logterm remove of public_suffix_list.dat from package
- change Makefile to be backportable to CC15.05 and working on DD
- change ddns.defaults to prepare future releases of ddns-scripts
- minor fixes
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Talked it over with Ben (@scrpi).
He said he'd be fine with taking over maintainership of this.
@scrpi: please confirm this on PR.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Copy mime.conf to temporary directory so squid process can properly read the file. Without it squid cannot access mime.conf and throws a warning during startup.
Signed-off by: Adam Gensler <openwrt@a.gnslr.us>
HTTP header content-disposition isn't honored resulting in source tarball name only containing version number.
Switch to GIT repo as workaround to avoid clashing filenames.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Version bumped to 4.3.5. Separated out compile/install steps since
compiling with $DESTDIR yields bogus results. Removed rfc-3527 patch
as something similar (better) is now upstream (well, more complete
error checking anyway). Change relay scripts from '-l ifname' to
'-U ifname' to correspond to upstream changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Instead of causing nondeterministing conditional compilation depending on
whether libnl-core happens to be present or not, fixup the net-snmp package
to link against libnl-tiny which is present by default on the majority of
systems.
In order to successfully build against libnl-tiny, a number of things had
to be fixed in both the upstream configure and the outer Makefile:
- Add a patch which fixes the upstream configure macros to properly handle
cases where the cache variables for nl_connect() and netlink.h tests are
predefined. Without this patch, all subsequent link tests in configure
will fail, causing the build system to assume functions like opendir() or
readdir() to be missing, leading to build failures later on due to
conflicting redefinitions of structures and function prototypes
- In the same patch, stop probing the host systems /usr/include/libnl-3 if
ac_cv_header_netlink_netlink_h is given. This brings the proprietary
configure bits in line with the behaviour expected from autoconfig in a
cross compile setting
- Explicitely request nl support by passing the --with-nl flag to configure
- Pass the required cache variables to skip the broken tests for
nl_connect() and netlink.h
- Amend TARGET_CPPFLAGS to let net-snmp's build system discover nl-tiny's
netlink/netlink.h and netlink/socket.h
- Enable the autoreconf fixup to regenerate the broken shipped configure
from patched macros
- Adjust the depends to unconditionally require libnl-tiny
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add support to configure strongswan via uci.
uci support is based on the following sections
-ipsec : Global config items belonging in the strongswan.conf file
-remote : Defines the remote peer(s)
-tunnel : Defines the IPSec connections in tunnel mode
-transport : Defines the IPSec connections in transport mode
-crypto_proposal : Defines the different crypto proposals
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
Signed-off-by: Gino Peeters <peeters.gino@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit e73964fa8f incorrectly dropped the
patch 101-update-struct-msghdr.patch. Add it again, and while add it
also add the follow-up patch that was added upstream.
Fixes#3757.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When libnl-core is enabled, but libnl isn't, build fails because of a
missing dependency on libnl-3.so.200. Depending on libnl-core seems to
work for both cases.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update to 5.7.3 by refreshing patches; remove 800-format-security
as upstream integrated.
Add libnl dependency in the package Makefile as net-snmp will check
if libnl is enabled in config_os_libs2.
Remove unneeded PKG_FIXUP build variable.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
this installs the default MIBS-files under /usr/share/snmp/mibs .
Also aligns the defines to the same sorting-scheme.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
change download link from git:// to https:// .
Git links are less safe (not encrypted) and, more importantly, they are blocked by company firewalls.
Https links do not have either issue.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Move git hash to PKG_VERSION instead of PKG_RELEASE
Use xz git tarball instead of gz
Add dependency to ustream-mbedtls as mbed TLS 1.3 is deprecated.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Dropped patches, unrequired.
There is a newer version released, but I cannot vouch for it yet.
We've been using this one for about a year now.
Since, I only recently became maintainer of `keepalived`, I will
push this as the current stable one, and start using a newer
version internally, before releasing it to the public.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* switch to procd interface trigger
* no additional active monitor/polling in the background
* simplified code
* new option "trm_maxwait", how long (in seconds)
should travelmate wait for wlan interface reload action
(default: '20')
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
keepalived seems to be rather particular about which config parameters
come before others.
When defining a virtual IP address, keepalived will check to see if the
vrrp instance is associated with a valid interface. Previously, the
interface parameter was declared after the virtual IP address which
caused an error when keepalived tried to run this check. Keepalived
tries to fall back to checking if 'eth0' exists.
The fix is to re-order the config stanzas so that the interface
parameter comes before the virtual IP address definitions.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Also fix ordering of config stanzas
We were parsing the track_script and track_interface definitions to
include the weight param when configuring a vrrp_instance. This is not
correct, as the weight param inside a vrrp instance is used to augment
the one defined in the script.
We were also not taking into account vrrp_script stanzas
This commit skips the parsing and simply lists the name of the
track/vrrp object
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Adding @scrpi (Ben Kelly).
Initial UCI config support was written by me (@commodo)
Updates & fixes added by Ben.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
keepalived seems to work fine without it.
There is fall-back code that kicks in when it's not present.
So, we will build against (or pull) the libnl package only
if there is another package that pulls it.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dynapoint is a dynamic access point manager
Signed-off-by: Tobias Ilte <tobias.ilte@campus.tu-berlin.de>
Acked-by: Thomas Huehn <thomas.huehn@evernet-eg.de>
- minor whitespace fixes/cleanups
- squashed multiple commits into a single one before merge
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- no longer build public_suffix_list.dat.gz during build #3678
- replace "\s" with "[[:space:]]" inside Makefile because "\s" ignored by some sed versions
- tools/public_suffix_list.sh still available to rebuild public_suffix_list.dat.gz outside OpenWRT/LEDE build system
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Get public_suffix_list.dat without using secure connection. #3678
File generated during build, because it's the only option to have an
actual version packaged.
Long term Cloudflare_v1 package will be changed to no longer need
public_suffix_list.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Maintainer: @arfett
Compile tested: ramips, xiaomi mini, r49946
Run tested: ramips, xiaomi mini, r49946
Description: Bump to 1.4-5. Added new page for wifi configuration edit, similar how the current network configuration page works.
Also enabled collecting of wifi configuration in troubleshooting page.
Signed-of-by: Tomislav Požega pozega.tomislav@gmail.com
Update to a new wireguard version. Simple version bump.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Endpoint dependency implemented. The actual endpoint is used exclusively. Using
this approach we are dual-stack safe (not errors on missing protocol) and create
only the dependency that are really necessary.
Signed-off-by: Dan Luedtke <mail@danrl.com>
* fixed dnsmasq check if multiple instances are present
* bring back query function on highly demand
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed a dnsmasq restart issue (udhcpc error)
* fixed a long standing corner case bug in "disabled" state (does not
remove active block lists!)
* simplified overall sort, removed needless 'for loop'
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix return codes, if ip data at Godaddy.com and Cloudflare.com are
already up to date, handle it as succesful update.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* changed complete dnsmasq handling
- no longer redirect ad requests to internal web server via firewall
rules etc., in fact send back a simple NXDOMAIN for all
ad related (sub-)domains
- smaller memory footprint for block lists
- removed needless uhttpd instances
- removed needless firewall rules/redirects
* init/hotplug system migrated to procd
- removed hotplug.d script, now using procd interface trigger
* reduced code size/complexity
- removed needless internal pre-checks & function blocks,
no longer rely on a separate helper library
- removed flash writes to adblock config
* support different download tools like wget (default), aria2c,
uclient-fetch, curl (see online doc)
* adblock status/statistics via ubus call (see online doc)
* various bug fixes
* documentation update
* changed makefile copyright notice
Signed-off-by: Dirk Brenken <dev@brenken.org>
- UCI to take advantage of "qname-minimisation-strict:"
- UCI to block chaos reponses bind, server, and version
- UCI to limit or prefer recrusion over IP4 or IP6
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- UCI option dnsmasq_gate_name typo in few locations
- NTP hotplug to check /etc/init.d/unbound not ..dnsmasq
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- update_cloudflare_com_v4.sh: enclose urls in single quotes
- dynamic_dns_functions.sh: force to return only one ip, if using nslookup to get registered ip
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Update to new snapshot version. We also make IPV6 optional, and
conditionally selecting the udptunnel6 module, using the same trick that
the strongswan package also uses for this kind of dependency expression.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
When only kmod-openvswitch is enabled, which commonly happens during LEDE
release builds, there is no need to build the entire userland of openvswitch
as this is done at a later stage on systems dedicated to build only userspace
packages.
This change conditionalizes the dependency on python, which means that python
prerequisites are only compiled if the openvswitch-python package is enabled,
which allows us to eliminate the entire python dependency chain.
Furthermore, this change sets MAKE_PATH to the kernel module sub directory
if only kmod-openvswitch is enabled which causes the openvswitch build system
to only process sources related to the .ko files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch prepares for another future package (ecdsautils),
which builds multiple binaries all linked to libuecc.
The changes are a direct copy of [1]. The original commit
message was:
> commit cb2ecbfdf0c478568a28aacb99d30fd6ee5c0dd1
> From: Matthias Schiffer <mschiffer@universe-factory.net>
> Date: Tue, 3 May 2016 21:33:34 +0200
> Subject: libuecc: use shared instead of static library
>
> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
[1]: cb2ecbfdf0/patches/packages/openwrt/0007-libuecc-use-shared-instead-of-static-library.patch
Signed-off-by: Dominik Menke <dom@digineo.de>
modified Makefile to:
- stop service before install when updating reported at http://forum.lede-project.org/t/ddns-scripts-upgrade-issue/456/1
- run uci-defaults for all packages
- modify services files only on new installation
still some commands already covered by default_postinst() etc. but they are in there for backward compatibilty.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
This version of ocserv needs us to explicitly specify the prefix
for libev. Add a --with-libev-prefix parameter to make the
configure stage to get the right library.
Signed-off-by: Angelo G. Del Regno <kholk11@gmail.com>
- History: prior to package 1.5.10-3 /var/lib/unbound was not used
- History: prior to package 1.5.10-4 no UCI scripts were provided
- Problem: UCI 'option manual_conf 1' only copied unbound.conf and root.key
- Problem: power users that had complex file nests cannot use this
- Fix: README.md includes instructions for /var/lib/unbound jail
- Fix: unbound.sh copies ALL of /etc/unbound for 'option manual_conf 1'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- tld_names.dat.gz
- rename to public_suffix_list.dat.gz
- (re)created during build
- new location /usr/share
- move services files to /etc/ddns
- new services
- CloudFlare.com-v4 using API-Version 4 without using public_suffix_list.dat
- GoDaddy.com
- both depending on cURL package
- both with modified syntax for option domain ( NEW: [host[.subdom]@]domain.tld )
- new service
- Now-DNS.com formerly Now-IP.com
- service afraid.org now supports key-auth and basic-auth
- new command line options for dynamic_dns_updater.sh and dynamic_dns_updater.sh
- adapted ddns.init and ddns.hotplug to new command line options
- renaming config options inside section global
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Now that we don't ship any modules by default, znc might be started
without any modules. Unfortunately znc refuses to start without any
modules, so patch out the appropriate check.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
-unbound.sh implements the majority of requirements in README.md
-rootzone.sh reloads a small subset for alternate trigger maintenance
-unbound.init sets procd triggers on Unbound and dnsmasq (dhcp) UCI
-two part commit squashed with Makefile included
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-dnsmasq really provides nice local DHCP-DNS records
-Unbound host records would be clumsy to update
-Unbound can be configured to forward to dnsmasq
-iptools provided to facilitate PTR records
-flexible ipv6 colon notation is a bit complex
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-DNSSEC needs time, time needs ntp, or power off RTC
-Many consumer routers are cost thrifted without RTC
-Conf "val-override-date: -1" disables time inside DNSSEC
-Need restart as option is not dynamically switchable
-hotplug/ntp is used to set file /var/lib/unbound/unbound.time
-UCI will add or remove option depending on flag-like-file
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
If libjson-c is detected during bind-libs configure phase, bind-libs
will be built with libjson support. This results in a missing dependency
error during install phase. Solve this by disabling libjson support.
This updates to the latest git version of acme.sh and drops the patch to
disable timestamps from the output (since that is now supported
upstream).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This version handles transitioning from a previous certificate that was
issues using the staging server, adds more debug logging, and handles
state directories better if issuing fails.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
quassel-irssi is an irssi plugin that allows irssi to connect to
Quassel cores. Quassel is a distributed IRC client in which the
core can run independently and be connected to by quassel clients
over the network.
Signed-off-by: Ben Rosser <rosser.bjr@gmail.com>
Create & run znc as a specific user rather than nobody. Converted to
use procd, removing dependencies on znc's 'droproot' module & 'su'
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
- haproxy 1.6 needs OPENSSL_WITH_DEPRECATED, OPENSSL_WITH_EC NPM ...
- fix buildflags for lua, so its not build with the host compiler
- fix duplication of defines
Signed-off-by: heil <heil@terminal-consulting.de>
The advanced playback module makes it possible for IRC clients to avoid
undesired repetitive buffer playback. IRC clients may request the module
to send a partial buffer playback starting from and ending to a certain
point of time.
Particularly useful with (supporting) mobile clients such as Mutter,
Colloquy & others.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
---
Unfortunately playback.cpp is not included as part of the standard ZNC
modules and so has been added as a patch.
- based on the work done by el1n with his authorization (https://github.com/el1n/OpenWRT-package-softether)
- updated softethervpn to latest version
- introduced necessary patches for lede compatibility (nossl3)
Signed-Off-by: Federico Di Marco <fededim@gmail.com>
Patch 101-musl-fixes defines __kernel_nlink_t as void; but using
a pre-3.6.11 kernel on an arm cortex defines __kernel_nlink_t as
unsigned short using uclibc
Fix the compile issue by not redefining __kernel_nlink_t
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes issue openwrt#3403 "radiusd requires a temporary directory to be existent for certain operations, like verification of certificates."
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This version will use the standalone (netcat) mode of acme.sh during
verification instead of exposing uhttpd to the internet for the duration
of the verification. It will also add an ip6tables rule to also support
verification over IPv6.
Also contains an updated version of acme.sh.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
musl.h was included before _GNU_SOURCE in 101-musl-fixes patch
leading to compilation issue on gcc (RTLD_DEFAULT not being
defined in dlfcn.h due to __USE_GNU not being set).
As described in the feature test macro man page feature macro
can be defined in the source code but need to be defined before
including any headers.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
'cifsmount' alone is not able to mount a SMB share, after
having installed kmod-fs-cifs this was possible.
So I guess adding kmod-fs-cifs as a dependency to cifsmount is ok.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Package doesn't build with uClibc without them, but no change for other libc
variants so no need to bump revision.
Signed-off-by: Michal Hrušecký Michal.Hrusecky@nic.cz
-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-Unbound RFC 5011 is busy and writes frequently
-RFC 5011 creates working files in same directory
-DNSSEC root.key managed in /var/lib/unbound
-Protect against flash ROM wear out in /etc/unbound
-Scripts will copy back every 7 days instead
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-Rebind to new interfaces cleanly
-Detach from old interfaces cleanly
-Some conf options do not reload dynamically
-Unbound grows some and this will shrink it
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* change option 'trm_iw' to boolean,
1 => use iw (default)
0 => use iwinfo
* option 'trm_maxretry' now accepts '0' to disable this check at all
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
The configure script (for libdnet) seems to find <net/bpf.h>
and detect some BSD stuff.
The lidnet's Makefile wants to include eth-bsd.c, arp-bsd.c
and other BSD friends.
This seems to put a cork on it, and no BSD stuff appears anymore.
[at least on my system].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Adds gitolite package which is a handy administrative tool for
managing shared git repositories.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- privoxy.init fix handling of config section "system"
- change start/stop to start=95 and stop=10
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Lcdringer is a tool which runs on a Raspberry Pi with an LCD
display. Lcdringer connects to an XMPP server, listens for messages
sent to a particular Jabber ID, and displays these incoming messages
while playing an audible alarm. Lcdringer also responds to the messages
it receives with an indication of whether or not the audible alarm was
acknowledged with a button press.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
-Remove interlaced configuration changes
--Less sensitive to upstream example.conf changes
--Easier to read patch-of-patch work for maintenance
-Use MEMORY CONTROL EXAMPLE from http://unbound.net/
--Review and rework with respect to previous pacakge
--Effectively the same configuration as previous package
-Disable DNSSEC by default due to real-time chicken-n-egg
--Many OpenWrt target devices have no power-off clock (reboot)
--User choice of work around should be conscious
--Initial install should not fail reboot with DNSSEC default
-Add some defaults explicitly to prevent surprises
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
ec165c392c
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Wrap around dhtcache vs. datacache confusion which prevented
the datacache service from starting.
While at it, sanetize default package selection.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Explicitely disable liblz4 and external libtalloc support in order to avoid
implicit dependencies leading to the following error on build environments
that happen to provide liblz4 and libtalloc:
Package ocserv is missing dependencies for the following libraries:
liblz4.so.1
libtalloc.so.2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* add new 'envchk'function to check adblock environment only,
i.e. check volatile firewall rules or uhttpd instances
without list updates
* add new optional parm 'adb_loglevel',
set it to "0" to mute output (print only errors)
* set hotplug priority to '90' as well (missed in the last commit)
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
I think re-ordering the assignments is important here,
_and_ using := for PKG_SOURCE_SUBDIR instead of simple =.
I also grouped the assignments to make it more readable,
IMHO at least :-)
While at, we should also specify the license file
and remove the unneeded Compile definition - the default
just works fine.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- moved from net to mail category
- removed no-ssl package and added ssl support as configuration option (default enabled)
- added configuration option to support extended logging (default disabled)
- disabled build of test tools
- added LEDE compatibility (support for openssl without SSL3)
Signed-off-by: Federico Di Marco <fededim@gmail.com>
This should massively improve performance for (at least) MIPS targets:
* poly1305: optimize unaligned access
This is a very appreciated fix from René van Dorst, adjusting the
arithmetic in Poly1305 to work fast on platforms with slow unaligned
access, such as MIPS. According to his calculation, this gives a 50%
improvement on small MIPS boxes.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
remove postinst (of main package) from Makefile because all is done inside uci-defaults scripts
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
commands to apply changes introduced during release changes, moved from Makefile postinst to /etc/uci-defaults
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* now a single config file in /etc/afp.conf
* convert services to procd while at it
* take over maintainership as the original maintainer is
unresponsive (see #1550)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
because otherwise the build of this package in LEDE trunk fails, complaining about lack of libz.so.1
signed off by Alberto Bursi <alberto.bursi@outlook.it>
- if local ip cannot be detected or is invalid then do not exit ddns-scripts #2950,
using multiple url's to detect local ip not jet implemented
- change spdns.de update url and add sydyn.de inside services file #2991
- move transfer- and lookup-program detection to dynamic_dns_functions.sh
so run once at startup in stead of at every transfer/lookup
- add khost, drill and hostip to verify_host_port() function
- updated tld_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
The package creates a "mosquitto" user, but the support added for
persistence creates the data directory as root running the init script.
Properly chown the newly created directory to ensure it's writable.
Signed-off-by: Karl Palsson <karlp@etactica.com>
* enhance the new query function:
change the regex to find only the relevant blocklist entries
add a recursive tld search to quickly identify domains for
whitelisting (see documentation)
better result preparation
* add securemecca as new blocklist source
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add a query function to search the active blocklists for a specific
domain (/etc/init.d/adblock query <DOMAIN>)
* fix bug in ap mode/uhttpd port detection
* check general firewall and dnsmasq package dependencies and remove
redundant checks in ap mode
Signed-off-by: Dirk Brenken <dev@brenken.org>
* added a 'window.close()' to adblock landing page to automatically
close any pop-ups that might get loaded with a blocked ad
* simplified dnsmasq check in ap mode
Signed-off-by: Dirk Brenken <dev@brenken.org>
* change the default hphosts list source to ad and tracking servers
only, the overall list includes to many false positives
* new optional config parm 'adb_hotplugif' to restrict hotplug support
to a certain wan interface or to disable it at all
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Update Csocket to a newer version with compile fixes for OpenSSL with
disabled compression support. Since we don't get zlib as an transitive
dependency anymore, also add zlib as an explicit dependency.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Set teardown_on_l3_link_down notifying netifd xl2tpd wants to be
teared down when layer3 link loss is detected
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
while at it, also fix post-install script and no longer ship
gnunet-download-manager.scm, we ain't got guile anyway and it wasn't
touched for 12 years.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes two issues with the freeradius package init scripts:
- The package installs libraries in /usr/lib/freeradius{2,3}, but the
musl dynamic linker won't find them there unless LD_LIBRARY_PATH is
set to include this directory. This adds an appropriate env statement
to the procd init setup.
- procd expects services to stay in the foreground, or it will be unable
to properly shut them down again. This adds the -f flag to radiusd to
achieve that.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This adds a package wrapping the acme.sh script from
https://github.com/Neilpang/acme.sh in Uci config and hooks to interact
correctly with uhttpd.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Before starting chilli instance, it first removes generated
files (/var/run/chilli*) for the instance. While deleting
generated files, it doesn't match full instance name.
Thus if coova-chilli config file (/etc/config/chilli) has
instances wlan11 and wlan1 in order,
when creating coova-chilli instance for wlan1, it is removing
files generated for wlan11 instances also (as it uses wlan1*
in remove command).
Fix issue by matching full instance name while removing old files.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
Signed-off-by: Bhargav Patel <br13patel@gmail.com>
From the Tor project page:
obfsproxy is a tool that attempts to circumvent censorship, by
transforming the Tor traffic between the client and the bridge. This
way, censors, who usually monitor traffic between the client and the
bridge, will see innocent-looking transformed traffic instead of the
actual Tor traffic.
This depends on:
- pyptlib (#2053)
- twisted (#2052)
Also, txsocksx (#2058) is necessary to use an outgoing SOCKS proxy,
and having either gmpy2 (#2067) or gmpy (#2051) installed will help
speed up calculations.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Tcpreplay is a suite of free Open Source utilities for editing and
replaying previously captured network traffic. Originally designed
to replay malicious traffic patterns to Intrusion Detection/Prevention
Systems, it has seen many evolutions including
capabilities to replay to web servers.
Pretty useful for testing stuff too.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
for working out the interface name
Working:
ubus -S call network.interface dump|jsonfilter -e "@.interface[@.interface=\"wan\"].l3_device"
Broken:
ubus -S call network.interface dump|jsonfilter -e "@.interface[@.interface=\"wan\"].device"
Fix run tested:
root@wifi:/overlay/upper# ps |grep mini_snmpd
1404 root 980 S /usr/bin/mini_snmpd -n -c public -L Undisclosed -C VGB <admin@victimsofgaybullying.com> -t 1 -a -d /overlay,/tmp -i br-lan,pppoe-w
Before it wasn't using the pppoe interface it was using the parent
interface eth0 twice. Small 1 line fix. Merge at your convenience.
Signed-off-by: Luke McKee <hojuruku@gmail.com>
Also fix a new compilation error, due to upstream changes in the build
system. SUBDIRS= is deprecated when building external kernel modules, use
M= instead to fix compilation.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Maintainer: Ondrej Caletka / @Oskar456
Compile tested: TurrisOS 3.1 (fork of OpenWRT Chaos Calmer), Trunk (both uClibC and musl)
Run tested: mpc85xx - Turris 1.0 - TurrisOS - no problems observed
Upstream: https://github.com/fln/addrwatch / @fln
Description:
This is a tool similar to arpwatch. It's main purpose is to monitor network
and log discovered ethernet/ip pairings.
The package has been UCIfied, care has been taken to reload the deamon
every time an interface goes up or down.
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
freeradius-server version 2.x has been marked End-Of-Life.
This commit adds freeradius-server version 3.0.11 in a new package.
This commit also introduces the option "freeradius3-default"
which activate all modules needed to run radiusd with its default
configuration.
- rlm_digest (HTTP Digest Authentication) has been added
- rlm_unix (System Authentication) has been added
- rlm_attr_rewrite has been deleted
Note that SQL and LDAP support has been disabled.
Signed-off-by: Lucile Quirion <lucile.quirion@savoirfairelinux.com>
