This fixes the Invalid Resource Record: FATAL problem: ARRDATAIllegalIPv4Address error message described in https://forum.openwrt.org/t/route53v1-script-error/160068
Maintainer: @chris5560, @maxberger, @dibdot
Tested: Checked on local system
Signed-off-by: Max Berger <max@berger.name>
* fix boot()
* reintroduce procd_boot_delay variable to control delay of service
start on boot
* introduce `check_lists` command to check enabled block-lists for
domain(s)
* use config_get_bool instead of config_get for boolean options
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* fixes https://github.com/openwrt/packages/issues/22674
* rename resolver_health_check to is_resolver_running for readability
* reorder functions in the init file by name
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Based on the discussion on GitHub [1], we found out that quassel irssi is not maintained anymore, thus it is dead and confirmed by developers [2]. There is no reason to keep this package anymore here in our repositories, because otherwise we will need to take care of it and thats not what is going to happen.
[1] https://github.com/openwrt/packages/pull/22605
[2] https://github.com/phhusson/quassel-irssi/issues/36
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
The built-in swig/python detection does not works well
when system-wide m4 macros are available with same name
but different content.
So make the configure stuff compatible, resp. workaround
a little bit.
It seems also necessary to pass the PYTHON_LIBS environment
during the compile phase.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This is a bugfix release containing security fixes.
Security Fixes (included in 2.6.7):
CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer
after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer.
All configurations using TLS (e.g. not using --secret) are affected by this issue.
CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration
in some circumstances, leading to a division by zero when --fragment is used.
On platforms where division by zero is fatal, this will cause an OpenVPN crash.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
If pcre is built before freeradius, then freeradius' configure will
detect pcre and freeradius will be built with pcre functionality
enabled. This causes a "missing dependencies" error at the end of
package build.
This passes --without-pcre to configure to disable this autodetection.
This also removes the dependency on libpcre2 as freeradius v3 does not
have support for pcre2.
Fixes: 19ec30255f ("freeradius3: switch to pcre2")
Fixes: https://github.com/openwrt/packages/issues/22574
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Update crowdsec to latest upstream release version 1.5.5
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested. not able to test run due to limited space (package is big)
Description: update to latest version of upstream
libudev seems to be required only for cm108gpio gensio
which is a relatively special one. Let's disable it
and also the libudev lookup, so that there is no need
to link/use libudev.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
- package is bumped to 0.5.2
- new protocol changes prevent peering with 0.4.x peers
- @turretkeeper revamps package with netifd support
- do not use with luci-app-yggdrasil please install luci-proto-yggdrasil
Signed-off-by: William Fleurant <meshnet@protonmail.com>
Buildbots spottet this error that when dns_sd library is
available, then gensio's configure will pick it up.
This is not desired since we already link to libavahi
for the mdns stuff, so let's disable dnssd lookup explicitly.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Current version of atftpd daemon does automatically start when installed.
This commit adds 'enable' option to config file to
have control over atftpd daemon.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
Although init script did consist of default value for missing 'port' field,
add it to configuration file for consistency.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
After 1.0.18, this project moved from SourceForge to gitlab
Also, since 1.0.19, the configure script is not present
by default anymore, so we need to add autoreconf to generate it
Release notes:
https://gitlab.com/sstp-project/sstp-client/-/releases
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Upstream bump
,,_ -*> Snort++ <*-
o" )~ Version 3.1.74.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.13
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.12 24 Oct 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-11-08
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
When selecting both iperf3 and iperf3 ssl, there is a problem that
both packages install same binary file.
This patch fixes this issue by adding conflict between those packages.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
* update Makefile copyright info
* organize functions shared between the init script, uci-defaults and
luci app in alphabetical order
* update error, warning and status messaging
* use single quotes instead double quotes for static text labels
* better warning for missing recommended packages
* rename dns function to resolver to better reflect its purpose
* improve resolver cleanup code
* move _resolver_config function inside resolver function to improve code readlibity
* rename _process_file_url to process_file_url_wrapper to better reflect its purpose
* add preflight check for available RAM vs total size of block lists
* move _config_add_url_size function inside adb_sizes function to improve code readlibity
* remove uci validation from status_service function to improve performance
* source init script from uci-defaults to include shared functions
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Add patch fixing compilation error with new version of irssi where the
renamed some functions.
Fixes: #22384
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Fetch Ed25519 public keys from UCI host sections.
Update options and syntax to current version.
Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
This major update not only updates the ser2net daemon version,
but also migrates the UCI configuration handling to the newer
YAML configuration file format.
If you only configured ser2net using UCI, then there should
be no noticable difference and your configuration should
still work as before.
If you modified /etc/ser2net.conf before, or used custom adaptions
etc., then you must migrate to newer /etc/ser2net.yaml on your
own and/or double-check your installation - there is no automatic
migration logic during package upgrade path.
The latest nmap version 7.9.3 currently fails to compile with OpenSSL 1.1 [1],
it required to backport upstream patch to fix the compilation. [2]
[1] https://github.com/nmap/nmap/issues/2516
[2] d6bea8dcde
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This major update not only updates the ser2net daemon version,
but also migrates the UCI configuration handling to the newer
YAML configuration file format.
If you only configured ser2net using UCI, then there should
be no noticable difference and your configuration should
still work as before.
If you modified /etc/ser2net.conf before, or used custom adaptions
etc., then you must migrate to newer /etc/ser2net.yaml on your
own and/or double-check your installation - there is no automatic
migration logic during package upgrade path.
Signed-off-by: Morgan Christiansson <git@mog.se>
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
* the log file monitor now supports standard log files used by other log daemons like syslog-ng
Set 'ban_logreadfile' accordingly, by default it points to /var/log/messages
* removed logd dependency, closes#21932
Signed-off-by: Dirk Brenken <dev@brenken.org>
1. Add new options:
--http3 Enable HTTP/3 support (H3 first)
--timeout Timeout for outbound DNS queries to remote upstream servers in a human-readable form (default: 10s)
2. Allows listen on multiple interfaces and ports
Signed-off-by: Anya Lin <hukk1996@gmail.com>
This adds a multithreaded variant of iperf3 as a package. This variant
is still experimental, developed in the mt branch of the iperf
repository and expected to be merged when it is considered stable.
Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Use PKG_NAME in PKG_SOURCE AND PKG_BUILD_DIR instead of hardcoding to
privoxy to make the Makefile cleaner.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* added ujail for crowdsec-firewall-bouncer
* set nice to reduce priority for process
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0
changes:
- fixes a bug where science notations (exponentials) are displayed during tests during high speed bursts
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
use libpcre2 as dependency for freeradius3-common
because PCRE is EOL with no further updates
Compile & run tested on mediatek mt76 ubnt-ui6-lr-v1 with musl
Signed-off-by: Martin Strobel <arctus@crza.de>
Currently aircrack-ng try to link with libbsd if it does detect the
library in staging_dir. This is the case with buildbot where every
package is selected and compiled.
Fix this by adding a pending patch that permits to disable libbsd
inclusion even if detected and set the related config flag.
aircrack-ng use 2 function of libbsd and it's not worth to include the
entire library for 2 simple function for string manipulation.
Also add an additional patch that permits to use musl or glibc version
of these string functions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The keepalived does support script call handling on start and stop.
All scripts located under '/etc/hotplug.d/keepalived' gets now called
with the env ACTION set to startup or shutdown. The script that want to
get called on this keepalived events could evalutate this env to run on
startup or shutdown.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the ModemManager process crashes, the interfaces are not cleaned
up properly because the stop_service method is not called. With this
change, the interfaces are cleaned up both when stopping the service
and during a crash. Therefore it is no longer necessary to perform a
cleanup at the beginning.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
Change workflow to cleanup interfaces using the sysfscache.
The sysfscache stores the processed sysfs-paths. Using this
instead of mmcli -L, the interfaces can be properly cleaned
up even if, for example, ModemManager crashes and mmcli is
no longer usable.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
Backport required patch for PCRE2 support and move to PCRE2 library as
PCRE is now EOL and won't receive any security updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Upstream bump
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
,,_ -*> Snort++ <*-
o" )~ Version 3.1.73.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2023 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.12
Using LuaJIT version 2.1.0-beta3
Using OpenSSL 3.0.11 19 Sep 2023
Using libpcap version 1.10.4 (with TPACKET_V3)
Using PCRE version 8.45 2021-06-15
Using ZLIB version 1.3
Using Hyperscan version 5.4.2 2023-10-26
Signed-off-by: John Audia <therealgraysky@proton.me>
Fix bug in init_apinger_config - debug/status_interval/rrd_interval were never set correctly
Fix bug in apinger_status - send and receive were swapped
Fix bug in apinger_status - added ability to use ipv6 on wan6
Signed-off-by: Jochen Dolze <jochen.dolze@schulergroup.com>
* update to 2023-10-25 upstream version which fixes the crashes on logging on ath79
* remove no longer needed 030-src-logging.c-fix-crash.patch
* update 010-cmakelists-remove-cflags.patch to work with a new version
* update 020-src-options.c-add-version.patch to work with a new version
Signed-off-by: Stan Grishin <stangri@melmac.ca>
At mm_report_modem_wait a wait status is set. When attempting to report
an event (via hotplug or during startup) and the DBus is not yet available,
the status in the sysfs cache is set to 'processed' incorrectly, even
if mmcli fails.
This is fixed by aborting the operation and logging an error when
the kernel report fails.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
The mm_report_events_from_cache method is called during the startup and
informs the ModemManager of kernel events. Additionally, hotplug scripts
inform the ModemManager of kernel events. Processed events are stored in
the sysfs cache. It is possible for a hotplug script to write to the
sysfs cache while the mm_report_events_from_cache method is still waiting
for the ModemManager to be available on the bus during startup.
This could lead to a misbehavior where modems are not recognized.
To ensure a clean state on startup, the sysfs cache is cleared after the
ModemManager is available, ensuring reliable processing of kernel events.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
* various vpn/wireguard improvements & fixes
* improved compatibility with new netifd
* added open STA improvements by @brianjmurrell
* closes#22227#22288#22357
Signed-off-by: Dirk Brenken dev@brenken.org
Signed-off-by: Dirk Brenken <dev@brenken.org>
* update service triggers so that procd_add_raw_trigger is only
executed on boot and not on other service actions
* remove outdated iface hotplug script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This plugin acts as a proxy that dynamically selects an EAP method that is
supported/preferred by the client. If the original EAP method initiated by
the plugin is rejected with an EAP-NAK message, it will select a different
method that is supported/requested by the client.
For example it is possible to configure eap-tls as preferred
authentication method for your connection while still allow eap-mschapv2.
Signed-off-by: Tarvi Pillessaar <tarvip@gmail.com>
This package is not maintained anymore in the OpenWrt packages feed
and since we updated Go to 1.21 version, it is not compiled either.
Let's hope that with removing this package from our feed,
someone will step it and become a maintainer to take care of this package.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* fix sed to properly purge allowed domains from block-lists
* ensure resolver is restarted on allow command
* reduce pause default/max in attempt to make it work with luci
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. For more details see:
https://www.samba.org/samba/history/samba-4.18.8.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
ipcalc.sh no longer outputs invalid ranges and fails with an error code in
such cases. React to the error.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
With #12925, 'BROADCAST' will no longer be set if there is no local
broadcast address (rather than holding the global broadcast address).
Prepare for the merge but stay compatible with the old version of ipcalc.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Changelog:
- Add Pagination for IdP Users Fetch by @bcmmbaga in #1210
- Rework peer connection status based on the update channel existence by @surik in #1213
- Fix nil pointer exception in group delete by @pappz in #1211
- Fix/key backup in config script by @pappz in #1206
Full changelog: https://github.com/netbirdio/netbird/compare/v0.23.8...v0.23.9
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Add pending patch fixing compilation error for missing pcre.h.
This is caused by a bug on their end by trying to add pcre.h even if we
are using the PCRE2 library.
Fixes: f0754531c4 ("nginx: move to PCRE2")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This allows cargo to use make's jobserver when building packages, by
marking the cargo command as recursive (with the + prefix[1]) and
setting MAKEFLAGS.
This also:
* Give cargo/x.py the build directory instead of having to change the
current directory (and opening subshells)
* Set PKG_BUILD_PARALLEL/HOST_BUILD_PARALLEL for Rust packages to enable
the use of make's jobserver
[1]: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This consolidates all environment variables for cargo into:
* CARGO_HOST_CONFIG_VARS / CARGO_PKG_CONFIG_VARS
These contain all cargo-specific environment variables, i.e. without
"common" variables like CC.
* CARGO_HOST_VARS / CARGO_PKG_VARS (renamed from CARGO_VARS)
These contain all environment variables to be passed to cargo.
This also:
* Set the CARGO_BUILD_TARGET environment variable instead of using the
--target command-line option
* Update Python include files to use CARGO_HOST_CONFIG_VARS /
CARGO_PKG_CONFIG_VARS
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For detailed changes, see https://curl.se/changes.html#8_4_0
Switching to tar.bz2 for the time being as tar.xz is not yet available.
Fixes CVE-2023-38546 and CVE-2023-38545.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
The package should not only depend on a package dropbear but on the dbclient.
Otherwise the dbclient may be disabled during compilation and the dependency will be not satisfied.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
"Iran Hosted Domains" is a comprehensive list of Iranian domains and services that are hosted within the country.
Signed-off-by: Kaveh Dadgar <Kavehdadgar666@protonmail.com>
Changes to protocol file and it's description.
Works better now and restarts firewall automaticly
when tunnel comes available. More informative/guiding
description.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
* Enable `with_ech` and `with_dhcp`, just like upstream
* See changelog: https://github.com/SagerNet/sing-box/releases/tag/v1.5.2
Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: ShadowsocksR is marked as deprecated since v1.5.0
Signed-off-by: Leo Douglas <douglarek@gmail.com>
sing-box: remove dhcp by default
Signed-off-by: Leo Douglas <douglarek@gmail.com>
A user may have some host configured in the .ssh/config with user and port.
But we anyway have to specify them in the sshtunnel.
The change fixes this
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The dbclient doesn't support the -o StrictHostKeyChecking but it has it's own -y option:
-y Always accept remote host key if unknown
-y -y Don't perform any remote host key checking (caution)
So we can add these options to make the StrictHostKeyChecking working.
The dbclient will ignore -o StrictHostKeyChecking but use the -y or -yy instead.
The only problem is that the -y flag is also used by the openssh-client:
-y Send log information using the syslog(3) system module. By default this information is sent to stderr.
This is not critical and once the dbclient start to support the StrictHostKeyChecking we can remove the -y flag.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Without the option the ssh will propt a user to accept the host key.
So a user should perform a connection manualy and accept before useing the sshtunnel.
The accept-new is a reasonable trade off.
Also the LogLevel is INFO by default.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Simplify comment and make it shorter.
Remove triling tab after retrydelay.
Use a full path for IdentityFile because otherwise the uci validation fails with the relative path ~/.ssh
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
The samples in the repo are useful for configuring cenrtain aspects of
ddns, and their inclusion is hinted at within their source code
Signed-off-by: Julian Grinblat <julian@dotcore.co.il>
This package does not receive any update since 2015. [1]
It seems unmaintained and most likely not used at all.
[1] https://gitweb.torproject.org/tor-fw-helper.git/
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
