Upstream release message:
"Letsencrypt CA recent changed the CDN provider, which resulted in hanging issues.
Any downstream package should update.
This is important."
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Add required libevent2-pthreads dependency for all ntpd
subpackages.
Remove keygen-specific libevent2-core support as it is
automatically selected by the libevent2-pthreads dependency.
nptd: Bump PKG_RELEASE
Fixes: openwrt/packages#10307
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
argp-standalone is only needed for non GLIBC targets.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed unnecessary C/LDFLAGS.
Remove libstdcpp depends. It's included with libfmt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes following errors:
main.c:458:37: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:463:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
main.c:518:35: error: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:157:3: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result]
main.c:763:3: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
- add uwsgi patch to add option to don't follow simbolic link but call it directly (waiting to be approved)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
lightweight client for the RFC8555 ACMEv2 protocol, written in plain C code
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* the WAN auto detection now supports multiple interfaces, too
* no longer filter out possible LAN devices
* add a new DoH (DNS over HTTPS) blocklist source with public
DoH DNS server addresses, to effectively block client side DoH
communication, e.g. via Firefox or Chrome
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new 'ca-bundle' dependency as all https connections
are now validated by default
* automatically select the download utility: 'aria2', 'curl',
'uclient-fetch' with libustream-* or wget are supported
* track & ban failed LuCI login attempts as well
* add a small log/banIP background monitor to block
SSH/LuCI brute force attacks in realtime (disabled by default)
* add a config version check (please update your default config!)
* made the automatic wan detection more stable
* fix the IPv6 logfile parser
* fix the service status message
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix kea-admin dependency where if procps-ng-ps wasn't available busybox
would output an error casuse it does't support showing a processe's PID
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Fix an issue where the Makefile wouldn't allow kea to show up in the
menuconfig Also added some description to the packages
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Condition testing for Linux version 4.14 is spelled LINUX_4_14, not
LINUX_4.14, so the checks were ineffective up to this change.
This Fixes the following error which appeared after update to 2.12.0,
when built against kernel 4.14:
Package kmod-openvswitch-intree is missing dependencies for the
following libraries:
tunnel6.ko
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
debug is boolean option/flag so setting it to 9 doesn't work, while at
it I've synchronized boolean options from source code and sorted it
alphabeticaly with following command:
grep flag src/cmdline.ggo | cut -d \" -f2 | sort | tr '\n' '|'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Code in option_cb was referencing $chilli_inst variable which was
declared as local, thus the instance startup logic in start_chilli was
referencing variable which would always get value of 1, effectively
making `disabled` config option useless.
So I've fixed it with simpler config_get_bool and while at it, I've simplified the
surrounding code little bit as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
apcupsd's configure script looks up paths to sh, wall and mail on the
host system, but intends to use them on the target system. OpenWrt
replaces apcupsd's scripts by its own versions, so those paths don't
really matter, however, if the host system doesn't have wall installed,
the build fails. This is the case on Gentoo when util-linux is built
with USE=-tty-helpers (default). Prevent such failures by providing
explicit stub paths to sh, wall and mail to configure script.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Before the CMake update, either protobuf was being installed to HOST
instead of HOSTPKG by mistake or some other problem.
This adds a linker flag to look in the proper location.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some firewalls mandate a minimum size of 4k for SYN packets, which
transmission does not do by default. Upstream issue here:
https://github.com/transmission/transmission/issues/964
Cleanup:
Fixed license info.
Removed two unnecessary patches.
Ran shell script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to CMAKE_INSTALL to get rid of InstallDev.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Several other cleanups.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed PKG_INSTALL as cmake.mk already defines it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This can be helpful for example in hotels where you need to
enter a new user/password combination every week.
Signed-off-by: Johannes Rothe <mail@johannes-rothe.de>
Compile Tested: yes, selects lua as implementation and doesn't pick up luajit
Run Tested: no, minor change
Maintainer: me
Description:
On some architectures PowerDNS was preferring Luajit over Lua, which wasn't added
as a dependency. On previous versions this was controlled by passing `--with-lua`
and `--without-luajit` however this isn't functional anymore.
On the 4.2 series, it is instead possible to define the lua implementation to be
used by passing `--with-lua=[implementation]` ie `--with-lua=lua`
Signed-off-by: James Taylor <james@jtaylor.id.au>
nut uses gdlib-config to find libgd, which happens to be deprecated. This
switches it to use pkgconfig and allows a fallback to gdlib-config, same
as the libusb check.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bump PowerDNS Authoritative DNS Server to 4.2.0. Release changelong can be found at
https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.0
Compile Tested: OpenWRT Snapshot - armv7
Run Tested: Linksys WRT1900ACS - package runs correctly, not all functionality has been tested.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705
For seahub this was omitted, since the Python dependencies are prefixed
with `python-`, so it was missed during the grep search.
And grepping just for `mysql` yields many results.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
commit 0c090fde68b2 ("scons: move host build tool to a proper place")
has moved scons into the packages feeds, so switch to that package
include and adjust build dependency to a new scons home.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.
The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
