As miniupnpd is running as root, libcap can be used to limit its
capabilities.
libcap is very small, so this isn't a problem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ba49c96808)
(switched to use libcap as -ng is not available)
Use the newly introduced configure script.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2b5028458e)
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
(cherry picked from commit 6ef2b5400b)
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 295d77943c)
Error was:
The domain 'example.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
Signed-off-by: David Yang <mmyangfl@gmail.com>
Irqbalance defines /run/irqbalance dir for its socket
communication between irqbalance and its UI. /run does not exist
in OpenWrt (although it is defined by the Linux FHS), so the
socket creation fails. Although we do not compile UI and thus
the issue is not critical to us, fix the directory location.
Additionally, the creation is originally handled by a systemd
init script that we do not use.
* patch source to define dir as /var/run/irqbalance
* create the dir in the procd init script.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry-picked from 4f0c847828)
The package Makefile was not taking into consideration that the build
may be using BUILD_NLS with libintl-full and libiconv-full and was
trying to link the wrong versions of these libraries in this case.
The necessary flags are added by nls.mk to TARGET_LDFLAGS and can be
passed to irqbalance's configure script for setting the GLIB2_LIBS
variable instead of the explicit static link to the libiconv stub.
The PKG_BUILD_DEPENDS line should be modified so as to add to and not
override the definition set by nls.mk, which will ensure the right
version of libiconv and libintl is built beforehand.
A DEPENDS:= line should be added to the package definition using the
variables defined in nls.mk, which will add the appropriate version
of libintl and libiconv (vanilla or -full versions)
If USE_GLIBC is true, then libpthread needs to be explicitly passed
to the configure script in the GLIB2_LIBS variable for linking.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry-picked from 88c25e87a1)
The perl Configure file was matching GCC 10 against "1*" and treating it
as GCC 1, causing ABI breakage and segfaults.
Cherry-pick the upstream patch which fixes it to check against (e.g)
"1.*" instead, which will make it work for hundreds more GCC versions
to come.
https://github.com/Perl/perl5/commit/6bd6308fcea3541
"Adapt Configure to GCC version 10"
Also includes the previous commit just adding GCC 8 and 9 to one case:
https://github.com/Perl/perl5/commit/ae195500577d707
"Add gcc-8 and gcc-9 for FORTIFY_SOURCE"
Signed-off-by: Ken Wong <xinxijishuwyq@gmail.com>
(cherry picked from commit 65578a43f0)
* update to git 2020-05-06
* run init script through shellcheck
* fix infinite loop when BI_PARM is never set
* Fix '-b' option parsing
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Unbound has a quirk and may reply on a different device address.
When Unbound answers with from-address different than it
received queries on, it may cause trouble for select VPN and
firewall configurations. Ensure Unbound replies with the same
address by changing this default.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
