Main changes are as the following
- Allow specifying port in server option, e.g. example.com:1702 (fixes
github issue #1960 "xl2tpd port change bug").
- Fixes NULL dereference on connection timeout
- Update 100-makefile_opt_flags.patch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
See https://wiki.strongswan.org/issues/1213
Removed the changes to charon-xpc.c because they didn't apply and are
only used on OS X anyway.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
OpenWrt trunk's lowest supported GCC version is 4.8, so we don't need
to depend on specific versions anymore. Fixes visibility with GCC 5,
the current default.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
* rework shallalist processing: significantly reduce memory consumption
during archive extraction and merging.
* considerable reduce memory consumption during adblock source
processing.
* considerable reduce memory consumption of sort (sorts only the domain
list and not the bigger dnsmasq file)
other changes:
* auto detection/defaults for adb_if, adb_dev, adb_ntpsrv, adb_maxloop,
adb_maxtime and adb_minspace - these options can be safely removed from
previous adblock configuration file
* check total memory and main uhttpd configuration on startup
* documentation update
Signed-off-by: Dirk Brenken <dirk@brenken.org>
- centralized logging via separate function to stdout, syslog and file
- remove dependencies between helper functions
- add two new options "adb_maxtime" and "adb_maxloop"
- add description to every adblock config option (see
adblock.conf.sample)
- update README.md
Signed-off-by: Dirk Brenken <dirk@brenken.org>
Pingcheck is a daemon for OpenWRT which checks the online status of individual
network interfaces and makes this information available via UBUS and by
triggering "online" and "offline" scripts.
It is maintained at: https://github.com/br101/pingcheck
Signed-off-by: Bruno Randolf <br1@einfach.org>
gmpdh plugin implements DH Groups (same as normal GMP plugin), but links to GMP statically and is stripped of all RSA based stuff. Binary size for plugin is ~20kbytes with no dependency on libgmp (200+ kbytes after squash), easilly fitting into flash space restricted devices.
strongswan-isakmp metapackage defines a minimal set of strongswan plugins (including gmpdh) for ISAKMP / IKEv1 PSK tunnels. Will fit even 4mb routers (like tplink wr841n) with disabled IPv6 support and packages (so its a trade - IPv6 or ipsec tunnels).
Signed-of-by: Mikalai Miadzvedz <brainsucker.na@gmail.com>
- fix the init script to read the right config
- rework the init script to allow reusing its code in the hotplug script
- find wan interfaces in the hotplug script instead of using hardcoded
name and set the online/offline status separately for IPv4/IPv6
- allow NTP access on interfaces that are configured after chronyd start
- add NTP servers obtained from DHCP, options are specified in a new
dhcp_ntp_server config section
- start chronyd before the network service, include a patch to always
have IP_FREEBIND defined, which seems to be missing with uclibc
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Update rtorrent to 0.9.6.
Update patches.
Disable ipv6 in rtorrent, as ipv6 is disabled also in libtorrent.
Libtorrent compilation has been broken since #1181 got merged
and ipv6 got enabled. Users have seen issues like #1316 and #1804
IPv6 support in libtorrent & rtorrent master is not complete.
Instead there is a separate ipv6 branch, which still needs some
cleanup before mainstream use. See discussion at
https://github.com/rakshasa/rtorrent/issues/59#issuecomment-56651538
So, it makes no sense to use ipv6 with the master branch.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
bugfix: busybox "tr" does not support character classes by default and
generates (partly) odd domain names.
Signed-off-by: Dirk Brenken <dirk@brenken.org>
* add uci support
* add dynamic uhttpd instance support
(no longer rely on uhttpd config changes)
* package reordering
* plus various fixes
Signed-off-by: Dirk Brenken <dirk@brenken.org>
- add -V / --version parameter to show version information
- new option lookup_host as host to use by nslookup/host to validate IP address changes, to be separate from [DOMAIN] parameter which produces a lot of questions in the forum and on multi-host updates
- new option param_enc for optional usage inside update_url [PARAMENC] (will be send urlencoded)
- new option param_opt for optional usage inside update_url [PARAMOPT]
- new service strato.de (IPv4 only) requested by ludwig.jaffe@
- new service variomedia.de (IPv4 & IPv6) requested by Wolfgang Oertl #1884
- rewritten function get_service_data to read services/service_ipv6 file
- allow 3rd parameter inside services/service_ipv6 file - here should be the answer of the ddns provider on success. If parameter is set, it's checked by ddns-scripts and report errors to logfile/syslog if failed and retry
- updated tld_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
make defconfig (or feeds update) raised following error for fossil
package on Ubuntu 14.04 LTS with GNU Make 3.81:
Makefile:47: *** missing separator. Stop.
To fix this, empty blocks are now defined instead of using undefine
directive which was added in GNU Make 3.82.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
While at it, also do the following fixes
- Drop the URL pointing to the old github repo
- Fix detection of default set of private keys
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
In this bump as agreed with Thomas we are dropping out all the nginx 3rd party
addons. In case you would like to see your 3rd party addon included please send
a pull request and make sure it works with newest version.
Signed-off-by: Luka Perkov <luka@openwrt.org>
caught on build-bot:
make -C /store/buildbot/slave/ramips/build/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_rt305x/linux-3.18.21 M=/store/buildbot/slave/ramips/build/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/openvswitch-2.4.0/datapath/linux modules
make[7]: Entering directory `/store/buildbot/slave/ramips/build/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_rt305x/linux-3.18.21'
Makefile:610: arch/mipsel/Makefile: No such file or directory
Declare LINUX_KARCH to package's build-system to resolv this.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This brings IoTivity to version 1.0.0. The patches removed by this
commit are merged upstream now. There are some new patches needed for
new problems with Big Endian CPUs and also for musl. The plugin manager
was removed in upstream IoTivity 1.0.0.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
* Updates wifidog to latest upstream release.
* Removes patches/100-musl-compat.patch as that's included in 1.3.0
Signed-off-by: Michael Haas <haas@computerlinguist.org>
Hard-coded location of ip (/usr/bin/ip) in controller file
Added space after "for" in .htm files to clean it up
signed-off-by: Aedan "ARFETT" Renner <chipdankly@gmail.com>
The initscript originally imported from oldpackages no longer does
the job, sed'ery around ifconfig is just not the way.
Remove stuff which can also be done via /etc/freeradius2/* or
/etc/default/radiusd instead.
Fixes#1769 and #1193
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Support for authentication with command key was replaced with
communication over Unix domain socket.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Remove files that were accidentally included in the previous merge
(pull request #1802). The obsolete patches are breaking the build now.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
A typo in the init file was causing a certain setting to be overwritten on every daemon start.
Signed-off-by: Jonathan Bennett <JBennett@incomsystems.biz>
Headers are required by collectd as mentioned in #1801. This is the nut portion based on dwmw2@d636841cd1d1dfab04cb509520c082738ddfb2ea
Happy to merge with 15.05 as per #1803.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
[martin.p.rowe@gmail.com: condensed InstallDev lines]
Added package nut-web-cgi based on demorfi@7e340f47944ff4a9c49d3b1dc6c1d9d965cd344c. Closes#1614.
Pending signoff by @demorfi
[martin.p.rowe@gmail.com: simplified implementation, no changes to Config.in]
Added package nut-avahi-service similar to other implementations in #618
Bugfix to remove redundant NUT_DRIVER_SERIAL config
Bugfix to make UPSLOG config actually install (requires PKG_RELEASE bump)
Some code tidy-ups
Signed-off-by: Martin Rowe <martin.p.rowe@gmail.com>
The update is mainly for addressing some memory corruption and segementation
faults issues observed when running xl2tpd in OpenWrt. The relevant upstream
pull request was at link [1]
[1] Devel fix valgrind #77, https://github.com/xelerance/xl2tpd/pull/77
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
u²pnpd announces a device as UPnP basic device on the
network so that an user could easily find it. It tries
to detect various system information automatically, however
everything can be overridden by UCI settings.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Use gettext-version PKG_FIXUP to install up-to-date gettext
infrastructure. autoreconf is still run implicitely as well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Source homepage has changed, and sources are updated to version 1.1.1
released 25 August 2015.
Patch adjtimex still applies.
Changes in version 1.1.1:
- Fixed out of bound issue and a missing null-terminated string (thanks
to Tobias Stöckmann)
Signed-off-by: Tijs Van Buggenhout <tvbuggen@netzerk.be>
- [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail
- [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning
- [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes.
- [PATCH 08/13] CLEANUP: .gitignore: ignore more test files
- [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what
- [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without
- [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0
- [PATCH 12/13] DOC: ssl: missing LF
- [PATCH 13/13] DOC: fix example of http-request using
Signed-off-by: heil <heil@terminal-consulting.de>
Adds init.d and config files for nbd-client. Each section holds
parameters of one block device, where section name (eg. nbd0) is NBD
device name.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Network block device server allows to export a block device from router
to remote host. This is particularly useful if no network filesystem
server is feasible or direct access to a block device is needed.
It's been tested for nearly a month on ar71xx (TL-WR842ND) and proved to
be very stable and efficient solution.
The package comes with init.d script and conf.d file allowing to
configure most nbd-server options using standard uci interface.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Makes kmod-ipsec6 requirement dependent on IPv6 support for packages.
This allows to disable unnecessary IPv6 kernel modules, saving
considerable amount of space.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
This brings IoTivity to version 0.9.2 in addition it does the following:
* split C and C++ Stack into two packages
* backport some patches which are adding missing dependencies to the shared libs
* remove patches merged upstream
* add some other patches fixing some problems, most of them are already merged upstream
* activate security and logging support
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
Enables bind to do ECDSA DNSSEC validation. Depends on OpenSSL support
for ECDSA. Increases size of bind-libs package by about 2kB.
Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>
Without this, produces an error :
<code>/etc/rc.common: line 1: contentscannertimeout:uinteger: not found
validation failed
/etc/rc.common: line 1: contentscannertimeout:uinteger: not found</code>
Signed-off-by: Julien Paquit julien@databeille.com
- Update copyright year.
- Add PKG_LICENSE:=GPL-2.0 from the Google Code project page.
- Add autoreconf as the PKG_FIXUP method.
- Add myself as the package maintainer.
- Add a patch to fix building with musl-libc.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When only strongswan-minimal is selected, libtls.so will not be built
yet package strongswan will still try to copy the file causing build
failure.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Update vsftpd to 3.0.3 released in July 2015.
Changelog: https://security.appspot.com/vsftpd/Changelog.txt
Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Several patches here and pull requests at the upstream github project
page were merged into the devel branch. Switch to that until the next
stable release.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This change aims to address the following 2 issues
- The control file was there yet xl2tpd process was not
- The control file's existence prevented xl2tpd from start
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
L2TP with xl2tpd has no proto_task in the context of netifd and because
of this there is no valid $ERROR to check for when doing tearing down.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
sqm-scripts and luci-app-sqm now live in the same Makefile and are built
from the upstream git repository, rather than having the files included
here.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* 010_fix_getnameinfo.patch is no longer needed
* 011-cron-without-pthread-fix.patch added, fixes incorrect
ifdef when building without pthreads
Signed-off-by: Michael Haas <haas@computerlinguist.org>
Fixes regression already fixed in oldpackages commit
012eec3f60a24db1a568d64868a48ea95aedcc87
but re-introduced in commit 6636e13f2ab8992d4eb03a48919ae9ae8da98cee.
This patch also enables IPv6 support.
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
