HTTPS to everything
Remove autoreconf as it's not needed and slows down the build.
Build in parallel for faster building.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fix restart behaviour after successful connection
* fix labeling of faulty stations
* optimize re-connect behaviour at locations where multiple uplinks with
the same SSID are in range
* use procd pidfile handling
* refine logging
* small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do
host cert verification. DNS over TLS connects, but hosts are unverified. A
patch for log err is added with a noitce in README.md.
(see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658)
Also, squash some minor robustness and TLS usability fixes.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
RFC2326 specifies the attribute client_port as the RTP/RTCP port pair on
which the client has chosen to receive media data and control info;
however some clients (mostly STBs) embed the client_port value in the
destination attribute in the form of destination=<address:port> without
specifying the client_port attribute in the SETUP message.
To support such clients check if the destination attribute contains a
port value and use it as port value for the expected RTP connection.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Simpler and easier to bump the version in the future.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Since https://git.openwrt.org/d0e0b7049f88774e67c3d5ad6b573f7070e5f900,
OpenWrt SDKs ship the appropriate sources for building usbip userspace
packages, so special nonshared handling is not required anymore.
Sucessfully tested by compiling usbip utilities for various architectures
using self built SDKs after applying the change linked above.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently uscan fails on this as it tries to look for a download link in the
wrong location. Switching it to a GitHub tarball will probably fix it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Unbound struggles with boot ifup, so procd triggers changed to push
outside of this noise. Unbound has run in /var/lib/unbound/, so chroot
(jail) protects /etc/, and it can save flash wear. Compiled defaults
reflect this now, so Unbound tools are easier run on the command line.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
In the description point to installation guide on OpenWrt Wiki to
make it easier for new users to find and to understand how to use
gitolite on OpenWrt.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
The user defined in order to own and admin gitolite directories needs
to not be expired else logins such SSH access will not be allowed for
that user. So we unexpire user git by default.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Practicalities of life have intervened and I am no longer able to
dedicate the time required to look after this package.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
nut-monitor failed to create required dir /var/etc/nut, as
well as failing to set appropriate user on the directory and
conf files. Fixing this closes
https://github.com/openwrt/packages/issues/6644
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
With growing interest, DNS over TLS can be setup in Unbounds foward-zone:
clause. A broader UCI solution is added to support forward-, stub-, and
auth- zone clauses in a new 'zone' section. This implentation required
reworking scripts, because they did not scale. 'forward_domain' and
'prefetch_root' options are removed, and superceded by 'zone' section.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* no longer rename faulty uplinks in /etc/config/wireless, but save
uplink state in json runtime information. To reset the saved state
simply restart travelmate processing.
Signed-off-by: Dirk Brenken <dev@brenken.org>
Delay startup of p910nd to give devices more time to enumerate
Fixes issue #4752
Tested on mir3g
Signed-off-by: Francesco Molitierno <francyesc0@hotmail.it>
Selecting libcap in addition to mtr causes it to error with
Package mtr is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Notable Changes:
* New IRCv3.2 capabilities support on client and server side
* Increased max line lengths
* support for stripping color control codes
* various bug fixes
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[jonas.gorski: add notable changes, switch to 1.7.1]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Added compatibility with openssl 1.1, and also fixed a compiler
warning about implicit declaration.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Since certain characters are dangerous to pass as-is to a sub shell,
sanitize the character set and only allow characters that are considered
valid for DNS hosts and filter shell escape characters on generic parameters.
Disable pathname expansion on RUNPROG evals to disable the shell expanding *,
? and [ in the arguments.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
backend:
* add low priority mode (nice level 10), disabled by default
* enhance 'Force DNS' to redirect ports 53, 853 and 5353
frontend:
* switch to dynamic XHR polling for runtime information and logfile
viewing
* add new 'Refresh' button to reload blocklists
* various cleanups & small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
OpenWrt changed the way the uci shell parsing functions deal with list
configuration items.
This change broke the generation of the privoxy runtime configuration
because no callbacks were emitted anymore.
Fix the problem by defining a list_cb() that simply calls the existing
option_cb() to deal with list item values.
Ref: c9c0fc28a9 ("base-files: fix UCI config parsing and callback handling")
Ref: https://forum.lede-project.org/t/openwrt-snapshot-privoxy-error/15919
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently the uwsgiconfig python script append some additional compilation flag based on the host system. This fix some problem related with this by hardcoding usgi_os variable to Linux
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently the nginx user for the default luci config is root... This is dangerous and unnecessary, reset it back to nobody nogroup.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Currently the socket file for uwsgi can be open only from root user, change this to permit other use to use it. (Needed for nginx to use uwsgi as nobody or dedicated user)
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
The spoofer client is part of a system to measure the Internet's resistance
to packets with a spoofed (forged) source IP address.
Signed-off-by: Ken Keys <kkeys@caida.org>
Ipsec user script (/etc/ipsec.user) now get called indirectly by openwrt
"/sbin/hotplug-call". So other packages could also install their scripts
in "/etc/hotplug.d/ipsec".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Some package needs nginx as dependency this permit to use nginx-ssl and nginx-all-module as dep for them.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* Remove stray LICENSE file added to repo
* Use codeload instead of git
* Add proper (as close as possible) SPDX license
* Drop OpenSSL, PCRE and Libxml2 as dependencies
Makes it more suitable alternative for small flash devices
* Drop /etc/uwsgi as there's only one config file
* Remove stray /etc/nginx directory
* Reorganize configuration file
* Convert init.d script to use procd
* Hardset 3 threads and processes, seems like a good tradeoff
between performance and memory usage instead of doing
auto scaling based on amout of cpu cores/threads
Non-scientific benchmark (tm)
ramips, mt7621, WiTi Board 16/256M
1. 3 threads, 6 processes
2. 2 threads, 2 processes
3. 3 threads, 3 processes
- LuCI Main page
1.48s
1.72s
1.64s
- Status --> Firewall
6.24s
6.39s
6.40s
- Status --> Kernel log
266ms
256ms
251ms
- Network --> Firewall
936ms
1.08s
1.07s
- Network --> Wireless
1.39s
1.42s
1.40s
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Currently the uci-defaults scripts reset nginx config even it they are valid due to a bug in the if condition.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Undo previous commit that added an iconv hack. The problem was actually
fixed by including nls.mk in the mariadb package.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
With the current layout CONFIGURE_ARGS can end up like this:
--with-mysql --without-mysql
To avoid that join the ifneqs of the two mysql related plugins.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Unbound UCI so far has limited forward configuration lacking
DNS over TLS connection setup tools. User override files
'unbound_srv.conf' and 'unbound_ext.conf' can implement this.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
They are missed out from the FIXUP check probably because of a flaw in
the fixup-makefile.pl script
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
uwsgi-cgi's build system requires CPP to be set to avoid using include
path from the build system. Otherwise it may wrongly detect
sys/capability.h of the host system and enables libcap support
CPP variable was once introduced into build system in 2017 but then
reverted in b957e45 ("rukes.mk: this patch broken grub2 builds")
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
libmariadb 10.2.x needs to be linked in together with iconv. On glibc
and musl iconv is part of libc. But on uclibc libiconv-full needs to be
used.
gnunet only has access to iconv on uclibc when BUILD_NLS is selected.
This commit adds hidden symbol GNUNET_HAS_ICONV_SUPPORT which sorts this
out.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This add 2 variant of nginx so we can have package with SSL config flag preselected. This also add support for 2 more module and upgrade gninx to latest version. Also add myself as secondary maintainer to apply luci modification quickly.
Use of autoreconf to fix problems with recompilation on every new build (even if the version is the same). Add a patch to ignore on invalid configure option instead of trow error.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
The package was tested on raspberry pi 3. Geth needs about two hours to
fully sync the first try and uses an additional 250Mb of storage.
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Some of them forgot to update MIRROR_HASH on version change, others
updated with wrong hash value. The new values were generated from
tarballs prepared by the newly introduced github-tarball download
methoded and confirmed consistent with those from sources.openwrt.org
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
By default, libatomic is conditionally enabled on some platforms, but it's not
strictly necessary. We'll disable it here globally rather than introduce an
unnecessary dependency.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
Make sure ccnet-server is running during the final setup step to avoid
an error creating django superuser
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
obfs4proxy is a Tor pluggable transport proxy, implementing obfs4.
This commit also includes obfs4proxy's build time dependencies:
* golang-github-agl-ed25519: Go implementation of Ed25519 signature
algorithm
* golang-github-dchest-siphash: Go implementation of SipHash-2-4
* golang-golang-x-crypto: Go supplementary cryptography libraries
* golang-golang-x-net: Go supplementary network libraries
* golang-golang-x-sys: Go packages for interaction with the OS
* golang-golang-x-text: Go text processing support
* golang-torproject-pluggable-transports-goptlib: Tor pluggable
transports library for Go
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Make OLA more useful for untrained users which depend on the built-in
webserver. We may split the ola package into smaller parts to allow
not having web-stuff in case this breaks the space-constraints for some
users.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Several required dependencies were added:
django-formtools
django-simple-captcha
django-webpack-loader
python-qrcode
python-requests
python-requests-oauthlib
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Added a patch applied upstream.
- Fix that table SystemInfo can't be created in sqlite db.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Recent protobuf requires C++11 while OLA was forcing C++98 in order
to keep using auto_ptr without getting warnings... Use gnu++11 to make
everyone happy and live with the warnings about auto_ptr being
deprecated.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This adds an additional file for ngix that contains all the files need to make luci works on the nginx webserver.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
EdDSA support is optional and currently defaults to being disabled.
The following security issues are addressed with this update:
* An error in TSIG handling could permit unauthorized zone transfers
or zone updates. These flaws are disclosed in CVE-2017-3142 and
CVE-2017-3143.
* The BIND installer on Windows used an unquoted service path, which
can enable privilege escalation. This flaw is disclosed in
CVE-2017-3141.
* With certain RPZ configurations, a response with TTL 0 could cause
named to go into an infinite query loop. This flaw is disclosed in
CVE-2017-3140.
* Addresses could be referenced after being freed during resolver
processing, causing an assertion failure. The chances of this
happening were remote, but the introduction of a delay in
resolution increased them. This bug is disclosed in CVE-2017-3145.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
When UCI local zone is private and static, Unbound covered private
addresses with defaults. Optional delegated global IP6 prefix
protection lacked a static zone, but it was prevented from appearing
in global DNS responses. Domain names router-as-TLD, "lan." and
"local." were static, but they lacked default SOA or NS such as
Unbound had assinged to private addresses. Clean up these local
zones UCI evaluation and block global DNS inclusion.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
A few bug fixes but importantly fix a deadlock on
AXFR configuration when notify occurs (auth-zone:)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
The internal nameservers and the DHCP default domain should be
squirted into /tmp/resolv.conf.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It's been quite a long time since there was a release, and this one
includes quite a bit of fixes/updates.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
new ddns script for polish service FreeDNS.42.pl where you can
host your own domains for free
Signed-off-by: Michal Lipka <michal@sysadmin.care>
(commits from PR #6150 squashed together)
Adds support for openssl 1.1.0.
Removed all patches as they are now integrated into upstream.
Thanks to: Eneas U de Queiroz <cote2004-github@yahoo.com> for his OpenSSL patch
Signed-off-by: Christian Pointner <equinox@spreadspace.org>
Add -fPIC to TARGET_LD_FLAGS
ce9TpAS.ltrans0.ltrans.o: relocation R_MIPS16_26 against `syslog' can not
be used when making a shared object; recompile with -fPIC
cce9TpAS.ltrans0.ltrans.o: error adding symbols: Bad value
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
backend:
* enhance the whitelist function. Now sub-domains could be whitelisted
(e.g. 'fakenews.facebook.com'), even if the correspondent tld is
blacklisted (e.g. 'facebook.com') - this makes whitelisting
much more flexible and predictable
* rework the domain query function to adapt the whitelist changes
* refine startup error checks/messages
* small fixes
luci:
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Do not call library initialization when compiling with openssl 1.1.
The package generates the C source files for its DH parameters at
compile time using the host installed openssl. This patch adds a DH
source, using the same parameters, compatible with openssl 1.0 and 1.1.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Changes summarized by upstream maintainer
* Add MinGW support by @linusyang.
* Refine c-ares integration by @xnoreq.
* Fix building issues with GCC8 by @FlyingheartCN.
* Minor bug fixes.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
New scheme mainly provides three packages: openvswitch,
openvswitch-ovn-north, openvswitch-ovn-controller. These should fit
most usage scenarios. Other subpackages like openvswitch-libXXX
etc. are there for dependency management and are hidden from the
menu.
Many python and shell scripts are removed in this revision. Most of
them cannot run out of box at all for lack of dependencies. Others
being legacy ones are not that useful now. Add them back at later time
when real need appears
Below are a simple listing of additions
- initscript now incorporate also ovn north and controller support
- ovn-ctl and ovs-ctl can be invoked directly from within $PATH
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Currently this 3 variable are used only 1 time in the sh script and cause 10s of delay for them to load... move them to load only if it's required by the command. This also fix luci-app-ddns delay problem derived by calling dns_lucihelper (that use tdns_functions to load data) for the version.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This bump nginx package to latest stable.
Also add support for the brotli compression module and head_more module.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Originally this was indended as a fix for devices without RTC support
which do not have the correct time set after a reboot (until ntp is able
to update the system time). vnstat checks if there is a time difference
between the latest entry in the database and detects that the system time
is incorrect. In this case vnstat does not start (to prevent database
corruption), the following message is reported instead:
'Error: Interface "..." has previous update date too much in the future,
exiting.'
Once we have network connectivity (and ntp has updated the system time)
vnstat starts correctly though.
vnstat 1.18 fixes this by waiting a few minutes (instead of exiting) and
the following message is logged:
"Latest database update is in the future (db: 2018-04-28 08:39:11 > now:
2018-04-28 08:07:18). Giving the system clock up to 5 minutes to sync
before continuing."
This still adds a procd respawn trigger to let procd automatically
restart vnstat in case:
- vnstat it crashes
- no valid system time is received for a long time (no network
connectivity, broken NTP servers, ...)
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This ports the init-script from the legacy functions to procd. There
should be no functional changes with this patch.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
If an interface is not tracked by mwan3 or enabled and this interface is
setup by netifd, then the connected ipset is not update by mwan3.
To fix this also call connected ipset update code even if the interface
is not tracked or enabled by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add the possibility to use Unbound auto-zone: clause to
fetch complete root, arpa, in-addr.arpa, and ip6.arpa
zone files. This can speed up recursion when users
access many ccTLD or connection logging hits many PTR.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
Some resource options bundled many Unbound.conf options and
made customizing on top of UCI difficult. Make it easier to
use Unbound built defaults (blank conf sections).
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
It's a python script and requires backtrace support when building
openvswitch which requires glibc.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The overlay and underlay driver, and ovs-docker utilities requires setup
and dependencies that are just not available in known maintained state.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Mainly a bugfix for XSS. Patches have been refreshed.
Added an upstream fix for TLS verification. Now enabled by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The sources for usbip are within the kernel. A patch that was included
with the package, which changed the old signal name SIGCLD to the new
one, SIGCHLD, was merged upstream. However, different targets use
different kernel versions. Current version 4.14 and 4.9 are fine, but
older versions do not have the patch applied. So, I used
-DSIGCLD=SIGCHLD to please both worlds.
libudev-fbsd currently used by openwrt does not implement the
udev_device_get_devpath function. eudev's implementation of libudev
sets it as (src/libudev/libudev-device.c):
udev_device->devpath = udev_device->syspath + strlen("/sys");
I used a command-line define to use the same logic, as it works with
new and old versions of the kernel--the use of ..devpath is quite
recent.
I also linked with libbsd, when using glibc.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
- Update haproxy download URL and hash
- Removed all obsolete patches
- Added logic to Makefile to only append the patch-version to the HA-Proxy version if we actually applied any patches (PKG_RELEASE!=00)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Only execute an ifup event with the command "mwan3 ifup <iface>" if the
l3_device is found in the ubus "network.interface.<iface>".
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
backend:
* add generic blocklist archive support
* add support for blacklist archive from Toulouse 1 University Capitole
* add support for urlhaus RPZ domains by abuse.ch
* small bugfixes & enhancements
luci:
* archive sub-categories (shalla & ut_capitole) are now configurable
via LuCI CBI template
* small bugfixes & enhancements
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Add valid responses "good|nochg" so that ddns-script could recognize "badauth"
error that comes with http 200 code
- Switch url to https scheme. "now-dns.com" always returns 302 redirect
to https:// for all plain-text http requests. Since working via default
plain-text http is not possible anyway, forcing url to https prevents
curl sending unencrypted plain-text credentials via basic auth
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
The normal situation should be to use ping without quality_check.
If quality_check option is not set in the default option then ping
quality_check is not performed during tracking. This is and should
be the default situation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
1. Test link quality based on packet loss & latency w.r.t. pre-defined high and low watermark values.
2. Extended ubus support to provide packet loss & latency information per wan per track_ip
Signed-off-by: Nishant Sharma <codemarauder@gmail.com>
Move default leasefile location from /var to /var/run.
Also rename from upnp.leases to miniupnpd.leases
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Building with --gc-sections & -flto drop ipk size from 72600 to 66345
on MIPS
No misbehaviour due to these optimisations observed.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This is a major release.
https://mosquitto.org/blog/2018/05/version-1-5-released/
Performance, configurability, protection from fuzzing and bad data,
customizable SSL contexts, all sorts of goodies.
Signed-off-by: Karl Palsson <karlp@etactica.com>
The new procd config dependency tracking requires the start method to be
called even on boot. So add a state file that is checked by the run script
to condition the special-case boot run instead of the previous independent
call to the run script.
Ref: https://github.com/openwrt/luci/pull/1769
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Fix buildbot breakage by disabling libidn2 that has been recently
added to the packages.
lftp has apparently switched from libidn to libidn2 some time ago,
so the old configure directive was actually wrong, as can be seen
from build log.
> configure: WARNING: unrecognized options: --without-libidn
> ...
> Package lftp is missing dependencies for the following libraries:
> libidn2.so.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Import miniupnpd from routing repo and bump to 20180422.
Drop 102-ipv6-ext-port.patch as this looks upstreamed in the pinhole
code to me.
Consolidate all other patches & update with a view to sending upstream.
Add support for runtime IGDv1 mode switch (default to IGDv2)
(not extensively) Tested-on: ar71xx Archer C7 v2 in IGDv1 compatibility
mode. A variety of devices/applications appear to be able to create
mappings.
Have an attempt at resolving https://github.com/openwrt-routing/packages/issues/286
TL;DR miniupnpd rules get processed before fw3 rules and thus can
override existing/intended redirects. Ideally the miniupnpd rules would
be last in the relevant chains, unfortunately fw3 can sometimes use the
last rule as a REJECT. Put miniupnpd rules as penultimate.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Manually fetching patches is cumbersome so I created a simple bash-script which uses Git-mechanisms to collect all patches inside a branch from a specific TAG to the current HEAD revision.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Update source IP of the expected RTP connection according to the SOURCE
attribute value if present in the RTSP SETUP REPLY message.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Rewritten Pull for #5885
When ran from the command line, the script prints
error messages like below. They are caused by supplying
empty "$password" and "$URL_PASS" for some log messages
like "130822 : Detect local IP on 'interface'".
The fix is to check if the values are not empty before running
through sed.
/etc/init.d/ddns start
sed: no previous regexp
Reported by Marc Benoit <marcb62185@gmail.com>
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Package configure script decided to use libidn2 already now that it
became available. This triggered a dependency error:
Package libgnurl is missing dependencies for the following libraries:
libidn2.so.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit adds a simple procd init script for bcp38 with the sole purpose
to register a configuration change trigger for /etc/config/bcp38.
The change will allow for automatic firewall reloads triggered by invoking
/sbin/reload_config or through ubus config change events emitted by LuCI.
With the init script in place and started, calling
ubus call service event '{"type":"config.change","data":{"package":"bcp38"}}'
or
/sbin/reload_config
will issue an /etc/init.d/firewall reload if /etc/config/bcp38 has been
modified since the last reload_config call.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of passing a wildcard source to the expected RTP data connection;
use the server IP address of the RTSP SETUP packet or the RTP media source
from the SETUP URI contained in the SETUP packet.
This guarantees RTP data is only accepted from the expected source.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
As acme.sh has releases, switch to using those. Update the version accordingly.
Also rearranged some stuff in the hope that uscan will start tracking releases instead of git commits. Makefile is more simple as a result.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Removed libtalloc dependency and adjusted configure args to skip some tests. Those packages were not being built anyway.
Size difference: 14405 vs. 14125 on mvebu. Also 11275 bytes for libtalloc are gone.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
To fix the shell local issue in the ubus mwan3 rpcd shell script, move
the switch case statment into a function.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
dhcrelay has the ability to monitor interfaces for requests
in a single direction only rather than listening to all
interfaces for requests.
Doing this allows one to suppress the duplication of having
the relay forward requests from the same network that the
DHCP server is on.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
In a tool like this one, you really want an option to establish if the service
should start or not by default on boot time, especially when its configuration
file has to be customized by the user.
In the configuration file, the new 'enabled' option is setted to '0' by default
since the configuration provided by default will not be the one finally used.
In the init script, the new 'enabled' option is setted to '1' by default in
order to support the previous configuration file behaviour.
Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
Two issues:
1. The fwknopd init script did not handle unprepared logical networks.
This is fixed by A) not defining instance for procd when the physical
interface is unknown, and B) by watching the logical network for
changes.
2. When using PPPoE, there are two physical interfaces -- one for raw
PPPoE communication and one for wrapped communication. The function
network_get_physdev returns the physical device, while the function
network_get_device returns the wrapped one -- we shall use the
wrapped interface. Usually (for non-wrapped interfaces) the physdev
and device are the same, also other network scripts use the latter
function.
Both issues found by and thanks are going to @lucize.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Sometimes it's necessary to set per-host options like:
list dhcp_option 'option:always-broadcast,true'
for hosts that don't understand unicast replies. There might
be other options you might want to set on a per-host basis,
such as extensions-path, dhcp-message-text, etc.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Some /etc/config-destined files are in files/ and suffixed with
.conf while others are in files/etc/config/ which isn't consistent.
Put everything in files/ and call it good.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
It was requested as it can be useful under certain circumstances.
Disabled rpc_whitelist by default. Not only is there a firewall, but it denies access when IP address of the device is changed.
Added group support in UCI. Fixes cases where group does not match the user (nobody:nogroup).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Even on a powerful platform a nlbwmon process'
activities are sometimes affecting throoughput and
latency. This is a backgroud process, that should not
be running with default priority.
Even if it is a little deplayed, that is not a worry in
this case. The routing should be the main priority,
bandwidth stats collection can wait a bit.
Tested on Netgear R7800
Signed-off-by: Marc Benoit <marcb62185@gmail.com>
* union 'automatic' and 'trigger' mode, now much more responsive
if an uplink suddenly disappears
* tidy up (disable) travelmate related uplink connections
if you disable the service
* change default config ('trm_automatic' removal)
* documentation update
* LuCI: remove needless 'automatic' and 'trigger' options
plus small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
Considering that ipv6 NPT/NAT/NETMAP is done manually by user,
mwan3 can balance ipv6 interfaces as it does with ipv4.
Interface wan2 was renamed to wanb as wan2, wan3, ... will eventually
colide with OpenWrt with default wan6 interface when more than 6
interfaces are in use.
New interfaces, members for wan6 and wanb6 where created, both disabled
by default. Policies where adapted as well.
The option "family" is set respectively in each interface. When missing,
mwan3 assumes ipv4, that will fail when interface is IPv6 only.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Add missing globals config section with default values.
Without the correctly named section, mwan3 startup will fail with the error - Warning: mwan3 is global disabled. Usage: /etc/init.d/mwan3 start.
Compile: not required
Run tested: LEDE 17.01.04
Author-name: Rob White
Maintainer: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Rob White <rob@blue-wave.net>
Commit 384c2a8cfd added support for symlinking
net-snmp-config into $(STAGING_DIR)/usr/bin but forgot to install first
$(STAGING_DIR)/usr/bin resulting into a compile issue if
$(STAGING_DIR)/usr/bin is not yet present.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Allow specifying NTP servers, search domains, etc. by the administrator
directly specifying DHCP options (per interface, i.e. per pool).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Setting a domain now results in 'option domain-name "xyzzy";'
being generated globally.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The IPsec ip route table has the default number 220.
If mwan3 has more then 7 bits set (124 interfaces) then if mwan3 down is
executed the table is also cleared. To solve this set default max 7
bits in the mmx_mask for mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
xinetd.org has been defunct for a long time and it seems the main developer moved everything to GitHub.
Discovered with uscan.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
be35e54 Optimized by use ipset
2dcc126 Optimize kernel module code
08231b4 Remove url param of login api
bf7b435 Support compile kernel module on ubuntu for test
ffca07a Optimize kernel module
b03c757 Optimize code
Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
Adjust the dependency from ip-full back to ip.
Returning back to "ip" is now possible as busybox does not provide
"ip" any more, making "ip" again reference to ip-tiny or ip-full.
Reference to discussion in #5747
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Bug: If DHCPv4 MAC are used to infer SLAAC and the forth position of
the subnet /64 is 0 (X:X:X:0::/64), then DNS records where malformed.
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
- Add domain_forward to permit designated domains to forward instead
of recurse as listed in resolve.conf.auto from DHCP WAN client
- Update rebind_protection and add rebind_interface to protect IP6
GLA locally just like RFC 1918 protection
- Rename trigger to trigger_interface with backwards compatability
- Update odhcpd script for efficiency handling many clients
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
We need always three of the firewall mask value for
* default routing table
* blackhole
* unreachable
the other will be used for the interfaces.
* If we have set the mmx_mask to max 0xFF00 (8 bit set) we could use max 252
interfaces.
* If we have set the mmx_mask to min 0x0E00 (3 bit set) we could use max 4
interfaces.
Only the ones are counting from the firewall mask value.
Minimal three firewall mask bit vaules must be set.
Maximal eight firewall mask bit vaules could be set.
Table overview mmx_mask value bits vs. max interfaces
mmx_mask value bits set 1 -> not usefull
mmx_mask value bits set 2 -> not usefull
mmx_mask value bits set 3 -> 4 Interfaces (mask example 0x0E)
mmx_mask value bits set 4 -> 12 Interfaces
mmx_mask value bits set 5 -> 28 Interfaces
mmx_mask value bits set 6 -> 60 Interfaces
mmx_mask value bits set 7 -> 124 Interfaces
mmx_mask value bits set 8 -> 252 Interfaces (mask example 0xFF)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a new ACTIONs:
* connected ACTION is called once if mwan3track reach all configured track_ips
* disconnected ACTION is called once if mwan3track is unable to reach the track_ips
The connected/disconnected will called only by mwan3track in opposite
the ACTIONs ifup/ifdown will also be called by netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
As it currently stands, the version of coova-chilli the packages feed
will not compile against 4fd87220567f1ae3ad209da1f602dc81c6b4d6b1
I've quasi-backported (could not find a single commit which fixes these
particular issues) https://github.com/coova/coova-chilli 's formatting
on the impacted sections, and it compiles.
Once a new version is added to the feed this patch can likely be
dropped.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
The code assumes pre-C99 inlining. This causes issues with GCC7 which assumes C11. Add std=gnu89 to restore proper behavior.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Changes since 2.8.2 as recorded in NEWS-2.8.2
- NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
- Bug fixes
0006-adapt-ovs-scripts.patch was splited into two separate patches as
the original patch does not apply against 2.8.2 anymore. Other patches
are just re-numbered without actual function change
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
From the package description:
PageKite is a system for running publicly visible servers (generally
web servers) on machines without a direct connection to the Internet,
such as mobile devices or computers behind restrictive firewalls.
PageKite works around NAT, firewalls and IP-address limitations by
using a combination of tunnels and reverse proxies.
This package provides an implementation of the PageKite Protocol in C,
optimized for high-performance or embedded applications.
Signed-off-by: Karl Palsson <karlp@tweak.net.au>
* The mwan3 scripts sources ". /usr/share/libubox/jshn.sh"
* Mwan3 only works if ip-full is installed
Error -> "ip: invalid argument '0xfd00/0xff00' to 'fwmark'"
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
ppp has multiple variants, so selecting one of them introduces a
recursive dependency for any packge selecting it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- TARGET_CFLAGS were missing for haproxy which caused issue #4606 (https://github.com/openwrt/packages/issues/4606)
- All targets finally have Lua support again
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Use ppp-mod-pppoe instead of shipping its own broken plugin
Always use rp-pppoe.so instead of the (not packaged) pppoe user space
implementation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
At the time of this writing, Open vSwitch official website suggests
http://openvswitch.org whose https couterpart uses a self-signed
certificate, but it redirects to http://www.openvswitch.org, which has a
working https equivalent.
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- KCONFIG: bridge compatibility was removed since Open vSwitch 1.10.
See Open vSwitch FAQ.md for details
- The module does not depend on kmod-gre, kmod-vxlan
- Use AutoProbe to remove dependecy on specific priority
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Open vSwitch needs to run python on build machine to make build-time
required files. python-six library is only required by the openvswitch
python library on target machine, not a build dependency.
We override host PYTHONPATH by overriding it in MAKE_VARS. This way we
can remove 0003-override-pythonpath-via-make-vars.patch
This also fixes shebang wrongly pointing to python on host
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The python library is a standalone unit. Remove dependency on
PACKAGE_openvswitch to allow users to use it with maybe remote
openvswitch services.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This subdir contains multiple pid, unix domain socket files. It's a
custom to put them in it's own subdir
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Quote from Open vSwitch FAQ.md
Open vSwitch userspace should also work with the Linux kernel module
built into Linux 3.3 and later.
Open vSwitch userspace is not sensitive to the Linux kernel version. It
should build against almost any kernel, certainly against 2.6.32 and
later.
The SUPPORTED_KERNEL dependency for openvswitch kernel module only
makes sense when we are building it from the ovs release tarballs
against mainline kernels. Now that we are using the module from vanilla
kernel itself, the dependency does not exist anymore
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Update haproxy download URL and hash
- Update the haproxy homepage
- Add libatomic to the dependencies as 1.8 needs it
- Make USE_REGPARM an x86-only option as this fixes many warnings and does not do much on non-x86 platforms
- Add USE_GETADDRINFO=1 to use getaddrinfo() to resolve IPv6 host names
- Add USE_TFO=1 to enable TCP fast open
- Unbreak CFLAGS, LD and LDFLAGS by adding the missing backslash after $(ADDON)
- Unbreak IGNOREGIT=1 option (typo)
- Rework LDFLAGS and add libatomic
- Add MEDIUM+ patches (see https://www.haproxy.org/bugs/bugs-1.8.4.html)
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- the Lua-support logic was cleaned up to unbreak Lua-support on non-mips(el) targets. Previously, no target had Lua-support.
- mips and mipsel are both known to currently not build with Lua-support enabled => disable both.
- mips64 and mips64el were tested fine with Lua-support enabled.
Signed-off-by: Christian Lachner <gladiac@gmail.com>
HTTPS verification is totally broken in Transmission. Unclear why. Disabling as a result.
Safari exposes a JavaScript bug that makes it not load. Fixed.
Portcheck was backported to HTTPS for testing initially. Seems like a good idea.
Makefile was also fixed to use the external libnatpmp. Smaller binary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The script removes the UCI option ucitrack.@sqm[0] if present and then
returns success. If that UCI option is already absent however, the
script incorrectly returns failure, which blocks upgrade of the
luci-app-sqm package.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Currently the Makefile creates a v---.tar.gz file which can conflict with other packages. Standardize the format.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently the Makefile creates a v---.tar.gz file, which can conflict with other packages. Change to a standard format.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Bump version plus changes to address concerns regarding default config for stubby provided with this package
Signed-off-by: David Mora <iamperson347+public@gmail.com>
* checks continuously the signal quality for conditional
uplink (dis-) connections
* captive portal detection with internet online check and
a 'heartbeat' function to keep the uplink connection up & running
Signed-off-by: Dirk Brenken <dev@brenken.org>
OpenSSL grew the ability to turn off TLS-PSK support. Make sure that
mosquitto turns on/off TLS-PSK support based on this OpenSSL config.
Fixes https://github.com/openwrt/packages/issues/5633
Signed-off-by: Karl Palsson <karlp@etactica.com>
Sysrepo version 0.7.3 features following improvements:
* possibility to uninstall more modules in one command with sysrepoctl
* several bugfixes
Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
Fix breakage caused by 44df061c48 by removing the leftover
usage of the removed SUPPORTED_KERNELS variable
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
libnatpmp was added as a dependancy to avoid built-in version.
Makefile went through a few adjustments to make it simpler.
CMake support is not happening since Travis is using a broken Ubuntu install.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For a while now OVS has been using the kernel's kmod.
So it doesn't make sense to limit the package build for a specific set of
kernels anymore.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
pixiewps has its own CFLAGS setting and uses LDFLAGS from
environment variable. When PKG_ALSR_PIE was enabled, objects were not
compiled with -fPIC supplied from the build system and the final link
step would fail because of the -pie option
Fixes#5590
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Move all shell commands which are executed during /lib/mwan3/mwan3.sh
sourceing into a seperate init function which must be called at first.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In some situation it is not enough to send a SIGTERM to mwan3track to
ask service to stop accurate. If this does not work send him a SIGKILL
to prevent mwan3track running more then once per interface.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Notable changes since 3.1.2
afce1b3 eliminate timered delay between handshake and data stream #1572
539bf6e sni in redir removed and no disable_sni option #1876
1d94442..29ff5d3 udprelay fix (no idea what's the problem...) #1883
Now disable_sni=true is the default. Existing uci configs setting it
will be a nop
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Ran the transmission init script through shellcheck and fixed errors. Also cleaned up a bit.
Removed ionice support. Will reintroduce if procd adds support.
Removed config_overwrite debugging variable. No need for it.
Enabled TLS verify by default. Added a dependancy to ca-bundle as a result. This is a default in current trunk.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* major performance boost: add a flexible 'Download Queue' to handle
downloads & list processing in parallel, default queue size is '4',
you can raise this e.g. to '8' or '16' to get it really fast
* replace former 'whitelist mode': the new 'Jail' option
builds an additional 'adb_list.jail' list in parallel
which can be used manually for guest wifi or kidsafe configurations
* regex parser & query function now fully support IDN domains
with non-ASCII characters
* add error handling in tld compression,
to handle OOM conditions better
* adblock.notify sends now html emails,
to get a better look & feel, even on mobile devices
* add czech regional blocklist maintained by turris omnia users
* LuCI: Support new 'Download Queue' & 'Jail' options
* LuCI: fix field width in "Runtime Information" section
Signed-off-by: Dirk Brenken <dev@brenken.org>
The original patch that forced internal usage hid an actual issue in the build system. Replace patch with upstream one.
Also reorganized the Makefile a bit and removed some cruft.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
v2: Previous maintainer relied on git version of Transmission for mbedtls support. Backport it to the stable instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
If a service section is not presented in the configuration then stunnel will
always start anyway. This ends in a crash loop because the configuration is not
valid.
Checking in "uci" mode if a service section is presented and only then
start the stunnel service will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Do not send a SIGHUP on reload configuration let procd restart the
service with stop/start. This is saver.
Add uci generated stunnel file to procd "file" attribute to
reload/restart the stunnel service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* add config_path option since the controller mode needs a persisting path to be used
* add patch to fix a bug in the controller code (https://github.com/zerotier/ZeroTierOne/issues/553)
* disable zerotier by default, as the default settings let it connect to a public network
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Remove unsupported "notify" script during uci config generation.
This change will remove keepalived warnings on startup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Append use_vmac with no_val_ so that the uci generation will treat this
as an boolean option. If the option is set then a interface with
vrrp.{virtual_router_id} is added to the system.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If ip is referenced in the instance section it is not necessary to add a
device option on every "ip_address". In most sitution it es enough to
add only an ip. Allow empty device option will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the option 'use_vmac' is selected in a keepalived config and
kmod-macvlan is not installed then keepalived raise an error.
Netlink: error: Not supported, type=(16), seq=1510647577, pid=0
vmac: Error creating VMAC interface vrrp.42 for vrrp_instance xxx!!!
Add 'kmod-macvlan' to the package dependency list fixes this error.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
That is, since we don't require gssapi or libpskc, avoid
accidental builds with it.
Closes#5474
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
matrixssl is still in the oldpackages repo,
so coova-chilli should not depend on it.
Remove the config option for selecting matrixssl lib
and the dependency declaration.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
When using the configuration under "Unbound and odhcpd" in the package's
README.md, the scripts generated a malformed config file for unbound, due
to an "ip route" command giving extra output lines with the string
"anycast" where the awk script expects an address. These are now filtered.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
New upstream release fixes the following security issues:
* CVE-2017-3145: BIND was improperly sequencing cleanup operations on
upstream recursion fetch contexts, leading in some cases to a use-after-free
error that can trigger an assertion failure and crash in named.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The iptables-mod-geoip is usually used in conjunction with some
wrapper scripts which manipulate the GeoIP database and then kick out
one or more iptables rules. This package contains (1) the script to
download the most recent version of the MaxMind freemium database and
(2) another script which mangles the database into sets up iptables
rules.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit moves xtables-addons from
https://github.com/openwrt/openwrt/tree/master/package/network/utils/xtables-addons
into the package feed repository to allow for dependencies on other feed
packages, such as Perl.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[fix commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Make most dependencies depend on the selection state of the respective
plugins requiring them. This cuts down compile time considerably when
plugins like MySQL support are disabled.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Write *.ip file with current registered IP, whenever "get_registered_IP" is called (used by next luci-app-ddns version)
Changed detection of cURL proxy support #3876
Reread data from ubus if "get_local_ip" from "ip_network" #5004#3338
Fix godaddy_com_v1 #5285
Implement "param_opt" for "cloudflare_com_v4" #5097
Inside logfile "*password*" printed in stead of real password #5281 and others
Add ipv4 service "dnsever.com" #5178
Add ipv4 service "myip.co.ua" #5199
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
This guarantees for the package feeds that
the mk files will always be available for all packages.
Will need to see about external-feed Python packages
a bit later.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
openvswitch fails to build on my Arch Linux system, as it tries to use my build
host's sphinx-build with OpenWrt's python. Add an override to ensure this can't
happen.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
