The iputils build system embeds git tags into the generated binaries
for use by commands like ping -V. Since openwrt packaging is done in
a different repository from the upstream repo, the tags it finds
aren't particularly meaningful, and we get confusing results like
those described at https://github.com/openwrt/packages/issues/13920
This change removes the git tag inspection in favor of the static
version string that's already known to the upstream build system.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Drop obsolete patches
- 001-no-tests.patch
- 002-fix-cross-compilation.patch
Move several user-executable binaries from /usr/sbin to /usr/bin per
upstream.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Current implementation of socat's init service doesn't allow to run more
complex configurations. As an example there's no possibility to execute
following command:
socat TCP-LISTEN:8080,fork,reuseaddr,bind=192.168.1.1 \
EXEC:"/sbin/ip netns exec somenetns socat STDIO TCP:10.0.0.1:80"
In such command the first line is argv[1] and the second line is
argv[2]. SocatOptions config option is a string. As as a consequence of
this each word will be passed as a separate argv element. Socat won't be
able to parse arguments correctly.
In order to mitigate this issue, we can also accept SocatOptions as a
list of strings. Following config file will work correctly:
config socat 'tunnel_8080_into_somenetns'
option enable '1'
list SocatOptions 'TCP-LISTEN:8080,fork,reuseaddr,bind=192.168.1.1'
list SocatOptions 'EXEC:"/sbin/ip netns exec somenetns socat STDIO TCP:10.0.0.1:80"'
While we're at it, pass stdout and stderr into logread.
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
* The default local-adress makes Netopeer2-server listen on ipv4 only.
We change it to :: in order to listen on ipv6 as well as ipv4.
Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
* fix for possible exploit #13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
I checked the hostname for existing DNS A and AAAA entries and these
ones didn't have an entry.
Signed-off-by: Gerald Hansen <gerald.hansen@cloud.ionos.com>
As the default uclient-fetch doesn't support authentication header
and the ddns provider myonlineportal.net support also username and
passwort as url parameter this can be changed.
Signed-off-by: Gerald Hansen <gerald.hansen@cloud.ionos.com>
add eoip package,this can create ethernet
tunnels compatible with Mikrotik EoIP tunnel.
At current moment it is easiest way
to create stateless tunnel with Mikrotik.
Signed-off-by: Bogdan Shatik <bogdikxxx@mail.ru>
In IPv4 the default route can be written as
0.0.0.0/0
In IPv6 the default route can be written as
::/0
If u try
owipcalc 0.0.0.0/0 contains 1.1.1.1
or
owipcalc ::/0 contains ::1
owipcalc will respond with 0 meaning that the "default prefixes" do not
contain the routes.
That is why we check now for 0 prefix.
Furthermore, if the prefix is 0, i will be 16. We will access a negative
array entry in the line:
uint8_t net1 = x->s6_addr[15-i] & m;
Divide by % 16 to prevent i becoming 16:
uint8_t i = ((128 - a->prefix) / 8) % 16;
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is a helpful utility, but it does not have any dependencies
in base repository. Move it to packages feed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is a helpful utility, but it does not have any dependencies
in base repository. Move it to packages feed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some users have reported that reloading dnsmasq does not always work. It
sometimes stop responding to DNS lookup requests after being reloaded.
This patch changes "safe-search-maintenance" so that it restarts dnsmasq
instead of reloading it.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
Ensure that the best available IP is always used for all supported
safe-search providers. This is accomplished by periodically checking
DNS for the most recent list of IP addresses associated with each
provider.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
Start after named is running.
Add support for "cname", "domain", "mxhost", and "srvhost" configs.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* update to version 1.19.6
* remove default configuration files and documentation as
they are in the package `nginx-util`.
* do not install a `/etc/nginx/nginx.conf` file.
* use the dynamic `/etc/nginx/uci.conf` if the symlink (to
`/var/lib/nginx/uci.conf`) is not dead after calling
`nginx-util init_lan` (else try `/etc/nginx/nginx.conf`)
* replace nginx package by a dummy depending on `nginx-ssl`;
the dummies will be removed after a transition period.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
On Arch Linux, tcpreplay is picking up the host dnet-config and adding
OS paths, thereby breaking compilation. The easiest solution is to add
libdnet support as the previous commit fixes dnet-config on OpenWrt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Something having to do with passing a file descriptor over spamd's
Unix socket causes the ClamAV milter to fail. The milter says "ERROR:
Unknown reply from clamd," and running strace on spamd reveals "No file
descriptor received. ERROR."
Some work by others can be found on the Internet that suggests using
a TCP socket for the communication between the milter and spamd fixes
this. Lucian Cristian confirmed this on OpenWrt.
I am not sure why the Unix socket does not work. I suspect it is something
related to musl, but I have not yet found evidence of this.
This merge request adds the option to configure spamd to use a TCP
socket, and it uses this as the default. The merge request also adds an
init script for clamav-milter.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
* update to 4.13.3
* enable vfs io_uring module by default, if kernel supports it
* fix for possible exploit openwrt/packages#13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
* remove old aio modules/deps
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.
Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.
OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.
[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
Add fadvise64_64 and fchmod syscalls needed on PowerPC platforms to
seccomp rules of transmission-daemon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When specifying a secondary password script, the output should be appended to the temporary password file and shouldn't overwrite it. If you refer to the case where there is a static secondary password, you can see that the secondary password is appended. Without this fix, only the secondary password is passed to the `openconnect` session.
Signed-off-by: Frederick Morlock <FrederickGeek8@gmail.com>
There's some kind of crash internally in wolfSSL. It doesn't seem like
anyone knows how to fix it. Just disable it for now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove uClibc-ng patch as it's not in the tree anymore.
Also remove the _GNU_SOURCE CFLAG for the same reason.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This package has been completely broken on several levels since
commit eadd5abe40 ("smartsnmpd: Update to 2015-02-22 version")
The update changed the configuration file syntax without fixing
the scripts generating this file. The OpenWrt package would
therefore fail to run.
Worse than that, the last upstream version is completely broken
is unable to generate proper snmp replies even if the
configuration file is fixed, This has been tested and verified
on both OpenWrt/realtek and Debian/amd64.
I considered fixing the package, but dropped it for the following
reasons
1) upstream has abandoned the project
2) the upstream fork "smithsnmp" continues to make aribitrary
changes to configuration files and other packaging challenges
3) the package is tied to the lua5.1 C API, and further upgrades
will be non-trivial
4) there are several other snmp daemons available in OpenWrt,
without any of these issues
5) no one is interested in this package
The last point is proven by the lack of testing and feedback.
The last update was not even tested by the person preparing and
commiting the update.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
It tries to link to host libraries for some reason. Add autoreconf to
fix. Also remove redundant prefixes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The idea behind this is to prevent confusion between "virtual" package
wget and real one. Wget is provided by not just wget packages but also
by uclient-fetch so technically it is better to threat wget as virtual
package.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* update device description framework to v1.3
* setup methods in database
* setup uhttpd to use hs20 cert
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
