A + sign does not have meaning in build depends. This Makefile was
overlooked in the previous treewide commit.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* enable code to support Turris Omnia forthcoming upstream change
(new kresd 'keep_cache' option) to preserve kresd DNS cache
* fix a 'status' race condition while the adblock process
is running in parallel
* various small speed improvements
* rework debug output
* refine blacklist handling
* enable the (empty) blacklist source in the default config
* email notification supports mstmp, even without sendmail symlink
* email notification writes minimal status to log (one-liner)
* LuCI: refine logfile search term
* LuCI: Textarea 'autoscroll down' in logfile view
* LuCI: Left-align blocklist source table plus a more compact design
Signed-off-by: Dirk Brenken <dev@brenken.org>
It's an option that is supposed to be fed by ss-manager. It can be
in the form of host:port or path to unix dgram socket. Drop it now with
the assumption that it has no real user at the moment
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If we're built with CONFIG_LIGHTTPD_SSL then mod_openssl.so should
be included into the base package. Fixes issue #5343.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* corner case fix with multiple (partly disabled) radios
* LuCI: BSSID will be ignored by default in 'wireless add' dialog
* LuCI: Textarea 'autoscroll down' in logfile view
* LuCI: refine logfile search term
Signed-off-by: Dirk Brenken <dev@brenken.org>
Notable changes since 3.1.1
- 57ab828 fix possible use-after-free in ss-server
- 65e9d23 filter through acl first before doing sni detection
- b26cbc2 another attack on null ref
- d237a05 udprelay: fix off-by-one bug
- 0c3cf8b fix runtime TFO detection
- d445ea9 Linux 4.11 TFO socket option support
--no-delay is a new cmdline argument introduced in 3.1.0 to NOT turn off
TCP_NODELAY socket option, i.e. keeping it's default value without
setting it explicitly. This can be potentially useful for interactive
traffics
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* preserve DNS cache after adblock processing,
- 'unbound' and 'named' support this (please check readme)
- 'dnsmasq' now uses the 'servers-file' directive
to minimize the reload disruption,
even though the dns cache will be cleared after SIGHUP
- 'kresd' dns cache is persistent by upstream default, anyway
Turris Omnia devices need a small upstream software change
which is not accepted/implemented yet
* email notification in case of an error or domain count < n
(default 0, check readme)
* removed securemecca from default config (service has been closed)
* new separate functions for hash compare and list/overall count
* add missing package dependencies
* various clean-ups
* update documentation
Signed-off-by: Dirk Brenken <dev@brenken.org>
It will let reaver to save session file to cwd of the process instead of
/etc/reaver. This has the same effect as the old patch
0002-Use-the-current-directory-for-storing-and-loading-se.patch
which was removed in the transition to reaver-wps-t6x-fork
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This patch add's a new cmakefile which builds other cmakefiles and
simplifies the Makefile, also it renames the yang files so
sysrepoctl does not create duplicates.
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
This pppd feature does not make sense in L2TP case because the
tunnel is already connected when xl2tpd launch pppd process. If
a dial-on-demand feature is to be implemented, trigger interface
would have to be provided by xl2tpd, not pppd.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
All of the bugs for which we had patches have been fixed upstream
in 1.4.46, so the patches can be dropped.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* limit sta interface selection/handling
to defined travelmate interface (trm_iface) only
* check eap capabilities and ignore enterprise uplinks
as long as eap support is not available
* documentation update
* cosmetics
* LuCI: various cleanups
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add an enabled option for the service section, so you could keep your
configuration in place without apply this section on startup or service reload.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The interface config option allows users to configure logical OpenWRT
interface names in the ipsec section; it allows StrongSwan to listen
and send traffic on specified interface(s). It translates to interfaces_use
StrongSwan option which is a comma sepearted list of network devices
that should be used by charon.
Since StrongSwan can only be started when one of the specified logical
OpenWRT interface is up procd interface triggers are installed to
trigger the reload script.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Based on the ipsec running state reload_service is either reloading ipsec
or starting ipsec. However in the latter case it calls ipsec start which
bypasses the procd start_service function which means the running ipsec
instance is not managed by procd.
Fix this by calling start in case ipsec is not running; at the same time
add service_running function which is used by procd provided running
function.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The arpa/nameser.h header of musl libc indirectly depends on the endian.h
header but fails to explicitely include it to properly define
`__BYTE_ORDER` and `__BIG_ENDIAN` prior to declaring the DNS `HEADER`
structure.
When both the appropriate `__BYTE_ORDER` and `__BIG_ENDIAN` defines are
unset, the `#if __BYTE_ORDER == __BIG_ENDIAN` condition in `nameser.h`
evaluates to true, causing it to declare a bad (big endian) DNS packet
header structure on little endian systems.
Work around this musl bug by forcibly passing `-include endian.h` through
the `osflags` file.
An upstream fix for musl libc has been submitted with
http://www.openwall.com/lists/musl/2017/12/04/3
This should solve iodine packet corruption on little endian musl systems
reported at
http://lists.infradead.org/pipermail/lede-dev/2017-November/010085.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to latest Git HEAD in order to solve a number of issues.
- Improves MAC address lookup reliability
- Properly counts DNAT-ed connections (e.g. for port forwards)
- Fixes stack corruption when parsing netlink records
- Fixes deletion of gzipped databases
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove build timestamp. Using currently proposed upstream patch.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Karl Palsson <karlp@etactica.com>
Can't use DEPENDS:= +libname when libname is now a virtual package.
Switch to plain DEPENDS:= libname.
Fixes Github issue 4751
Signed-off-by: Karl Palsson <karlp@etactica.com>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Maintainer: @wvdakker
Description:
Specify multiple sources for fetching the source tarball
for redundancy.
Pulled out of a historical version of these packages before
they were removed a while ago.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Add package Danish. A middle box implementation of RFC 6698 for HTTPS.
<https://github.com/smutt/danish>
This package installs /usr/sbin/danish(the Danish executable), /etc/init.d/danish and /etc/config/danish.
Tested with LEDE x86_64
Signed-off-by: Andrew McConachie <andrew@depht.com>
If metric of member interface is bigger then 256, it is not
appended to policy, now at least warn message is printed into
syslog
Signed-off-by: Jakub Janco <kubco2@gmail.com>
"token_mode" add support for "script", which execute "token_script" to
get the password. Some token is not supported by OpenConnect natively,
e.g. "MobilePass" or "Softoken II" used in Cisco VPN
Signed-off-by: Gavin Ni <gisngy@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
gzip create a header by default containing the filename
and the timestamp of the file.
This timestamp will break reproducible builds [0].
[0] https://reproducible-builds.org/docs/timestamps/
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* new function to set/delete options in external uci config files
* kresd: automated 'rpz_file' handling in /etc/config/resolver
* firewall: automated 'force_dns' handling if you
enable or disable adblock
* support sha256sum (default) and md5sum for blocklist
comparison & conditional dns restarts
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Currently `polipo.h` uses the conditional
`(__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2)` to decide
whether to enable IPv6 support.
This used to work for OpenWrt CC which uses uClibc disguising itself
as Glibc 2.x but it does not work with Musl libc anymore as this library
does not export any Glibc defines.
Forcibly enable IPv6 support by passing `-DHAVE_IPv6` unconditionally
through the build flags in the OpenWrt/LEDE Makefile.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
At least one of libjson|libxml2 is required for bind
statistics to function.
Selecting libjson|libxml2 will result in an additional
dependency required to build and install bind-libs.
Signed-off-by: Hal Martin <hal.martin@gmail.com>
The init script runs transmission with the foreground parameter for procd to control it. However, if transmission is ran in the foreground, nothing is logged to syslog. Added a patch to remove this restriction.
Also added a sysctl file that removes these warnings:
UDP Failed to set receive buffer: requested 4194304, got 262142 (tr-udp.c:75)
UDP Please add the line "net.core.rmem_max = 4194304" to /etc/sysctl.conf (tr-udp.c:80)
UDP Failed to set send buffer: requested 1048576, got 262142 (tr-udp.c:86)
UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (tr-udp.c:91)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Notable changes since 3.1.0
26ae365: fix possible socks5 exchange corruption caused by bad
state transition when parsing responses
f19a96e: fix segfault when presented with config {"mode": null}
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If the date is changed by ntp the age value of mwan3 on ubus could jitter.
Use instead the uptime value from /proc/uptime which will not change during
system run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Report SHA256 checksums in addition to the MD5 ones to make cgi-io suitable
for sysupgrade image verification.
Also allow stat(), md5sum and/or sha256sum to fail and respond with a JSON
null value instead, leaving it to the frontend to handle errors as needed.
Fixes#4790.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
