Use the newly introduced configure script.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add new subpackage containing pam authentication module. Shouldn't
affect dependencies and nothing changes, there is just one more module
enabled for people interested in it.
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
b933f9cf0cb254e368027cad6d5799e45b237df5 in base made several changes
to OpenWrt's libssp support. It seems this workaround is no longer
needed.
Simplified the configure script slightly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to new upstream.
Added PKG_BUILD_PARALLEL for faster compilation.
Refreshed and fixed up patches.
Fixed up license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Unbound has a quirk and may reply on a different device address.
When Unbound answers with from-address different than it
received queries on, it may cause trouble for select VPN and
firewall configurations. Ensure Unbound replies with the same
address by changing this default.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* add anti_ad blocklist source
* made SafeSearch provider configurable, you can limit
SafeSearch to certain providers
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* update to 4.12.3
* update/remove patches
* disable netbios port 139 on 'DISABLE_NETBIOS' option or missing 'nmbd'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Includes:
- test_storage: further refactoring, added test functionality, and TESTING.md to describe testing approach
- tcpsocket: implement client_read_cb with ustream_read my wheels are much worse than offical wheels.
- Revert "tcpsocket: implement client_read_cb with ustream_read my wheels are much worse than offical wheels."
- uci: fix arm64 compiling
Fixes: #12488
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* add regional list source for czech/slovak
* add regional list source for korea
* adapt oisd_nl changes, switch to adb-syntax domains
Signed-off-by: Dirk Brenken <dev@brenken.org>
Includes:
- uci: truncate hostname at first dot
- ubus/uci/datastorage: add iface and hostname
- ubus: use strncpy and add backwards compatibility
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Since we can now configure xinet.d with uci, it is no longer necessary
to save the configuration in /etc/xinet.d/* when upgrading the system.
This was wrong anyway, because other packages can also store configuration
there. If this configuration get changed then the new/changed one will never get
applied, because the configration is always replaced with the saved
configration during sysupgrade.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
I tried Dawn and it whined at me because it didn't understand its
own packets from a different-endian host.
Mon Jun 8 10:49:12 2020 daemon.err dawn[19742]: not complete msg, len:308, expected len:872480768
Mon Jun 8 10:49:12 2020 daemon.err dawn[19742]: not complete msg, len:708, expected len:3288465408
https://github.com/berlin-open-wireless-lab/DAWN/issues/92
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
string_view is available with both boost and std.
Backported extra patch getting rid of using namespace std.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
By using the netifd for open fortivpn we are able to set up multiple
VPN connections and manage them through the netifd toolset.
This also adds support for binding an openfortivpn client to a given
interface, in which case when that interface comes online, the vpn
will be initiated via a hotplug script.
This is a breaking commit and configurations will need to be migrated
from openfortivpn.config into the /etc/config/networks.
Example configuration via /etc/config/network:
config interface 'ftvpn'
option proto 'openfortivpn'
option server 'example.com'
option username 'USERNAME'
option password 'PASSWORD'
# optional arguments follow
option local_ip '192.0.5.1'
option port '443'
option iface_name 'wan'
option trusted_cert 'CERT_HASH'
option set_dns '0'
option pppd_use_peerdns '0'
option metric '10'
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
This exposes the interface-auto option to UCI.
By default, interface-auto is disabled.
This leads to the DNS reply possibly originating from
a different address then the request was sent to.
Devices with a packet filter might not receive the reply in this case.
Enabling interface-auto ensures the reply is sent with the
source-address the request was sent to.
Signed-off-by: David Bauer <mail@david-bauer.net>
Includes:
- ubus/datastorage: don't repeatedly ask devices for beacon reports if
don't support it
- uci: fix loading of config
- utils/ubus: fix memory leak at blobmsg_format_json
- ubus: add local flag to network overview
- ubus: fix network overview
- network/tcpsocket: make sure every msg is complete before handle
- datastorage: refactor to support scalability testing
- network/tcpsocket: make sure every msg is complete before handle
- ubus: fix network overview
- ubus: add local flag to network overview
Signed-off-by: Nick Hainke <vincent@systemli.org>
The configure script confusingly sets CXXFLAGS to gnu++11 but does
not use that to check the important stuff. Fix that.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Update haproxy download URL and hash
- This version introduces backtrace-support via backtrace(), however, it must be disabled because neither MUSL nor UCLIBC support it (build fails because of missing execinfo.h)
- Our previous UCLIBC patch is now obsolete and has been removed. We now only disable libcrypt support.
- A new patch was backported from the haproxy dev-branch which fixes an IFDEF which should only allow GLIBC to use dladdr1 and make builds fall back to dladdr when using other c-libs. The previous logic was bogus and broke the build on UCLIBC.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
* remove dumb list cache
* start adblock processing after adding/removing
list sources via CLI
* add regional list source for france
Signed-off-by: Dirk Brenken <dev@brenken.org>
Refactor the package so init script is installed from the binary instead
of an init script embedded in the package.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address. With this change, the any family will work
again.
I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
This is needed since openvswitch 2.13 commit 2a97891eb23b
("Documentation: Work with sphinx-build for Python 3 also.")
The 4th patch was also reworked to serve as another guard
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Compile with USELIBCAP=1 to make use of POSIX capabilities. This will
save the required capabilities needed for transparent proxying for
unprivileged processes.
Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
* fix regex capture (to conform std)
* fix issues for Clang/libcxx (warnings/includes)
* fix CONFLICTS in the Makefile
* use /bin/sh in host scripts and shellcheck them
* add callback for setting arguments in ubus::call
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Add alternative to busybox nslookup. Busybox throws an error when
the host does not have an AAAA record.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
Build is failing because HWTSTAMP_TX_ONESTEP_P2P is defined anymore on
linux net_tstamp.h.
Moreover, the usual way of linuxptp build is looking for system includes
unless user defines differently. That also was tried to fix.
PKG_RELEASE bumped to 3.
Signed-off-by: Paulo Machado <pffmachado@yahoo.com>
Updates pdns-recursor to latest release in the 4.2 series.
Includes backported fixes for CVE-2020-10995, CVE-2020-12244 and
CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.
Full change log for this release is available at:
https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2
Signed-off-by: James Taylor <james@jtaylor.id.au>
Removed patch
`03-configure-allow-to-manually-disable-POSIX-capabiliti.patch` that has been backported into release.
Signed-off-by: Jan Hak <jan.hak@nic.cz>
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Includes:
- dawn_iwinfo: fix whitespace
- dawn_iwinfo: indentation
- dawn_iwinfo: iwinfo_finish();
- dawn_iwinfo: filter out global interface
- dawn_iwinfo: release iwinfo after usage
- tcpsocket: fix port print
- github: set CONFIG_SRC_TREE_OVERRIDE in actions CI
- github: fix link to dawn source
- github: use v2 for checkout action
- github: add GitHub Actions CI
- ubus: only update TCP socket list when using TCP connections
- add notice that full wpad is requirement
- fix link to luci-app-dawn
- update readme and install instructions
Signed-off-by: Nick Hainke <vincent@systemli.org>
Recently, there was added libcap-ng to OpenWrt packages feed,
which is optional for Knot DNS. It enables POSIX 1003.1e capabilities.
This can restrict root (by default it runs as root) permissions and
might harm and as there isn't systemd on OpenWrt it can interfere.
There is an added patch, which introduced an option to disable libcap-ng.
This will be part of the next release.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* Replace creating an empty PYTHON3_PKG_DIR with setting filespec to an
empty value
* Disable the default Python package build recipe (with
PYTHON3_PKG_BUILD:=0) and set an empty Build/Compile
* Remove VARIANT:=python3 and PROVIDES (providing the same name as the
package)
* Add PKG_BUILD_PARALLEL:=1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
start if kernel has missing ipv6 support
add libcap-ng support
fix some errors displayed on syslog
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Explain which are the options supported by the protocol, and also
which are the supported values in each (if the field has value
validation).
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
ModemManager allows specifying which are the authentication protocols
to be used during the user/password context authentication with the
peer.
This protocol update allows users to provide a new 'allowedauth'
option in the interface configuration, which is then used in two
different places:
* It is sent to ModemManager in the --simple-connect call so that
modems with a network interface can perform the authentication
using their own vendor-specific protocol.
* If the connection is done using PPP, this list of protocols is used
to configure the pppd call.
If the new 'allowedauth' option is not given, all auth protocols are
implicitly allowed.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
