Change URL to codeload. It redirects to it anyway. I was getting a 404
error with the original. I couldn't figure it out.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- remove patch that has been included upstream
- remove dependence on resolveip
- remove hotplug script that is handled by "proto_add_host_dependency"
- use openfortivpn default tunnel ip if none specified
- add status checking with uclient-fetch
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
If a daemon listens on multiple addresses at once, it'll show up multiple
times in get_listeners() which will clobber the config for uhttpd. Fix this
by skipping subsequent handlings of the same daemon binary.
Fixes#13325.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Update to 40.89.244.237 which is the new IP address that duckduckgo.com is using for safe-search.
Signed-off-by: Greg Dietsche <gregory.dietsche@cuw.edu>
The creation of the dummy package nginx creates some problem with dependency detection for the all-module variant. Reorganize the dependency and compile nginx before the the sub-variant.
Fixes#13275
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Canonical radtest start results in an error:
$ radtest bob hello localhost 0 testing123
/usr/bin/radtest: line 1: hostname: not found
(0) Error parsing "stdin": Failed to get value
hostname command is not present in OpenWrt.
Instead, hostname can be obtained from file /proc/sys/kernel/hostname.
added: 004-get-hostname-from-proc-in-radtest.patch
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
radtest utility is used in many manuals to check the operation of
radius server.
At the moment all parameters must be specified at startup, for example:
$ radtest bob hello localhost 0 testing123 0 localhost
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Support for kernel 4.14 has been removed in main repo, so drop the
dependencies here as well (and those for even older 4.9).
Also drop a patch that is required only for 4.14 and lower.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Since support for kernel 4.14 has been removed, kmod-sched-cake-oot
is gone, and the kmod-sched-cake-virtual package is not needed
anymore.
This effectively reverts 9114244fbd ("sqm-scripts: Switch sch_cake
dependency to new virtual package")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This also removes PKG_BUILD_PARALLEL:=0 that was added for packages that
use HOST_PYTHON3_PACKAGE_BUILD_DEPENDS.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This commit allows for UCI configuration of the "left=" and the
"mark=" values in a StrongSwan IPSec connection. This improves
VTI support and allows certain stricter connection scenarios.
Signed-off-by: Michael C. Bazarewsky <github@bazstuff.com>
openconnect may emit following error logs every minute when negotiating
with deployments forbidding usage of dtls
Thu Aug 27 04:11:59 2020 daemon.notice openconnect[12024]: DTLS handshake failed: Error in the push function.
Thu Aug 27 04:11:59 2020 daemon.notice openconnect[12024]: (Is a firewall preventing you from sending UDP packets?)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Required by ovn-ctl for stopping ovn ovsdb instances
This utility was introduced since 20.03.0 after the project was
maintained in its own repo
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Package libcurl is missing dependencies for the following libraries:
libzstd.so.1
Previous patch by Hans Dedecker <dedeckeh@gmail.com> took the easy way
out :)
Suggested-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Tony Butler <spudz76@gmail.com>
[fixed title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.
checking size of time_t... configure: error: cannot determine a size for time_t
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move package over from openwrt.git based on the Hamburg 2019 decision
that non essential packages should be maintained in packages.git
Signed-off-by: Paul Spooren <mail@aparcar.org>
Several security issures are addressed:
- CVE-2020-8620 It was possible to trigger an assertion failure by sending
a specially crafted large TCP DNS message.
- CVE-2020-8621 named could crash after failing an assertion check in
certain query resolution scenarios where QNAME minimization and
forwarding were both enabled. To prevent such crashes, QNAME minimization is
now always disabled for a given query resolution process, if forwarders are
used at any point.
- CVE-2020-8622 It was possible to trigger an assertion failure when
verifying the response to a TSIG-signed request.
- CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
was possible to trigger an assertion failure in code determining the
number of bits in the PKCS#11 RSA public key with a specially crafted
packet.
- CVE-2020-8624 update-policy rules of type subdomain were incorrectly
treated as zonesub rules, which allowed keys used in subdomain rules to
update names outside of the specified subdomains. The problem was fixed by
making sure subdomain rules are again processed as described in the ARM.
Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Drops pid files, no longer needed with procd management.
Now properly reloads on reload_config after UCI changes.
Signed-off-by: Karl Palsson <karlp@etactica.com>
[ Fixed two shellcheck warnings and bump PKG_RELEASE ]
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
The openfortivpn routes are a bit different than the standard ppp
routes so we need to handle them with a custom ppp-up script.
Gateway should not be set, and src should be set to the PPP local ip
address.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
fakepop is a fake pop3 daemon. It returns always the same messages to all users, it does not care about usernames and passwords. All user/pass combinations are accepted.
Signed-off-by: Marc Egerton <foxtrot@realloc.me>
Includes:
- dawn_uci: fix crashing when uci config is received
- tcpsocket: add option to add server ip
A new config option allows to add a server ip
option server_ip '10.0.0.2'
However, this server does not send anything back. Therefore it is not
possible to change the node configuration. This will probably be added
soon. The main goal of this commit is to allow monitoring of all nodes
in a network with DAWN, e.g. clients, channel utilization, ...
Also a network option (3) has been added which allows to use TCP but
not to announce your daemon in the broadcast domain. This allows you to
create a monitor-only node that holds only the local information and
forwards it to the central server.
A monitor-only node could be configured like
option server_ip '10.0.0.1'
option tcp_port '1026'
option network_option '3'
Another possible config is
option server_ip '10.0.0.1'
option tcp_port '1026'
option network_option '2'
Here, the node shares information with a central server, which can be
located outside the broadcast domain. Nevertheless, it also shares
information within its broadcast domain and can therefore perform
client steering.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Security release. From the changelog:
- In some circumstances, Mosquitto could leak memory when handling PUBLISH
messages. This is limited to incoming QoS 2 messages, and is related
to the combination of the broker having persistence enabled, a clean
session=false client, which was connected prior to the broker restarting,
then has reconnected and has now sent messages at a sufficiently high rate
that the incoming queue at the broker has filled up and hence messages are
being dropped. This is more likely to have an effect where
max_queued_messages is a small value. This has now been fixed. Closes
https://github.com/eclipse/mosquitto/issues/1793
Changelog: https://mosquitto.org/blog/2020/08/version-1-6-12-released/
Signed-off-by: Karl Palsson <karlp@etactica.com>
This patch makes it possible to configure and limit per-client internet
speed based on MAC address and it can work with SQM.
This feature is what OpenWRT currently lacks. This patch is largely based
on static.sh and the configuration file is similar to original nft-qos.
New configuration options and examples are listed below
config default 'default'
option limit_mac_enable '1'
config client
option drunit 'kbytes'
option urunit 'kbytes'
option hostname 'tv-box'
option macaddr 'AB:CD:EF:01:23:45'
option drate '1000'
option urate '50'
config client
option drunit 'kbytes'
option urunit 'kbytes'
option hostname 'my-pc'
option macaddr 'AB:CD:EF:01:23:46'
option drate '3000'
option urate '2000'
limit_mac_enable - enable rate limit based on MAC address
drunit - download rate unit
urunit - upload rate unit
macaddr - client MAC address
drate - download rate
urate - upload rate
Signed-off-by: Tong Zhang <ztong0001@gmail.com>
improve startup and runtime performance by
1) moving common startup procedures out of hotplug script when called
from mwan3 start
2) reducing calls to iptables to check status of rules
3) consolidating iptables updates and updating with iptables-restore
4) do not wait for kill if nothing was killed
5) running interface hotplug scripts in parallel
6) eliminate operations in hotplug script that check status on every
single interface unnecessarily
7) consolidate how mwan3track makes hotplug calls
8) do not restart mwan3track on connected events
This is a significant refactor, but should not result in any breaking
changes or require users to update their configurations.
version bump to 2.9.0
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
In hash-checking mode[1], pip will verify downloaded package archives
(source tarballs in our case) against known SHA256 hashes before
installing the packages.
As a consequence, this requires the use of requirements files[2] and
pinning packages to known versions.
The syntax for package Makefiles has changed slightly;
HOST_PYTHON3_PACKAGE_BUILD_DEPENDS no longer accepts requirement
specifiers like "foo>=1.0", only requirements file names (which are the
same as package names in the most common case).
This also updates affected packages, in particular:
* python-zipp: "setuptools_scm[toml]" has been split into
"setuptools-scm toml" to reuse the requirements file for
setuptools-scm (the extra depends installed by "setuptools_scm[toml]"
is toml).
* python-pycparser: This previously used ply 3.10, whereas the
requirements file will now install 3.11.
[1]: https://pip.pypa.io/en/stable/reference/pip_install/#hash-checking-mode
[2]: https://pip.pypa.io/en/stable/user_guide/#requirements-files
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Setup user database if non-existent, configure uhttpd .php interpreter
and patch php scripts to work out-of-the-box.
Also ship Hotspot 2.0 SPP and OMA DM XML schema/DTD files needed at
run-time for both client and server.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
use only committed uci changes for updating routing table
use functions.sh functions rather than uci command line tool
to find interfaces for routing table.
consolidate rtmon_ipv4 and rtmon_ipv6 functions into a single function
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Add hs20-server and hs20-client packages correspoding to the
hs20/client and hs20/server folder in hostap.git.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* remove 'dshield' and 'sysctl' (discontinued)
* switch 'malwaredomains', 'shallalist' and 'winhelp' to https
* add a second regional list for poland (provided by matx1002)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Dirk Brenken <dev@brenken.org>
Added signal refresh rate option
modemmanager: update readme.md
Added description for added proto options.
Added compile option to compile --with-at-command-via-dbus for allowing
AT commands to modem without --debug flag
Changes to be committed:
modified: net/modemmanager/Config.in
modified: net/modemmanager/Makefile
modified: net/modemmanager/files/modemmanager.init
modified: net/modemmanager/files/modemmanager.proto
modified: README.md
Signed-off-by: Valtteri Holopainen <valtsu@gmail.com>
Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Signed-off-by: Paul Spooren <mail@aparcar.org>
GCC10 defaults to -fno-common, which breaks compilation when there are
multiple definitions of implicit "extern" variables. Remove the extra
definitions.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
From CHANGES_2.4:
SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information disclosure
or RCE of existing file on the server running under a malicious process
environment. [Yann Ylavic]
SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefan Eissing, Eric Covener, Christophe Jaillet]
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
test_storage: fix compilation with musl 1.2.0
datastorage/test: improve scalability and performance
datastorage: fixed use of wrong client search
general: add memory auditing
memory auditing: bug fixes to memory auditing and hearing map
datastorage: fixes to linked list handling
tcpsocket: fix read callback function and arbitrary memory allocations
tcpsocket: leave loop if we read 0 byte
Furthermore, you can now dump the memory usage by sending a SIGHUP to
dawn process.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This fixes misleading errors in the status file, and increases buffer
sizes to match the python implementation.
Signed-off-by: Karl Palsson <karlp@etactica.com>
At the moment ss-server seems to be the only component using these two
options. It also accepts "local_address" of either ip4 or ip6 address,
but the meaning is different from that of ss-local, ss-tunnel etc.
where it is for listen bind
With this commit, we start deprecation process of uci option
"bind_address". The name was replaced with "local_addr" in upstream
project commit 5fa98a66 ("Fix #1911") and available as json config
option "local_address". This upstream change was released in 3.2.0
Link: 4a42da641b
Link: https://github.com/openwrt/packages/issues/12931
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.
File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
netifd is clever enough to handle the peerdns and default route
arguments, so we can just let them get passed along, and when
ppp-up invokes proto_send_update, netifd will only apply what
is needed
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Do not manually overwrite the paths of gdbus-codegen or glib-mkenums
in the ModemManager package build, as modifying the configure.ac ends
up requiring a full autoreconf.
Since MM 1.14, git builds or autoreconf-ed source package builds
require autoconf-archive installed in the build system, and so the
build would fail if this happens.
The update to overwrite the paths was to force using the gdbus-codegen
and glib-mkenums provided by the "host" glib2 package instead of the
"target" glib2 package (see fa8ad6e69c),
but these tools are really the same in both as they're python
programs, arch independent.
Tested in a local build where the setup detects and uses the correct
glib tool paths from the target:
/home/user/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/gdbus-codegen
/home/user/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/glib-mkenums
Fixes https://github.com/openwrt/packages/issues/12958
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
This is to make explicit the conditional select of libunwind is only
needed for libopenvswitch. If we spill it over other packages, the
generated kconfig will have recursive dependency issue. 2 new patches
were made for this goal
The other thing is that "+libunwind" will cause it to be built if any of the
packages defined in this Makefile is enabled (y or m). This is at the moment
by-design of the build system.
Libunwind does not support architectures like arc. Use conditional select To
avoid (libunwind) build failures like the following,
checking for ELF helper width... configure: error: Unknown ELF target: arc
make[3]: *** [Makefile:65: /data/openwrt/build_dir/target-arc_arc700_uClibc/
libunwind-1.3.1/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
Things like "+PACKAGE_openvswitch-libopenvswitch:libunwind" will also result in
recursive deps error for chains of 3 nodes. Kconfig construct like the
following will be made
config A
tristate
select B
depends on !(C) || (x)
config B
tristate
select C
config C
tristate
config x
bool
Other changes include
- Shared use of variable ovs__common_depends was removed
- Ovn doc build was patched out
Link: https://github.com/openwrt/packages/pull/12959#issuecomment-665021413
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Simplified Makefile as a result of meson transition.
Fixed license information.
Updated URL.
Added patch to fix linking issue.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If two openfortivpn scripts are started at the same time, a race
condition can occur where the conditional evaluates to true, but the
symlink exists by the time the other script tries to create it
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Block restart of the interface if the openfortivpn fails to authenticate.
Without this check, with a bad password, netifd will continually
hit the VPN endpoint with connection attempts
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Add a hotplug script to reload nlbwmon's config after interface
ifup actions.
That should improve the detection of the IPv6 LAN address
that can get enabled a bit later in the boot process.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This reverts commit cde2a77ed3.
Applying this change has shown that it is even quicker to provoke the
race condtition on simultan mwan3 commands execution.
By reversing the change we have the same behaviour as before.
But the race condition on mwan3 execute at the same time still exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This adjustment of the locks fixes the race condition when a mwan3
hotplug script and a mwan3 command are running at the same time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This new config section in package openvswitch
supports creating a named bridge, and setting
its' OpenFlow controller end-point.
An example config is included in /rom/etc/config/openvswitch
Signed-off-by: Simon Kinane <skinane@fb.com>
- New major version (LTS release)
- Update haproxy download URL and hash
- Remove obsolete dladdr1-dependency-patch as it has been upstreamed
- USE_REGPARM is obsolete and therefore removed from our Makefile
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Make the plain nginx version the same as nginx-ssl.
In a further change we will replace nginx by a dummy package,
depending on +nginx-ssl instead. This allows a smooth upgrade.
For nginx-util leave the ssl and the ssl-nopcre versions only.
For nginx-mod-luci remove the duplicate ssl version.
Replace the removed packages by dummies for a smooth upgrade.
The dummy packages will be removed after a transition period.
Additionally, enable the http2 module for nginx-ssl by default
and cleanup the nginx.init file.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
- Fixes CVEs:
CVE-2019-12519
CVE-2019-12520
CVE-2019-12521
CVE-2019-12523
CVE-2019-12524
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12528
CVE-2019-12529
CVE-2019-12824
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2020-8449
CVE-2020-8450
CVE-2020-11945
CVE-2020-14058
CVE-2020-15049
- Remove patch for cross-compilation
The patch should not be included in the OpenWrt at all without any
commit message/description.
Is not needed and there should be used HOST variables instead of BUILD variables (e.g.
HOSTCXX)
However, the BUILDCXX is set in Makefile to HOSTCXX
- Renumber glibc patch and refresh it
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If the uci option family is not set in the interface section, then there
is no default value set as in the `config_load / config_get` API.
The problem here is that if the family is not set, the default value ipv4
is normaly assumed. But the comparison fails here because the value is empty
and therefore the dedicated routing table for this interface is not compared
with the other routes from the main table and so not updated.
To fix this set the default value for this config option which is`false`
for enabled and `ipv4` for family.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This fixes routing handling. Introduced with the last version update.
The following message disappears on the shell
when mwan3 is called with 'mwna3 restart`.
`Error: Invalid gateway address.`
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[aaronjg@stanford.edu: fully unset variable and handle ipv4 as well]
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
default rule only applied to ipv4 with dest_ip 0.0.0.0/0
and error was hidden when trying to apply it in ip6table
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
allow use of curl rather than ping to test if a host
is up since a host may not respond to ping, but an
https request is part of the openfortivpn connection,
so this is a more reliable test
also clean up overly verbose logging
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Split musl patch into multiple small ones. Much easier to reason about.
Removed stack protector patch. This is not an issue anymore.
Removed NLS support. There seems to be a linking issue as
libiconv-stub does not have a shared library component.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Changed URL to new upstream.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Remove outdated patch.
Minor cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- prevent rapid overlap in DHCP script updates
- check and allow localhost forwards with specific applications
- add option for rate limiting inbound queries
- change UCI list to table format with Unbound conf references
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Includes:
- dawn_uci: no need uci_alloc_context on each uci_set_network call
- test_storage: extend test harness; datastorage: two bug fixes
- tcpsocket: free con after ustream write error and make list each safe
list_each is not safe against removal of list entry
Signed-off-by: Nick Hainke <vincent@systemli.org>
Simplifies the Makefile and allows faster compilation with Ninja.
Added patch to fix libmariadb dependency.
Added extra modules.
Speed Before:
time make package/lighttpd/compile -j 12
Executed in 47.91 secs fish external
usr time 41.83 secs 384.00 micros 41.83 secs
sys time 10.79 secs 37.00 micros 10.79 secs
Speed After:
time make package/lighttpd/compile -j 12
Executed in 19.67 secs fish external
usr time 42.79 secs 377.00 micros 42.79 secs
sys time 8.56 secs 37.00 micros 8.56 secs
Tested with fish shell.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since we use now procd for xinetd, we have to start the service with the
option `-dontfork` to make procd happy.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
It seems even modern stuff doesn't support v2 correctly. The miniupnp
suite does but other stacks seem to lack support. Default to v1 to
avoid the headache.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added PKG_LICENSE_FILES.
Added PKG_BUILD_PARALLEL for faster compilation.
Simplified configure arguments.
Small cleanups for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Due to a missing config load function call, mwan3 start runs ifup for an empty
list of interfaces, thus not calling ifup at all.
This commit introduces the missing config_load call.
Signed-off-by: Michiel Blokzijl <code@m01.eu>
The init file of darkstat is creating the pid in /var/empty and
setting the owner of the directory to darkstat which is incompatible
with sshd as sshd requires /var/empty to be owned by root and not
group or world-writable. See issue #12420.
This corrects the problem by creating another directory: /var/darkstat
instead without setting the owner, which is not actually required.
Compile tested: not applicable as the changes do not involve
compilation.
Tested on my home router running darkstat.
Signed-off-by: Jean-Michel Lacroix <lacroix@lepine-lacroix.info>
Tidy up some minor patch fuzz with a refresh.
Also tweak the linux makefile to make it run on macosx and linux:
install only understand -m for filemode, not that the openwrt staging
dir understands file modes. Also glibc>2.17 so patch out the check that
otherwise barfs a number of errors from a missing 'ldd' command under
macos.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When listening to a udp port an Illegal instruction occurs.
This did NOT happen when compiled with debug on.
Fixes issue openwrt#4747, FS#2937
Signed-off-by: Rick Frankland <rfrankla@yahoo.com>
This adds PKG_BUILD_PARALLEL:=0 to packages that depend on host Python
packages (HOST_PYTHON3_PACKAGE_BUILD_DEPENDS), because installing
packages with multiple concurrent pip processes can lead to errors or
unexpected results[1].
This also:
* Move HOST_PYTHON3_PACKAGE_BUILD_DEPENDS definitions to before
python3-package.mk is included
* Update Python folder readme to include PKG_BUILD_PARALLEL:=0
[1]: https://github.com/pypa/pip/issues/2361
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Jool v4.1.0 suffers from bad offload management as well as broken
stateful NAT64 translation. See upstream issues #331 as well as #332 for
more information.
Downgrade to v4.0.9 until these are ironed out.
Tested on: ipq40xx-generic
Fixes commit 0a6891feac ("jool: update to v4.1.0")
Signed-off-by: David Bauer <mail@david-bauer.net>
As miniupnpd is running as root, libcap(-ng) can be used to limit its
capabilities.
libcap-ng is very small, so this isn't a problem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The two unique packages "Unbound light" and "Unbound heavy"
were not working well due to the fact that Unbound is mostly
its library. Tools and helpers would crash. Instead a reasonable
default Unbound is built. Also up select options like python
are added. libevent and libpthreads are options to down select.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Disable several options to enable compilation.
Simplified several configure options.
Remove pointless configure var.
Added ssh hinting patch. Some SSH incompatibility.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use the newly introduced configure script.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add new subpackage containing pam authentication module. Shouldn't
affect dependencies and nothing changes, there is just one more module
enabled for people interested in it.
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
b933f9cf0cb254e368027cad6d5799e45b237df5 in base made several changes
to OpenWrt's libssp support. It seems this workaround is no longer
needed.
Simplified the configure script slightly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to new upstream.
Added PKG_BUILD_PARALLEL for faster compilation.
Refreshed and fixed up patches.
Fixed up license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Unbound has a quirk and may reply on a different device address.
When Unbound answers with from-address different than it
received queries on, it may cause trouble for select VPN and
firewall configurations. Ensure Unbound replies with the same
address by changing this default.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* add anti_ad blocklist source
* made SafeSearch provider configurable, you can limit
SafeSearch to certain providers
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
* update to 4.12.3
* update/remove patches
* disable netbios port 139 on 'DISABLE_NETBIOS' option or missing 'nmbd'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Includes:
- test_storage: further refactoring, added test functionality, and TESTING.md to describe testing approach
- tcpsocket: implement client_read_cb with ustream_read my wheels are much worse than offical wheels.
- Revert "tcpsocket: implement client_read_cb with ustream_read my wheels are much worse than offical wheels."
- uci: fix arm64 compiling
Fixes: #12488
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* add regional list source for czech/slovak
* add regional list source for korea
* adapt oisd_nl changes, switch to adb-syntax domains
Signed-off-by: Dirk Brenken <dev@brenken.org>
Includes:
- uci: truncate hostname at first dot
- ubus/uci/datastorage: add iface and hostname
- ubus: use strncpy and add backwards compatibility
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Since we can now configure xinet.d with uci, it is no longer necessary
to save the configuration in /etc/xinet.d/* when upgrading the system.
This was wrong anyway, because other packages can also store configuration
there. If this configuration get changed then the new/changed one will never get
applied, because the configration is always replaced with the saved
configration during sysupgrade.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
I tried Dawn and it whined at me because it didn't understand its
own packets from a different-endian host.
Mon Jun 8 10:49:12 2020 daemon.err dawn[19742]: not complete msg, len:308, expected len:872480768
Mon Jun 8 10:49:12 2020 daemon.err dawn[19742]: not complete msg, len:708, expected len:3288465408
https://github.com/berlin-open-wireless-lab/DAWN/issues/92
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
string_view is available with both boost and std.
Backported extra patch getting rid of using namespace std.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
By using the netifd for open fortivpn we are able to set up multiple
VPN connections and manage them through the netifd toolset.
This also adds support for binding an openfortivpn client to a given
interface, in which case when that interface comes online, the vpn
will be initiated via a hotplug script.
This is a breaking commit and configurations will need to be migrated
from openfortivpn.config into the /etc/config/networks.
Example configuration via /etc/config/network:
config interface 'ftvpn'
option proto 'openfortivpn'
option server 'example.com'
option username 'USERNAME'
option password 'PASSWORD'
# optional arguments follow
option local_ip '192.0.5.1'
option port '443'
option iface_name 'wan'
option trusted_cert 'CERT_HASH'
option set_dns '0'
option pppd_use_peerdns '0'
option metric '10'
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
This exposes the interface-auto option to UCI.
By default, interface-auto is disabled.
This leads to the DNS reply possibly originating from
a different address then the request was sent to.
Devices with a packet filter might not receive the reply in this case.
Enabling interface-auto ensures the reply is sent with the
source-address the request was sent to.
Signed-off-by: David Bauer <mail@david-bauer.net>
Includes:
- ubus/datastorage: don't repeatedly ask devices for beacon reports if
don't support it
- uci: fix loading of config
- utils/ubus: fix memory leak at blobmsg_format_json
- ubus: add local flag to network overview
- ubus: fix network overview
- network/tcpsocket: make sure every msg is complete before handle
- datastorage: refactor to support scalability testing
- network/tcpsocket: make sure every msg is complete before handle
- ubus: fix network overview
- ubus: add local flag to network overview
Signed-off-by: Nick Hainke <vincent@systemli.org>
The configure script confusingly sets CXXFLAGS to gnu++11 but does
not use that to check the important stuff. Fix that.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Update haproxy download URL and hash
- This version introduces backtrace-support via backtrace(), however, it must be disabled because neither MUSL nor UCLIBC support it (build fails because of missing execinfo.h)
- Our previous UCLIBC patch is now obsolete and has been removed. We now only disable libcrypt support.
- A new patch was backported from the haproxy dev-branch which fixes an IFDEF which should only allow GLIBC to use dladdr1 and make builds fall back to dladdr when using other c-libs. The previous logic was bogus and broke the build on UCLIBC.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
* remove dumb list cache
* start adblock processing after adding/removing
list sources via CLI
* add regional list source for france
Signed-off-by: Dirk Brenken <dev@brenken.org>
Refactor the package so init script is installed from the binary instead
of an init script embedded in the package.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address. With this change, the any family will work
again.
I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
This is needed since openvswitch 2.13 commit 2a97891eb23b
("Documentation: Work with sphinx-build for Python 3 also.")
The 4th patch was also reworked to serve as another guard
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Compile with USELIBCAP=1 to make use of POSIX capabilities. This will
save the required capabilities needed for transparent proxying for
unprivileged processes.
Signed-off-by: Gabor Seljan <sgabe@users.noreply.github.com>
* fix regex capture (to conform std)
* fix issues for Clang/libcxx (warnings/includes)
* fix CONFLICTS in the Makefile
* use /bin/sh in host scripts and shellcheck them
* add callback for setting arguments in ubus::call
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Add alternative to busybox nslookup. Busybox throws an error when
the host does not have an AAAA record.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
Build is failing because HWTSTAMP_TX_ONESTEP_P2P is defined anymore on
linux net_tstamp.h.
Moreover, the usual way of linuxptp build is looking for system includes
unless user defines differently. That also was tried to fix.
PKG_RELEASE bumped to 3.
Signed-off-by: Paulo Machado <pffmachado@yahoo.com>
Updates pdns-recursor to latest release in the 4.2 series.
Includes backported fixes for CVE-2020-10995, CVE-2020-12244 and
CVE-2020-10030, plus avoid a crash when loading an invalid RPZ.
Full change log for this release is available at:
https://doc.powerdns.com/recursor/changelog/4.2.html#change-4.2.2
Signed-off-by: James Taylor <james@jtaylor.id.au>
Removed patch
`03-configure-allow-to-manually-disable-POSIX-capabiliti.patch` that has been backported into release.
Signed-off-by: Jan Hak <jan.hak@nic.cz>
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Includes:
- dawn_iwinfo: fix whitespace
- dawn_iwinfo: indentation
- dawn_iwinfo: iwinfo_finish();
- dawn_iwinfo: filter out global interface
- dawn_iwinfo: release iwinfo after usage
- tcpsocket: fix port print
- github: set CONFIG_SRC_TREE_OVERRIDE in actions CI
- github: fix link to dawn source
- github: use v2 for checkout action
- github: add GitHub Actions CI
- ubus: only update TCP socket list when using TCP connections
- add notice that full wpad is requirement
- fix link to luci-app-dawn
- update readme and install instructions
Signed-off-by: Nick Hainke <vincent@systemli.org>
Recently, there was added libcap-ng to OpenWrt packages feed,
which is optional for Knot DNS. It enables POSIX 1003.1e capabilities.
This can restrict root (by default it runs as root) permissions and
might harm and as there isn't systemd on OpenWrt it can interfere.
There is an added patch, which introduced an option to disable libcap-ng.
This will be part of the next release.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* Replace creating an empty PYTHON3_PKG_DIR with setting filespec to an
empty value
* Disable the default Python package build recipe (with
PYTHON3_PKG_BUILD:=0) and set an empty Build/Compile
* Remove VARIANT:=python3 and PROVIDES (providing the same name as the
package)
* Add PKG_BUILD_PARALLEL:=1
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
start if kernel has missing ipv6 support
add libcap-ng support
fix some errors displayed on syslog
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Some monitoring tools will run into errors when sysDescr field is empty. This was the case for cacti 1.2.8 that i'm using to monitor my network. Ideally the sysDescr field would contain some information from the overview of luci, e.g. the Model, Firmware and Kernel-Version fields, but i am stranger to OpenWRT, so I'm unable to do that.
Signed-off-by: Robert von Könemann <lordtaifleh@gmail.com>
Explain which are the options supported by the protocol, and also
which are the supported values in each (if the field has value
validation).
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
ModemManager allows specifying which are the authentication protocols
to be used during the user/password context authentication with the
peer.
This protocol update allows users to provide a new 'allowedauth'
option in the interface configuration, which is then used in two
different places:
* It is sent to ModemManager in the --simple-connect call so that
modems with a network interface can perform the authentication
using their own vendor-specific protocol.
* If the connection is done using PPP, this list of protocols is used
to configure the pppd call.
If the new 'allowedauth' option is not given, all auth protocols are
implicitly allowed.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Use the upstream value for NGX_MAX_PROCESSES (=1024) again.
So it is safe to use `worker_processes auto;` (which sets it to
the number of CPUs). Also use this directive in the conf instead
of calculating the number in the init and passing it as argument.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
The upstream package supports it with a configure switch.
Defaulting to 'with SNMP support' as it was before.
Signed-off-by: Christophe Lermytte <gentoo@lermytte.be>
According to a comment in programs/pluto/kernel_xfrm_interface.c:177:
* IFLA_XFRM_IF_ID was added to mainline kernel 4.19 linux/if_link.h
with older kernel headers 'make USE_XFRM_INTERFACE_IFLA_HEADER=true'
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Integrate with uci to support 'enabled/disabled' startup option and
override netify's default auto network selection.
config netifyd
option enabled 0
option autoconfig 1
autoconfig: Use netify's in-built interface selection
else use 'internal/external_if' definitions.
Also persist important agent config across sysupgrade
agent.uuid, serial.uuid, site.uuid
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
hotplug scripts are sourced not exec'd so #!/bin/sh /etc/rc.common
doesn't pull in the functions defined in /etc/rc.common thus since
'enabled' isn't defined the following sequence always fails:
enabled miniupnpd || exit 0
Unfortunately sourcing /etc/rc.common doesn't appear to work so come up
with some alternatives.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Review of my PR to add readsb requested to use codeload. Update vallumd
to use codeload as well, so that things are consistent.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, move the sqm-scripts dependency
to a new virtual package, which hopefully should be consistent with the
actual kernel module being built.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
fping requires either root or CAP_NET_PING to work, otherwise it is
useless. Use INSTALL_SUID so that fping will be setuid root, and thus
it will be usable by non-root users.
fping knows to drop root priviledges after it parses the command line
and creates the ping socket. You actually get a lot less code running
as root when you make it setuid root and run it from an unprivileged
user.
This is the same way net/iputils already handles "ping", which has the
same requirements.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When libevhtp is added to a package's PKG_BUILD_DEPENDS (i.e. for
seafile-server), libevhtp's target package dependencies are not
automatically selected, in particular libevent2-openssl and
libevent2-pthreads.
Moreover, if libevent-openssl and libevent2-pthreads are not selected,
OpenSSL and thread support are disabled when compiling libevent2, which
in turn causes a compile error when building libevhtp.
This adds a config option, LIBEVHTP_BUILD_DEPENDS, that will select
libevent2-openssl and libevent2-pthreads (via LIBEVHTP_BUILD_SELECT)
when it is selected.
Other build dependencies are moved to PKG_BUILD_DEPENDS.
This also updates seafile-server to remove the (indirect) dependencies
added in 13d843fec1 and instead select
LIBEVHTP_BUILD_DEPENDS.
This also updates the maintainer's email address and adds myself as
another maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
If BI_PARM is never set, it's "" and causes
infinite loop (before my PR sent upstream) or
error out (after my PR sent upstream).
Append -b option only if it's valid.
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
More threads can lead to a problem if a luci-app makes a fork
(e.g. for executing a command). Parallelism is still achieved
by using `processes = 3`.
Make the log more verbose by filtering only standard messages
for start/stop/reload out (leaving one line each).
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.
> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
As wifidog-ng builds a kernel module, it must use a PKG_BUILD_DIR in
KERNEL_BUILD_DIR instead of BUILD_DIR, otherwise old build artifacts may
be incorrectly reused when switching between different targets of same
architecture without a full clean.
Instead of fixing up the override, just remove it and instead move the
kernel.mk include above package.mk, so PKG_BUILD_DIR is set up correctly
by default.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
fix mips runtime by backporting some yang changes from master
added commited fixes to 7.3
also add option for snmp support
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of uacme.
This helps users with more complex use-cases to utilize uacme to update
certificates without adding complexity to the provided run.sh script.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
Add possibility for user to provide setup and cleanup scripts for
additional flexibility. Setup-script takes precedence over the built-in
behavior of acme.
This helps users with more complex use-cases to utilize acme to update
certificates without adding complexity to the provided run.sh script.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
An interface can have both a /64 and a /128 from a provider.
In such a case, use the address from the /64 to do the ping check, not
the /128.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
Since 19.07, netifd will not try to bring a device up
after someone brought it down. This way, there is no need
to rename the device.
It also fixes a rename error on 19.07 when the *_down device
was being in use (by netifd?).
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* Remove preinst, the default prerm script will stop the service
* Use default Python package filespec and shebang fix
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This updates the package to use the default Python package build recipe,
adds a src package, and changes to download from PyPI (using pypi.mk).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
And libevent2-pthreads to DEPENDS.
While building with -j12 I seem to get:
[ sometimes this also includes libevent2-openssl ]
```
-- EVHTP_VERSION : 1.2.18
-- EVHTP_DISABLE_SSL : OFF
-- EVHTP_DISABLE_EVTHR : OFF
-- EVHTP_DISABLE_REGEX : OFF
-- EVHTP_BUILD_SHARED :
-- EVHTP_USE_JEMALLOC :
-- EVHTP_USE_TCMALLOC :
-- CMAKE_BUILD_TYPE : Release
-- CMAKE_INSTALL_PREFIX : /usr
-- CMAKE_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_CURRENT_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_CURRENT_SOURCE_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- PROJECT_BINARY_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- PROJECT_SOURCE_DIR : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
-- CMAKE_MODULE_PATH : /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/cmake
-- CMAKE_SYSTEM_NAME : Linux
-- CMAKE_SYSTEM_VERSION : 1
-- CMAKE_C_COMPILER : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc
-- CMAKE_AR : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc-ar
-- CMAKE_RANLIB : /home/sandu/work/openwrt/openwrt/staging_dir/toolchain-i386_pentium4_gcc-8.4.0_musl/bin/i486-openwrt-linux-musl-gcc-ranlib
-- CFLAGS : -Os -pipe -march=pentium4 -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -ffile-prefix-map=/home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18=libevhtp-1.2.18 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro
-DNDEBUG
-- Configuring done
CMake Error: The following variables are used in this project, but they are set to NOTFOUND.
Please set them or make sure they are set and tested correctly in the CMake files:
LIBEVENT_THREAD
linked by target "evhtp" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18
linked by target "test_proxy" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_basic" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_client" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_https_client" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_vhost" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_basic" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_extensive" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_chunked" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_query" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "test_perf" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_pause" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_https_server" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_vhost" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
linked by target "example_request_fini" in directory /home/sandu/work/openwrt/openwrt/build_dir/target-i386_pentium4_musl/libevhtp-1.2.18/examples
-- Generating done
CMake Warning:
Manually-specified variables were not used by the project:
CMAKE_ASM_COMPILER
CMAKE_ASM_COMPILER_ARG1
CMAKE_MODULE_LINKER_FLAGS
CMAKE_SHARED_LINKER_FLAGS
DL_LIBRARY
CMake Generate step failed. Build files cannot be regenerated correctly.
```
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Error was:
The domain 'example.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
Signed-off-by: David Yang <mmyangfl@gmail.com>
* add 'status_service' as workaround to init for 19.07
* fix 'wifionice' auto-login script
* fix autologin script matching
* change wifi scanning to logical interface name,
no longer use the radio device
Signed-off-by: Dirk Brenken <dev@brenken.org>
On some platforms where interfaces come up very slowly, this can
cause a race-condition with dhcpd coming up before all the interfaces
have finished initializing.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This removes Python build variants and adds PYTHON3_PKG_BUILD:=0 (where
appropriate) for the Seafile packages.
This also updates the way the Python bindings packages are packaged,
using automake installation instead of manual install recipes.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This removes Python-related build variants, and adds
PYTHON3_PKG_BUILD:=0 and minor build adjustments (where appropriate),
for non-Python packages. There should be no changes to build output.
This also updates some include paths for python3-package.mk and/or
python3-host.mk to be relative to the package Makefile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames "internal" recipes to use the Python3/ prefix and clarifies
the names (RunTarget to Run, Mod to ModSetup, Shebang to FixShebang).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This changes the recipe name prefix from Build/Compile/HostPy3 to
HostPython3, and clarifies some of the names (RunHost to Run, Mod to
ModSetup).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
HostPython3 only adds a few environment variables before running host
Python. It has only two users, Build/Compile/HostPy3RunHost and
Build/Compile/HostPy3RunTarget.
HostPython3 also accesses $(PYTHON3PATH), even though python3-host.mk
does not include python3-package.mk, where the variable is defined.
This removes HostPython3 and has its two users run host Python directly.
This also combines the environment variables of HostPython3 and the two
users into HOST_PYTHON3_VARS and PYTHON3_VARS.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
If set_hostapd_nr config flag is set, dawn will insert the nr reports
to allow the hostapd to answer to nr requests from clients.
Improve the synchronization of rcpi and rsni in the network.
Further, clients with bad 802.11k were sending beacon reports with
bssid 00:00:00:00:00:00. Catch those corner cases.
Signed-off-by: Nick Hainke <vincent@systemli.org>
If one file is a hard link to another, `mv` will not overwrite it;
`rm -f` the destinations beforehand.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
DAWN has a race condition with umdns that prevents dawn from surviving
a reboot.
Increase procd start and stop of dawn to 81.
Further, network is sometimes not ready. Add utimer to check if socket
binds correctly.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This is to address the need for specifying dependency on a wget
implementation with ssl support.
Now we have a game of names for opkg
1. uclient-fetch: minimal version by openwrt project
2. wget-nossl: gnu wget w/o ssl support
3. wget-ssl: for the moment since this commit, gnu wget w/ ssl support
4. wget: uclient-fetch, wget-nossl, or wget-ssl
5. gnu-wget: wget-nossl or wget-ssl
By the time we provide some dummy package like uclient-fetch-ssl and
make it also provide wget-ssl, I guess by then we will also need
gnu-wget-ssl...
Ref: https://github.com/openwrt/packages/issues/11534
Ref: https://github.com/openwrt/packages/pull/9941
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* new upstream version 7.16.6
* fixing platform identifier for openwrt x86
(boinc issue https://github.com/BOINC/boinc/issues/3595)
* protected configuration from update
Signed-off-by: Christian Dreihsig <christian.dreihsig@t-online.de>
* add 'ca-bundle' dependency
* fix a sort bug in report engine
* fix potential bugs in the f_extconf function
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is cosmetic only, since openssl is the first one being defined, but
it avoids a warning in scripts/config, after upgrading to kconfig-v5.6:
tmp/.config-package.in:102839:warning: choice default symbol
'DNSDIST_OPENSSSL' is not contained in the choice
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
glibc needs an extra header included.
Also cast time values to 64-bit in preparation for 64-bit time_t for
32-bit platforms.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Transmission should stop early on system shutdown to avoid
for example fstab unmount disks when transmission is writing.
Signed-off-by: Francesco G <gfrancesco@users.noreply.github.com>
This minor version bump fixes:
CVE-2020-1934
CVE-2020-1927
Upstream added cross-compile compatibility to apxs, so we can drop a sed
script. Upstream also added the OpenWrt layout, so we can drop our local
copy.
The OpenSSL patch to remove deprecated symbols doesn't apply anymore and
gets removed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* removed 'hphosts' from sources (discontinued)
* fixed a "out of range" bug and another small issue
in the f_dnsup function
* add three new sources: 'anudeep', 'stopforumspam' and 'youtube'
* changed 'list' behaviour, the source file has now
a higher precedence than the archive file (see readme)
* update readme, added missing parameters & more
Signed-off-by: Dirk Brenken <dev@brenken.org>
Change dependency requirements based on kernel version. Ultimately in a
post Linux 4_14 world the differentation can be removed. In the short
term this allows post 4_14 kernels to use in-tree versions of the cake
shaper.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* fixed an oversight introduced in the last 3.99 pre-release series,
only relevant for "raw" mode e.g. dnscrypt-proxy users
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix dependency issue
* fix query timeouts in web frontend (seen with many selected lists),
now the query comes back latest after 30 seconds, to prevent any
timeouts, with all results to this point.
* add missing parameter in readme.md
Signed-off-by: Dirk Brenken <dev@brenken.org>
This version of obfsproxy will cease to function once Python 2 is
removed from the feed. Upstream has indicated[1] that this package will
not be updated to use Python 3.
This package will be added to the abandoned packages feed.
[1]: https://trac.torproject.org/projects/tor/ticket/31057
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This version of danish will cease to function once Python 2 is removed
from the feed. The maintainer has indicated[1] that this package will
not be updated to use Python 3.
This package will be added to the abandoned packages feed.
[1]: https://github.com/openwrt/packages/issues/8893#issuecomment-489312682
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
In preparation for generating nftables-no/json variants, swap dependency
order to prevent following recursive dependency warnings:
tmp/.config-package.in:73879:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:73879: symbol PACKAGE_luci-app-nft-qos depends on PACKAGE_luci-app-nft-qos
tmp/.config-package.in:854:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:854: symbol PACKAGE_nft-qos depends on PACKAGE_nft-qos
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When building with strongswan-ipsec disabled, strongswan fails to build
because the ipsec.conf file does not exist. Fix this by moving the
ipsec.* files and directories to the strongswan-ipsec package.
Closes#10879 while keeping ipsec.conf to avoid breaking existing
setups, as opposed to #11709.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Fix proto_notify_error usage. In this function only a definition shall
be returned, which will later appear in the ubus status output of the
interface and not a whole string.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* Update to 7.80
* Add "full" variants for nmap and ncat that support Lua scripts (and
OpenSSL)
* Replace libcxx fix with upstream patch[1] (CHANGELOG change was
removed)
* Switch ndiff to use Python 3 (using a patch from Debian[2], which
comes from an upstream PR[3] plus a port of ndiff/setup.py)
[1]: ea4e2d6657
[2]: 0510c602dd/debian/patches/0004-Python3-port-of-ndiff.patch
[3]: https://github.com/nmap/nmap/pull/1807
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Dawn is a decentralized WiFi controller.
Just install dawn and the APs will find each other via umdns.
They periodically exchange information about connected clients, wireless
statistics and other needed information. With that, the daemon load
balances clients between different APs through association control.
Further, the daemon exposes through ubus the hearing map and the
complete wireless network overview. The hearing map is the list of all
probe requests seen from a client from all APs that are running the
controller.
Hearing map:
ubus call dawn get_hearing_map
Network overview:
ubus call dawn get_network
Dawn has a graphical user interface called luci-app-dawn. With that, the
load balancing and other useful settings can be controlled.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* new package dependencies: coreultis-sort and
a download util with SSL support
* focus on speed (multicore-support) to handle quite big lists
* include 38 pre-configured blocklist sources in a compressed
json file (/etc/adblock/adblock.sources.gz)
* dynamic SafeSearch support for google, bing, duckduckgo,
yandex, youtube and pixabay (CNAME (bind) & IP (dnsmaq, unbound))
* DNS backend autodetection
* Download Utility autodetection
* Report Interface autodetection
* Easy cron wrapper to set an adblock related auto-timer for
automatic blocklist updates
* raw domain/blocklist support (e.g. for dnscrypt support)
* re-add restrictive Jaillist support
* rework online doc
* Complete LuCI rewrite (migrated to client side JS)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Phase 2 buildbots with this option enabled will cleanup openvswitch
build dir which is needed later when building ovn
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add a conffiles-section for the /etc/swanctl folder, which is used by the swanctl util. This will keep the configfiles during an sysupgrade.
Signed-off-by: Sven Roederer <S.Roederer@colvistec.de>
This is to address the need that openvswitch starting with 2.13 now
depends on libunwind for handling SIGSEGV (upstream commit e2ed6fbeb18
("fatal-signal: Catch SIGSEGV and print backtrace"))
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Compared to original packaging scheme within openvswitch, we removed
ovn-trace, ovn-detrace from openvswitch-ovn-common package. ovn-detrace
requires python libs to run, so it does not actually work out of box in
previous builds anyway.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
python2 library is now removed as the transition has been done by the
upstream project
OVN is now a separate project released with its own release plan and
it's not included within openvswitch starting with ovs 2.13.
openvswitch.mk is split out from the main Makefile for adding ovn
packages back in following commits.
The following two patches are already included in 2.13
- ovsdb-idlc-fix-dict-change-during-iteration.patch
- compat-Include-confirm_neigh-parameter-if-needed.patch
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Life changes, I'm no longer avaiable to be an sufficiently active
OpenWrt developer. Therefore removing myself from maintainer from
all packages I maintained in OpenWrt.
All the best for those who keep up the good work!
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Newer versions of the kconfig generator require quotes. Prepare the
package for an eventual update.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Newer versions of the kconfig generator require quotes. Prepare the
package for an eventual update.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
MIPS16 is not needed here.
Removed configure patch and replaced with a configure var.
Removed autoreconf as configure is no longer being patched.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Package scripts that are shipped by upstream in their binary download
* Includes setup scripts (setup-seafile.sh to use SQLite,
setup-seafile-mysql.{sh,py} to use MySQL) and control scripts
(seafile.sh, seahub.sh)
* Does not include seafile-admin, which is not shipped in upstream's
binary download. Combined with the fact that it hasn't been updated
to Python 3 suggests the script has been abandoned.
* Replace previous init scripts with a simplified script
* Previous init scripts (seafile.init, seahub.init) were modified from
older versions of seafile.sh and seahub.sh, but they haven't kept up
with changes to upstream's scripts
* New init script (seafile-server.init) start/stops both Seafile and
Seahub (there is no need to control them separately) by calling
upstream's control scripts
* Replace previous package config file with new config file
* Options in previous config file (seafile.conf) were mainly for using
Seahub in FastCGI mode. FastCGI was deprecated in Django 1.7 and
removed in 1.9; upstream's control script will only start Seahub
using Gunicorn. (Options for Gunicorn including port number can be
changed by editing /etc/seafile/conf/gunicorn.conf.py.)
* New config file (seafile-server.config) has one option that controls
where the Seafile/Seahub data directories are stored
* Patch scripts/binaries to use standard, system-wide directory
locations
* Script files (wrappers for binaries) in /usr/bin
* Binaries (not meant to be run directly by the user) in /usr/libexec
* Config files in /etc/seafile
* Pid/socket files in /var/run/seafile
* Logs in /var/log/seafile
* Include a new script to create the first admin account
* With upstream's original scripts, the user is required to
interactively create the first admin account when Seahub is started
for the first time
* The user will now use the new script (create-seafile-admin.sh) to
create the first admin account after setup (using setup-seafile.sh
or setup-seafile-mysql.sh) and before starting Seafile/Seahub
* seahub.sh is patched to only check if there is at least one admin
account and exit with an error if there is no admin account
* Remove build config options and add seafile-server-fuse package
* The console option controls whether the console window is shown when
Seafile server is run on Windows. It has no use on Linux.
* The fuse option controls whether seaf-fuse is built. (seaf-fuse is a
FUSE implementation that allows the Seafile database/file system to
be mounted to a local directory.) seaf-fuse is now always built and
is available in a separate package (seafile-server-fuse).
* Add myself as a maintainer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Other changes include:
* Package Python bytecode in seafile-seahub, add source code package
(seafile-seahub-src)
* Instead of changing default settings, custom settings will be added to
/etc/seafile/conf/seahub_settings.py during seafile-server setup
* Use SEAFILE_UCI_DATA_DIR, which will be added to seafile-server
* Clean up Makefile formatting
* Add myself as a maintainer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* Update package to 7.1.2
* Add Python 3 bindings package. The Python dependency is moved from
seafile-ccnet to python3-seafile-ccnet.
* Refresh patches. The path to valac does not need to be patched in
010-Makefile.patch because $(STAGING_DIR_HOSTPKG)/bin is already in
the path during package build.
* Use SEAFILE_UCI_LOG_DIR and SEAFILE_UCI_SOCKET_DIR, which will be
added to seafile-server
* Install binaries to /usr/libexec instead of /usr/bin, to mirror an
upcoming change in seafile-server
* Clean up Makefile formatting
* Add myself as a maintainer
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Pinging IPv6 hosts using an interface as a source specifier seems
troublesome. See https://bugs.openwrt.org/index.php?do=details&task_id=2897
for more detail.
Use the desired source interface's IP address instead.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
* Reapplied daf538d8c6
* Updated README
* Replaced the ipv4_resolvers option with a ipv6_resolvers_only option
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
The SUBDIRS variable has been removed in kernel 5.4, and was deprecated
since the beginnig of kernel git history in favour of M or KBUILD_EXTMOD.
Signed-off-by: David Bauer <mail@david-bauer.net>
The SUBDIRS variable has been removed in kernel 5.4, and was deprecated
since the beginnig of kernel git history in favour of M or KBUILD_EXTMOD.
Signed-off-by: David Bauer <mail@david-bauer.net>
The SUBDIRS variable has been removed in kernel 5.4, and was deprecated
since the beginnig of kernel git history in favour of M or KBUILD_EXTMOD.
Signed-off-by: David Bauer <mail@david-bauer.net>
* Added optional ipv4 resolvers UCI config option
* Added logging to logd
* Refactored verbosity UCI config option
* Filtered out any address from being added to dnsmasq
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
Compilation is broken on AArch64.
Reordered some things for consistency between packages.
Fixed license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Backport of upstream staging commit to fix compilation issue with x86_64 as
ppc64le build hosts.
42c020aab6
This fixes#10642.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Removed options UCI parameter. It's not terribly useful. Most of the
parameters can be replaced with procd functionality. procd also demands
processes to run in the foreground.
Removed -fno-builtin. It seems to be a legacy option.
Ran init script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
57394bc Fix build with Linux 5.3
b95d68c Use uint for module parameter type for setup_timeout, remove -ve check
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
To avoid build failure when luci-app-sqm is selected as builtin where
the ipk will be installed on build machine
While at it, switch to using $(MAKE) instead of plain "make"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This update fixes#11452 since LFS detection support was added upstream.
While at, update SPDX license tag to latest standard.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Switch to standard tarball to avoid autoreconfig.
Fix license information.
Add PKG_BUILD_PARALLEL for faster compilation.
Add PKG_INSTALL for consistency with other packages.
Removed upstreamed patches. Refresh remaining one.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Reordered Makefile according to
https://github.com/openwrt/packages/pull/9399#issuecomment-508727872 .
Added PKG_BUILD_PARALLEL for faster compilation.
Remove duplicated conffiles section.
Install /etc/config/stubby using INSTALL_CONF, as is done elsewhere
Run init script through shellcheck and clean it up.
Added chmod for the stubby config file, to fix a LuCI issue.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This patch enables ipset support in the unbound-daemon-heavy variant. See [1] for
instructions on how to use it.
Also fix a minor typo in the libunbound-light description.
[1] https://github.com/NLnetLabs/unbound/pull/28
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Create an anonymous inode in /tmp using O_TMPFILE and attempt to link the
file in place using linkat(). Only fall back to the old file copy when
linking the tempfile fails.
Avoids double memory use if both the temporary upload file and the
destination file are located in /tmp.
Ref: https://github.com/openwrt/luci/issues/3654
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Fix for OpenSSH pickiness about argument order to be able to use
tap devices.
* Allow tun/tap devices to be used from index 0 as demonstrated in
example config.
* Change arithmetic expressions.
Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
Compile the common module first, as otherwise the dependency on the
jool-common module is not detected.
Signed-off-by: David Bauer <mail@david-bauer.net>
* Log with pid instead of placeholder.
* Make sure directory for config files generated from uci config exists.
* Remove forced defaults.
* Simplify compares.
Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
This either uses it, or falls back on its own implementation.
Removed nls.mk. It's not needed/used.
Added size reduction FLAGS.
Cleaned up for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix CPE ID.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Remove outdated std parameter.
Change URLs to HTTPS.
Various minor cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The host build is not used by anything.
Added PKG_INSTALL for consistency between packages.
Added PKG_BUILD_PARALLEL for faster compilation.
Added missing protobuf/host build dependency. This was previously
specified as a host dependency, which is wrong.
Removed pointless std parameter. It's only useful for old G++ versions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to codeload tarballs. Simplified the Makefile as a result.
Fixed license information.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
$(FPIC) evaluates to -fpic on ARM64, breaking compilation:
The dnsdist build system handles it properly anyway. Added --with-pic to
make it explicit.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Allocate dynamic buffer memory for decoding post data and allow post
requsts up to 128KB compared to the previos 1KB limit.
Also support downloading /proc and /sys files by falling back to
chunked transfer encoding when the file size cannot be determined.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jool as well as the jool-siit package depend on jool-common, which isn't
currently built nur packages up. Compile and include jool-common with
the jool package to fix this.
The iptables component is currently also not packaged up. Fix this also.
Signed-off-by: David Bauer <mail@david-bauer.net>
- Update to version with longer interface names.
- Add /etc/pingcheck/(on|off)line.d/ directories with an example
script. Closes#11263
Signed-off-by: Bruno Randolf <br1@einfach.org>
Since the brcm2708 target has been renamed to bcm27xx in openwrt
repo, update the dependency to the target in this package.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
fb3be84 Split out ebtables anti-leak rules in phantap-early, improve logs
e3fbe61 phantap-learn: use libnl instead of ip executable
b2c2514 phantap/Readme: Warn about OpenWrt failsafe leak
394d3b7 Readme: Update to add blogpost link and detection via Internet traffic
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* ksmbd: update to 3.1.3
* ksmbd-tools: update to 3.2.1
* add new package build option "KSMBD_SMB_INSECURE_SERVER"
* enable smb1 support to kmod by default
* add new UCI option "allow_legacy_protocols" to section [globals]
* ksmbd: release 3.1.3 version
* ksmbd: lock SMB2_QUERY_INFO_HE request with read lock
* ksmbd: fix potential racy between query_dir and ksmbd_vfs_empty_dir
* ksmbd: fix racy issue between deleting file and checking empty directory
* ksmbd: don't register interface which are member of bridge
* ksmbd: SO_REUSEADDR is no property of tcp_setsockopt
* ksmbd: release 3.1.2 version
* ksmbd: fix read caching buffer size as max_read_size
* ksmbd: fix the infinite loop of handling FSCTL_QUERY_ALLOCATED_RANGES
* ksmbd: use compounding for smb2 flush
* ksmbd: downgrade error message to debug in get_file_all_info
* ksmbd: rename usmbd to ksmbd.mountd in trvis-ci
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: update README file
* ksmbd-tools: release 3.2.1 version
* ksmbd-tools: revert "remove glib2.0 dependancy" patch
* ksmbd-tools: release 3.2.0 version
* ksmbd-tools: update how to restart ksmbd in README file
* Revert "ksmbd-tools: disable tbuf and rbuf caching by default"
* ksmbd-tools: disable tbuf and rbuf caching by default
* ksmbd-tools: replace usmbd prefix with ksmbd prefix
* ksmbd-tools: update README file
* ksmbd-tools: fix warning ignoring return value of 'fread'
* ksmbd-tools: downgrade unsupported command print to debug
* ksmbd-tools: remove GLIB_LIBS in Makefiles
* ksmbd-tools: rename usmbd, smbuseradd, smbshareadd to ksmbd.mountd, ksmbd.adduser and ksmbd.addshare
* ksmbd-tools: fix null pointer dereference in _list_remove
* ksmbd-tools: fix the sanity check fails depending on the password length
* ksmbd-tools: fix build error(not found glib.h)
* ksmbd-tools: remove glib-2.0 dependancy
* ksmbd-tools: update README to add libglib2.0-dev for Ubuntu preprequisite packages
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Add tests for nginx-ssl-util and nginx-ssl-util-nopcre using (fake)chroot.
Clean the code up making nginx-ssl-util a header file.
Both changes are for better (future) code quality only.
There are minor functional improvements:
* fix compiler error of gcc7 by using std=c++17
* fix error if there is no lan/loopback interface
* notice instead of error message if there is no default server
* add ipv6-prefix-assignment.*.local-address.address for LAN
* add CONFLICTS in Makefile for choosing the right version
* add cast to release of unique_ptr to avoid warning
* add version message to help message
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.
Signed-off-by: Robby K <robbyke@gmail.com>
gettid happens to be supported by all glibc, musl and uclibc, but
configure cannot detect it when cross-compiling. This adds a configure
variable for it.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Added missing limits header. This is normally included in fortify-headers,
which I have disabled locally.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Properly quote arguments when assembling the command line and eval the
proto_run_command() invocation in order to prevent the shell from
improperly splitting the command arguments on $IFS.
Fixes: #10137
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Major version jump from v2.0 to v2.1
- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-2.1.2.html)
- Stop building LUA 5.3 in the haproxy build-process and use liblua5.3 as a dependency instead
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Changelog:
* Fix OpenWRT with existing forwarder + fix dnsmasq restore issue
* Refactor service execution to better report errors
* Refactor merlin tz setup so it does not need to curl on boot
* Improve upgrade command for install.sh
* Do not mask curl error on install
* Fix timezone logging issue with Merlin
* Add support for Merlin John's fork
* Add raspbian support to installer
* Fix upgrade not reinstalling service
* Limit the aarch64 fix to merlin
* Reset DHCP DNS to self on Merlin router setup
* Fix memory issue with aarch64 based router
* Update Go version
* Allow override of detected env
* Setup timezone correctly on Merlin init script
* Don't ignore curl error on install
* Fix Asus Merlin John’s fork trust store issue
* Fix synology auto setup
* Fix report client info not enabled with setup-router option
* Add support for edgeos DHCP lease file locations
* Fix signal handling when running as a service
* Fix exit menu keyboard shortcut
* Do not fail on upgrade if uninstall failed
* Fix exit menu in installer
* Remove failing upx (for now)
* Make sure nextdns keeps running once ssh session is closed
* Add auto setup of Synology with DHCP server enabled
* Use router's DNS to discover more names
* Get A/AAAA from both answer and addition sections
* Ignore certain invalid names during discovery
* Fix activate with setup-router
* Fix serveral install issues
* Add exponential backoff to mdns probe retry
* Correctly end dhcp lease probing when discovery is cancelled
* Store DHCP/MDNS discovered addrs separately to avoid ping/pong
discovery
* Add DHCP lease support to client discovery
* Do not report mdns listen unreachable error as start will retry
* Reimplement mdns client discovery
* Fix installer GOARCH detection with arm6+
* Fix bin install on platforms needing sudo
* Correctly detect edgeos and ddwrt as routers
* Fix install.sh sudo
* Disable upx as it break many platforms
* Fix installer regression with merlin
* Fix mips64 detection
* Fix OpenWRT detection
* Fix UPX post build script
* Fix install with John's Asuswrt-Merlin fork
* Fix more DDWRT
* Fix DDWRT support
* Fix merlin service add/remove
* Use UPX to compress binaries typicially used on routers
* Revert "Remove direct dep on reflect"
* Use letters for installer menus
* Fix install script for upgrades not working if binary is running
* Do not return an error on mdns listen if at least one interface worked
* Fix installer for synology
* Fix pfSense support
* Remove the logs for each server on each connect
* Move install instructions to wiki
* Fix install.sh uid detection with merlin
* Fix install.sh for arm6+
* Add Synology init system support
* Fix install.sh
* Add a generic router setup that just changes the listen to public
* Update README
* Add auto setup support for EdgeOS
* Restore per OS install instruction in readme during installer beta
* Refactor install.sh
* Remove dep on golang.org/x/net/ipv[4|6]
* Remove direct dep on reflect
* Rewrite the zeroconf code to use dnsmessage instead miekg/dns
* Add auto setup support for DD-WRT
* Improve arch detection
* Add auto setup support for OpenWRT
* Add automatic router setup support
* Fix service
* Remove dep en seq on sysv style init scripts
* Add Entware init system support
* Report init system used on install and in UA
* Add EdgeOS support
* Reads /etc/hosts before forwarding queries to the upstream
* Fix localhost resolution with Linux arch empty /etc/hosts
* Use /etc/hosts file to resolve listen address and list on all IPs
listed
* Add support for multiple router firmware
* Fix hardened privacy disabling dual stack
* Add a config set sub command and refactor commands handling
* Add support for activate on freebsd
* Fix inverted MAC matching
* Add unit test for conf prefix match #35
* Activate uses listen address instead of static 127.0.0.1
* Improve FreeBSD integration
* Add FreeBSD support
* Fix a typo
* Use zip for windows archive
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Edited PKG_RELEASE to 1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Compile tested: arm_cortex-a15_neon-vfpv4, TP-Link Archer C2600, master
Run tested: TP-Link Archer C2600
Change log for v2.99:
[FIX] Fixed broken JSON parsing (include missing uuid_site).
[FIX] FreeBSD: Fixed 10x support.
[FIX] OPNsense: Fixed path to xmllint.
[IMP] Switched to libtcmalloc minimal.
[IMP] Added metadata extraction from SSDP queries/responses.
[IMP] Added automatic building of bundled gperftools when enabled.
[IMP] Removed bundled packages that are no longer needed.
[IMP] Always display JSON status even when stale.
[IMP] CentOS: Added support for CentOS 8.
[IMP] CentOS: Removed support for CentOS 6.
[IMP] OPNsense: Added support for OPNsense 19x.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Instead of the default nginx.conf file this file is a small variant
without examples that enables the /etc/nginx/conf.d/ directory.
It will pull in all configuration files from the conf.d directory.
So, other packages can add their server parts in the conf.d directory
without modifying the main nginx.conf file (cf. #9860).
Changed also the default logging behavior:
error_log stderr; # the init forwards it to logd
access_log off;
See the updated documentation at:
https://openwrt.org/docs/guide-user/services/webserver/nginx
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Hurricane Electric provides a free IPv6inIPv4 tunnel. It changed its ipv4 ddns service, fully needed to keep the ipv6 tunnel up, to the domain tunnelbroker.net. Besides, the old he.net script was bugged because it doesn't had a [USERNAME] placement but instead two [DOMAIN]. The new tunnelbroker.net update URL, still provided by Hurricane Electric, is https://[USERNAME]:[PASSWORD]@ipv4.tunnelbroker.net/nic/update?hostname=[DOMAIN]&myip=[IP] and it gets the response good or nochg
Signed-off-by: Euler Alves <euler@alves.pro.br>
(fixed-signed-off-by and prefixed)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PKG_RELEASE was incremented to 15 because of a fix in files/services
Signed-off-by: Euler Alves <euler@alves.pro.br>
(fixed-signed-off-by and prefixed)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since commit a62c0e5 apu-1-config is no longer being stipped down with
regards to being called with "--link-libtool". Example:
$ ./staging_dir/target-mips_24kc_musl/usr/bin/apu-1-config --link-libtool
-L/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -R/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -laprutil-1
$
Before the mentioned commit the "-R" argument was stripped off. And when the
Makefile adds this to TARGET_LDFLAGS this then ends up in the compiler test, as
an argument for the compiler, causing build failure:
checking whether the C compiler works... no
configure: error: in `/builder/shared-workdir/build/sdk/build_dir/target-arm_mpcore+vfp_musl_eabi/subversion-1.13.0':
configure: error: C compiler cannot create executables
config.log shows what's wrong:
configure:3140: x86_64-openwrt-linux-musl-gcc -Os -pipe ... <snip> ... -R/home/sk/tmp/sdk/master-x86-64/staging_dir/target-x86_64_musl/usr/lib -laprutil-1 conftest.c >&5
x86_64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
This commit does away with these flags, they're not needed anyway. FPIC
is also removed, because it's detrimental to the applications [1] and
unnecessary as well.
Fixes: #11139
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
In OpenWrt this module is available, but not part of the main package.
This commit disables the LoadModule directive for this module. Otherwise
following the installation of the main apache package the start of the
server would fail (due to the absence of this particular module).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This way there's no need to worry about overwriting another httpd binary
or symlink from another package, for example busyboxes httpd.
The init script is also renamed to apache2 for consistency.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* rename smbd->ksmbd (upstream name change)
* ksmbd-tools: build with static glib2 (usmbd = ~90kb, smbuseradd = ~40kb)
* new etc folder location = /etc/ksmbd/smb.conf
* new database name = /etc/ksmbd/ksmbdpwd.db
* fixes "map to guest = Bad User" while userdb is also used
* fixes missing ipv6 support
* update/rename to "luci-app-ksmbd"
* remove UCI samba compatibility code for section names (ksmbd uses [share] + [globals] not [sambashare] + [global])
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: release 3.1.0 version
* ksmbd: fix over 80 character warnings
* ksmbd: rename smbd-tools to ksmbd-tools in travis.yml
* ksmbd: fix password db file location in travis.yml
* ksmbd: rename smbd prefix function to ksmbd
* ksmbd: rename smbd prefix source files to ksmbd
* Revert "smbd: set connection status with SMBD_SESS_EXITING instead of direct destory"
* ksmbd: rename smbd to ksmbd in .travis.yml
* smbd: rename module name to ksmbd.ko
* smbd: set connection status with SMBD_SESS_EXITING instead of direct destory
* smbd: previous session with same user and same password should be deleted
* smbd: only use global session table in smb2 session
* smbd: add support for ipv6
* smbd: fix empty macro issue from smbd_debug
* cifsd: fix printing of file names in find_next
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This should hopefully prevent issues with that option not showing up in the
GUI, like in #11095.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
nginx-ssl-util and nginx-ssl-util-nopcre are replacements for each other,
but cannot replace nginx-util (instead conflict with it).
The hard coded [::1] could lead to a nginx error if build without IPv6.
So, get the loopback addresses dynamically.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Do not destroy the iterator twice if cur==this (segfault).
* Do not add the delimiter clim=='\0' when creating the SSL directives.
* Set the right SSL_SESSION_CACHE_ARG for nginx-util get_env.
* Remove static from the constexpr that are used only for Line::build.
* Concat strings instead of appending them for not using a non-const ref
(to remove some warnings of clang-tidy -checks=google-runtime-references)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
add missing 'peer_id_ttl_hours' and remove 'scrape_paused_torrents'
which is not exist in transmission wiki.
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
We depend on luci-compat now, which will pull in luci-base, which in turn
will pull in lua. So remove those two dependencies to maybe help with
recursive dependency resolution errors.
Fixes#5320.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Ran init script through shellcheck. Simplified several statements.
Replaced INSTALL_CONF with INSTALL_DATA. i2pd runs as non-root and so the
conf file must be accessible.
Fixed: https://github.com/openwrt/packages/issues/10977
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This can do the main work of nginx/nginx-ssl init script.
For nginx-ssl it can create selfsigned certificates, too.
It uses libpcre and libopenssl iff nginx(-ssl) uses them.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Install the standalone (scons-local) version
Advantages:
- The regular version of SCons requires distutils during installation;
the standalone version does not have this requirement
Disadvantages:
- The scons-local package is not available from the Fossies mirror
- The patch will need to be manually updated with each version update
* Install files to $(STAGING_DIR_HOSTPKG) instead of $(STAGING_DIR_HOST)
* Write the correct shebang into scripts instead of using the wrapper
* Update to 3.1.2
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
apr-util was updated. It doesn't provide the depend on libsqlite3
anymore, so this needs to be added to the subversion package now.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- helps build system to locate zlib
- adds depend on libgdbm if libaprutil-dbm-gdbm is selected
This fixes the two different build failures that can currently be
observed.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
When issuing an ECC certificate, acme.sh for some reason changes the name
of the directory used for the certificate state. Handle this correctly when
moving directories and updating config files.
Fixes#7941.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
--log-error in the init script was overriding it.
Added several optimizations to the init script for speed and correctness.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Update xtables-addons to 3.7
Remove linux 4.9 compatible patch as OpenWrt master no longer supports it
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Extend (and rename) the existing mii-tool package to also support
the net-tools route command.
This may be needed if you want to support other address families than
inet/inet6 like x.25.
Also bump to version 2018-11-03.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Things were done in the wrong order, leading to config_dir not being
chown'ed and subdirectories not being created in case of download_dir
being inside config_dir.
Fixes: 609109fa9 ("transmission: add seccomp filter and improve jail")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
"fg" and "pidfile" parameters are already used in the init script,
so they are not controllable by config file anyway.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
The package doesn't need to install _everything_ to staging. This commit
reduces the amount of files that get copied over to staging. Currently
there's no package depending on apache anyway.
This adds sed scripts from buildroot (thanks!) to fix two files that are
important for cross-compiling external modules. This has been tested and
was confirmed to work with mod_gnutls taken as an example package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Also preinst and postrm are removed. busybox's httpd isn't installed by
default, so these gimmicks seem antiquated.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This adds extra packages for certain modules (basically the ones that
incur further dependencies), support files etc. This is pretty much
follows Alpine's example.
This updates the httpd.conf patch to _not_ uncomment MIMEMagicFile
(because the module isn't loaded by default) and removes that changes
that aren't needed anymore (because of the added module support). The
patch now only changes the default user.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This gets rid of flags. For instance $(FPIC) shouldn't be forced onto
applications (see [1]).
And CONFIGURE_ARGS + CONFIGURE_VARS are broken out of Build/Configure.
This way more arguments can be added easily in the future.
The target is changed from apache to apache2 (which is used by upstream
by default). the CONFIGURE_ARGS are changed where need to enable
modules.
This also renames one patch that fixes scoreboard location (the name
004-pidfile_fix.patch didn't describe what it's doing).
Now with the OpenWrt layout in place 003-logdir_fix.patch can be
removed.
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- version bump
- update license description
- add PKG_BUILD_PARALLEL:=1
- remove two cross-compile patches and replace them with the
cross-compile patch from buildroot (adds autoreconf to get this going)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Provide the minimal applications and plugins for: cgi, filelog, syslog and
python3. More plugins can be added if needed by other packages. Autostart
uwsgi in emperor mode loading vassals on demand.
For now, include luci-support (maybe it will be moved to another package),
which uses the syslog plugin by default.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Luci nginx config file for non ssl varian had user as nobody nogroup. This cause some problem with ubus use.
Luci file support package depends on uwsgi-cgi. As this package will be renamed shortly to a more generic version, make the subpackage depends on the uwsgi subpackage only.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Note:
In some cases when tor daemon starts before
than the router is connected to the Internet.
Tor will exit and you have to run it manually.
This should fix this case.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
PKG_RELEASE not bumped because this only affects package description.
We document that passlib and bcrypt are needed if one wishes to use
bcrypt encryption of passwords. These have not been added as dependencies
as Radicale2 can have a frontend webserver authenticate users rather than
radicale itself.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
All the computationally expensive stuff is in the libraries, not the
package itself.
Saves several kilobytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If snmpd fails to open files, like /dev/kmem or /dev/mem, it exits.
Avoid this by adding the -r argument.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The ModemManager protocol handler checks for the pppd daemon during
the initialization, and if it doesn't exist, the protocol handler is
not even loaded by netifd.
This is because the IP method to use on the connection of a given
modem is not known until ModemManager reports via its interfaces how
the modem should be connected (either using PPP, with DHCP, or with
explicit IP settings).
Fixes https://github.com/openwrt/packages/issues/10802
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
0.12.0 tarballs aren't out yet, I accidentally committed the changed
version in commit b6a9bd3bf3
("gnurl: update to version 7.67.0").
Revert gnunet back to 0.11.8.
Reported-by: Sebastian Kemper <sebastian_ml@gmx.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
In the command read side, close the superfluous write end of the pipe
early to ensure that EOF is reliably detected. Without that change, splice
calls to read from the pipe will occasionally hang until the CGI process
is eventually killed due to timeout.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The package wget should not say that it provides itself.
This also make gnu-wget provide general so it is not written in Makefile
twice.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
* Added optional ipv4 resolvers UCI config option
* Added logging to logd
* Refactored verbosity UCI config option
* Filtered out any address from being added to dnsmasq
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
The build needs protoc, otherwise it fails.
checking if we need to link in protobuf... yes
checking for PROTOBUF... yes
checking for protoc... no
configure: error: Protobuf requested but the protobuf compiler was not found
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently dnsdist is failing at packaging stage when lmdb is in staging:
make[4]: Leaving directory '/builder/shared-workdir/build/sdk/build_dir/target-x86_64_musl/dnsdist-1.4.0'
Package dnsdist is missing dependencies for the following libraries:
liblmdb.so
Makefile:109: recipe for target '/builder/shared-workdir/build/sdk/bin/packages/x86_64/packages/dnsdist_1.4.0-2_x86_64.ipk' failed
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- IPv6 support
- Fix HTTP/2 negociation
- Improve endpoint fallback
- Add support for unencrypted DNS
- Many other fixes and features
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
When present on the build system dnsdist will try to make use of libcap. This
change adds an explicit dependency to ensure it's present at build time, to
prevent build failures when another package brings the dependency in.
Signed-off-by: James Taylor <james@jtaylor.id.au>
* remove 'ransomware' blocklist by abbuse.ch (discontinued)
from default adblock config
* fix/switch 'someonewhocares' config to https only
* fix curl download parameters to follow redirects and
suppress needless output
* made the tmp directory of sort operations configurable,
set 'adb_sorttmp' accordingly (only supported by 'coreutils-sort')
Signed-off-by: Dirk Brenken <dev@brenken.org>
This new release also installs additional 'shared utils' loadable
libraries in /usr/lib/ModemManager, so make sure we include them in
the packaging.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Update dnsdist to next major release 1.4.0. This release introduces
dependencies on libh2o-evloop and libwslay for support of DNS over
HTTPS.
Release Blog Post: https://blog.powerdns.com/2019/11/20/dnsdist-1-4-0/
Changelog: https://dnsdist.org/changelog.html#change-1.4.0
Also removes compatibility patches required for previous release that have
been incorporated upstream.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Maintainer: Darryl Sokoloski / @dsokoloski
Compile tested: arm_cortex-a15_neon-vfpv4, TP-Link Archer C2600, master
Run tested: TP-Link Archer C2600
Change log for v2.98:
[FIX] OpenWrt: Silence ABI warnings.
[FIX] Fixed socket buffer dead-lock (pop < 0 bytes).
[FIX] Silenced site UUID errors (moved to debug level).
[FIX] Updated to SPDX identifier for GPL license.
[IMP] Migrated from libjson-c to nlohmann JSON for Modern C++.
[IMP] Updated agent status with CPU utilization and sink service status.
[IMP] Reformatted sink queue utilization status output.
[IMP] Support OS-specific restarting.
[IMP] Added payload upload and update frequency control.
[IMP] Added MAC addresses to JSON interface list.
[IMP] Added option to send established flows to connecting clients.
[IMP] Added offline capture processing script.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Updates pdns-recursor to current stable 4.2.1. Also includes more complete fix
for boost.m4 BOOST::THREAD detection, removing dependency on boost-thread.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Upgraded to pdns-4.2.1 and corrected issues with dependency management on
modules, in addition to moving zone2ldap under the ldap backend (It's only
compiled if ldap backend is enabled)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Periodic update of the list of Google domains using
https://www.google.com/supported_domains
as a reference.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
Per discussion in https://github.com/openwrt/openwrt/pull/1804, iputils is
moving from the main openwrt repository to the packages feed, and is switching
from the abandoned skbuff.net upstream to github.com/iputils/iputils
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This is a bugfix release.
Full changelog available at:
https://mosquitto.org/blog/2019/11/version-1-6-8-released/
Many smaller fixes in various areas, nothing particularly standout as of
special interest to OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
- Use HTTPS protocol for updating urls for afraid.org to protect the password.
- Bump/align package version number.
Signed-off-by: Kwonjin Jeong <gram25gwh@gmail.com>
Goes through firewalls easier.
Switched to xz tarball, which is both implicit and smaller.
Rearranged some stuff for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
ntpd's configuration is stored in /var/etc, but the init script doesn't
create this directory. To be fair this folder is used by other packages
as well, for instance dnsmasq. Still, it's better not to rely on other
packages to create it.
Fixes: #10636
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* update to 4.9.16
* cherry-pick some musl alpine/openembedded patches
* cleanup/remove AD-DC/Winbind options and related code
* build the compile_et via samba4/host
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* fix reload/restart not applying luci/smb.conf changes
* remove hotfix for 'read only = no' (fixed by upstream)
* update documentation, example
*cifsd: fix the lost of dos file attributes
*cifsd: store FILE_ATTRIBUTE_SPARSE into xattr
*cifsd: release v2.0.2
*cifsd-tools: add smb.conf.list file to show supported parameters list
*cifsd-tools: set CIFSD_SHARE_FLAG_WRITEABLE flags if read only = no
*cifsd-tools: release cifsd-tools v2.0.2
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Replaces OpenWrt patch with upstream patch. Also removes
0002-Fix-check-for-empty-string.patch as this is included in upstream
OpenSSL 1.1.0 patch.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This commit makes
- the libgd dependency (as well as specifying libs and includes)
- the configure argument "--with-cgi"
dependant on whether the package nut-web-cgi is selected.
nut-web-cgi is also added to PKG_CONFIG_DEPENDS.
Resolves: #10641
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
The modemmanager.common file includes several utility functions that
are used in several places like the protocol handler and in hotplug
scripts. These utilities should not be installed in /etc as they're
not configuration.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Unlike other modem protocol handlers like the ones implemented by uqmi
or umbim, in the modemmanager protocol handler the 'device' option
does not specify a device node in /dev. Therefore, we shouldn't flag
the option as 'device' type (dt_type_device).
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
When a USB modem device is unplugged, we had to do two different
things: first, cleanup the sysfs cache; and second, set interface as
unavailable.
Those two things were never being done properly due to several
different issues:
* The parent sysfs path retrieval logic relies on checking for which
sysfs path has the vid/pid files. This logic obviously only works
when the device is available, and cannot be used on e.g. removal
events.
* The command to cleanup the modem wait status from the sysfs cache
was not removing the previous state properly, because the sysfs path
variable wasn't escaped properly for the sed command.
This patch handles those issues in order to have a proper device
removal handling, by making sure the sysfs path is properly escaped in
the sed command, and by introducing a new hotplug script that runs
when the full USB device is removed.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
gdlib pc file doesn't set a version, so "pkg-config --modversion gdlib"
returns nothing. Also, the test
if test "$?" != "0" -a -n "${GD_VERSION}"; then
is wrong as pkg-config wouldn't return != 0 on success.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* 5.01.9672 release
* Cedar: handle UDP acceleration and R-UDP versions
* Mayaqua: implement R-UDP version 2, powered by ChaCha20-Poly1305
* Cedar: implement UDP acceleration version 2, powered by ChaCha20-Poly1305
* Cedar: serve new web management interface
* Cedar: implement detailed protocol info
* Mayaqua: add Windows Server 2019 to the supported operating systems list
* Cedar: various fixes
* Cedar: add "DisableIPsecAggressiveMode" option
* Make install dir for unit files configurable
* Protocol.c: adapt ClientConnectGetSocket() for new proxy functions
* Wpc.c: adapt WpcSockConnectEx() for new proxy functions
* Protocol: add ProxyCodeToCedar()
* Move generic proxy stuff from Cedar to Mayaqua
* Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity
* Proto_OpenVPN.c: fix segmentation fault in OvsProceccRecvPacket()
* Addressing the UDP reflection amplification attack: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1001
* Mayaqua.h: include <stdarg.h> for "va_list" on Illumos
* Protocol.c: fix bug in ClientConnectGetSocket() causing custom HTTP header not to work
* Mayaqua: move HTTP functions from "Network" to "HTTP"
* Move GetMimeTypeFromFileName() and related structure to Mayaqua
* Mayaqua.h: include <stdio.h> for "FILE"
* Mayaqua.h: include <stddef.h>, for "wchar_t"
* Bump mixin-deep in /src/bin/hamcore/wwwroot/admin/default
* - Fixed the problem occurs when RPC messages between Cluster Members exceed 64Kbytes. - Fixed the RADIUS PEAP client to use the standard TLS versioning. - Implementation of a function to fix the MAC address of L3 VPN protocol by entering e.g. "MAC: 112233445566" in the "Notes" field of the user information. - Implementation of a function to fix the virtual MAC address to be assigned to the L3 VPN client as a string attribute from RADIUS server when authentication.
* Updating built-in Win32 libraries - OpenSSL 1.1.1 -> 1.1.1d - zlib 1.2.3 -> 1.2.11
* Update strtable_cn.stb
* Avoid using hardcoded paths in log file enumeration
* Fix buffer overflow during NETBIOS name resolution
* Update SEVPN.sln
* Create strtable_pt_br.stb
* ci: display error if vpntest failed
* Fix several compile warnings on MS VC++ 2008.
* Enables crash minidump for Win32 vpntest. Minidump files will be saved to the 'C:\Users\<username>\AppData\Local\Temp\vpn_debug' (for normal user) or 'src\bin\vpn_debug\' (for administrator user).
* OpenVPN: use new protocol interface
* Add interface for easy protocol implementation
* add "no-deprecated" to openssl builds "no-deprecated" is widely used in openwrt devices
* Fix LibreSSL support
* Switch to OpenSSL THREADID API
* travis-ci: update openssl, libressl
* enable sonar-scan in travis-ci builds
* Virtual: fix race condition in DHCP server which resulted in multiple clients receiving the same IP
* Mayaqua: Fix compilation without deprecated OpenSSL APIs
* Mayaqua: Replace GNU specific sys/poll.h header with POSIX poll.h
* systemd: replace deprecated CAP_SYS_ADMIN with CAP_SYSLOG
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
This is useful to assign all traffic to a fw3 zone, e.g.:
/etc/config/ipsec:
config remote 'test'
list tunnel 'dev'
...
config 'tunnel' 'dev'
option reqid '33'
...
/etc/config/firewall:
config zone
option name wan
option extra_src "-m policy --pol none --dir in"
option extra_dest "-m policy --pol none --dir out"
...
config zone
option name vpn
# subnet needed for firewall3 before 22 Nov 2019, 8174814a
list subnet '0.0.0.0/0'
option extra_src "-m policy --pol ipsec --dir in --reqid 33"
option extra_dest "-m policy --pol ipsec --dir out --reqid 33"
...
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
* cifsd-tools: fix Assignment of a signed value which has type 'long'
* init: convert hide_dot_files to yes/no option
* 'read only = no' seems bugged for cifsd/smb.conf, so fix via 'writeable = yes'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Change deprecated options to a new one:
DetectBrokenExecutables to AlertBrokenExecutables
ArchiveBlockEncrypted to AlertEncrypted
Fixes: CVE-2019-12900 and CVE-2019-12625
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* cifsd: fix uninitialized fp could be freed
* cifsd: fix potential uninitialized spnego_blob could be freed
* cifsd: smbd: replace spinlock_irqsave with spinlock
* cifsd: smbd: avoid the lack of client's send credits
* cifsd-tools: add version generation script
* cifsd-tools: do not abbrev git describe
* cifsd-tools: use 'unknown' version string if git describe fails
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* Update nextdns to version 1.1.5 which adds IPv6 dual stack support.
* Add the ability to configure per host configuration id from uci.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* some init tweaks
* use the usual wifi wrapper for reloads
* compatibility fix for latest wifi-related changes
in master (dynamic wireless radio reconfiguration)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix breaking change introduced in the main tree with a commit
7519a36774ca ("base-files,procd: add generic service status") where the
old service `status` callback function doesn't work anymore and needs to
be renamed to `status_service`. This name was chosen for consistency
with start and stop function callbacks, which are using `start_service`
and `stop_service` naming schemes.
While at it, fix whitespace issues in the status_service as well.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-September/019035.html
Reported-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This change:
* Removes building of Lua bindings. These bindings were already removed
upstream[1].
* Fixes building of Python bindings:
* Fix SWIG_DIR path (note that SWIG_VERSION will need to be updated
whenever the swig package is upgraded)
* Fix Python module paths and filenames
* Packages the Python bindings in a new package (python3-sysrepo) and
builds it by default, instead of depending on a config option.
[1]: https://github.com/sysrepo/sysrepo/pull/1429
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When the user requests 'any' as 'iptype', we may get either IPv4 or
IPv6 settings.
Simplify the logic by not requiring any explicit iptype before loading
the method reported by the bearer object for IPv4 and IPv6; just load
the methods right away and setup settings based on those.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Till now we could only ping http targets on port 80. With this change by
adding the config boolean config option httping_ssl we could also ping
https ping targets on port 443.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Sometimes the return value of `ubus -S call network.interface.wan status`
cause `json_load` to return `Failed to parse message data` error.
To avoid this, the JSON data always should be quoted with double quotes.
Signed-off-by: Evren Yurtesen <eyurtese@abo.fi>
Removed quoatation marks from commit heading
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There is an issue with the included build scripts which improperly check for a
requirement on libboost-thread where another implementation is available.
Fixes#10273.
Signed-off-by: James Taylor <james@jtaylor.id.au>
seafile-server uses libevhtp pthreads support. libevhtp needs
libevent2-pthreads for that. However, since there is no installable
package for libevhtp--the library is build static-only--then
seafile-server, its consumer, needs to add the dependecy.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Current version of ubus module have some problem with list method. Update the module to fix this problem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* limit firewall hotplug trigger to certain wan 'INTERFACE' as well,
to prevent possible race conditions during boot
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a logical glitch in the hotplug event handler
* properly handle fatal iptables errors - even in subshells
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Migrated init-script to procd.
- Removed the old hotplug script as it is unnecessary and
caused long boot-times for r7800 and possibly others.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
The procd based init setup uses a custom `pidfile` parameter, but the
used MODEMMANAGER_PID_FILE was not being defined anywhere.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Since ModemManager 1.10.2, per-device carrier mapping configuration
files may be installed, providing support for automatic carrier config
selection.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
The bearer status wasn't being loaded in key/value mode, and therefore
would always fail to load the IPv4 config method.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
* print to stdout if 'logger' is not available
* add support to set the service nice level (default is 0)
* small fixes / polish up for forthcoming 19.07 release
Signed-off-by: Dirk Brenken <dev@brenken.org>
* more startup tweaks
* re-use f_log function in helper scripts
* small fixes / polish up for forthcoming 19.07 release
Signed-off-by: Dirk Brenken <dev@brenken.org>
* more startup tweaks
* re-use f_log function in helper scripts
* small fixes / polish up for forthcoming 19.07 release
Signed-off-by: Dirk Brenken <dev@brenken.org>
A set of scripts that parse RSS feeds and downloads files for you.
Recipes are available to send download links to transmission and aria2.
Signed-off-by: Leong Hui Wong <wong.leonghui@gmail.com>
Makefile cleanups for consistency between packages.
Placed libsysrepo in Libraries instead of Utilities.
Removed InstallDev as it is implied by CMAKE_INSTALL.
Added .patch at the end of patch files.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This fixes a runtime startup error on system which does not have a
toplevel runtime directory for the pid file. On openwrt the pid is
located at /var/run and not on /run. To fix that add a configure option to
move the pid location to /var/run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This fixes a runtime startup error for system, which does not have enabled the
kernel config option CONFIG_PROC_EVENTS.
This workaround was published on github under the following URL.
https://github.com/acassen/keepalived/issues/1119
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fix race condition in download utility detection during boot
* fix multiple possible bugs in ipset creation
* prevent parallel service starts
* refine service trigger handling
* add ssh daemon auto detection
* print to stdout if 'logger' is not available
Signed-off-by: Dirk Brenken <dev@brenken.org>
MBIM and QMI support (necessary for modern and
high-performance LTE modems) should be default
y otherwise the only way to use modemmanager
with these protocols is to recompile the package.
This is very inconvenient for most end users.
Also fix typo in PKG_HASH definition.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Fixed license information.
Use xz archives.
Use PKG_SOURCE_DATE instead of PKG_VERSION, which evaluates to the same.
Use HTTPS, which goes through firewalls more easily.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Adds ubus module to nginx
- Select module by default
- Adds script to detect ubus module and append config for luci
- Switch all external module to xz
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Switched to standard PKG_INSTALL.
Added PKG_BUILD_PARALLEL for faster compilation.
Added some size optimizations.
Added license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
OpenSSL is already built as part of tools (LibreSSL actually) and can be
used instead for the host build.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This updates all Python packages that download their source from PyPi to
use pypi.mk.
This will allow future improvements/changes to pypi.mk to affect all
relevant packages.
This also makes it easier for future Python packages to start using
pypi.mk, when it's clear how it is used in existing packages.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
the patches 010-Fix-compilation-when-OpenSSL-has-no-ENGINE-support
and 020-Fix-compilation-without-deprecated-OpenSSL-APIs are now
merged upstream, so they must be dropped from the OpenWrt pkg
Signed-off-by: Saverio Proto <zioproto@gmail.com>
MM has a problem with cross-compiling. It needs to run some
tools during compilation (glib-mkenums & gdbus-codegen) but uses
pkg-config to detect them. But like this it finds the wrong tools, the
ones in $(STAGING_DIR). The correct tools are in
$(STAGING_DIR_HOSTPKG)/bin.
As a workaround this commit patches configure.ac so the correct tools
are used, the ones from glib2/host. The latter is also added to
PKG_BUILD_DEPENDS to reflect this.
libxslt/host is also added to PKG_BUILD_DEPENDS and the related
RequireCommand call is removed. This is OK to do since we have
libxslt/host available since a few days ago.
Resolves#10249
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- rename the section instance to yggdrasil (feat. request)
- allow zone to cover both ip4 and ip6 fam
Signed-off-by: William Fleurant <meshnet@protonmail.com>
After many failed attempts at upgrading Django to 2.2.6, the solution seems
to be to split a `python-django1` package that works with Python2 and
upgrade `python3-django` to the latest 2.2[.6] LTS release.
This also means that all Python2 Django packages will be stuck & based on
Django 1.11[.24] LTS release. But, it's currently the sanest approach I
could find to be able to perform an upgrade of Django to 2.2, and not break
Seafile.
Upgrading Seafile is also pretty difficult, as their Python3 support is not
yet finished & released. And in the meantime, we want to allow people to
use newer Django versions.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Upstream release message:
"Letsencrypt CA recent changed the CDN provider, which resulted in hanging issues.
Any downstream package should update.
This is important."
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Add required libevent2-pthreads dependency for all ntpd
subpackages.
Remove keygen-specific libevent2-core support as it is
automatically selected by the libevent2-pthreads dependency.
nptd: Bump PKG_RELEASE
Fixes: openwrt/packages#10307
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
argp-standalone is only needed for non GLIBC targets.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed unnecessary C/LDFLAGS.
Remove libstdcpp depends. It's included with libfmt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This removes lines that set PKG_BUILD_DIR when the set value is no
different from the default value.
Specifically, the line is removed if the assigned value is:
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
The default PKG_BUILD_DIR was updated[1] to incorporate BUILD_VARIANT
if it is set, so now this is identical to the default value.
* $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)
if PKG_SOURCE_SUBDIR is set to $(PKG_NAME)-$(PKG_VERSION), making it
the same as the previous case
* $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
This is the same as the default PKG_BUILD_DIR when there is no
BUILD_VARIANT.
* $(BUILD_DIR)/[name]-$(PKG_VERSION)
where [name] is a string that is identical to PKG_NAME
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e545fac8d968864a965edb9e50c6f90940b0a6c9
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Fixes following errors:
main.c:458:37: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:463:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
main.c:518:35: error: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:157:3: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result]
main.c:763:3: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
- add uwsgi patch to add option to don't follow simbolic link but call it directly (waiting to be approved)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
lightweight client for the RFC8555 ACMEv2 protocol, written in plain C code
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* the WAN auto detection now supports multiple interfaces, too
* no longer filter out possible LAN devices
* add a new DoH (DNS over HTTPS) blocklist source with public
DoH DNS server addresses, to effectively block client side DoH
communication, e.g. via Firefox or Chrome
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new 'ca-bundle' dependency as all https connections
are now validated by default
* automatically select the download utility: 'aria2', 'curl',
'uclient-fetch' with libustream-* or wget are supported
* track & ban failed LuCI login attempts as well
* add a small log/banIP background monitor to block
SSH/LuCI brute force attacks in realtime (disabled by default)
* add a config version check (please update your default config!)
* made the automatic wan detection more stable
* fix the IPv6 logfile parser
* fix the service status message
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix kea-admin dependency where if procps-ng-ps wasn't available busybox
would output an error casuse it does't support showing a processe's PID
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Fix an issue where the Makefile wouldn't allow kea to show up in the
menuconfig Also added some description to the packages
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
Condition testing for Linux version 4.14 is spelled LINUX_4_14, not
LINUX_4.14, so the checks were ineffective up to this change.
This Fixes the following error which appeared after update to 2.12.0,
when built against kernel 4.14:
Package kmod-openvswitch-intree is missing dependencies for the
following libraries:
tunnel6.ko
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
debug is boolean option/flag so setting it to 9 doesn't work, while at
it I've synchronized boolean options from source code and sorted it
alphabeticaly with following command:
grep flag src/cmdline.ggo | cut -d \" -f2 | sort | tr '\n' '|'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Code in option_cb was referencing $chilli_inst variable which was
declared as local, thus the instance startup logic in start_chilli was
referencing variable which would always get value of 1, effectively
making `disabled` config option useless.
So I've fixed it with simpler config_get_bool and while at it, I've simplified the
surrounding code little bit as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
apcupsd's configure script looks up paths to sh, wall and mail on the
host system, but intends to use them on the target system. OpenWrt
replaces apcupsd's scripts by its own versions, so those paths don't
really matter, however, if the host system doesn't have wall installed,
the build fails. This is the case on Gentoo when util-linux is built
with USE=-tty-helpers (default). Prevent such failures by providing
explicit stub paths to sh, wall and mail to configure script.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Before the CMake update, either protobuf was being installed to HOST
instead of HOSTPKG by mistake or some other problem.
This adds a linker flag to look in the proper location.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Some firewalls mandate a minimum size of 4k for SYN packets, which
transmission does not do by default. Upstream issue here:
https://github.com/transmission/transmission/issues/964
Cleanup:
Fixed license info.
Removed two unnecessary patches.
Ran shell script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Switched to CMAKE_INSTALL to get rid of InstallDev.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Several other cleanups.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed PKG_INSTALL as cmake.mk already defines it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This can be helpful for example in hotels where you need to
enter a new user/password combination every week.
Signed-off-by: Johannes Rothe <mail@johannes-rothe.de>
Compile Tested: yes, selects lua as implementation and doesn't pick up luajit
Run Tested: no, minor change
Maintainer: me
Description:
On some architectures PowerDNS was preferring Luajit over Lua, which wasn't added
as a dependency. On previous versions this was controlled by passing `--with-lua`
and `--without-luajit` however this isn't functional anymore.
On the 4.2 series, it is instead possible to define the lua implementation to be
used by passing `--with-lua=[implementation]` ie `--with-lua=lua`
Signed-off-by: James Taylor <james@jtaylor.id.au>
nut uses gdlib-config to find libgd, which happens to be deprecated. This
switches it to use pkgconfig and allows a fallback to gdlib-config, same
as the libusb check.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bump PowerDNS Authoritative DNS Server to 4.2.0. Release changelong can be found at
https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.0
Compile Tested: OpenWRT Snapshot - armv7
Run Tested: Linksys WRT1900ACS - package runs correctly, not all functionality has been tested.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705
For seahub this was omitted, since the Python dependencies are prefixed
with `python-`, so it was missed during the grep search.
And grepping just for `mysql` yields many results.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
commit 0c090fde68b2 ("scons: move host build tool to a proper place")
has moved scons into the packages feeds, so switch to that package
include and adjust build dependency to a new scons home.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.
The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
The package on PyPi is named `mysqlclient`.
This should have been named `python-mysqlclient` from the start.
There is a `mysql` package on PyPi already but that's a different
code/package.
Doing this should avoid any future confusion.
There is no good time to do this rename; at least 19.07 has been branched
already and this can go into the next release [in a year or so].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl>
Compile tested: ramips, Xiaomi Router 3G, fc54256
Run tested: ramips, Xiaomi Router 3G, 0f54d96
Description:
Mosh is "Remote terminal application that allows roaming, supports
intermittent connectivity, and provides intelligent local echo and line
editing of user keystrokes".
Project's site: https://mosh.org
Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt
updated by me
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
(Makefile cleanup and size optimizations)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Correct SPDX License Identifier
- Move MAINTAINER, SUBMENU to more appropriate place
- Use HTTPS in URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
As discussed on GitHub[0] the package should be removed.
[0]: https://github.com/openwrt/packages/issues/7832
> The package is effectively orphaned upstream and has been for some
time. Given the security-sensitive nature of the package, an active
maintainer community is essential for safe usage. Racoon's lack of
support for IKEv2, despite it being stable for a long time, and the
availability of next-generation tunneling systems such as wireguard,
also would seem to limit its future value. Setkey's functionality
has been subsumed by 'ip xfrm'.
> If you disagree that ipsec-tools should be removed from OpenWRT,
please say so now. If there are still use cases for it that are
not met by other IKE implmenentations that would be good to
know. But more importantly, I think you'll need to convince us
that ipsec-tools is actually safe to operate on today's Internet
given its current state of development.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* fix a dns restart issue if 'flush dns cache' is set
* fix a suspend/resume issue, the status wasn't properly updated
* fix a long standing query issue
* rework return code handling, mostly for debugging
* various cleanups & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Development moved to GitHub. Update URLs.
Cleaned up Makefile a bit for consistency between packages.
Added patch that removes deprecated bzero.
Ran init script through shellcheck. Fixed minor warnings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bidirectional Forwarding Detection (BFD) is a network protocol that is used to
detect faults between two forwarding engines connected by a link.
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* update to git (2019-08-19)
* use new "kill_server" sysfs option on stop
* ensure reload_service() works correctly
* add inherit owner, force create mode, force directory mode UCI options
* add patches for mips target (vfree, vmalloc)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* background service: no longer miss "signal" events for the
dns backend (to trigger adblock)
* fix a dns backend reload issue during switch between
different blocking modes
* domain query: report found domains only once in
"null" blocking mode with IPv4 & IPv6 list entries
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a possible race condition during DNS file reset on slow hardware
* optimize DNS restart behaviour in 'null' blocking mode
* mute useless warnings
Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit updates:
- bump version to v20190809
- fix PKG_LICENSE_FILES
- rename package names to kcptun-server, kcptun-client
- refactor Makefile
- merge config and service scripts
- add more config options to support all features
- add additional options: gogc, syslog, user
- add README.md
Reference:
- package shadowsocks-libev
Signed-off-by: Chao Liu <expiron18@gmail.com>
* add support for 'DNS File Reset', where the final DNS blockfile
will be purged after DNS backend loading (save storage space).
A small background service will be started to trace/handle
dns backend reloads/restarts
* add support for the 'null' blocking variant in dnsmasq
(via addn-hosts), which may provide better response times
in dnsmasq
* enhance the report & search engine to support
the new blocking variants. Search now includes
backups & black-/whitelist as well
* compressed source list backups are now mandatory (default to '/tmp')
* speed up TLD compression
* E-Mail notification setup is now integrated in UCI/LuCI
* update the LuCI frontend to reflect all changes (separate PR)
* drop preliminary dnscrypt-proxy-support (use dnsmasq instead)
* drop additional 'dnsjail' blocklist support (not used by anyone)
* procd cleanups in init
* various shellcheck cleanups
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fixes:
when using HTTP/2 a client might cause excessive memory
consumption and CPU usage (CVE-2019-9511, CVE-2019-9513,
CVE-2019-9516).
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
iotivity's scons build script is not compatible with python3, so use
python2.7 from python/host to run it.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Otherwise compilation fails when clang-tidy is found in the host:
-- clang-tidy found: /usr/lib/llvm/7/bin/clang-tidy
error: unknown argument: '-fhonour-copts' [clang-diagnostic-error]
error: unknown argument:'-iremap[...]:https_dns_proxy-2018-04-23'
[clang-diagnostic-error]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This avoids copying /usr/include, unversioned *.so files, pkgconfig,
/usr/lib/*.la, and the build-time libs/cflags configuration utility
clamav-config.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
f5420af phantap: do not capture vlans
5d1bd13 phantap-learn: improve the BPF filter, exclude vlans
be6f7d9 Readme.md: we now support talking to the victim.
8789da5 README.md: fix typo
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Full changelog here: https://mosquitto.org/blog/2019/08/version-1-6-4-released/
Fixes a regression in persistent session handling, and various other
regressions related to the mqtt5 support.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Changelog prepared by upstream project
* osport.h: replace SUSv3-specific functions by POSIX variants [Fabrice Fontaine]
* avp: Error Code field in Result Code AVP is optional [Pau Espin Pedrol]
* network_thread: Early continue in loop to remove huge indented block [Pau Espin Pedrol]
* network_thread: Simplify while loop using for loop [Pau Espin Pedrol]
* network: connect_pppol2tp: early return to avoid huge indentation block [Pau Espin Pedrol]
* xl2tpd: start_pppd: Fix truncation of last character [Pau Espin Pedrol]
* handle_packet: Remove unneded else clause when handling payload [Pau Espin Pedrol]
* control: Split control message handling into its own function [Pau Espin Pedrol]
* handle_packet: Rearrange code flow to simplify it [Pau Espin Pedrol]
* avp: Early failure if no handler to remove indent block [Pau Espin Pedrol]
* xl2tpd: Mark internal symbols as static [Pau Espin Pedrol]
* Fix indentation and whitespace in code block [Pau Espin Pedrol]
* xl2tpd: Remove unused variable [Pau Espin Pedrol]
* network: Add missing close(kernel_fd) on init network failure [Pau Espin Pedrol]
* network: Add missing close(server_fd) on init network failure [Pau Espin Pedrol]
* Add 'cap backoff' option, limiting exponential backoff retries will
be delayed by exponentially longer time, unless that time is capped
by configuration. [Bart Trojanowski]
* Add program to show status icon in system tray. [Github user: username34]
* Add info on building and installing xl2tpd [Samir Hussain]
* Update formatting of README.md [Samir Hussain]
* Rename README.xl2tpd to README.md [Samir Hussain]
* Update Debian changelog [Samir Hussain]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This should fixopenwrt/packages#9346 ("shadowsocks-libev: undefined
behavior from unaligned access")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Makefile always checks the existence of host's NAT-PMP header,
which results in internal NAT-PMP code being used if it's missing.
Add a patch to make it check targets' header instead.
Use aligned_alloc() instead of valloc() in case of uclibc.
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
kcptun is a stable & secure tunnel based on kcp with N:M multiplexing.
https://github.com/xtaci/kcptun
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
* add extra options to control auto-addons to
blacklist & whitelist ('ban_autoblacklist' & 'ban_autowhitelist',
both enabled by default). If disabled auto-addons are only stored
temporary in the black/whitelist ipset but not in the list itself,
fixes#9631
* remove old, no longer needed procd workaround
* remove 'zeus' source from default config (discontinued)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add missing dnsmasq dependency
* add a captive portal auto-login hook (configurable via uci/LuCI),
you could reference an external auto-login script - see readme
* provide an auto-login script for german ICE hotspots
(/etc/travelmate/wifionice.login), requires 'curl'
* small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
This includes a major bug fix (2ed9c76) and some minor fixes/improvements
f104742 phantap-learn: do not use proto for ip neigh
9849b0f phantap-learn: cleanup
159653d Readme.md: update install instructions
ff3acc2 phantap: add support for talking to victim.
2ed9c76 phantap: Fix MAC snat
f6f2d2d Phantap: fix dns configuration
40fa14b phantap: look at DNS response instead of request
0d62deb Improve Readme
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Maintainer: Florian Eckert @feckert
Compile tested: not needed
Run tested: x86_64
Description:
Only two of the four IPs defined for wan are found in wanb, adding it so it is the same.
Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
We add the necessary Makefile, hotplug, config, and init bits
so that p910nd daemon runs as user:group p910nd:lp by default.
This eliminates an unnecessary root daemon.
The hotplug script sets the permissions of the USB lp
device(s) to read-write owner and group and no access to
anyone else, and sets owner root, group lp.
This is allows sufficient privileges to p910nd
to do it's job.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Since this package has been abandoned, I don't mind taking it over.
If there are issues with it, I can also investigate, and be a point-man.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
PhanTap or Phantom tap is a small set of scripts that allow you to setup a network tap
that automatically impersonnate a victim device, allowing you to access internet using
the IP & MAC of the victim
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
It was requested in #9065 .
Cleaned up Makefile slightly.
Removed inactive maintainer.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
When compiled with musl >1.1.20, fastd will crash in case it can't
resolve a peers hostname. This is due to a changed implementation of
freeaddrinfo in musl 1.1.21 onwards.
This segfault is fixed by not calling freeaddrinfo in case the supplied
pointer is null.
Signed-off-by: David Bauer <mail@david-bauer.net>
Main warning fixed was about echo -e not being supported by POSIX sh.
Added PKG_BUILD_PARALLEL for slightly faster compilation.
Small whitespace cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Maintainer: me
This commit bumps the version of pdns-recursor to the latest 4.2.0. This release brings in mostly minor changes, with the full changelog available at https://doc.powerdns.com/recursor/changelog/4.2.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
* revert to 4.9.x series (4.10 needs too many unofficial patches and has weird waf bugs)
* cleanup patches
* enable AD_DC build option again
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
usleep is a legacy function that was removed in POSIX-2008. uClibc-ng can
be configured to compile without it. if out the code as it's not used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This changes the init script to allow to monitor up to 8 network
interfaces. The support for up to 8 network interfaces was added to
mini_snmpd release 1.3 in November 2015.
Signed-off-by: Marcel Telka <marcel@telka.sk>
The maintainer is inactive, in addition to this package being woefully out
of date. It probably does not work properly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* adds cifs/smb kernel server module (cifsd)
* adds userspace tools (cifsd, cifsadmin)
* has UCI support (compatible with samba configs)
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
softethervpn overrides nls.mk by defining its iconv functions. This only
works if the libc has iconv. In addition, it does not allow external
libiconv usage. TARGET_LDFLAGS is also the wrong place to add -liconv.
Removed SSL3 patch. It was needed for OpenSSL 1.0.2 but not anymore.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This change also updates the maintainer email to cotequeiroz@gmail.com, as
requested on a different change.
Also, changing here is the download URL to github's codeload, since that
one offers .tar.gz archives.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The pillow package has been updated to the Python[3] packaging format, and
now the package names are `python-pillow` & `python3-pillow`.
This change updates seafile-seahub to use it.
Not updating other packages as they will be converted to Python[3]
packaging format.
And not bumping PKG_RELEASE here as it will be done in the last commit that
updates deps for seafile-seahub.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Patch taken from upstream fixes an Invalid argument error while trying
to get the IP address of an interface.
Makefile was updated to current style.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Removed upstreamed patch.
Removed mirror. It seems it has a wrong HTTPS certificate.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fix a corner case issue with auto expiry of the
'Faulty Station' list (the last run information was not updated)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Needed for the new protobuf update.
Cleaned up Makefile.
Got rid of HOST_BUILD_DEPENDS. This package does not have a host build.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change adds support for mstpd (Multiple Spanning Tree Protocol
Daemon).
mstpd works reasonably well with RSTP.
MSTP protocol works ok, but is known to have some issues with some managed
switches.
In order to get this to work, each physical switch port needs to have it's
own software network interface (so, for example: port 0 <==> eth0). This
means that this is suited mostly for higher end devices that can process
STP packets in software.
An interface for `swconfig` or Linux's DSA or switchdev would haven been
interesting, but it never materialized.
Adding this in the OpenWrt packages feed may provide some interest or
feedback on whether `mstpd` should do more, to integrate with managed
switches and offer some basis for Linux (through OpenWrt) as an OS for
managed switches.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Parallel building is causing a failure because it executes some
commands, such as patch, more than once.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The configure test for gettimeofday does not include the proper header.
Override the variable as all OpenWrt libc have two arguments for
gettimeofday.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* use '$ddns_rundir' in 'get_service_data' for pipe creation, fix#8971
* add missing local variables in 'get_service_data'
* change DNS server verification with drill in 'verify_host_port',
fix/supersed #8935
* remove needless cat calls in 'verify_host_port'
* set cloudfare TTL to min. 120 seconds, fix#7745
* bump/align package version number
Signed-off-by: Dirk Brenken <dev@brenken.org>
Maintainer: me
This commit addresses a build failure around guards on execinfo.h usage to
prevent uclibc from pulling it in, as it defines both __GLIBC__ and __UCLIBC__.
The original patch had invalid syntax which this corrects.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed PowerDNS recursor links correctly against libraries and runs on my
target environment.
Description:
PowerDNS Recursor is a high-performance resolving name server, utilizing
multiple processor and including Lua scripting capabilities.
This commit includes the recursive nameserver
https://www.powerdns.com/recursor.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
- Now using codeload as suggested.
- Removed PKG_BUILD_PARALLEL, and PKG_USE_MIPS16:=0 as it was no longer needed to build the latest version successfully.
- Moved PKG_MAINTAINER to top.
- Use INSTALL_BIN instead of CP
- Added PKG_LICENSE and PKG_LICENSE_FILES
- Fixed a typo in TITLE
- DCO should be fixed now.
Signed-off-by: Andreas Nilsen <adde88@gmail.com>
If we're going to have a list of ntp servers, we should at least respect
them. Fallback to the original static list if no configured servers are
found.
Signed-off-by: Karl Palsson <karlp@etactica.com>
This is required for conntrack zone limit support. Linux upstream
commit is 11efd5cb ("openvswitch: Support conntrack zone limit")
Ref: https://github.com/openwrt/packages/issues/9274#issuecomment-507181166
Reported-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
STAGING_DIR_HOST is for packages under tools/ , not host packages.
Reorganized Makefile for consistency between packages.
Added PKG/HOST_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added -Wno-error to fix.
Also added patch to fix compilation without deprecated OpenSSL APIs.
Added PKG_BUILD_PARALLEL for faster compilation.
Switched libcyassl to libwolfssl.
Reorganized makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
It seems there is a mistake in the version I sent upstream.
Cleaned up Makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* optimize the main scan/iwinfo call (performance & system load):
- remove a needless f_trim function call
- remove a redundant awk call
- reduce the scan buffer size and
make it configurable (trm_scanbuffer, default 1024 bytes)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
the latest update url format for deSEC is
http(s)://update.dedyn.io/update?username=[USERNAME]&password=[PWD]
Signed-off-by: James Qian <sotux82@gmail.com>
This applies to uClibc-ng and libiconv-full
Switched to building with uClibc++.
Fixed license information.
Fixed BUILD_DEPENDS.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PowerDNS released two new versions which together add some features and address security issues.
Changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html
This release and 4.1.9 together fix the following security advisories:
PowerDNS Security Advisory 2019-04 (CVE-2019-10162)
PowerDNS Security Advisory 2019-05 (CVE-2019-10163)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Backported upstream patches that fix this.
Removed local patch that fixes libp11 with version 0.4.7, which is not
used anymore. Upstream has a different solution.
License fixes and Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The arc700 target (and probably others) uses uclibc as it's c-library. However,
uClibc's libcrypt seems to not support the crypt_data struct which broke
the build. This fix adds a new build-target to haproxy which does not use
libcrypt. Summing up, this commit does:
- Add support for uclibc to haproxy with libcrypt disabled
- Add detection of c-library to configure the correct build-target
- Silence additional warnings
- Update patches
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This service monitors (each 3s) switchdev ports and brings down CPU
ports when all related non-CPU vlan ports are also down. Otherwise,
it brings the port up.
In order to hide CPU ports from netifd, when a device is brought down,
the device is renamed adding the suffix "_down".
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
- Update haproxy download URL and hash
- Add new patches
- Add several CFLAGS (derived from haproxy Makefile) to make the build work with v1.9+
- Update default configuration
- Add check-command (for config) to init-script
- Add prometheus-service from contribs by default
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This change is inspired by commit openwrt/openwrt@38b22b1e ("nghttp2:
deduplicate files in libnghttp2")
The packages in this commit are identified with the following command
grep -rin -E 'INSTALL_(DATA|BIN)' | grep -F '.so' | grep -F '*'
Some of them do not have symlinks and are not affected, but the change
is still applied for consideration of best practices just in case
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/9255
This seems to fail the build for this package only.
So, this change patches the build, to add `-lssp` to the LDFLAGS of this
package, in case the build uses GCC's libssp.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The nsh.ko requirement was introduced in kernel 4.15. Currently there
are 3 kernel versions in base system, 4.9, 4.14, 4.19
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is a workaround to prevent the whole build from failing because of
the intree kmods are not supported yet by upstream project.
Root cause is that kernel version should not play a part when making
DEPENDS as the generated kconfig was for all targets that may have
different kernel versions.
One less than ideal effect of this change is that for an unsupported
kernel version, people can still select the intree kmod but it won't be
built. This may contradict expectation if the warning was not noticed
by them
Resolvesopenwrt/packages#9274
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Change log for v3.11.1716:
[IMP] Replaced libhttpd with libevent, therefore commented thread
related parameters in wifidogx conf file
[IMP] Added REQUEST_TYPE_COUNTERS_V2 to wifidog protocol
[IMP] Sent online and offline client's counter info to auth server
[FIX] Fixed missing setting online_time parameter bug
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
- treat RFC6762 'local.' as nxdomain because avahi and other services
will disable if SOA or NS records appear in central DNS.
- allow two threads to be enabled with the 'heavy traffic' variant of
Unbound packages.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* refine 'refresh' mode, add normal processing/download as fallback
* remove needless reload trigger
* fix various ipset warnings
* fix timer in 'refresh' mode
* adapt ssbl regex to new source list format
Signed-off-by: Dirk Brenken <dev@brenken.org>
seafile-seahub's build is a mess.
It hijacks some OpenWrt mk files into the build.
This can be avoided by provided some of the required parameters via
env-vars and patching the env-vars into the build.
Which is what this patch does.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The change is mostly organizational.
More packages will be moved to have python- or python3- prefixes.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
remove unused patches
Add patch to:
Automatically detect whether Curve25519 is available in NSS for USE_DH31
Signed-off-by: Antony Antony <antony@phenome.org>
enable libunbound, along with dependency
add kmod-crypto-aead kmod-crypto-gcm dependency to support AES GCM
disable libseccomp
/git/openwrt/build_dir/target-mips_24kc_musl/libreswan-3.27/include/lswseccomp.h:24:10: fatal error: seccomp.h: No such file or directory
#include <seccomp.h>
^~~~~~~~~~~
add missing dependency nspr
add nss-utils dependency to able to import x509 Certificates to fix the error
ipsec import west.p12
/usr/sbin/ipsec: line 239: pk12util: not found
/usr/sbin/ipsec: line 84: certutil: not found
remove libnss dependency, nss-utils util will pull it.
remove unused build option KERNELSRC not necesscay since b4b98e2922.
Signed-off-by: Antony Antony <antony@phenome.org>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed PowerDNS server links correctly against libraries. I'm unable to test
all the backend modules as I don't have suitable backing stores set up for each.
Description:
PowerDNS is a versatile nameserver which supports a large number of different
backends ranging from simple zonefiles to relational databases and load
balancing/failover algorithms. PowerDNS tries to emphasize speed and security.
This commit includes the authoritative nameserver, backends and additional tools
https://www.powerdns.com/auth.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
Change log for v2.88:
[IMP] Added support for search and replace privacy expressions.
[IMP] Added support for masking external addresses with private address ranges.
[IMP] When enabled, trigger a sink update on start-up.
[IMP] Added flow hash cache.
[IMP] Added HTTPS as a super-protocol of SSL.
[IMP] Add ability to save DNS hint cache to non-volatile (persistent) memory.
[IMP] Save sink responses when "json_save" is enabled.
[IMP] Added dynamic sink URL cloud configuration.
[IMP] Implemented per-detection-thread packet capture queue.
[IMP] Added support for a loadable serial UUID.
[IMP] Added configuration option to override sink connection timeout.
[IMP] Idle flow TTLs tunable via configuration directives.
[IMP] Added idle TCP flow multiplier to keep TCP flows in memory longer.
[IMP] Added new flow metadata "first_update_at" timestamp.
[IMP] Added complete reference sample configuration file.
[IMP] Various optimizations and fixes for FreeBSD.
[IMP] Employ advisory locking when writing output files.
[FIX] Ensure all configuration files are preserved on upgrades.
[FIX] Fixed automatic interface role detection for nethserver/shorewall.
[FIX] Memory usage fixes using profiling tools.
[UPD] Updated to nDPI v2.9.0-dev-709a87c.
[OPT] Flush and compress upload queue as soon as possible.
[OPT] Significantly reduced detection thread locking times.
[DEV] Added example plugin submodule to repository.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Use link-time optimization and --gc-sections --as-needed ldflags
Reduces ipk size by 20%
Remove unnecessary dependencies
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Fix license info to use SPDX name.
Switched to wget instead of curl to avoid having a dependency on 2 SSL
libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in bridge-utils.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[PKG_RELEASE bump]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
OpenWrt toolchains already use correct CFLAGS for every ARM target
There is no reason to use conservative CFLAGS now
It also causes compile error with GCC 9.1.0
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Moving the DNSDIST package into the IP Addresses and Names subcategory under Network. This will make it easier to find since it will be with other DNS tools.
Signed-off-by: James Taylor <james@jtaylor.id.au>
With this change it is now possible to combine interface action events.
If an interface action is generated by netifd or mwan3 for example ifup,
ifdown, connectd or disconnected and this action is configured in the inteface
uci section, then the conntrack table is flushed by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This fixes a crash that happens when dhcpd is configured with a failover
peer, and the failover peer goes down. The crash is due to a dereference
of a freed object. When tracing is enabled (which is the default) the
object in question is referenced by the tracing code and so doesn't get
freed prematurely. I have observed this crash on two different target
platforms (mips and x86_64), and it is reproducible on non-OpenWRT
distros by building isc-dhcpd using --disable-tracing.
This has been reported to ISC, but their response was that it's a low
priority as the simple work-around is to leave tracing enabled.
Re-enabling the tracing code only increases the size of the executable
by about 24KB.
Signed-off-by: Heath Kehoe <yaheath@gmail.com>
Current version in OpenWrt (3.16.2) fails against the Arch Linux
in System Rescue CD's NBD as rootfs (to allow sharing ISO across
network). Based on resolved issues and web searching it seems
nbd had endianness issues (which affected my ath79 device).
This updates to 3.19 which allows System Rescue CD PXE boot with
NBD rootfs to work.
Removed patches no longer required due to upstream changes, and
added new configure option (--without-libnl) required to avoid
linking against full libnl and libnl-genl (if present in build).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* change iptables whitelist target from 'ACCEPT' to 'RETURN'
to stop traversing the banIP chain and resume at the next chain
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add patch that detects when -latomic is needed.
Fix compilation without deprecated OpenSSL APIs.
Hard-code lua to avoid luajit dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit 32aaaaa led to failures when openwrt ARCH did not match kernel
ARCH, and this may not be its only side-effect.
This restores the previous Build/Compile and Build/Install, using the
default ones only when using external toolchain; in this case, ARCH is
set to LINUX_KARCH.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Two seperate package names were chosen instead of menu selected options
because dependents need a ready (large) package in release directory.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete.
POSIX allows few arguments to test, so long expressions are not
portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
This removes radicale-py2, the Py2 variant, and renames radicale-py3 to
radicale.
This also makes a number of changes:
* Actually use the Python package build system (from python3-package.mk)
* Download source from PyPI instead of GitHub git repo
* Remove unnecessary PKG_DEFAULT_DEPENDS definition
* Depend on python3-urllib instead of python3-email (now that urllib is
separate from python3-light and has python3-email as a direct
dependency)
* Move package description from menuconfig help to the actual
description field
* Remove unnecessary preinst script (default prerm will stop the
service now that the package name matches the init.d script name)
* Remove unnecessary lib/upgrade/keep.d entry (changed conffiles are
preserved by sysupgrade by default)
* Remove unnecessary postinst script (Python build system will set the
correct shebang)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
libevhtp 1.2.18 made API changes, and unbundled oniguruma.
To adapt seafile-server, some patches from Alexandre Rossi's debian
packaging at http://sousmonlit.zincube.net/~niol/repositories.git/
were applied.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Instead, use @jow-'s suggestion of just checking for the presence of the
executables to find the installed web servers.
Fixes#8529.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Libevhtp is building a static library, used by seafile-server.
Every time the libevhtp binary changes, seafile-server needs a release
bump.
Leave a note in the libevhtp Makefile, as a reminder.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The Makefile currently redefine the Compile and Install functions.
This is not working when using an external toolchain because some
flags are not interpreted, like CROSS_COMPILE. It is possible to
override the MAKE_FLAGS and MAKE_INSTALL_FLAGS instead.
Signed-off-by: Sébastien Blin <sebastien.blin@savoirfairelinux.com>
Update to latest stable release 5.54
Add new options ticketKeySecret and ticketMacSecret to uci validation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed dnsdist links correctly against dependencies and doesn't experience
errors at run-time when enabling features.
Description:
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is
to route traffic to the best server, delivering top performance to legitimate
users while shunting or blocking abusive traffic.
dnsdist is dynamic, its configuration language is Lua and it can be changed at
runtime, and its statistics can be queried from a console-like interface or an
HTTP API.
https://dnsdist.org/Closes: PowerDNS/pdns#3294
Signed-off-by: James Taylor <james@jtaylor.id.au>
Simplified the Makefile and fixes compilation with uClibc-ng. Also added
IPv6 support.
Took the time to clean up the Makefile with other useful options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
BIND now requires POSIX thread and IPv6 support to build
Add filter-AAAA plugin
Remove unrecognized options
Remove patch that no longer needed
- 002-autoconf-ar-fix.patch
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* remove needless sort step to reduce system load
* change maxqueue default in backend and LuCI frontend
to '4' to reduce (default) system load
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Major new release of mosquitto.
This release rolls up the initial 1.6.0 release, plus the subsequent
build/bug fixes of 1.6.1 and 1.6.2.
Original upstream changelogs:
https://mosquitto.org/blog/2019/04/version-1-6-released/https://mosquitto.org/blog/2019/04/version-1-6-1-released/https://mosquitto.org/blog/2019/04/version-1-6-2-released/
Major features of interest:
* MQTTv5 support
* performance improvements
* ALPN support
* OCSP staping support
* OpenSSL Engine support
* TLSv1.0 support dropped
Currently adds two patches to continue supporting OpenSSL engine support
being disabled, and a missing header include. These are both tracked
upstream and are expected to be dropped in a subsequent release.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Commit b32f8d4ff0 broke compilation
of Subversion on systems where unixodbc package is present.
This partial revert fixes issue #8975.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
gnunet-reclaim-sqlite is no more in 0.11.4.
Also remove duplicate files also contained in gnunet-utils package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
