Hurricane Electric provides a free IPv6inIPv4 tunnel. It changed its ipv4 ddns service, fully needed to keep the ipv6 tunnel up, to the domain tunnelbroker.net. Besides, the old he.net script was bugged because it doesn't had a [USERNAME] placement but instead two [DOMAIN]. The new tunnelbroker.net update URL, still provided by Hurricane Electric, is https://[USERNAME]:[PASSWORD]@ipv4.tunnelbroker.net/nic/update?hostname=[DOMAIN]&myip=[IP] and it gets the response good or nochg
Signed-off-by: Euler Alves <euler@alves.pro.br>
(fixed-signed-off-by and prefixed)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PKG_RELEASE was incremented to 15 because of a fix in files/services
Signed-off-by: Euler Alves <euler@alves.pro.br>
(fixed-signed-off-by and prefixed)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since commit a62c0e5 apu-1-config is no longer being stipped down with
regards to being called with "--link-libtool". Example:
$ ./staging_dir/target-mips_24kc_musl/usr/bin/apu-1-config --link-libtool
-L/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -R/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -laprutil-1
$
Before the mentioned commit the "-R" argument was stripped off. And when the
Makefile adds this to TARGET_LDFLAGS this then ends up in the compiler test, as
an argument for the compiler, causing build failure:
checking whether the C compiler works... no
configure: error: in `/builder/shared-workdir/build/sdk/build_dir/target-arm_mpcore+vfp_musl_eabi/subversion-1.13.0':
configure: error: C compiler cannot create executables
config.log shows what's wrong:
configure:3140: x86_64-openwrt-linux-musl-gcc -Os -pipe ... <snip> ... -R/home/sk/tmp/sdk/master-x86-64/staging_dir/target-x86_64_musl/usr/lib -laprutil-1 conftest.c >&5
x86_64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
This commit does away with these flags, they're not needed anyway. FPIC
is also removed, because it's detrimental to the applications [1] and
unnecessary as well.
Fixes: #11139
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
In OpenWrt this module is available, but not part of the main package.
This commit disables the LoadModule directive for this module. Otherwise
following the installation of the main apache package the start of the
server would fail (due to the absence of this particular module).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This way there's no need to worry about overwriting another httpd binary
or symlink from another package, for example busyboxes httpd.
The init script is also renamed to apache2 for consistency.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* rename smbd->ksmbd (upstream name change)
* ksmbd-tools: build with static glib2 (usmbd = ~90kb, smbuseradd = ~40kb)
* new etc folder location = /etc/ksmbd/smb.conf
* new database name = /etc/ksmbd/ksmbdpwd.db
* fixes "map to guest = Bad User" while userdb is also used
* fixes missing ipv6 support
* update/rename to "luci-app-ksmbd"
* remove UCI samba compatibility code for section names (ksmbd uses [share] + [globals] not [sambashare] + [global])
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: release 3.1.0 version
* ksmbd: fix over 80 character warnings
* ksmbd: rename smbd-tools to ksmbd-tools in travis.yml
* ksmbd: fix password db file location in travis.yml
* ksmbd: rename smbd prefix function to ksmbd
* ksmbd: rename smbd prefix source files to ksmbd
* Revert "smbd: set connection status with SMBD_SESS_EXITING instead of direct destory"
* ksmbd: rename smbd to ksmbd in .travis.yml
* smbd: rename module name to ksmbd.ko
* smbd: set connection status with SMBD_SESS_EXITING instead of direct destory
* smbd: previous session with same user and same password should be deleted
* smbd: only use global session table in smb2 session
* smbd: add support for ipv6
* smbd: fix empty macro issue from smbd_debug
* cifsd: fix printing of file names in find_next
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This should hopefully prevent issues with that option not showing up in the
GUI, like in #11095.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
nginx-ssl-util and nginx-ssl-util-nopcre are replacements for each other,
but cannot replace nginx-util (instead conflict with it).
The hard coded [::1] could lead to a nginx error if build without IPv6.
So, get the loopback addresses dynamically.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Do not destroy the iterator twice if cur==this (segfault).
* Do not add the delimiter clim=='\0' when creating the SSL directives.
* Set the right SSL_SESSION_CACHE_ARG for nginx-util get_env.
* Remove static from the constexpr that are used only for Line::build.
* Concat strings instead of appending them for not using a non-const ref
(to remove some warnings of clang-tidy -checks=google-runtime-references)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
add missing 'peer_id_ttl_hours' and remove 'scrape_paused_torrents'
which is not exist in transmission wiki.
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
We depend on luci-compat now, which will pull in luci-base, which in turn
will pull in lua. So remove those two dependencies to maybe help with
recursive dependency resolution errors.
Fixes#5320.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Ran init script through shellcheck. Simplified several statements.
Replaced INSTALL_CONF with INSTALL_DATA. i2pd runs as non-root and so the
conf file must be accessible.
Fixed: https://github.com/openwrt/packages/issues/10977
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This can do the main work of nginx/nginx-ssl init script.
For nginx-ssl it can create selfsigned certificates, too.
It uses libpcre and libopenssl iff nginx(-ssl) uses them.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Install the standalone (scons-local) version
Advantages:
- The regular version of SCons requires distutils during installation;
the standalone version does not have this requirement
Disadvantages:
- The scons-local package is not available from the Fossies mirror
- The patch will need to be manually updated with each version update
* Install files to $(STAGING_DIR_HOSTPKG) instead of $(STAGING_DIR_HOST)
* Write the correct shebang into scripts instead of using the wrapper
* Update to 3.1.2
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- helps build system to locate zlib
- adds depend on libgdbm if libaprutil-dbm-gdbm is selected
This fixes the two different build failures that can currently be
observed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
When issuing an ECC certificate, acme.sh for some reason changes the name
of the directory used for the certificate state. Handle this correctly when
moving directories and updating config files.
Fixes#7941.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
--log-error in the init script was overriding it.
Added several optimizations to the init script for speed and correctness.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Update xtables-addons to 3.7
Remove linux 4.9 compatible patch as OpenWrt master no longer supports it
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Extend (and rename) the existing mii-tool package to also support
the net-tools route command.
This may be needed if you want to support other address families than
inet/inet6 like x.25.
Also bump to version 2018-11-03.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Things were done in the wrong order, leading to config_dir not being
chown'ed and subdirectories not being created in case of download_dir
being inside config_dir.
Fixes: 609109fa9 ("transmission: add seccomp filter and improve jail")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
"fg" and "pidfile" parameters are already used in the init script,
so they are not controllable by config file anyway.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
The package doesn't need to install _everything_ to staging. This commit
reduces the amount of files that get copied over to staging. Currently
there's no package depending on apache anyway.
This adds sed scripts from buildroot (thanks!) to fix two files that are
important for cross-compiling external modules. This has been tested and
was confirmed to work with mod_gnutls taken as an example package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Also preinst and postrm are removed. busybox's httpd isn't installed by
default, so these gimmicks seem antiquated.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This adds extra packages for certain modules (basically the ones that
incur further dependencies), support files etc. This is pretty much
follows Alpine's example.
This updates the httpd.conf patch to _not_ uncomment MIMEMagicFile
(because the module isn't loaded by default) and removes that changes
that aren't needed anymore (because of the added module support). The
patch now only changes the default user.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This gets rid of flags. For instance $(FPIC) shouldn't be forced onto
applications (see [1]).
And CONFIGURE_ARGS + CONFIGURE_VARS are broken out of Build/Configure.
This way more arguments can be added easily in the future.
The target is changed from apache to apache2 (which is used by upstream
by default). the CONFIGURE_ARGS are changed where need to enable
modules.
This also renames one patch that fixes scoreboard location (the name
004-pidfile_fix.patch didn't describe what it's doing).
Now with the OpenWrt layout in place 003-logdir_fix.patch can be
removed.
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- version bump
- update license description
- add PKG_BUILD_PARALLEL:=1
- remove two cross-compile patches and replace them with the
cross-compile patch from buildroot (adds autoreconf to get this going)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Provide the minimal applications and plugins for: cgi, filelog, syslog and
python3. More plugins can be added if needed by other packages. Autostart
uwsgi in emperor mode loading vassals on demand.
For now, include luci-support (maybe it will be moved to another package),
which uses the syslog plugin by default.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Luci nginx config file for non ssl varian had user as nobody nogroup. This cause some problem with ubus use.
Luci file support package depends on uwsgi-cgi. As this package will be renamed shortly to a more generic version, make the subpackage depends on the uwsgi subpackage only.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_RELEASE not bumped because this only affects package description.
We document that passlib and bcrypt are needed if one wishes to use
bcrypt encryption of passwords. These have not been added as dependencies
as Radicale2 can have a frontend webserver authenticate users rather than
radicale itself.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
All the computationally expensive stuff is in the libraries, not the
package itself.
Saves several kilobytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If snmpd fails to open files, like /dev/kmem or /dev/mem, it exits.
Avoid this by adding the -r argument.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The ModemManager protocol handler checks for the pppd daemon during
the initialization, and if it doesn't exist, the protocol handler is
not even loaded by netifd.
This is because the IP method to use on the connection of a given
modem is not known until ModemManager reports via its interfaces how
the modem should be connected (either using PPP, with DHCP, or with
explicit IP settings).
Fixes https://github.com/openwrt/packages/issues/10802
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
0.12.0 tarballs aren't out yet, I accidentally committed the changed
version in commit b6a9bd3bf3
("gnurl: update to version 7.67.0").
Revert gnunet back to 0.11.8.
Reported-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The package wget should not say that it provides itself.
This also make gnu-wget provide general so it is not written in Makefile
twice.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* Added optional ipv4 resolvers UCI config option
* Added logging to logd
* Refactored verbosity UCI config option
* Filtered out any address from being added to dnsmasq
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
The build needs protoc, otherwise it fails.
checking if we need to link in protobuf... yes
checking for PROTOBUF... yes
checking for protoc... no
configure: error: Protobuf requested but the protobuf compiler was not found
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently dnsdist is failing at packaging stage when lmdb is in staging:
make[4]: Leaving directory '/builder/shared-workdir/build/sdk/build_dir/target-x86_64_musl/dnsdist-1.4.0'
Package dnsdist is missing dependencies for the following libraries:
liblmdb.so
Makefile:109: recipe for target '/builder/shared-workdir/build/sdk/bin/packages/x86_64/packages/dnsdist_1.4.0-2_x86_64.ipk' failed
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
When present on the build system dnsdist will try to make use of libcap. This
change adds an explicit dependency to ensure it's present at build time, to
prevent build failures when another package brings the dependency in.
Signed-off-by: James Taylor <james@jtaylor.id.au>
* remove 'ransomware' blocklist by abbuse.ch (discontinued)
from default adblock config
* fix/switch 'someonewhocares' config to https only
* fix curl download parameters to follow redirects and
suppress needless output
* made the tmp directory of sort operations configurable,
set 'adb_sorttmp' accordingly (only supported by 'coreutils-sort')
Signed-off-by: Dirk Brenken <dev@brenken.org>
