This change fixes multiple denial-of-service vulnerabilities:
* CVE-2016-9131: A malformed response to an ANY query can cause an
assertion failure during recursion
* CVE-2016-9147: An error handling a query response containing
inconsistent DNSSEC information could cause an assertion failure
* CVE-2016-9444: An unusually-formed DS record response could cause
an assertion failure
* CVE-2016-9778: An error handling certain queries using the
nxdomain-redirect feature could cause a REQUIRE assertion failure
in db.c
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Per user request ship the sample upsset.conf file so that
upsset functionality can be used with nut-cgi
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Current maintainer (Martin Rowe) offered to hand over
maintership because I'm interested in doing more with
the package than he requires for his own use, so he
felt it made sense for me to maintain the package.
I accepted, hence this commit.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Use /var/run/nut as statepath and set appropriate owner
and permissions on /var/run/nut in order to avoid pidfile
for nut being world-readable.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
It looks like serial support was accidentally dropped due to missing
pieces on Config.in and Makefile. Add back serial support by fixing
that.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
With a LuCI app (of which I have one written) ucification makes
sense (and is in fact needed), so ucify the initscripts.
Also, rather than making selection of things to include an image
a matter of selecting compile-time config options, make optional
things into seperate packages that are built in default builds,
and leave selection of what to include or not up to the user
(e.g. using ImageBuilder, or adding packages via opkg).
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- fix ip extraction if knot host is used together with glue records
- fix ip extraction from nslookup if reverse dns record has ip with dot reported at http://forum.lede-project.org/t/ddns-scripts-error/909
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Add a few mirrors in-front of main site for offloading
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424 for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Before this change logging was always activated and then IoTivity wrote
a lot of debug messages. Make it now configurable.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Install the header files needed to build something against IoTivity.
This will have it easier to build an application using IoTivity library.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These patches are making it possible to provide the compiler settings
from the environment so LEDE can change them. This replaces the old
patches with the versions send for upstream inclusion.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This does the following changes:
* update to version 1.2.1
* add iotivity-resource-directory-lib, this is needed by most
applications now
* do not activate security support by default, this caused some
problems and needs some more settings to setup.
* use sqlite version from normal package feed instead of using an own
version
* build against LEDE version of mbedtls
* update example security configuration
* remove some patches that went upstream
* add some new patches fixing problems observed in my environment, most
of them are on their way upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
- cloudflare v1 change syntax of option domain to "host.sub@example.com" like already cloudflare v4 and godaddy to prepare logterm remove of public_suffix_list.dat from package
- change Makefile to be backportable to CC15.05 and working on DD
- change ddns.defaults to prepare future releases of ddns-scripts
- minor fixes
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Talked it over with Ben (@scrpi).
He said he'd be fine with taking over maintainership of this.
@scrpi: please confirm this on PR.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
HTTP header content-disposition isn't honored resulting in source tarball name only containing version number.
Switch to GIT repo as workaround to avoid clashing filenames.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Version bumped to 4.3.5. Separated out compile/install steps since
compiling with $DESTDIR yields bogus results. Removed rfc-3527 patch
as something similar (better) is now upstream (well, more complete
error checking anyway). Change relay scripts from '-l ifname' to
'-U ifname' to correspond to upstream changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Instead of causing nondeterministing conditional compilation depending on
whether libnl-core happens to be present or not, fixup the net-snmp package
to link against libnl-tiny which is present by default on the majority of
systems.
In order to successfully build against libnl-tiny, a number of things had
to be fixed in both the upstream configure and the outer Makefile:
- Add a patch which fixes the upstream configure macros to properly handle
cases where the cache variables for nl_connect() and netlink.h tests are
predefined. Without this patch, all subsequent link tests in configure
will fail, causing the build system to assume functions like opendir() or
readdir() to be missing, leading to build failures later on due to
conflicting redefinitions of structures and function prototypes
- In the same patch, stop probing the host systems /usr/include/libnl-3 if
ac_cv_header_netlink_netlink_h is given. This brings the proprietary
configure bits in line with the behaviour expected from autoconfig in a
cross compile setting
- Explicitely request nl support by passing the --with-nl flag to configure
- Pass the required cache variables to skip the broken tests for
nl_connect() and netlink.h
- Amend TARGET_CPPFLAGS to let net-snmp's build system discover nl-tiny's
netlink/netlink.h and netlink/socket.h
- Enable the autoreconf fixup to regenerate the broken shipped configure
from patched macros
- Adjust the depends to unconditionally require libnl-tiny
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add support to configure strongswan via uci.
uci support is based on the following sections
-ipsec : Global config items belonging in the strongswan.conf file
-remote : Defines the remote peer(s)
-tunnel : Defines the IPSec connections in tunnel mode
-transport : Defines the IPSec connections in transport mode
-crypto_proposal : Defines the different crypto proposals
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
Signed-off-by: Gino Peeters <peeters.gino@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit e73964fa8f incorrectly dropped the
patch 101-update-struct-msghdr.patch. Add it again, and while add it
also add the follow-up patch that was added upstream.
Fixes#3757.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When libnl-core is enabled, but libnl isn't, build fails because of a
missing dependency on libnl-3.so.200. Depending on libnl-core seems to
work for both cases.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update to 5.7.3 by refreshing patches; remove 800-format-security
as upstream integrated.
Add libnl dependency in the package Makefile as net-snmp will check
if libnl is enabled in config_os_libs2.
Remove unneeded PKG_FIXUP build variable.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
this installs the default MIBS-files under /usr/share/snmp/mibs .
Also aligns the defines to the same sorting-scheme.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
change download link from git:// to https:// .
Git links are less safe (not encrypted) and, more importantly, they are blocked by company firewalls.
Https links do not have either issue.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Move git hash to PKG_VERSION instead of PKG_RELEASE
Use xz git tarball instead of gz
Add dependency to ustream-mbedtls as mbed TLS 1.3 is deprecated.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Dropped patches, unrequired.
There is a newer version released, but I cannot vouch for it yet.
We've been using this one for about a year now.
Since, I only recently became maintainer of `keepalived`, I will
push this as the current stable one, and start using a newer
version internally, before releasing it to the public.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* switch to procd interface trigger
* no additional active monitor/polling in the background
* simplified code
* new option "trm_maxwait", how long (in seconds)
should travelmate wait for wlan interface reload action
(default: '20')
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
keepalived seems to be rather particular about which config parameters
come before others.
When defining a virtual IP address, keepalived will check to see if the
vrrp instance is associated with a valid interface. Previously, the
interface parameter was declared after the virtual IP address which
caused an error when keepalived tried to run this check. Keepalived
tries to fall back to checking if 'eth0' exists.
The fix is to re-order the config stanzas so that the interface
parameter comes before the virtual IP address definitions.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Also fix ordering of config stanzas
We were parsing the track_script and track_interface definitions to
include the weight param when configuring a vrrp_instance. This is not
correct, as the weight param inside a vrrp instance is used to augment
the one defined in the script.
We were also not taking into account vrrp_script stanzas
This commit skips the parsing and simply lists the name of the
track/vrrp object
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Adding @scrpi (Ben Kelly).
Initial UCI config support was written by me (@commodo)
Updates & fixes added by Ben.
Signed-off-by: Ben Kelly <ben@benjii.net>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
keepalived seems to work fine without it.
There is fall-back code that kicks in when it's not present.
So, we will build against (or pull) the libnl package only
if there is another package that pulls it.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Dynapoint is a dynamic access point manager
Signed-off-by: Tobias Ilte <tobias.ilte@campus.tu-berlin.de>
Acked-by: Thomas Huehn <thomas.huehn@evernet-eg.de>
- minor whitespace fixes/cleanups
- squashed multiple commits into a single one before merge
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- no longer build public_suffix_list.dat.gz during build #3678
- replace "\s" with "[[:space:]]" inside Makefile because "\s" ignored by some sed versions
- tools/public_suffix_list.sh still available to rebuild public_suffix_list.dat.gz outside OpenWRT/LEDE build system
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Get public_suffix_list.dat without using secure connection. #3678
File generated during build, because it's the only option to have an
actual version packaged.
Long term Cloudflare_v1 package will be changed to no longer need
public_suffix_list.dat
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Maintainer: @arfett
Compile tested: ramips, xiaomi mini, r49946
Run tested: ramips, xiaomi mini, r49946
Description: Bump to 1.4-5. Added new page for wifi configuration edit, similar how the current network configuration page works.
Also enabled collecting of wifi configuration in troubleshooting page.
Signed-of-by: Tomislav Požega pozega.tomislav@gmail.com
Update to a new wireguard version. Simple version bump.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Endpoint dependency implemented. The actual endpoint is used exclusively. Using
this approach we are dual-stack safe (not errors on missing protocol) and create
only the dependency that are really necessary.
Signed-off-by: Dan Luedtke <mail@danrl.com>
* fixed dnsmasq check if multiple instances are present
* bring back query function on highly demand
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed a dnsmasq restart issue (udhcpc error)
* fixed a long standing corner case bug in "disabled" state (does not
remove active block lists!)
* simplified overall sort, removed needless 'for loop'
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix return codes, if ip data at Godaddy.com and Cloudflare.com are
already up to date, handle it as succesful update.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* changed complete dnsmasq handling
- no longer redirect ad requests to internal web server via firewall
rules etc., in fact send back a simple NXDOMAIN for all
ad related (sub-)domains
- smaller memory footprint for block lists
- removed needless uhttpd instances
- removed needless firewall rules/redirects
* init/hotplug system migrated to procd
- removed hotplug.d script, now using procd interface trigger
* reduced code size/complexity
- removed needless internal pre-checks & function blocks,
no longer rely on a separate helper library
- removed flash writes to adblock config
* support different download tools like wget (default), aria2c,
uclient-fetch, curl (see online doc)
* adblock status/statistics via ubus call (see online doc)
* various bug fixes
* documentation update
* changed makefile copyright notice
Signed-off-by: Dirk Brenken <dev@brenken.org>
- UCI to take advantage of "qname-minimisation-strict:"
- UCI to block chaos reponses bind, server, and version
- UCI to limit or prefer recrusion over IP4 or IP6
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- UCI option dnsmasq_gate_name typo in few locations
- NTP hotplug to check /etc/init.d/unbound not ..dnsmasq
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- update_cloudflare_com_v4.sh: enclose urls in single quotes
- dynamic_dns_functions.sh: force to return only one ip, if using nslookup to get registered ip
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Update to new snapshot version. We also make IPV6 optional, and
conditionally selecting the udptunnel6 module, using the same trick that
the strongswan package also uses for this kind of dependency expression.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
When only kmod-openvswitch is enabled, which commonly happens during LEDE
release builds, there is no need to build the entire userland of openvswitch
as this is done at a later stage on systems dedicated to build only userspace
packages.
This change conditionalizes the dependency on python, which means that python
prerequisites are only compiled if the openvswitch-python package is enabled,
which allows us to eliminate the entire python dependency chain.
Furthermore, this change sets MAKE_PATH to the kernel module sub directory
if only kmod-openvswitch is enabled which causes the openvswitch build system
to only process sources related to the .ko files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch prepares for another future package (ecdsautils),
which builds multiple binaries all linked to libuecc.
The changes are a direct copy of [1]. The original commit
message was:
> commit cb2ecbfdf0c478568a28aacb99d30fd6ee5c0dd1
> From: Matthias Schiffer <mschiffer@universe-factory.net>
> Date: Tue, 3 May 2016 21:33:34 +0200
> Subject: libuecc: use shared instead of static library
>
> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
[1]: cb2ecbfdf0/patches/packages/openwrt/0007-libuecc-use-shared-instead-of-static-library.patch
Signed-off-by: Dominik Menke <dom@digineo.de>
modified Makefile to:
- stop service before install when updating reported at http://forum.lede-project.org/t/ddns-scripts-upgrade-issue/456/1
- run uci-defaults for all packages
- modify services files only on new installation
still some commands already covered by default_postinst() etc. but they are in there for backward compatibilty.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
This version of ocserv needs us to explicitly specify the prefix
for libev. Add a --with-libev-prefix parameter to make the
configure stage to get the right library.
Signed-off-by: Angelo G. Del Regno <kholk11@gmail.com>
- History: prior to package 1.5.10-3 /var/lib/unbound was not used
- History: prior to package 1.5.10-4 no UCI scripts were provided
- Problem: UCI 'option manual_conf 1' only copied unbound.conf and root.key
- Problem: power users that had complex file nests cannot use this
- Fix: README.md includes instructions for /var/lib/unbound jail
- Fix: unbound.sh copies ALL of /etc/unbound for 'option manual_conf 1'
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- tld_names.dat.gz
- rename to public_suffix_list.dat.gz
- (re)created during build
- new location /usr/share
- move services files to /etc/ddns
- new services
- CloudFlare.com-v4 using API-Version 4 without using public_suffix_list.dat
- GoDaddy.com
- both depending on cURL package
- both with modified syntax for option domain ( NEW: [host[.subdom]@]domain.tld )
- new service
- Now-DNS.com formerly Now-IP.com
- service afraid.org now supports key-auth and basic-auth
- new command line options for dynamic_dns_updater.sh and dynamic_dns_updater.sh
- adapted ddns.init and ddns.hotplug to new command line options
- renaming config options inside section global
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Now that we don't ship any modules by default, znc might be started
without any modules. Unfortunately znc refuses to start without any
modules, so patch out the appropriate check.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
-unbound.sh implements the majority of requirements in README.md
-rootzone.sh reloads a small subset for alternate trigger maintenance
-unbound.init sets procd triggers on Unbound and dnsmasq (dhcp) UCI
-two part commit squashed with Makefile included
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-dnsmasq really provides nice local DHCP-DNS records
-Unbound host records would be clumsy to update
-Unbound can be configured to forward to dnsmasq
-iptools provided to facilitate PTR records
-flexible ipv6 colon notation is a bit complex
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-DNSSEC needs time, time needs ntp, or power off RTC
-Many consumer routers are cost thrifted without RTC
-Conf "val-override-date: -1" disables time inside DNSSEC
-Need restart as option is not dynamically switchable
-hotplug/ntp is used to set file /var/lib/unbound/unbound.time
-UCI will add or remove option depending on flag-like-file
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
If libjson-c is detected during bind-libs configure phase, bind-libs
will be built with libjson support. This results in a missing dependency
error during install phase. Solve this by disabling libjson support.
This updates to the latest git version of acme.sh and drops the patch to
disable timestamps from the output (since that is now supported
upstream).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This version handles transitioning from a previous certificate that was
issues using the staging server, adds more debug logging, and handles
state directories better if issuing fails.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
quassel-irssi is an irssi plugin that allows irssi to connect to
Quassel cores. Quassel is a distributed IRC client in which the
core can run independently and be connected to by quassel clients
over the network.
Signed-off-by: Ben Rosser <rosser.bjr@gmail.com>
Create & run znc as a specific user rather than nobody. Converted to
use procd, removing dependencies on znc's 'droproot' module & 'su'
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
- haproxy 1.6 needs OPENSSL_WITH_DEPRECATED, OPENSSL_WITH_EC NPM ...
- fix buildflags for lua, so its not build with the host compiler
- fix duplication of defines
Signed-off-by: heil <heil@terminal-consulting.de>
The advanced playback module makes it possible for IRC clients to avoid
undesired repetitive buffer playback. IRC clients may request the module
to send a partial buffer playback starting from and ending to a certain
point of time.
Particularly useful with (supporting) mobile clients such as Mutter,
Colloquy & others.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
---
Unfortunately playback.cpp is not included as part of the standard ZNC
modules and so has been added as a patch.
- based on the work done by el1n with his authorization (https://github.com/el1n/OpenWRT-package-softether)
- updated softethervpn to latest version
- introduced necessary patches for lede compatibility (nossl3)
Signed-Off-by: Federico Di Marco <fededim@gmail.com>
Patch 101-musl-fixes defines __kernel_nlink_t as void; but using
a pre-3.6.11 kernel on an arm cortex defines __kernel_nlink_t as
unsigned short using uclibc
Fix the compile issue by not redefining __kernel_nlink_t
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes issue openwrt#3403 "radiusd requires a temporary directory to be existent for certain operations, like verification of certificates."
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
This version will use the standalone (netcat) mode of acme.sh during
verification instead of exposing uhttpd to the internet for the duration
of the verification. It will also add an ip6tables rule to also support
verification over IPv6.
Also contains an updated version of acme.sh.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
musl.h was included before _GNU_SOURCE in 101-musl-fixes patch
leading to compilation issue on gcc (RTLD_DEFAULT not being
defined in dlfcn.h due to __USE_GNU not being set).
As described in the feature test macro man page feature macro
can be defined in the source code but need to be defined before
including any headers.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
'cifsmount' alone is not able to mount a SMB share, after
having installed kmod-fs-cifs this was possible.
So I guess adding kmod-fs-cifs as a dependency to cifsmount is ok.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Package doesn't build with uClibc without them, but no change for other libc
variants so no need to bump revision.
Signed-off-by: Michal Hrušecký Michal.Hrusecky@nic.cz
-Patch for /etc/unbound/unbound.conf
--All work done in /var/lib/unbound/
--chroot or jail to /var/lib/unbound/
-Init script points to /usr/lib/unbound.sh
-Makefile to install new scripts in the package
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-Unbound RFC 5011 is busy and writes frequently
-RFC 5011 creates working files in same directory
-DNSSEC root.key managed in /var/lib/unbound
-Protect against flash ROM wear out in /etc/unbound
-Scripts will copy back every 7 days instead
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
-Rebind to new interfaces cleanly
-Detach from old interfaces cleanly
-Some conf options do not reload dynamically
-Unbound grows some and this will shrink it
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
* change option 'trm_iw' to boolean,
1 => use iw (default)
0 => use iwinfo
* option 'trm_maxretry' now accepts '0' to disable this check at all
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
The configure script (for libdnet) seems to find <net/bpf.h>
and detect some BSD stuff.
The lidnet's Makefile wants to include eth-bsd.c, arp-bsd.c
and other BSD friends.
This seems to put a cork on it, and no BSD stuff appears anymore.
[at least on my system].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Adds gitolite package which is a handy administrative tool for
managing shared git repositories.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
- privoxy.init fix handling of config section "system"
- change start/stop to start=95 and stop=10
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Lcdringer is a tool which runs on a Raspberry Pi with an LCD
display. Lcdringer connects to an XMPP server, listens for messages
sent to a particular Jabber ID, and displays these incoming messages
while playing an audible alarm. Lcdringer also responds to the messages
it receives with an indication of whether or not the audible alarm was
acknowledged with a button press.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
-Remove interlaced configuration changes
--Less sensitive to upstream example.conf changes
--Easier to read patch-of-patch work for maintenance
-Use MEMORY CONTROL EXAMPLE from http://unbound.net/
--Review and rework with respect to previous pacakge
--Effectively the same configuration as previous package
-Disable DNSSEC by default due to real-time chicken-n-egg
--Many OpenWrt target devices have no power-off clock (reboot)
--User choice of work around should be conscious
--Initial install should not fail reboot with DNSSEC default
-Add some defaults explicitly to prevent surprises
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
received. Otherwise an unauthenticated peer can repeat the KEXINIT and cause
allocation of up to 128MB -- until the connection is closed. Reported by
shilei-c at 360.cn
ec165c392c
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Wrap around dhtcache vs. datacache confusion which prevented
the datacache service from starting.
While at it, sanetize default package selection.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Explicitely disable liblz4 and external libtalloc support in order to avoid
implicit dependencies leading to the following error on build environments
that happen to provide liblz4 and libtalloc:
Package ocserv is missing dependencies for the following libraries:
liblz4.so.1
libtalloc.so.2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* add new 'envchk'function to check adblock environment only,
i.e. check volatile firewall rules or uhttpd instances
without list updates
* add new optional parm 'adb_loglevel',
set it to "0" to mute output (print only errors)
* set hotplug priority to '90' as well (missed in the last commit)
* documentation update
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
I think re-ordering the assignments is important here,
_and_ using := for PKG_SOURCE_SUBDIR instead of simple =.
I also grouped the assignments to make it more readable,
IMHO at least :-)
While at, we should also specify the license file
and remove the unneeded Compile definition - the default
just works fine.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- moved from net to mail category
- removed no-ssl package and added ssl support as configuration option (default enabled)
- added configuration option to support extended logging (default disabled)
- disabled build of test tools
- added LEDE compatibility (support for openssl without SSL3)
Signed-off-by: Federico Di Marco <fededim@gmail.com>
This should massively improve performance for (at least) MIPS targets:
* poly1305: optimize unaligned access
This is a very appreciated fix from René van Dorst, adjusting the
arithmetic in Poly1305 to work fast on platforms with slow unaligned
access, such as MIPS. According to his calculation, this gives a 50%
improvement on small MIPS boxes.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
remove postinst (of main package) from Makefile because all is done inside uci-defaults scripts
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
commands to apply changes introduced during release changes, moved from Makefile postinst to /etc/uci-defaults
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
