The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.
The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
The package on PyPi is named `mysqlclient`.
This should have been named `python-mysqlclient` from the start.
There is a `mysql` package on PyPi already but that's a different
code/package.
Doing this should avoid any future confusion.
There is no good time to do this rename; at least 19.07 has been branched
already and this can go into the next release [in a year or so].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl>
Compile tested: ramips, Xiaomi Router 3G, fc54256
Run tested: ramips, Xiaomi Router 3G, 0f54d96
Description:
Mosh is "Remote terminal application that allows roaming, supports
intermittent connectivity, and provides intelligent local echo and line
editing of user keystrokes".
Project's site: https://mosh.org
Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt
updated by me
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
(Makefile cleanup and size optimizations)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Correct SPDX License Identifier
- Move MAINTAINER, SUBMENU to more appropriate place
- Use HTTPS in URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
As discussed on GitHub[0] the package should be removed.
[0]: https://github.com/openwrt/packages/issues/7832
> The package is effectively orphaned upstream and has been for some
time. Given the security-sensitive nature of the package, an active
maintainer community is essential for safe usage. Racoon's lack of
support for IKEv2, despite it being stable for a long time, and the
availability of next-generation tunneling systems such as wireguard,
also would seem to limit its future value. Setkey's functionality
has been subsumed by 'ip xfrm'.
> If you disagree that ipsec-tools should be removed from OpenWRT,
please say so now. If there are still use cases for it that are
not met by other IKE implmenentations that would be good to
know. But more importantly, I think you'll need to convince us
that ipsec-tools is actually safe to operate on today's Internet
given its current state of development.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* fix a dns restart issue if 'flush dns cache' is set
* fix a suspend/resume issue, the status wasn't properly updated
* fix a long standing query issue
* rework return code handling, mostly for debugging
* various cleanups & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Development moved to GitHub. Update URLs.
Cleaned up Makefile a bit for consistency between packages.
Added patch that removes deprecated bzero.
Ran init script through shellcheck. Fixed minor warnings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bidirectional Forwarding Detection (BFD) is a network protocol that is used to
detect faults between two forwarding engines connected by a link.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* update to git (2019-08-19)
* use new "kill_server" sysfs option on stop
* ensure reload_service() works correctly
* add inherit owner, force create mode, force directory mode UCI options
* add patches for mips target (vfree, vmalloc)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* background service: no longer miss "signal" events for the
dns backend (to trigger adblock)
* fix a dns backend reload issue during switch between
different blocking modes
* domain query: report found domains only once in
"null" blocking mode with IPv4 & IPv6 list entries
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a possible race condition during DNS file reset on slow hardware
* optimize DNS restart behaviour in 'null' blocking mode
* mute useless warnings
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add support for 'DNS File Reset', where the final DNS blockfile
will be purged after DNS backend loading (save storage space).
A small background service will be started to trace/handle
dns backend reloads/restarts
* add support for the 'null' blocking variant in dnsmasq
(via addn-hosts), which may provide better response times
in dnsmasq
* enhance the report & search engine to support
the new blocking variants. Search now includes
backups & black-/whitelist as well
* compressed source list backups are now mandatory (default to '/tmp')
* speed up TLD compression
* E-Mail notification setup is now integrated in UCI/LuCI
* update the LuCI frontend to reflect all changes (separate PR)
* drop preliminary dnscrypt-proxy-support (use dnsmasq instead)
* drop additional 'dnsjail' blocklist support (not used by anyone)
* procd cleanups in init
* various shellcheck cleanups
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
iotivity's scons build script is not compatible with python3, so use
python2.7 from python/host to run it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Otherwise compilation fails when clang-tidy is found in the host:
-- clang-tidy found: /usr/lib/llvm/7/bin/clang-tidy
error: unknown argument: '-fhonour-copts' [clang-diagnostic-error]
error: unknown argument:'-iremap[...]:https_dns_proxy-2018-04-23'
[clang-diagnostic-error]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This avoids copying /usr/include, unversioned *.so files, pkgconfig,
/usr/lib/*.la, and the build-time libs/cflags configuration utility
clamav-config.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f5420af phantap: do not capture vlans
5d1bd13 phantap-learn: improve the BPF filter, exclude vlans
be6f7d9 Readme.md: we now support talking to the victim.
8789da5 README.md: fix typo
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Full changelog here: https://mosquitto.org/blog/2019/08/version-1-6-4-released/
Fixes a regression in persistent session handling, and various other
regressions related to the mqtt5 support.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Changelog prepared by upstream project
* osport.h: replace SUSv3-specific functions by POSIX variants [Fabrice Fontaine]
* avp: Error Code field in Result Code AVP is optional [Pau Espin Pedrol]
* network_thread: Early continue in loop to remove huge indented block [Pau Espin Pedrol]
* network_thread: Simplify while loop using for loop [Pau Espin Pedrol]
* network: connect_pppol2tp: early return to avoid huge indentation block [Pau Espin Pedrol]
* xl2tpd: start_pppd: Fix truncation of last character [Pau Espin Pedrol]
* handle_packet: Remove unneded else clause when handling payload [Pau Espin Pedrol]
* control: Split control message handling into its own function [Pau Espin Pedrol]
* handle_packet: Rearrange code flow to simplify it [Pau Espin Pedrol]
* avp: Early failure if no handler to remove indent block [Pau Espin Pedrol]
* xl2tpd: Mark internal symbols as static [Pau Espin Pedrol]
* Fix indentation and whitespace in code block [Pau Espin Pedrol]
* xl2tpd: Remove unused variable [Pau Espin Pedrol]
* network: Add missing close(kernel_fd) on init network failure [Pau Espin Pedrol]
* network: Add missing close(server_fd) on init network failure [Pau Espin Pedrol]
* Add 'cap backoff' option, limiting exponential backoff retries will
be delayed by exponentially longer time, unless that time is capped
by configuration. [Bart Trojanowski]
* Add program to show status icon in system tray. [Github user: username34]
* Add info on building and installing xl2tpd [Samir Hussain]
* Update formatting of README.md [Samir Hussain]
* Rename README.xl2tpd to README.md [Samir Hussain]
* Update Debian changelog [Samir Hussain]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This should fixopenwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Makefile always checks the existence of host's NAT-PMP header,
which results in internal NAT-PMP code being used if it's missing.
Add a patch to make it check targets' header instead.
Use aligned_alloc() instead of valloc() in case of uclibc.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
kcptun is a stable & secure tunnel based on kcp with N:M multiplexing.
https://github.com/xtaci/kcptun
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
* add extra options to control auto-addons to
blacklist & whitelist ('ban_autoblacklist' & 'ban_autowhitelist',
both enabled by default). If disabled auto-addons are only stored
temporary in the black/whitelist ipset but not in the list itself,
fixes#9631
* remove old, no longer needed procd workaround
* remove 'zeus' source from default config (discontinued)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add missing dnsmasq dependency
* add a captive portal auto-login hook (configurable via uci/LuCI),
you could reference an external auto-login script - see readme
* provide an auto-login script for german ICE hotspots
(/etc/travelmate/wifionice.login), requires 'curl'
* small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
This includes a major bug fix (2ed9c76) and some minor fixes/improvements
f104742 phantap-learn: do not use proto for ip neigh
9849b0f phantap-learn: cleanup
159653d Readme.md: update install instructions
ff3acc2 phantap: add support for talking to victim.
2ed9c76 phantap: Fix MAC snat
f6f2d2d Phantap: fix dns configuration
40fa14b phantap: look at DNS response instead of request
0d62deb Improve Readme
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Maintainer: Florian Eckert @feckert
Compile tested: not needed
Run tested: x86_64
Description:
Only two of the four IPs defined for wan are found in wanb, adding it so it is the same.
Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
We add the necessary Makefile, hotplug, config, and init bits
so that p910nd daemon runs as user:group p910nd:lp by default.
This eliminates an unnecessary root daemon.
The hotplug script sets the permissions of the USB lp
device(s) to read-write owner and group and no access to
anyone else, and sets owner root, group lp.
This is allows sufficient privileges to p910nd
to do it's job.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Since this package has been abandoned, I don't mind taking it over.
If there are issues with it, I can also investigate, and be a point-man.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
PhanTap or Phantom tap is a small set of scripts that allow you to setup a network tap
that automatically impersonnate a victim device, allowing you to access internet using
the IP & MAC of the victim
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
It was requested in #9065 .
Cleaned up Makefile slightly.
Removed inactive maintainer.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
When compiled with musl >1.1.20, fastd will crash in case it can't
resolve a peers hostname. This is due to a changed implementation of
freeaddrinfo in musl 1.1.21 onwards.
This segfault is fixed by not calling freeaddrinfo in case the supplied
pointer is null.
Signed-off-by: David Bauer <mail@david-bauer.net>
Main warning fixed was about echo -e not being supported by POSIX sh.
Added PKG_BUILD_PARALLEL for slightly faster compilation.
Small whitespace cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Maintainer: me
This commit bumps the version of pdns-recursor to the latest 4.2.0. This release brings in mostly minor changes, with the full changelog available at https://doc.powerdns.com/recursor/changelog/4.2.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
* revert to 4.9.x series (4.10 needs too many unofficial patches and has weird waf bugs)
* cleanup patches
* enable AD_DC build option again
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
