Get downtime information for the tracked mwan3 wan interfaces.
The information shows how long this interface is in disconnected state.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Get uptime information for the tracked mwan3 wan interfaces.
The information shows how long this interface is in connected state.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If a interface is down, call ubus will return an null message which is
used to json_load, it causes json_get_vars gets value from last load and
l3_device various is nonzero.
Signed-off-by: Kyson Lok <kysonlok@gmail.com>
Added PKG_USE_MIPS16 as it seems not to build under mipsel.
Error: opcode not supported on this processor: mips32r2 (mips32r2) `sync'
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The first is needed for 4.14 (maybe the relevant parts got packported and
the second is for when OpenWrt migrates to 4.19.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PR includes switch to codeload tarballs and rename from netopeer2 to
Netopeer2 for better codeload integration.
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Currently luci-app-sqm provided by sqm-scripts depends on luci-base instead
of selecting it, this leads to an indirect circular dependency in kconfig:
tmp/.config-package.in:34646:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:34646: symbol PACKAGE_iptables is selected by PACKAGE_sqm-scripts
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:961: symbol PACKAGE_sqm-scripts is selected by PACKAGE_luci-app-sqm
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:22421: symbol PACKAGE_luci-app-sqm depends on PACKAGE_luci-base
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:21387: symbol PACKAGE_luci-base is selected by PACKAGE_luci-lib-iptparser
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:22899: symbol PACKAGE_luci-lib-iptparser is selected by PACKAGE_luci-app-splash
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:22402: symbol PACKAGE_luci-app-splash is selected by PACKAGE_luci-mod-freifunk-community
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:21552: symbol PACKAGE_luci-mod-freifunk-community depends on PACKAGE_iptables
Solve the issue by turning the dependencies into selecting ones which also
matches the behaviour of other LuCI applications.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This should fix compilation as wolfSSL currently does not define
wolfTLSv1_client_method. And as the comment suggests, this is only TLS 1,
not 1.0 and above.
SSLv23 is TLS 1.1 and above as currently configured in the wolfssl package
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add the ipvsadm command line tool to set up, maintain or inspect the virtual
server table in the Linux kernel.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Added some help to the choice of TLS library in menuconfig, taken from
the squid release notes.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
When libnl is enabled and libnl-genl is disabled, libnl-genl-3.so.200 is
installed by InstallDev, and keepalived picks it up anyway.
This causes build to fail with the following error:
Package keepalived is missing dependencies for the following libraries:
libnl-genl-3.so.200
Instead of having a conditional dependency it is better to have a
consistent build. Disable libnl to enforce this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* with the config option 'trm_radio' you can now restrict travelmate
to a single radio (e.g. 'radio1') or change the overall
scanning order (e.g. 'radio1 radio2 radio0')
* LuCI: show QR codes now inline on the overview page
(collapsed by default)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Building against libftdi1 can't be avoided in the presence of libftdi1
headers apparently. As it might be useful for some DMX adapters and
such, depend on libftdi1 from now on.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Five commits from upstream were applied to v. 7.8-p1:
482d23bc upstream: hold our collective noses and use the openssl-1.1.x
API in
48f54b9d adapt -portable to OpenSSL 1.1x API
86e0a9f3 upstream: use only openssl-1.1.x API here too
a3fd8074 upstream: missed a bit of openssl-1.0.x API in this unittest
d64e7852 add compat header
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
* replace shell based urlencoder with an awk variant
* fix write_log function/syslog output in case of an error
* protect answer string with double quotes in update_route53
* remove bogus set/IFS options in update_route53
* clean-up update_route53 a little bit
This patchset finally fix#6977
Many thanks to @mark0n & @a-bali for testing & debugging
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is a long overdue followup commit to openwrt/openwrt@5d9eeab
("build: remove obsolete references to cris and avr32")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Full changelog at https://github.com/eclipse/mosquitto/blob/v1.5.3/ChangeLog.txt
Primary change:
CVE fix for CVE-2018-12543 - prevent crash on topics that begin with $
but are not $SYS
Selected other fixes relevant to OpenWrt since 1.5.1:
- Fix retained messages not sent by bridges on outgoing topics at the first
connection. Closes#701.
- Fix duplicate clients being added to by_id hash before the old client was
removed. Closes#645.
- Fix excessive CPU usage when the number of sockets exceeds the system limit.
Closes#948.
- Fix for bridge connections when using WITH_ADNS=yes.
- Fix round_robin false behaviour. Closes#481.
- Fix segfault on HUP when bridges and security options are configured.
Closes#965.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Move setting global enabled flag from /etc/init.d/mwan3 to mwan3
command. So we could start mwan3 from the cmd mwan3 as well.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove the limit setting core="unlimited", since this shouldn't be needed
in production use (i.e. non-debug) and on an embedded platform, which is
why it's rarely used by any existing packages.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add an SPKI pin for Cloudflare to help prevent MITM and downgrade attacks,
as described in RFC7858 (DNS over TLS). The setup of SPKI and the specific
SHA256 certificate hash are taken from Cloudflare's DoT configuration guide
published at https://developers.cloudflare.com/1.1.1.1/dns-over-tls/.
Note that the certificate is valid to March 25th 2020, 13:00 CET, which
provides ample time for issuance of a backup pin to support future key
rollover.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Retain the upstream value since privacy is usually the key user motivation
for using DNS-over-TLS, and simply note that those encountering sub-optimal
routing may consider disabling the setting.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The config file /etc/stubby/stubby.yml is not registered properly and any
local changes are being overwritten on upgrade or reinstall.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
- The original copy process is to delete all routing tables first,
then add new routing table. This process is too slow and very dirty.
- We use grep to identify the changes and apply them.
- ignore ipv6 unreachable routes
- update version number
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Should be faster.
Rearranged Makefile slightly for consistency with other packages.
Version 3.5.6 and above are relicensed to GPL-2.0.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix the init script to allow access from IPv6 subnets of the interface
specified in allow section in /etc/config/chrony.
Fixes issue #7039.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
- adjust a few UCI translations to coordinate with upstream defaults
- remove OpenSSL < 1.1.0 API log error patch which is included upstream
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* if <keyutils.h> is found krb5 pulls in the lib, which than fails to link because of a missing -fPic in libkeyutils.so
* keyutils 1.5.11 will depend on krb5, so we disable it in krb5 to avoid circular dependency
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* update to 4.9.0
* move vfs_xattr_tdb to defaults
* add vfs_audit, vfs_extd_audit, vfs_full_audit to AD-DC variant
* disable jansson, libarchive by default, enabled for AD-DC variant
* update waf answers
Noteable smb.conf changes:
* store dos attributes Default changed yes
* ea support Default changed yes
Fixes: Timemachine "The identity of the Backup disk ... has changed since the previous backup."
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Commit 6cd8fcabe added ipsec hotplug script support by calling "exec
/sbin/hotplug-call ipsec".
Using the exec call breaks the insertion of iptables rules by the _updown.in
script as hotplug-call just replaces the current shell meaning the commands
following exec do not run since the shell is replaced and as a result lead to
connectivity issues.
Fix this by removing the exec command in front of /sbin/hotplug-call.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
libbsd may compile before nfs-kernel-server, it will make
nfs-kernel-server depends libbsd.so.0, that is not we want to see. so
gave option to 'configure' to disable libbsd detect and tell it we have
no libbsd
Signed-off-by: Guo Li <uxgood.org@gmail.com>
* enable avahi by default, so Linux/Mac Clients can see samba shares
* enable timemachine config support
* fix invalid --builtin-libraries
* default to 'mdns name = mdns' in template
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Open vSwitch 2.10 introduces meters support to the kernel datapath. In
upstream Linux, the feature is only available since 4.15
This is mainly for make the newly introduced meter features in linux
kernel datapath more easily available
root@OpenWrt:/# ovs-ofctl -OOpenFlow13 meter-features br0
OFPST_METER_FEATURES reply (OF1.3) (xid=0x2):
max_meter:4294967295 max_bands:1 max_color:0
band_types: drop
capabilities: kbps pktps burst stats
root@OpenWrt:/#
Size comparison between in-tree and upstreamed modules are attached
2800 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-geneve-intree/lib/modules/4.14.67/vport-geneve.ko
2736 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-geneve/lib/modules/4.14.67/vport-geneve.ko
2596 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-gre-intree/lib/modules/4.14.67/vport-gre.ko
2536 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-gre/lib/modules/4.14.67/vport-gre.ko
288320 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-intree/lib/modules/4.14.67/openvswitch.ko
118984 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch/lib/modules/4.14.67/openvswitch.ko
2792 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-lisp-intree/lib/modules/4.14.67/vport-lisp.ko
2788 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-stt-intree/lib/modules/4.14.67/vport-stt.ko
3668 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-vxlan-intree/lib/modules/4.14.67/vport-vxlan.ko
3400 Sep 5 08:47 ipkg-mips_24kc/kmod-openvswitch-vxlan/lib/modules/4.14.67/vport-vxlan.ko
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- initscript: skip when ctl scripts are absent. When only ovs is
installed, this will quash error messages of ovn-ctl not found when
invoking stop
- openvswitch-common: include ovs-kmod-ctl
- patches: ovs-save: compatible with busybox ip command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* remove needless third status "not connected", use only "running / not
connected" and "connected"
* change indentation from spaces to tabs (saves 4kb)
* small fixes
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
The registered URLs only point to the latest version. After adding the archive
URL we could now download older version again.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The official tarball does not contain configure, we should set
PKG_FIXUP=autoreconf to generate one
make[4]: *** No targets specified and no makefile found. Stop.
Signed-off-by: Guo Li <uxgood.org@gmail.com>
This was introduced in Open vSwitch 2.10 in commit 771680d ("DNS: Add
basic support for asynchronous DNS resolving")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Install the .pc files to staging directory to help other packages
to find the libraries.
Since the build does not use CMake, we need to manually install the
files and replace two variables using sed.
Filed upstream as https://github.com/eclipse/mosquitto/pull/950
Signed-off-by: Michael Heimpold <michael.heimpold@i2se.com>
Tested-by: Karl Palsson <karlp@etactica.com>
Currently the uci-defaults script doesn't check if the rule is already present. This prevent any problem related by this.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
add extra command "export_storage" to export data for use with Radicale 2.x.x
remove myself as PKG_MAINTAINER, give back to the community
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Avoid potential issues with space or other strangeness by
quoting filenames through the initscripts.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The source code has multiple licenses so update SPD-X header.
NB: The previously unlisted licenses are not applicable to parts
actually built in any configuration for OpenWrt, but rather to
unused (by us) source code.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
We're using --without-wrap unconditionally anyway, so this legacy
dependency needs to be removed.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Instead of making POWERDOWNFLAG an uci option the user can
only change it via initscript edits. This avoids chance for users
to miss the required change to nut-driver when setting an UCI option
for nut-monitor which results in failure to do FSD on the UPS.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
By default use a non-privileged user that is different than
the server or driver (when they are running non-privileged).
This is recommended by upstream.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Even though nut-cgi doesn't run a daemon, using procd triggers
is helpful for updating the generated config file when the
UCI config changes. So implement this and 'modernize' nut-cgi initscript
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Forced shutdown of the UPS was not actually happening before
due to lack of specific commands doing the shutdown. This
(and the nut-driver initscript) fix that.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This fully procdifies nut-monitor, which fixes some issues with
very slow restarts (due to /lib/functions/procd.sh using a very
long delay for non-native scripts doing restart) as well as gives
respawning, etc.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
usbhid-ups has the necessary information in the source, so
let's support USB hotplugging out of the box. Takes advantage of
the procd support now in nut-server initscript.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Clarify the different between the common nut-driver portions of
nut-server and the nut-server (upsd) proper. nut-driver can't
be used without nut-server so there is no compelling reason
to split into a separate package, but the reorganization makes
such a move easier and makes it clear what each bit is for.
While we continue to use a single initscript, it's a properly
procdified one which handles the upsd daemon as a different
instance than the driver instances. This resolves a race
condition in which upsd and drivers fail to start do to
a degree of interdepedence.
Also properly 'procd'ifies the nut-server initscript.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
We want to include the symlinks to the generated configurations
in conffiles so that if the user replaces them symlinks with
traditional NUT configuration it is preserved across sysupgrade.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Make sure that libbsd is not picked up during configuration even if it is
compiled before socat is.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Option 'ip_source' was silently ignored during public IP discovery.
Discovery (in spite of chosen 'ip_source') was based only on
'ip_network', 'ip_interface', 'ip_script' or 'ip_url' options (in this
order) if they were set. This could lead to misleading log entries
"Detect local IP on '$ip_source'" pointing to source that wasn't really
used.
Now only option relevant to configured 'ip_source' is taken into
account.
Signed-off-by: Jacek Politowski <dev@jpol.net.pl>
The upstream acme.sh package changed to using socat instead of netcat;
update the dependencies to reflect this, and pass --listen-v6 when running
in standalone mode (since socat only listens on IPv4 by default).
Also add a missing cleanup call when certificate issuance fails.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Nginx provide WebDAV methods PUT, DELETE, MKCOL, COPY, and MOVE with
http_dav_module. But most WebDAV clients that require additional WebDAV
methods (PROPFIND & OPTIONS) to operate. Add missing methods support
with Arutyunyan Roman (arutyunyan.roman@gmail.com)'s nginx-dav-ext-module.
(see: http://nginx.org/en/docs/http/ngx_http_dav_module.htmlhttps://github.com/arut/nginx-dav-ext-module)
Example config:
location / {
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
root /var/root/;
}
Signed-off-by: Ruixi Zhou <zhouruixi@gmail.com>
Bugfix release. Full changelog at:
https://mosquitto.org/blog/2018/08/version-151-released/
Of most interest to OpenWrt:
* Remove use of AI_ADDRCONFIG, which means the broker can be used on systems where only the loopback interface is defined.
* Fix IPv6 addresses not being able to be used as bridge addresses.
* Fix problem opening listeners on Pi caused by unsigned char being default.
* Fix segfault on startup if bridge CA certificates could not be read.
* Fix possible endian issue when reading the memory_limit option.
* library and client bugfixes including: https://github.com/openwrt/packages/issues/6765
Signed-off-by: Karl Palsson <karlp@etactica.com>
HTTPS to everything
Remove autoreconf as it's not needed and slows down the build.
Build in parallel for faster building.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fix restart behaviour after successful connection
* fix labeling of faulty stations
* optimize re-connect behaviour at locations where multiple uplinks with
the same SSID are in range
* use procd pidfile handling
* refine logging
* small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do
host cert verification. DNS over TLS connects, but hosts are unverified. A
patch for log err is added with a noitce in README.md.
(see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658)
Also, squash some minor robustness and TLS usability fixes.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
RFC2326 specifies the attribute client_port as the RTP/RTCP port pair on
which the client has chosen to receive media data and control info;
however some clients (mostly STBs) embed the client_port value in the
destination attribute in the form of destination=<address:port> without
specifying the client_port attribute in the SETUP message.
To support such clients check if the destination attribute contains a
port value and use it as port value for the expected RTP connection.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Simpler and easier to bump the version in the future.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Since https://git.openwrt.org/d0e0b7049f88774e67c3d5ad6b573f7070e5f900,
OpenWrt SDKs ship the appropriate sources for building usbip userspace
packages, so special nonshared handling is not required anymore.
Sucessfully tested by compiling usbip utilities for various architectures
using self built SDKs after applying the change linked above.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently uscan fails on this as it tries to look for a download link in the
wrong location. Switching it to a GitHub tarball will probably fix it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Unbound struggles with boot ifup, so procd triggers changed to push
outside of this noise. Unbound has run in /var/lib/unbound/, so chroot
(jail) protects /etc/, and it can save flash wear. Compiled defaults
reflect this now, so Unbound tools are easier run on the command line.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
In the description point to installation guide on OpenWrt Wiki to
make it easier for new users to find and to understand how to use
gitolite on OpenWrt.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The user defined in order to own and admin gitolite directories needs
to not be expired else logins such SSH access will not be allowed for
that user. So we unexpire user git by default.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Practicalities of life have intervened and I am no longer able to
dedicate the time required to look after this package.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
nut-monitor failed to create required dir /var/etc/nut, as
well as failing to set appropriate user on the directory and
conf files. Fixing this closes
https://github.com/openwrt/packages/issues/6644
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
With growing interest, DNS over TLS can be setup in Unbounds foward-zone:
clause. A broader UCI solution is added to support forward-, stub-, and
auth- zone clauses in a new 'zone' section. This implentation required
reworking scripts, because they did not scale. 'forward_domain' and
'prefetch_root' options are removed, and superceded by 'zone' section.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* no longer rename faulty uplinks in /etc/config/wireless, but save
uplink state in json runtime information. To reset the saved state
simply restart travelmate processing.
Signed-off-by: Dirk Brenken <dev@brenken.org>
Delay startup of p910nd to give devices more time to enumerate
Fixes issue #4752
Tested on mir3g
Signed-off-by: Francesco Molitierno <francyesc0@hotmail.it>
Selecting libcap in addition to mtr causes it to error with
Package mtr is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Notable Changes:
* New IRCv3.2 capabilities support on client and server side
* Increased max line lengths
* support for stripping color control codes
* various bug fixes
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[jonas.gorski: add notable changes, switch to 1.7.1]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Added compatibility with openssl 1.1, and also fixed a compiler
warning about implicit declaration.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Since certain characters are dangerous to pass as-is to a sub shell,
sanitize the character set and only allow characters that are considered
valid for DNS hosts and filter shell escape characters on generic parameters.
Disable pathname expansion on RUNPROG evals to disable the shell expanding *,
? and [ in the arguments.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
backend:
* add low priority mode (nice level 10), disabled by default
* enhance 'Force DNS' to redirect ports 53, 853 and 5353
frontend:
* switch to dynamic XHR polling for runtime information and logfile
viewing
* add new 'Refresh' button to reload blocklists
* various cleanups & small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
OpenWrt changed the way the uci shell parsing functions deal with list
configuration items.
This change broke the generation of the privoxy runtime configuration
because no callbacks were emitted anymore.
Fix the problem by defining a list_cb() that simply calls the existing
option_cb() to deal with list item values.
Ref: c9c0fc28a9 ("base-files: fix UCI config parsing and callback handling")
Ref: https://forum.lede-project.org/t/openwrt-snapshot-privoxy-error/15919
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently the uwsgiconfig python script append some additional compilation flag based on the host system. This fix some problem related with this by hardcoding usgi_os variable to Linux
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently the nginx user for the default luci config is root... This is dangerous and unnecessary, reset it back to nobody nogroup.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently the socket file for uwsgi can be open only from root user, change this to permit other use to use it. (Needed for nginx to use uwsgi as nobody or dedicated user)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
The spoofer client is part of a system to measure the Internet's resistance
to packets with a spoofed (forged) source IP address.
Signed-off-by: Ken Keys <kkeys@caida.org>
Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Some package needs nginx as dependency this permit to use nginx-ssl and nginx-all-module as dep for them.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* Remove stray LICENSE file added to repo
* Use codeload instead of git
* Add proper (as close as possible) SPDX license
* Drop OpenSSL, PCRE and Libxml2 as dependencies
Makes it more suitable alternative for small flash devices
* Drop /etc/uwsgi as there's only one config file
* Remove stray /etc/nginx directory
* Reorganize configuration file
* Convert init.d script to use procd
* Hardset 3 threads and processes, seems like a good tradeoff
between performance and memory usage instead of doing
auto scaling based on amout of cpu cores/threads
Non-scientific benchmark (tm)
ramips, mt7621, WiTi Board 16/256M
1. 3 threads, 6 processes
2. 2 threads, 2 processes
3. 3 threads, 3 processes
- LuCI Main page
1.48s
1.72s
1.64s
- Status --> Firewall
6.24s
6.39s
6.40s
- Status --> Kernel log
266ms
256ms
251ms
- Network --> Firewall
936ms
1.08s
1.07s
- Network --> Wireless
1.39s
1.42s
1.40s
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Currently the uci-defaults scripts reset nginx config even it they are valid due to a bug in the if condition.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Undo previous commit that added an iconv hack. The problem was actually
fixed by including nls.mk in the mariadb package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
With the current layout CONFIGURE_ARGS can end up like this:
--with-mysql --without-mysql
To avoid that join the ifneqs of the two mysql related plugins.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Unbound UCI so far has limited forward configuration lacking
DNS over TLS connection setup tools. User override files
'unbound_srv.conf' and 'unbound_ext.conf' can implement this.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
They are missed out from the FIXUP check probably because of a flaw in
the fixup-makefile.pl script
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
uwsgi-cgi's build system requires CPP to be set to avoid using include
path from the build system. Otherwise it may wrongly detect
sys/capability.h of the host system and enables libcap support
CPP variable was once introduced into build system in 2017 but then
reverted in b957e45 ("rukes.mk: this patch broken grub2 builds")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
libmariadb 10.2.x needs to be linked in together with iconv. On glibc
and musl iconv is part of libc. But on uclibc libiconv-full needs to be
used.
gnunet only has access to iconv on uclibc when BUILD_NLS is selected.
This commit adds hidden symbol GNUNET_HAS_ICONV_SUPPORT which sorts this
out.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This add 2 variant of nginx so we can have package with SSL config flag preselected. This also add support for 2 more module and upgrade gninx to latest version. Also add myself as secondary maintainer to apply luci modification quickly.
Use of autoreconf to fix problems with recompilation on every new build (even if the version is the same). Add a patch to ignore on invalid configure option instead of trow error.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
The package was tested on raspberry pi 3. Geth needs about two hours to
fully sync the first try and uses an additional 250Mb of storage.
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Some of them forgot to update MIRROR_HASH on version change, others
updated with wrong hash value. The new values were generated from
tarballs prepared by the newly introduced github-tarball download
methoded and confirmed consistent with those from sources.openwrt.org
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
By default, libatomic is conditionally enabled on some platforms, but it's not
strictly necessary. We'll disable it here globally rather than introduce an
unnecessary dependency.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Make sure ccnet-server is running during the final setup step to avoid
an error creating django superuser
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
obfs4proxy is a Tor pluggable transport proxy, implementing obfs4.
This commit also includes obfs4proxy's build time dependencies:
* golang-github-agl-ed25519: Go implementation of Ed25519 signature
algorithm
* golang-github-dchest-siphash: Go implementation of SipHash-2-4
* golang-golang-x-crypto: Go supplementary cryptography libraries
* golang-golang-x-net: Go supplementary network libraries
* golang-golang-x-sys: Go packages for interaction with the OS
* golang-golang-x-text: Go text processing support
* golang-torproject-pluggable-transports-goptlib: Tor pluggable
transports library for Go
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Make OLA more useful for untrained users which depend on the built-in
webserver. We may split the ola package into smaller parts to allow
not having web-stuff in case this breaks the space-constraints for some
users.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Several required dependencies were added:
django-formtools
django-simple-captcha
django-webpack-loader
python-qrcode
python-requests
python-requests-oauthlib
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Added a patch applied upstream.
- Fix that table SystemInfo can't be created in sqlite db.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Recent protobuf requires C++11 while OLA was forcing C++98 in order
to keep using auto_ptr without getting warnings... Use gnu++11 to make
everyone happy and live with the warnings about auto_ptr being
deprecated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adds an additional file for ngix that contains all the files need to make luci works on the nginx webserver.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
EdDSA support is optional and currently defaults to being disabled.
The following security issues are addressed with this update:
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143.
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141.
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140.
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. This bug is disclosed in CVE-2017-3145.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
When UCI local zone is private and static, Unbound covered private
addresses with defaults. Optional delegated global IP6 prefix
protection lacked a static zone, but it was prevented from appearing
in global DNS responses. Domain names router-as-TLD, "lan." and
"local." were static, but they lacked default SOA or NS such as
Unbound had assinged to private addresses. Clean up these local
zones UCI evaluation and block global DNS inclusion.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
A few bug fixes but importantly fix a deadlock on
AXFR configuration when notify occurs (auth-zone:)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The internal nameservers and the DHCP default domain should be
squirted into /tmp/resolv.conf.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It's been quite a long time since there was a release, and this one
includes quite a bit of fixes/updates.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
new ddns script for polish service FreeDNS.42.pl where you can
host your own domains for free
Signed-off-by: Michal Lipka <michal@sysadmin.care>
(commits from PR #6150 squashed together)
Adds support for openssl 1.1.0.
Removed all patches as they are now integrated into upstream.
Thanks to: Eneas U de Queiroz <cote2004-github@yahoo.com> for his OpenSSL patch
Signed-off-by: Christian Pointner <equinox@spreadspace.org>
Add -fPIC to TARGET_LD_FLAGS
ce9TpAS.ltrans0.ltrans.o: relocation R_MIPS16_26 against `syslog' can not
be used when making a shared object; recompile with -fPIC
cce9TpAS.ltrans0.ltrans.o: error adding symbols: Bad value
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
backend:
* enhance the whitelist function. Now sub-domains could be whitelisted
(e.g. 'fakenews.facebook.com'), even if the correspondent tld is
blacklisted (e.g. 'facebook.com') - this makes whitelisting
much more flexible and predictable
* rework the domain query function to adapt the whitelist changes
* refine startup error checks/messages
* small fixes
luci:
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Do not call library initialization when compiling with openssl 1.1.
The package generates the C source files for its DH parameters at
compile time using the host installed openssl. This patch adds a DH
source, using the same parameters, compatible with openssl 1.0 and 1.1.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Changes summarized by upstream maintainer
* Add MinGW support by @linusyang.
* Refine c-ares integration by @xnoreq.
* Fix building issues with GCC8 by @FlyingheartCN.
* Minor bug fixes.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
New scheme mainly provides three packages: openvswitch,
openvswitch-ovn-north, openvswitch-ovn-controller. These should fit
most usage scenarios. Other subpackages like openvswitch-libXXX
etc. are there for dependency management and are hidden from the
menu.
Many python and shell scripts are removed in this revision. Most of
them cannot run out of box at all for lack of dependencies. Others
being legacy ones are not that useful now. Add them back at later time
when real need appears
Below are a simple listing of additions
- initscript now incorporate also ovn north and controller support
- ovn-ctl and ovs-ctl can be invoked directly from within $PATH
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Currently this 3 variable are used only 1 time in the sh script and cause 10s of delay for them to load... move them to load only if it's required by the command. This also fix luci-app-ddns delay problem derived by calling dns_lucihelper (that use tdns_functions to load data) for the version.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This bump nginx package to latest stable.
Also add support for the brotli compression module and head_more module.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Originally this was indended as a fix for devices without RTC support
which do not have the correct time set after a reboot (until ntp is able
to update the system time). vnstat checks if there is a time difference
between the latest entry in the database and detects that the system time
is incorrect. In this case vnstat does not start (to prevent database
corruption), the following message is reported instead:
'Error: Interface "..." has previous update date too much in the future,
exiting.'
Once we have network connectivity (and ntp has updated the system time)
vnstat starts correctly though.
vnstat 1.18 fixes this by waiting a few minutes (instead of exiting) and
the following message is logged:
"Latest database update is in the future (db: 2018-04-28 08:39:11 > now:
2018-04-28 08:07:18). Giving the system clock up to 5 minutes to sync
before continuing."
This still adds a procd respawn trigger to let procd automatically
restart vnstat in case:
- vnstat it crashes
- no valid system time is received for a long time (no network
connectivity, broken NTP servers, ...)
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This ports the init-script from the legacy functions to procd. There
should be no functional changes with this patch.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
If an interface is not tracked by mwan3 or enabled and this interface is
setup by netifd, then the connected ipset is not update by mwan3.
To fix this also call connected ipset update code even if the interface
is not tracked or enabled by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add the possibility to use Unbound auto-zone: clause to
fetch complete root, arpa, in-addr.arpa, and ip6.arpa
zone files. This can speed up recursion when users
access many ccTLD or connection logging hits many PTR.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Some resource options bundled many Unbound.conf options and
made customizing on top of UCI difficult. Make it easier to
use Unbound built defaults (blank conf sections).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
It's a python script and requires backtrace support when building
openvswitch which requires glibc.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The overlay and underlay driver, and ovs-docker utilities requires setup
and dependencies that are just not available in known maintained state.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Mainly a bugfix for XSS. Patches have been refreshed.
Added an upstream fix for TLS verification. Now enabled by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The sources for usbip are within the kernel. A patch that was included
with the package, which changed the old signal name SIGCLD to the new
one, SIGCHLD, was merged upstream. However, different targets use
different kernel versions. Current version 4.14 and 4.9 are fine, but
older versions do not have the patch applied. So, I used
-DSIGCLD=SIGCHLD to please both worlds.
libudev-fbsd currently used by openwrt does not implement the
udev_device_get_devpath function. eudev's implementation of libudev
sets it as (src/libudev/libudev-device.c):
udev_device->devpath = udev_device->syspath + strlen("/sys");
I used a command-line define to use the same logic, as it works with
new and old versions of the kernel--the use of ..devpath is quite
recent.
I also linked with libbsd, when using glibc.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
- Update haproxy download URL and hash
- Removed all obsolete patches
- Added logic to Makefile to only append the patch-version to the HA-Proxy version if we actually applied any patches (PKG_RELEASE!=00)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Only execute an ifup event with the command "mwan3 ifup <iface>" if the
l3_device is found in the ubus "network.interface.<iface>".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
backend:
* add generic blocklist archive support
* add support for blacklist archive from Toulouse 1 University Capitole
* add support for urlhaus RPZ domains by abuse.ch
* small bugfixes & enhancements
luci:
* archive sub-categories (shalla & ut_capitole) are now configurable
via LuCI CBI template
* small bugfixes & enhancements
Signed-off-by: Dirk Brenken <dev@brenken.org>
