These config files are only used by the ipsec interface to charon,
and shouldn't be part of the base package.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit e626255b37)
Having scripts diddle user written config files seems potentially
dangerous. Plus there's really no downside to including some
empty files. Best to just make the includes be permanent.
Additional feature suggested by Luiz: if a -opkg version of the
config file was created unnecessarily, remove it as part of the
upgrade process since changes won't be happening to that file
as an artifact of the service starting. The include lines are
now permanent, which means that (1) additional configuration
synthesized by UCI won't be anywhere that opkg (or sysupgrade,
for that matter) cares about since it won't be persistent, and
(2) if changes are being made, then they're being done by a
person with an editor and they really should be distinguished.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 643df01275)
This has been observed by myself and @luizluca: ip route get is
appending uid0 to the output, as seen from:
root@OpenWrt2:~# ip route get 1.1.1.1
1.1.1.1 via 174.27.160.1 dev eth3 src 174.27.182.184 uid 0
cache
root@OpenWrt2:~#
so the fix is an anchored match, discarding all else. Also, using
ip -o means never having to do multiline matches...
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit ec72d3a9e4)
When building mtd-rw for a target based on Kernel 5.10 which has
CONFIG_MTD disabled the build fails with
ERROR: "put_mtd_device" [../mtd-rw.ko] undefined!
ERROR: "get_mtd_device" [../mtd-rw.ko] undefined!
Omit building the package for such a target.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c6b3d94929)
Convert to using CMake in order to speed up compilation and to fix
compilation under glibc.
Add extra dependencies since they're now needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7cd687cb7e)
Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit f25f49a8b7)
This is a security fix, affecting 2.0.0 through to 2.0.9. Mosquitto instances
could be remotely DoS'd by authenticated clients.
Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Since v1.4.1, Xray has introduced a new feature to transfer data via
browsers, which can disguise itself as a normal browser to cheat
network censorship.
For more details, see https://github.com/XTLS/Xray-core/pull/421.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 736667ce6e)
- Re-assigned myself as the maintainer
- Used $(AUTORELEASE) for PKG_RELEASE
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(backported from 82ebe3e49a50075116da4b677eacae91e6fcd2c4)
* rework the central iptables function to significantly
reduce the code complexity and the overall number of iptables calls
* check early and only once in the chain for ctstate NEW and
return otherwise (thanks @ldir-EDB0)
* made the whitelist ordering within the chain more flexible
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1235acdde6)
We now own `openwrtorg` and `openwrt`, where the latter replaces the
former. Slowly migrate over.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit b164a3aa32)
Changelog [1]:
Version 1.09
* Explicitly set the controlling TTY
Version 1.08
* Report when IP key has changed
* Scrub the environment variable for -e
Version 1.07
* Pass signals that should terminate to ssh
* Fix race around signal handling
* Report IPC errors to stderr
* Report if can't open -f password file
[1] https://sourceforge.net/p/sshpass/code/76/tree/trunk/ChangeLog
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 5799d0b1ee)
* fix another IPv4/IPv6 related iptables chain creation problem
* fix counter during ipset creation
* fix regex for debug counters
* fix ipset housekeeping for local sources
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit fb4bfd259d)
* add a restrictive "jail mode only" variant, just point your
jail directory to your primary dns directory
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit df9ee1388e)
Commit 657574f45 disabled building the host nsinstall program when using
QUILT. However, the host nsinstall is needed to compile the package,
breaking compilation with QUILT.
Move the native compile to Build/Configure, which will not be called for
prepare, refresh, or update targets, but will be called before
Build/Compile.
nss does not have a configure script, so Build/Configure/Default is not
being called.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit fbed6751b0)
FPIC may be defined with more than one flag. In that case, it becomes
necessary to use it inside QUOTES in a shell context.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c5f91a2a56)
