Assuming the following dns zone configuration for kresin.me:
. 1800 IN NS ns.inwx.de.
home.kresin.me. 1800 IN NS gw.home.kresin.me.
gw.home.kresin.me. 60 IN A 198.51.100.1
Using the example, gw.home.kresin.me is a glue record and used as DDNS
record as well. gw.home.kresin.me points to the OpenWrt installation
where the ddns-scripts are running.
Since ns.inwx.de isn't the authoritative server for home.kresin.me,
a query for the the A record of gw.home.kresin.me will be "forwarded"
to and replied by the authoritative server 198.51.100.1. If the
authoritative server can't be reached, the query times out without any
address returned.
The only way to get the A record of the glue record is to use bind
host in verbose output mode, query ns.inwx.de for gw.home.kresin.me and
evaluate the additional section of the response.
To my knowledge, only bind host in verbose output mode shows the
additional section of the response. Therefore, this features depends on
bind host.
It is not possible to use the bind host verbose mode for all queries.
In verbose mode the "has address" line isn't returned. Grepping for the
hostname might fail if the hostname is CNAME. Grepping for the first
occurrence of an ip-address is way to error prone, since it could
return the ip address of a different record type.
Signed-off-by: Mathias Kresin <dev@kresin.me>
ktutil_funcs.c: In function 'ktutil_delete':
ktutil_funcs.c:75:28: error: 'prev' may be used uninitialized in this function [-Werror=maybe-uninitialized]
Signed-off-by: John Crispin <john@phrozen.org>
Add back from oldpackages with fixes for build errors and UCIfication
(for LuCI app submitted in a related PR (against LuCI repo)).
NOTE: Untested packages have been marked with @BROKEN. This can
be undone of others report success with the sniffer
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
If the liblz4 library exists within the build environment, the openconnect
configure will pick it up and start depending on it, leading to the following
build error:
Package openconnect is missing dependencies for the following libraries:
liblz4.so.1
Disable LZ4 support in configure in order to avoid this implicit,
nondeterministic dependency.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mark the usbip package nonshared so that is built along with the target
specific binaries and not within the SDK environment.
This is needed since the usbip package draws its source files directly
from the kernel tree which is unavailable within the SDK.
Fixes the following build error encountered by the LEDE buildbots:
http://downloads.lede-project.org/snapshots/faillogs/mipsel_1004kc_dsp/packages/usbip/compile.txt
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The most recent developer of netdiscover had self-hosted downloads
but also put the project on SourceForge. The self-hosted site went
down but SourceForge is much more reliable so I have moved the
download URI to SourceForge (md5sum is the same).
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
- add DNS lookup support for "drill" and "khost" (Knot DNS) #2637
- new service nsupdate.info (IPv4 and IPv6) #2433
- new services dyndnss.net, dyns.net (IPv4 only)
- new services dnshome.de, goip.de, myonlineportal.net (IPv4 and IPv6)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* push gnurl, gnutls and libmicrohttpd dependencies down to modules
* use standard UID/GID for gnunet (958/958)
* use GID adjecent (452) to dnsmasq (453) for gnunetdns to allow
using the owner match with a range of GIDs (452-452)
* package new gnunet-social pub/sub CLI tool
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixes the following CVEs:
Bug 3020 / CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering
Reported by Matt Street and others of Cisco ASIG
Bug 3012 / CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY
Reported by Matthew Van Gundy of Cisco ASIG
Bug 3011 / CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3010 / CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3009 / CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3008 / CVE-2016-2519: ctl_getitem() return value not always checked
Reported by Yihan Lian of the Cloud Security Team, Qihoo 360
Bug 3007 / CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos
Reported by Stephen Gray and Matthew Van Gundy of Cisco ASIG
Bug 2978 / CVE-2016-1548: Interleave-pivot - MITIGATION ONLY
Reported by Miroslav Lichvar of RedHat and separately by Jonathan Gardner of Cisco ASIG
Bug 2952 / CVE-2015-7704: KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken
Reported by Michael Tatarinov, NTP Project Developer Volunteer
Bug 2945 / Bug 2901 / CVE-2015-8138: Zero Origin Timestamp Bypass, AKA: Additional KoD Checks
Reported by Jonathan Gardner of Cisco ASIG
Bug 2879 / CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing
Reported independently by Loganaden Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG.
Signed-off-by: Peter Wagner <tripolar@gmx.at>
OpenWrt offers a special 'prelocal' routing table at priority 0.
Use it, so local-to-local DNS traffic also gets redirected properly.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
fwknop Makefile had two conffiles sections. Combine them.
Remove also the whitespace from conffiles section (see #2652)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The conffiles definition in Makefile should not contain leading whitespace.
Remove whitespace from Makefile of motion, dnscrypt-proxy and sstp-client.
Reference to discussion at #2652
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* support more router modes, as long as the firewall and the DNS server
are enabled
* new source sites can be added & changed via awk ruleset in uci config
* source domain count, last update time & overall count will be stored
in uci config
* added 3 new source sites:
ransomware tracker
rolist/easylist
winspy
* switch to minimal inline base64 encoded 1×1 GIF for pixel server
(separate png image no longer needed)
* simplified uci parser
* source download & domain sort optimization
* add whitelist parser with wildcard support
* reduced code size & various cleanups
* updated documentation
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
Create directory which was accidentally left-out during the previous
commit adding the proto handler.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
fixes bug in resolver logic which was exposed by recent fixes in
various C Standard libraries including musl.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
TARGET_CFLAGS was pointing to /usr/include/libnl3 instead
of $(STAGING_DIR)/usr/include/libnl3
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
[RELEASE] Released version 1.5.16
Released version 1.5.16 with the following main changes :
- BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in install-bin.
- BUG/MINOR: acl: don't use record layer in req_ssl_ver
- BUG: http: do not abort keep-alive connections on server timeout
- BUG/MEDIUM: http: switch the request channel to no-delay once done.
- MINOR: config: extend the default max hostname length to 64 and beyond
- BUG/MEDIUM: http: don't enable auto-close on the response side
- BUG/MEDIUM: stream: fix half-closed timeout handling
- BUG/MEDIUM: cli: changing compression rate-limiting must require admin level
- BUILD: freebsd: double declaration
- BUG/MEDIUM: sample: urlp can't match an empty value
- BUG/MEDIUM: peers: table entries learned from a remote are pushed to others after a random delay.
- BUG/MEDIUM: peers: old stick table updates could be repushed.
- CLEANUP: haproxy: using _GNU_SOURCE instead of __USE_GNU macro.
- BUG/MINOR: chunk: make chunk_dup() always check and set dst->size
- MINOR: chunks: ensure that chunk_strcpy() adds a trailing zero
- MINOR: chunks: add chunk_strcat() and chunk_newstr()
- MINOR: chunk: make chunk_initstr() take a const string
- BUG/MEDIUM: config: Adding validation to stick-table expire value.
- BUG/MEDIUM: sample: http_date() doesn't provide the right day of the week
- BUG/MEDIUM: channel: fix miscalculation of available buffer space.
- BUG/MINOR: stream: don't force retries if the server is DOWN
- MINOR: unix: don't mention free ports on EAGAIN
- BUG/CLEANUP: CLI: report the proper field states in "show sess"
- MINOR: stats: send content-length with the redirect to allow keep-alive
- BUG: stream_interface: Reuse connection even if the output channel is empty
- DOC: remove old tunnel mode assumptions
- DOC: add server name at rate-limit sessions example
- BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation
- BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation
- BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask correctly
- BUG/MINOR: http: Be sure to process all the data received from a server
- BUG/MEDIUM: chunks: always reject negative-length chunks
- BUG/MINOR: systemd: ensure we don't miss signals
- BUG/MINOR: systemd: report the correct signal in debug message output
- BUG/MINOR: systemd: propagate the correct signal to haproxy
- MINOR: systemd: ensure a reload doesn't mask a stop
- CLEANUP: stats: Avoid computation with uninitialized bits.
- CLEANUP: pattern: Ignore unknown samples in pat_match_ip().
- CLEANUP: map: Avoid memory leak in out-of-memory condition.
- BUG/MINOR: tcpcheck: conf parsing error when no port configured on server and last rule is a CONNECT with no port
- BUG/MINOR: tcpcheck: fix incorrect list usage resulting in failure to load certain configs
- MINOR: cfgparse: warn when uid parameter is not a number
- MINOR: cfgparse: warn when gid parameter is not a number
- BUG/MINOR: standard: Avoid free of non-allocated pointer
- BUG/MINOR: pattern: Avoid memory leak on out-of-memory condition
- CLEANUP: http: fix a build warning introduced by a recent fix
- BUG/MINOR: log: GMT offset not updated when entering/leaving DST
Signed-off-by: heil <heil@terminal-consulting.de>
On some systems too many retries with authentication failure results
in IP or username being locked out, so add option to prevent retries
in the event of authentication failure
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
The contents of the file "db.root" is very old (12 years).
Here's a new version downloaded from ftp://ftp.internic.net/domain/
Signed-off-by: DonkZZ <donk@evhr.net>
This adds one patch from the upcoming 0.10.2 release to exclude Avahi/DNS-SD from build time
detection and properly adds liblo as a dependency.
Signed-off-by: Christian Beier <dontmind@freeshell.org>
The "internal pure-C" tor-fw-helper was removed in 0.2.7.5. This removes
the tor-fw-helper package and references to its dependencies.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
$(CP) was defined as `cp -fpR' since the very begining of OpenWrt build
system (2006-06-22). The -R option should be enough and base packages
use only $(CP) for the same purposes just fine and BSD manual of cp also
discourages the use of `-r' option. So let's just tidy up the usage now.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* add sysctl.org as new adblock source
* add main debug switch (by default all stderr outputs are going to
/dev/null)
* small cleanups
* first 'stable' release! ;-)
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
This should always have been available in the mosquitto package itself.
This file needs to exist in basic form to allow the init scripts to even check whether it exists.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Instead of manually copying files and renaming on install, use the nice
clean "files/<mirror>" structure and just $(CP) them into place.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Change the git repository url to use https. Because it's found that in
some network environments http doesn't work.
Signed-off-by: Zhao, Gang <gang.zhao.42@gmail.com>
- roll back to "old" update_url of freedns.afraid.org fix for #2445 and openwrt/luci#661
- add provider nubem.com (IPv4 only)
- add provider nettica.com (IPv4 only)
- add provider zerigo.com (IPv4 and IPv6)
- add provider regfish.de (IPv4 and IPv6)
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* all relevant adblock events will be properly written to syslog/stdout
* removed needless 'debug log' option
* add optional parm 'adb_forcedns' to redirect all queries to local
resolver (default: '1', enabled)
* revised space check
* various code cosmetics & cleanups
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
new packages: gnunet-rest, gnunet-rps, gnunet-social
also improve package descriptions and maintain order
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fix ip6tables reject types
* simplified firewall ruleset for IPv4/IPv6
* fix memory detection (swap was always 0)
* fix dnsmasq restart after partial restore
* ad hotplug support, adblock will be started when wan interface comes
up
* change adblock init script accordingly, do nothing on 'boot'
* optimize wget parameters for faster download results (in case of an
error)
* added CC installation notes to readme
* removed needless external online check
* removed needless optional parms 'adb_maxtime', 'adb_maxloop',
'adb_probeipv4' and 'adb_probeipv6'
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
When applying wireless configuration changes, the ifindex of the
wireless interface(s) change. While snmpd picks up the new interfaces
with the correct index, it does not remove the old ones:
IF-MIB::ifName.23 = STRING: wlan0
IF-MIB::ifName.24 = STRING: wlan1
IF-MIB::ifName.25 = STRING: wlan0
IF-MIB::ifName.26 = STRING: wlan1
This causes problems for monitoring tools that use ifName (or ifDesc) as
interface reference. Add a trigger that reloads snmpd on interface
up/down events so that it will no longer have the old interfaces.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update to 0.9.10 due to https://prosody.im/issues/issue/585
The init script seems to block, as "prosodyctl start" started to block
at least on my configuration. I switched to a procd init script, which
deals with blocking processes.
Signed-off-by: Stefan Hellermann <stefan@the2masters.de>
Add uci option mppe which makes the mppe parameter configurable;
the default value is required,no40,no56,stateless as before.
Add uci option logwtmp; when enabled updates wtmp when users
connect and disconnect
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fix root cause for https timeout issues
* fix startup issues via luci
* detach init start process to fix luci timeout issues
* fix html header in adblock pages
* fix adblock.conf options to single quotes
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
* openwrt init system support, see /etc/init.d/adblock
* support for two new adblock sources: openphish and ruadlist/easylist
* partial block list restore, i.e. if a single list download failed
* fix performance regression on sites with links to https ad servers
* removed no longer used samples dir
* updated documentation
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
- renamed (lower case) filenames and servicenames for no-ip.com, cloudflare.com and bind_nsupdate including modifing existing configurations #2375
- updated tld_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
- fix build error reported by buildbot by disabling krb5
- libcom_err from krb5 is used - configure output:
configure: WARNING: library 'com_err' is required for Heimdal Kerberos
- krb5 has its own libcom_err (see krb5 package) with its own symbols
- linking with wrong libcom_err from libext2fs produces errors during
libgssapi_krb5.so: undefined reference to `error_message@com_err_3_MIT'
libgssapi_krb5.so: undefined reference to `remove_error_table@com_err_3_MIT'
libgssapi_krb5.so: undefined reference to `add_error_table@com_err_3_MIT'
-> remove libext2fs dependency (wasnt working anyway - no PKG_BUILD_DEP)
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* upstream to Privoxy 3.0.24
* add facility to set compile options
* add file list to be saved on sysupgrade
* fixed PKG_MAINTAINER string
* add port 8118 used by privoxy to /etc/services
* new "boot_delay" option (default 10 seconds) to wait for interfaces to come up before hotplug restarts are enabled
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
- new function expand_ipv6()
- expand IPv6 before compare https://dev.openwrt.org/ticket/21725
- Fix split_FQDN() to return host.subdomain correctly #2334
- modified check for musl library used by nslookup #2341#2346 thanks to Arjen de Korte
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
- fix possible race condition during startup
- fix duplicate logging during startup
- fix wget parms to prevent partitial downloads
- fix iptables rules to meet openwrt user chains
- added a rule in output chain to reject local ad related requests as
well
- changed default IPv4/IPv6 blackhole ip address to fix routing issues
with windows clients
Signed-off-by: Dirk Brenken <openwrt@brenken.org>
Use libevent2 instead of libevent
Update copyright to 2016
Bump PKG_RELEASE due to package changes
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
As said in a related github discussion thread [1], OpenWrt is so small a
system that
- "airmon-ng check kill" does not have much to check
- airmon-ng takes up too much space for not that much benefit (bringing
up monitor interface with just iw should be enough for at least b43
and ath9k drivers)
Airmon-ng depends on a lot of utility binaries to run and these
dependencies increase the installation size. With this commit we can
provide a working airmon-ng and a smaller aircrack-ng package.
Dependency spec of airmon-ng is also reworked to
- select usbutils only if USB feature is available
- select pciutils only if PCI feature is available
While doing the split, this commit also contains a few other minor
changes
- Use SPDX identifier for license name.
- Add PKG_LICENSE_FILES definition.
- Set PKG_MAINTAINER (MAINTAINER variable will take value from it).
[1] https://github.com/openwrt/packages/pull/1693
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* "zero-conf" installation & setup, usually no manual config changes
required (i.e. ip address, network devices etc.)
* full IPv4 and IPv6 support
* new adblock list source (malwaredomainlist.com)
* adblock related statistics will be done by iptables
* removed curl dependency
* for IPv6 support you need 'kmod-ipt-nat6'
* fix Chaos Calmer compability
* various small changes & fixes
* updated documentation
* updated maintainer email address
Signed-off-by: Dirk Brenken <dirk@brenken.org>
- [PATCH 11/13] BUG/MEDIUM: peers: table entries learned from a remote
- [PATCH 12/13] BUG/MEDIUM: peers: old stick table updates could be
- [PATCH 13/13] CLEANUP: haproxy: using _GNU_SOURCE instead of
Signed-off-by: heil <heil@terminal-consulting.de>
fixes:
* path traversal vulnerability in mod_http_files (CVE-2016-1231)
* use of weak PRNG in generation of dialback secrets (CVE-2016-1232)
Signed-off-by: heil <heil@terminal-consulting.de>
- add support for "hostip" to get_registered_ip() as alternative to "Bind host" package https://dev.openwrt.org/ticket/20893#comment:5
- allow to send updates using compiled-in certificate file/path of curl/wget #2242#2243#2245
- add support for uclient-fetch / libustream-ssl.so
- remove /128 prefix-filter in get_local_ip() via interface #2268
- add dyndns.org to services_ipv6 https://forum.openwrt.org/viewtopic.php?id=62103
- readd duckdns.org to services #2251 (lost somewhere in data heaven)
- add zzzz.io service #2302
- updated tld_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Import cifs-utils from old packages:
* update to 6.4
* add upstream patch to fix builds with musl
* add license information
* add myself as maintainer
Signed-off-by: Florian Fainelli <florian@openwrt.org>
Building both variants improperly tried to include the passwd utility
for the non-ssl variant, as the variable was set for the ssl variant.
Use properly separated install tasks to install additional files, rather
than hacking around inside the single target.
Signed-off-by: Karl Palsson <karlp@remake.is>
Linuxptp is a user space software implementation of IEEE 1588
Precision Time Protocol standard.
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
Reviewed-by: John Crispin<blogic@openwrt.org>
Many users of the SSL build of mosquitto need the passwd utility for
managing keys.
Fixes github issue #1909
Signed-off-by: Karl Palsson <karlp@remake.is>
This is necessary when there are multiple records for the same domain,
otherwise the script will overwrite the first one returned by the API.
It has the secondary benefit of allowing faster updates by performing
only one API call instead of two.
In case 'rec_id' is not set the script behaves exactly as before.
Signed-off-by: Leonardo Brondani Schenkel <leonardo@schenkel.net>
Signed-off-by: Patrick Grimm <patrick@lunatiki.de>
Acked-by: Othmar Truniger <github@truniger.ch>
[Squashed patches from PR into single one, bump PKG_RELEASE]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
I guess these were left since some initial OVS package versions.
They were fine up until recently.
Some of the build artifacts got a little messy and thus the
OpenWRT OVS package got a little messy.
This cleans it up a bit.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* upstream to Radicale 1.1
* new "boot_delay" option (default 10 seconds) to wait for interfaces to come up before hotplug restarts are enabled.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Most patches for 4.1 are no longer needed, only a minor patch to fix a
missing WAIT_ANY constant. 2.5.0 depends on nf_conntrack (ipv4 and ipv6)
Signed-off-by: Jeroen van Bemmel <jvb127@gmail.com>
Added dy.fi dynamic dns provider into ddns-scripts (ipv4) services file.
Tested-by: Vaasa Hacklab ry <info@vaasa.hacklab.fi>
Signed-off-by: Sami Olmari <sami@olmari.fi>
Whenever we ship fixed libopenssl binaries in DD, the Freeradius daemon fails
at startup because it detects a mismatch of the build time and runtime OpenSSL
version.
Since our OpenSSL updates for DD are ABI compatible we do not need or even want
this superflous check. Removing it saves us the effort to rebuild Freeradius
after every OpenSSL version bump.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Added dy.fi dynamic dns provider into ddns-scripts (ipv4) services file.
Tested-by: Vaasa Hacklab ry <info@vaasa.hacklab.fi>
Signed-off-by: Sami Olmari <sami@olmari.fi>
https://rsync.samba.org/security.html#s3_1_2:
If you're using a version of rsync older than 3.1.2 as a client and
receiving files from an rsync server that you might not fully trust,
this version adds extra checking to the file list to prevent the sender
from tweaking the paths and/or the transfer requests in a way that could
cause a file to be received outside the transfer destination.
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
Fix iptables issue where a needed ipset was not created if first wan that came online was not a member of policy.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Fix for #2116 - $INTERNAL_IP{4,6}_DNS variables are not word-split correctly when containing more than one DNS server.
Signed-off-by: Aleksandar Radovanovic <biblbroks@sezampro.rs>
Probably related to -fstack-protector being used.
Got the idea from:
http://ubuntuforums.org/showthread.php?t=352642&p=10100263#post10100263
Regarding the missing __stack_check_fail_local, using gcc as the linker instead of ld fixes the issue without disabling stack protection as with -fno-stack-protector.
Fixes linker errs on some targets:
objects/prod/dnssd_clientstub.c.so.o: In function `handle_resolve_response':
dnssd_clientstub.c:(.text+0x395): undefined reference to `__stack_chk_fail_local'
objects/prod/dnssd_clientstub.c.so.o: In function `handle_query_response':
dnssd_clientstub.c:(.text+0x4bd): undefined reference to `__stack_chk_fail_local'
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Fix issue with sticky sessions not working correctly
Fix issue where user created ipsets were not applied
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
* add two new blocklist sources: adaway.org and disconnect.me
* each blocklist source will be processed separately (no longer use one
big monolithic adblocklist), duplicates makes no harm to dnsmasq
* url timestamp check to download and process only updated blocklists
* overall duplicate removal in separate blocklists (will be
automatically disabled on low memory systems)
* additional checks & various small changes
Signed-off-by: Dirk Brenken <dirk@brenken.org>
Update wget to version 1.17.1.
Remove patches as they are included upstream.
Changes in Wget 1.17.1
* Fix compile error when IPv6 is disabled or SSL is not present.
* Fix HSTS memory leak.
* Fix progress output in non-C locales.
* Fix SIGSEGV when -N and --content-disposition are used together.
* Add --check-certificate=quiet to tell wget to not print any warning
about invalid certificates.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Version 1.13.3 has a tar.gz so the OpenWRT default Build/Prepare
rule can be used with MD5 checksum.
Add patch to fix build:
ktutil_funcs.c: In function 'ktutil_delete':
ktutil_funcs.c:75:28: error: 'prev' may be used uninitialized in this function [-Werror=maybe-uninitialized]
prev->next = lp->next;
There does not seem to be a way for 'prev' being uninitialized
(logically), however the compiler does not see that, because
'prev' is dependent on i >= 1.
So, we just need to initialize it to NULL.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Reported buildbot issue is:
/store/buildbot/slave/ar71xx/build/build_dir/target-mips_34kc_musl-1.1.11/ola-0.9.7/plugins/openpixelcontrol/.libs/libolaopenpixelcontrol.so: undefined reference to `ola::network::TCPSocket::ReadDescriptor() const'
collect2: error: ld returned 1 exit status
There's also a discussion (attempt) to fix this on the buildroot project:
https://patchwork.ozlabs.org/patch/503884/
This bug has been reported (from the buildroot project), here:
https://github.com/OpenLightingProject/ola/issues/880
This commit introduced the issue:
bfc1d99055
specifically the `-fvisibility-inlines-hidden` switch.
So, until, the upstream project (ola) fixes this, this fix
looks like the quickest/simplest workaround to have this package build.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This changeset removes the shell wrapper the package used previously,
and uses the instance-management abilities of procd to track ssh
processes. Many fixes and improvements were integrated from the
package maintainer's branch at
https://github.com/nunojpg/packages/tree/sshtunnel
Signed-off-by: Kiril Zyapkov <kiril.zyapkov@gmail.com>
Seems ntpdate also requires this lib:
```
Package ntpdate is missing dependencies for the following libraries:
libcap.so.2
make[2]: *** [/store/buildbot/slave/ar71xx/build/bin/ar71xx/packages/packages/ntpdate_4.2.8p4-1_ar71xx.ipk] Error 1
make[2]: Leaving directory `/store/buildbot/slave/ar71xx/build/feeds/packages/net/ntpd'
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
gnunet's config section may contain dashes '-' which isn't an
allowed character for sections in UCI.
Thus replace the first underscore with a dash which in gnunet-config
sections, as that happends to be work for all currently used sections.
e.g. this now allows accessing sections like transport-http_server via
an UCI sections called transport_http_server as well as namestore-flat
using an UCI section called namestore_flat.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
some general packaging fixes for cadet and conversation.
allow building experimental components multicast, psyc, social.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Main changes are as the following
- Allow specifying port in server option, e.g. example.com:1702 (fixes
github issue #1960 "xl2tpd port change bug").
- Fixes NULL dereference on connection timeout
- Update 100-makefile_opt_flags.patch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
See https://wiki.strongswan.org/issues/1213
Removed the changes to charon-xpc.c because they didn't apply and are
only used on OS X anyway.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
OpenWrt trunk's lowest supported GCC version is 4.8, so we don't need
to depend on specific versions anymore. Fixes visibility with GCC 5,
the current default.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
* rework shallalist processing: significantly reduce memory consumption
during archive extraction and merging.
* considerable reduce memory consumption during adblock source
processing.
* considerable reduce memory consumption of sort (sorts only the domain
list and not the bigger dnsmasq file)
other changes:
* auto detection/defaults for adb_if, adb_dev, adb_ntpsrv, adb_maxloop,
adb_maxtime and adb_minspace - these options can be safely removed from
previous adblock configuration file
* check total memory and main uhttpd configuration on startup
* documentation update
Signed-off-by: Dirk Brenken <dirk@brenken.org>
- centralized logging via separate function to stdout, syslog and file
- remove dependencies between helper functions
- add two new options "adb_maxtime" and "adb_maxloop"
- add description to every adblock config option (see
adblock.conf.sample)
- update README.md
Signed-off-by: Dirk Brenken <dirk@brenken.org>
Pingcheck is a daemon for OpenWRT which checks the online status of individual
network interfaces and makes this information available via UBUS and by
triggering "online" and "offline" scripts.
It is maintained at: https://github.com/br101/pingcheck
Signed-off-by: Bruno Randolf <br1@einfach.org>
gmpdh plugin implements DH Groups (same as normal GMP plugin), but links to GMP statically and is stripped of all RSA based stuff. Binary size for plugin is ~20kbytes with no dependency on libgmp (200+ kbytes after squash), easilly fitting into flash space restricted devices.
strongswan-isakmp metapackage defines a minimal set of strongswan plugins (including gmpdh) for ISAKMP / IKEv1 PSK tunnels. Will fit even 4mb routers (like tplink wr841n) with disabled IPv6 support and packages (so its a trade - IPv6 or ipsec tunnels).
Signed-of-by: Mikalai Miadzvedz <brainsucker.na@gmail.com>
- fix the init script to read the right config
- rework the init script to allow reusing its code in the hotplug script
- find wan interfaces in the hotplug script instead of using hardcoded
name and set the online/offline status separately for IPv4/IPv6
- allow NTP access on interfaces that are configured after chronyd start
- add NTP servers obtained from DHCP, options are specified in a new
dhcp_ntp_server config section
- start chronyd before the network service, include a patch to always
have IP_FREEBIND defined, which seems to be missing with uclibc
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Update rtorrent to 0.9.6.
Update patches.
Disable ipv6 in rtorrent, as ipv6 is disabled also in libtorrent.
Libtorrent compilation has been broken since #1181 got merged
and ipv6 got enabled. Users have seen issues like #1316 and #1804
IPv6 support in libtorrent & rtorrent master is not complete.
Instead there is a separate ipv6 branch, which still needs some
cleanup before mainstream use. See discussion at
https://github.com/rakshasa/rtorrent/issues/59#issuecomment-56651538
So, it makes no sense to use ipv6 with the master branch.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
bugfix: busybox "tr" does not support character classes by default and
generates (partly) odd domain names.
Signed-off-by: Dirk Brenken <dirk@brenken.org>
* add uci support
* add dynamic uhttpd instance support
(no longer rely on uhttpd config changes)
* package reordering
* plus various fixes
Signed-off-by: Dirk Brenken <dirk@brenken.org>
- add -V / --version parameter to show version information
- new option lookup_host as host to use by nslookup/host to validate IP address changes, to be separate from [DOMAIN] parameter which produces a lot of questions in the forum and on multi-host updates
- new option param_enc for optional usage inside update_url [PARAMENC] (will be send urlencoded)
- new option param_opt for optional usage inside update_url [PARAMOPT]
- new service strato.de (IPv4 only) requested by ludwig.jaffe@
- new service variomedia.de (IPv4 & IPv6) requested by Wolfgang Oertl #1884
- rewritten function get_service_data to read services/service_ipv6 file
- allow 3rd parameter inside services/service_ipv6 file - here should be the answer of the ddns provider on success. If parameter is set, it's checked by ddns-scripts and report errors to logfile/syslog if failed and retry
- updated tld_names.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
make defconfig (or feeds update) raised following error for fossil
package on Ubuntu 14.04 LTS with GNU Make 3.81:
Makefile:47: *** missing separator. Stop.
To fix this, empty blocks are now defined instead of using undefine
directive which was added in GNU Make 3.82.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
While at it, also do the following fixes
- Drop the URL pointing to the old github repo
- Fix detection of default set of private keys
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
In this bump as agreed with Thomas we are dropping out all the nginx 3rd party
addons. In case you would like to see your 3rd party addon included please send
a pull request and make sure it works with newest version.
Signed-off-by: Luka Perkov <luka@openwrt.org>
caught on build-bot:
make -C /store/buildbot/slave/ramips/build/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_rt305x/linux-3.18.21 M=/store/buildbot/slave/ramips/build/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/openvswitch-2.4.0/datapath/linux modules
make[7]: Entering directory `/store/buildbot/slave/ramips/build/build_dir/target-mipsel_24kec+dsp_musl-1.1.11/linux-ramips_rt305x/linux-3.18.21'
Makefile:610: arch/mipsel/Makefile: No such file or directory
Declare LINUX_KARCH to package's build-system to resolv this.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This brings IoTivity to version 1.0.0. The patches removed by this
commit are merged upstream now. There are some new patches needed for
new problems with Big Endian CPUs and also for musl. The plugin manager
was removed in upstream IoTivity 1.0.0.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
* Updates wifidog to latest upstream release.
* Removes patches/100-musl-compat.patch as that's included in 1.3.0
Signed-off-by: Michael Haas <haas@computerlinguist.org>
Hard-coded location of ip (/usr/bin/ip) in controller file
Added space after "for" in .htm files to clean it up
signed-off-by: Aedan "ARFETT" Renner <chipdankly@gmail.com>
The initscript originally imported from oldpackages no longer does
the job, sed'ery around ifconfig is just not the way.
Remove stuff which can also be done via /etc/freeradius2/* or
/etc/default/radiusd instead.
Fixes#1769 and #1193
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Support for authentication with command key was replaced with
communication over Unix domain socket.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Remove files that were accidentally included in the previous merge
(pull request #1802). The obsolete patches are breaking the build now.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
A typo in the init file was causing a certain setting to be overwritten on every daemon start.
Signed-off-by: Jonathan Bennett <JBennett@incomsystems.biz>
Headers are required by collectd as mentioned in #1801. This is the nut portion based on dwmw2@d636841cd1d1dfab04cb509520c082738ddfb2ea
Happy to merge with 15.05 as per #1803.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
[martin.p.rowe@gmail.com: condensed InstallDev lines]
Added package nut-web-cgi based on demorfi@7e340f47944ff4a9c49d3b1dc6c1d9d965cd344c. Closes#1614.
Pending signoff by @demorfi
[martin.p.rowe@gmail.com: simplified implementation, no changes to Config.in]
Added package nut-avahi-service similar to other implementations in #618
Bugfix to remove redundant NUT_DRIVER_SERIAL config
Bugfix to make UPSLOG config actually install (requires PKG_RELEASE bump)
Some code tidy-ups
Signed-off-by: Martin Rowe <martin.p.rowe@gmail.com>
The update is mainly for addressing some memory corruption and segementation
faults issues observed when running xl2tpd in OpenWrt. The relevant upstream
pull request was at link [1]
[1] Devel fix valgrind #77, https://github.com/xelerance/xl2tpd/pull/77
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
u²pnpd announces a device as UPnP basic device on the
network so that an user could easily find it. It tries
to detect various system information automatically, however
everything can be overridden by UCI settings.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Use gettext-version PKG_FIXUP to install up-to-date gettext
infrastructure. autoreconf is still run implicitely as well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Source homepage has changed, and sources are updated to version 1.1.1
released 25 August 2015.
Patch adjtimex still applies.
Changes in version 1.1.1:
- Fixed out of bound issue and a missing null-terminated string (thanks
to Tobias Stöckmann)
Signed-off-by: Tijs Van Buggenhout <tvbuggen@netzerk.be>
- [PATCH 05/13] BUG/MINOR: http/sample: gmtime/localtime can fail
- [PATCH 06/13] DOC: typo in 'redirect', 302 code meaning
- [PATCH 07/13] DOC: mention that %ms is left-padded with zeroes.
- [PATCH 08/13] CLEANUP: .gitignore: ignore more test files
- [PATCH 09/13] CLEANUP: .gitignore: finally ignore everything but what
- [PATCH 10/13] MEDIUM: config: emit a warning on a frontend without
- [PATCH 11/13] BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0
- [PATCH 12/13] DOC: ssl: missing LF
- [PATCH 13/13] DOC: fix example of http-request using
Signed-off-by: heil <heil@terminal-consulting.de>
Adds init.d and config files for nbd-client. Each section holds
parameters of one block device, where section name (eg. nbd0) is NBD
device name.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Network block device server allows to export a block device from router
to remote host. This is particularly useful if no network filesystem
server is feasible or direct access to a block device is needed.
It's been tested for nearly a month on ar71xx (TL-WR842ND) and proved to
be very stable and efficient solution.
The package comes with init.d script and conf.d file allowing to
configure most nbd-server options using standard uci interface.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Makes kmod-ipsec6 requirement dependent on IPv6 support for packages.
This allows to disable unnecessary IPv6 kernel modules, saving
considerable amount of space.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
This brings IoTivity to version 0.9.2 in addition it does the following:
* split C and C++ Stack into two packages
* backport some patches which are adding missing dependencies to the shared libs
* remove patches merged upstream
* add some other patches fixing some problems, most of them are already merged upstream
* activate security and logging support
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
Enables bind to do ECDSA DNSSEC validation. Depends on OpenSSL support
for ECDSA. Increases size of bind-libs package by about 2kB.
Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>
Without this, produces an error :
<code>/etc/rc.common: line 1: contentscannertimeout:uinteger: not found
validation failed
/etc/rc.common: line 1: contentscannertimeout:uinteger: not found</code>
Signed-off-by: Julien Paquit julien@databeille.com
- Update copyright year.
- Add PKG_LICENSE:=GPL-2.0 from the Google Code project page.
- Add autoreconf as the PKG_FIXUP method.
- Add myself as the package maintainer.
- Add a patch to fix building with musl-libc.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When only strongswan-minimal is selected, libtls.so will not be built
yet package strongswan will still try to copy the file causing build
failure.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Update vsftpd to 3.0.3 released in July 2015.
Changelog: https://security.appspot.com/vsftpd/Changelog.txt
Release blog: http://scarybeastsecurity.blogspot.fi/2015/07/vsftpd-303-released-and-horrors-of-ftp.html
- Increase VSFTP_AS_LIMIT to 200MB; various reports.
- Make the PWD response more RFC compliant; report from Barry Kelly
<barry@modeltwozero.com>.
- Remove the trailing period from EPSV response to work around BT Internet
issues; report from Tim Bishop <tdb@mirrorservice.org>.
- Fix syslog_enable issues vs. seccomp filtering. Report from Michal Vyskocil
<mvyskocil@suse.cz>. At least, syslogging seems to work on my Fedora now.
- Allow gettimeofday() in the seccomp sandbox. I can't repro failures, but I
probably have a different distro / libc / etc. and there are multiple reports.
- Some kernels support PR_SET_NO_NEW_PRIVS but not PR_SET_SECCOMP, so handle
this case gracefully. Report from Vasily Averin <vvs@odin.com>.
- List the TLS1.2 cipher AES128-GCM-SHA256 as first preference by default.
- Make some compile-time SSL defaults (such as correct client shutdown
handling) stricter.
- Disable Nagle algorithm during SSL data connection shutdown, to avoid 200ms
delays. From Tim Kosse <tim.kosse@filezilla-project.org>.
- Kill the FTP session if we see HTTP protocol commands, to avoid
cross-protocol attacks. A report from Jann Horn <jann@thejh.net>.
- Kill the FTP session if we see session re-use failure. A report from
Tim Kosse <tim.kosse@filezilla-project.org>.
(vsftpd-3.0.3pre1)
- Enable ECDHE, Tim Kosse <tim.kosse@filezilla-project.org>.
- Default cipher list is now just ECDHE-RSA-AES256-GCM-SHA384.
- Minor SSL logging improvements.
- Un-default tunable_strict_ssl_write_shutdown again. We still have
tunable_strict_ssl_read_eof defaulted now, which is the important one to prove
upload integrity.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Several patches here and pull requests at the upstream github project
page were merged into the devel branch. Switch to that until the next
stable release.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This change aims to address the following 2 issues
- The control file was there yet xl2tpd process was not
- The control file's existence prevented xl2tpd from start
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
L2TP with xl2tpd has no proto_task in the context of netifd and because
of this there is no valid $ERROR to check for when doing tearing down.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
sqm-scripts and luci-app-sqm now live in the same Makefile and are built
from the upstream git repository, rather than having the files included
here.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* 010_fix_getnameinfo.patch is no longer needed
* 011-cron-without-pthread-fix.patch added, fixes incorrect
ifdef when building without pthreads
Signed-off-by: Michael Haas <haas@computerlinguist.org>
Fixes regression already fixed in oldpackages commit
012eec3f60a24db1a568d64868a48ea95aedcc87
but re-introduced in commit 6636e13f2ab8992d4eb03a48919ae9ae8da98cee.
This patch also enables IPv6 support.
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
being based on curl 0.70.0 gnurl is affected by
CVE-2015-3144
CVE-2015-3145
CVE-2015-3153
CVE-2015-3236
Import patches from curl package to fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* always re-create config-file when service is started
* use /lib/upgrade/keep.d instead of /etc/sysupgrade.conf sed'ery
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* add gnunet-vpn binary, it was missing
* clean-up -datastore, it contained files already packaged in -mysql
* remove gnunet-import-gns.sh from -utils, it can live in -gns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ntripcaster developer agency (http://igs.bkg.bund.de/) no longer provides sources for download.
Created a github repository to provide sources and allow contributions.
Fixed install location for configuration files.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
ntripserver developer agency http://igs.bkg.bund.de/ does not reliably provide a source mirror with version naming.
Created a github repository to provide sources and allow contributions.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
ntripclient developer agency http://igs.bkg.bund.de/ does not reliably provide a source mirror with version naming.
Created a github repository to provide sources and allow contributions.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
simple.qos had accidentally set up the egress shaper twice, once
with the true egress parameters and a second time using the ingress
parameters, effectively misconfiguring both directions. This bub
only affected situations where 3-tier ingress classification was
used.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
sqm_logger tried tro wait indefinitely if passed an empty string.
This in turn makes sqm-scripts hang. Quoting the input argument in sqm_logger
seems to fix the problem.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
The last batch of changes tried to teach the GUI to pass link layer
options to cake but forgot to actually call the function that parses
the GUI variables and used it as a string insteead. So this fixes that
it also tries to allow the use of the tc_stab link layer adjustment
method with cake so the implementations can be validated against each other
easily. Needs testing...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
The cake traffic-shaper qdisc omne stop solution knows how to handle
link layer adjustments for ATM and can account for per packet overhead.
This commit adds cake as link layer adjustment mechanism in the GUI and
passes numerically specified overhead as well as the ATM linklayer
keywords on to cake. This change also passes the "advanced option strings"
from the Queue Discipline tab to cake. But as before no error checking.
This needs testing, as I have no working cake qdisc available so
caveat emptor...
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
