* fix a vpn/iptables race condition
* remove needless dnsmasq dependency
* synchronize code-base of all auto-login scripts, due to
COVID-19 restrictions all of them are still untested/WIP
* various small cleanups
Signed-off-by: Dirk Brenken <dev@brenken.org>
This meta-package contains only dependencies for modules needed in
FreeRADIUS default configuration.
This commit adds missing description and install sections.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
The provider could also be read from the custom directory. To get always
the latest version of the provider config json file, we read first the custom
directory and after that we also check the default directory, if we could not
find the provider file
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Since we can also install custom ddns services, the name for the default
services is not optimally chosen. To emphasize this the folder with the
standard services for the package feed will be renamed to default.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If we install ddns-scripts we also install the default
ddns-scripts-services package. So the behabviour for the user does not
change.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This package does not currently compile.
This is needed to do so that it compiles:
- fix emptying CXX variable in configure script
- fix automake not generating Makefile (remove doxygen definitions)
- force gnu++11 by patch, does not work with configure variable
Also because of changed API in libmicrohttpd:
- fix HttpServer
Moreover this package does not support --disable-slp configure option
anymore, remove it.
Signed-off-by: Marek Behún <kabel@blackhole.sk>
Note:
Fixes CVE-2020-1472 in case smb.conf
contains 'server schannel = no' or 'server schannel = auto'
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Since we no longer need to edit the service and serive_ipv6 files during
installation, the preinst and postinst script can be removed. They are
not neede anymore.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
From my point of view there are several reasons why this uci default
script should be deleted.
- This script is no longer maintained and there was no significant
change since the old stable release openwrt-18.06.
- The script is installed with every additional package. Which is kind
of funny. It would be better to maintain a separate uci default upgrade
script for each package. So uci default tasks that are no longer needed
can simply be deleted without having to watch and test the whole scirpt.
- The script is also not so easy to maintain, because the code is not
easy to read.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Stan Grishin <stangri@melmac.net>
shellchecked
Signed-off-by: Stan Grishin <stangri@melmac.net>
shellchecked
Signed-off-by: Stan Grishin <stangri@melmac.net>
- new package dependency: curl (plus one of the wpad variants)
- optional package dependencies:
- 'msmtp' for email notification support
- 'wireguard' or 'openvpn' for vpn support
- removed WEP support, only WPA/WPA2/WPA3 are supported!
- new, more robust setup wizard (CLI and LuCI)
- more robust captive portal detection
- randomize mac addresses with every uplnk connect
- automatic vpn handling during uplink switch (only classic/simple
client-setups for wireguard or openvpn are supported)
- email notifications after successful uplink connections
- automatically disable uplinks after n minutes, e.g. for timed
connections
- automatically (re-)enable uplinks after n minutes, e.g. after failed
login attempts
- complete LuCI rewrite - migrated to client side JS (separate PR)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Don't build the sntp binary and libevent2-pthread dependency unless
ntp-utils is selected.
Re-add ntp-keygen dependency libevent2-core.
Fixes openwrt#10307
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
With openwrt/openwrt@51ec51871f one can
now use user/group names instead of numeric uid/gid in FILE_MODES.
Make use of that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Apart from adapting to upstream changes also switch to use FILE_MODES
instead of chown/chmod in init-script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* update to 4.12.6
* fix optional modules not included on module build (vfs_btrfs, vfs_linux_xfs_sgid)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Change URL to codeload. It redirects to it anyway. I was getting a 404
error with the original. I couldn't figure it out.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- remove patch that has been included upstream
- remove dependence on resolveip
- remove hotplug script that is handled by "proto_add_host_dependency"
- use openfortivpn default tunnel ip if none specified
- add status checking with uclient-fetch
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
If a daemon listens on multiple addresses at once, it'll show up multiple
times in get_listeners() which will clobber the config for uhttpd. Fix this
by skipping subsequent handlings of the same daemon binary.
Fixes#13325.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Update to 40.89.244.237 which is the new IP address that duckduckgo.com is using for safe-search.
Signed-off-by: Greg Dietsche <gregory.dietsche@cuw.edu>
The creation of the dummy package nginx creates some problem with dependency detection for the all-module variant. Reorganize the dependency and compile nginx before the the sub-variant.
Fixes#13275
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Canonical radtest start results in an error:
$ radtest bob hello localhost 0 testing123
/usr/bin/radtest: line 1: hostname: not found
(0) Error parsing "stdin": Failed to get value
hostname command is not present in OpenWrt.
Instead, hostname can be obtained from file /proc/sys/kernel/hostname.
added: 004-get-hostname-from-proc-in-radtest.patch
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
radtest utility is used in many manuals to check the operation of
radius server.
At the moment all parameters must be specified at startup, for example:
$ radtest bob hello localhost 0 testing123 0 localhost
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Support for kernel 4.14 has been removed in main repo, so drop the
dependencies here as well (and those for even older 4.9).
Also drop a patch that is required only for 4.14 and lower.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Since support for kernel 4.14 has been removed, kmod-sched-cake-oot
is gone, and the kmod-sched-cake-virtual package is not needed
anymore.
This effectively reverts 9114244fbd ("sqm-scripts: Switch sch_cake
dependency to new virtual package")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This also removes PKG_BUILD_PARALLEL:=0 that was added for packages that
use HOST_PYTHON3_PACKAGE_BUILD_DEPENDS.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This commit allows for UCI configuration of the "left=" and the
"mark=" values in a StrongSwan IPSec connection. This improves
VTI support and allows certain stricter connection scenarios.
Signed-off-by: Michael C. Bazarewsky <github@bazstuff.com>
openconnect may emit following error logs every minute when negotiating
with deployments forbidding usage of dtls
Thu Aug 27 04:11:59 2020 daemon.notice openconnect[12024]: DTLS handshake failed: Error in the push function.
Thu Aug 27 04:11:59 2020 daemon.notice openconnect[12024]: (Is a firewall preventing you from sending UDP packets?)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Required by ovn-ctl for stopping ovn ovsdb instances
This utility was introduced since 20.03.0 after the project was
maintained in its own repo
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Package libcurl is missing dependencies for the following libraries:
libzstd.so.1
Previous patch by Hans Dedecker <dedeckeh@gmail.com> took the easy way
out :)
Suggested-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Tony Butler <spudz76@gmail.com>
[fixed title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.
checking size of time_t... configure: error: cannot determine a size for time_t
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move package over from openwrt.git based on the Hamburg 2019 decision
that non essential packages should be maintained in packages.git
Signed-off-by: Paul Spooren <mail@aparcar.org>
Several security issures are addressed:
- CVE-2020-8620 It was possible to trigger an assertion failure by sending
a specially crafted large TCP DNS message.
- CVE-2020-8621 named could crash after failing an assertion check in
certain query resolution scenarios where QNAME minimization and
forwarding were both enabled. To prevent such crashes, QNAME minimization is
now always disabled for a given query resolution process, if forwarders are
used at any point.
- CVE-2020-8622 It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
- CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code determining the
number of bits in the PKCS#11 RSA public key with a specially crafted
packet.
- CVE-2020-8624 update-policy rules of type subdomain were incorrectly
treated as zonesub rules, which allowed keys used in subdomain rules to
update names outside of the specified subdomains. The problem was fixed by
making sure subdomain rules are again processed as described in the ARM.
Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Drops pid files, no longer needed with procd management.
Now properly reloads on reload_config after UCI changes.
Signed-off-by: Karl Palsson <karlp@etactica.com>
[ Fixed two shellcheck warnings and bump PKG_RELEASE ]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
