Removed PKG_FIXUP. It has no meaning with CMake.
Replaced PKG_INSTALL with CMAKE_INSTALL. Consequentially, removed
InstallDev section.
Added ABI_VERSION to force package rebuilds when it increases.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license tag.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from commit 6a1cd83265)
Changes:
Fix CVE-2019-13115
Remove old patches
Switch to cmake
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
(cherry-picked from commit 9c1a23d977)
rtorrent is the only user of libtorrent. Statically link to save space.
Added usleep patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 358495f118)
libtorrent is only used by rtorrent. Switch to a static library to save
space.
Removed libsigc++ dependency. It seems it's not needed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from e56fada5a8)
Added patches sent upstream to fix usage with uClibc++.
Cleaned up license information.
Added several size optimizations.
Several other Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
argp-standalone is only needed for non GLIBC targets.
Added PKG_BUILD_PARALLEL for faster compilation.
Removed unnecessary C/LDFLAGS.
Remove libstdcpp depends. It's included with libfmt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 5a7ac1d83b)
Several Makefile cleanups.
Added PKG_BUILD_PARALLEL for faster compilation.
Several size optimizations applied.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from 21e195f657)
libzmq is used by fbzmq, which absolutely requires libstdcpp since it's a
C++14 project. There's no point in using two libc++.
Cleaned up Makefile for consistency between packages.
Added nanosleep patch for platforms that are missing usleep.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry-picked from ad11587c40)
This package adds support for /etc/shinit and ~/.shinit files, which
contain commands to be run at the start of all interactive shells.
(/etc/profile and ~/.profile are read for login shells only.)
This is useful for those who regularly open non-login, interactive
shells, for example users of GNU Screen or tmux.
(This is based on a patch[1] I submitted for OpenWrt master, but there
does not appear to be much interest in merging the change.)
(This package uses the ENV shell variable, of which the POSIX standard
has a brief description[2]. The dash manpage[3] also describes how the
ENV variable is handled. (dash is the basis for busybox ash.))
[1]: https://patchwork.ozlabs.org/patch/1094493/
[2]: https://pubs.opengroup.org/onlinepubs/9699919799//utilities/V3_chap02.html#tag_18_05_03
[3]: https://manpages.debian.org/buster/dash/dash.1.en.html#Invocation
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from c04dff7965)
Fixes following errors:
main.c:458:37: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:463:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Werror=sign-compare]
main.c:518:35: error: comparison of integer expressions of different signedness: ‘ssize_t’ {aka ‘long int’} and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
main.c:157:3: error: ignoring return value of ‘read’, declared with attribute warn_unused_result [-Werror=unused-result]
main.c:763:3: error: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Werror=unused-result]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bb6cdb804c)
Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 535b2b6bd8)
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c22db6531)
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ab2a2b080d)
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c8a86c8c8e)
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22be9a1c01)
* the WAN auto detection now supports multiple interfaces, too
* no longer filter out possible LAN devices
* add a new DoH (DNS over HTTPS) blocklist source with public
DoH DNS server addresses, to effectively block client side DoH
communication, e.g. via Firefox or Chrome
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 70ab67649b)
* new 'ca-bundle' dependency as all https connections
are now validated by default
* automatically select the download utility: 'aria2', 'curl',
'uclient-fetch' with libustream-* or wget are supported
* track & ban failed LuCI login attempts as well
* add a small log/banIP background monitor to block
SSH/LuCI brute force attacks in realtime (disabled by default)
* add a config version check (please update your default config!)
* made the automatic wan detection more stable
* fix the IPv6 logfile parser
* fix the service status message
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit ff8b853a6d)
