PowerDNS released two new versions which together add some features and address security issues.
Changelog: https://doc.powerdns.com/authoritative/changelog/4.1.html
This release and 4.1.9 together fix the following security advisories:
PowerDNS Security Advisory 2019-04 (CVE-2019-10162)
PowerDNS Security Advisory 2019-05 (CVE-2019-10163)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Backported upstream patches that fix this.
Removed local patch that fixes libp11 with version 0.4.7, which is not
used anymore. Upstream has a different solution.
License fixes and Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The arc700 target (and probably others) uses uclibc as it's c-library. However,
uClibc's libcrypt seems to not support the crypt_data struct which broke
the build. This fix adds a new build-target to haproxy which does not use
libcrypt. Summing up, this commit does:
- Add support for uclibc to haproxy with libcrypt disabled
- Add detection of c-library to configure the correct build-target
- Silence additional warnings
- Update patches
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This service monitors (each 3s) switchdev ports and brings down CPU
ports when all related non-CPU vlan ports are also down. Otherwise,
it brings the port up.
In order to hide CPU ports from netifd, when a device is brought down,
the device is renamed adding the suffix "_down".
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
- Update haproxy download URL and hash
- Add new patches
- Add several CFLAGS (derived from haproxy Makefile) to make the build work with v1.9+
- Update default configuration
- Add check-command (for config) to init-script
- Add prometheus-service from contribs by default
Signed-off-by: Christian Lachner <gladiac@gmail.com>
This change is inspired by commit openwrt/openwrt@38b22b1e ("nghttp2:
deduplicate files in libnghttp2")
The packages in this commit are identified with the following command
grep -rin -E 'INSTALL_(DATA|BIN)' | grep -F '.so' | grep -F '*'
Some of them do not have symlinks and are not affected, but the change
is still applied for consideration of best practices just in case
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Fixes: https://github.com/openwrt/packages/issues/9255
This seems to fail the build for this package only.
So, this change patches the build, to add `-lssp` to the LDFLAGS of this
package, in case the build uses GCC's libssp.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The nsh.ko requirement was introduced in kernel 4.15. Currently there
are 3 kernel versions in base system, 4.9, 4.14, 4.19
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is a workaround to prevent the whole build from failing because of
the intree kmods are not supported yet by upstream project.
Root cause is that kernel version should not play a part when making
DEPENDS as the generated kconfig was for all targets that may have
different kernel versions.
One less than ideal effect of this change is that for an unsupported
kernel version, people can still select the intree kmod but it won't be
built. This may contradict expectation if the warning was not noticed
by them
Resolvesopenwrt/packages#9274
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Change log for v3.11.1716:
[IMP] Replaced libhttpd with libevent, therefore commented thread
related parameters in wifidogx conf file
[IMP] Added REQUEST_TYPE_COUNTERS_V2 to wifidog protocol
[IMP] Sent online and offline client's counter info to auth server
[FIX] Fixed missing setting online_time parameter bug
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
- treat RFC6762 'local.' as nxdomain because avahi and other services
will disable if SOA or NS records appear in central DNS.
- allow two threads to be enabled with the 'heavy traffic' variant of
Unbound packages.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
* refine 'refresh' mode, add normal processing/download as fallback
* remove needless reload trigger
* fix various ipset warnings
* fix timer in 'refresh' mode
* adapt ssbl regex to new source list format
Signed-off-by: Dirk Brenken <dev@brenken.org>
seafile-seahub's build is a mess.
It hijacks some OpenWrt mk files into the build.
This can be avoided by provided some of the required parameters via
env-vars and patching the env-vars into the build.
Which is what this patch does.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The change is mostly organizational.
More packages will be moved to have python- or python3- prefixes.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
remove unused patches
Add patch to:
Automatically detect whether Curve25519 is available in NSS for USE_DH31
Signed-off-by: Antony Antony <antony@phenome.org>
enable libunbound, along with dependency
add kmod-crypto-aead kmod-crypto-gcm dependency to support AES GCM
disable libseccomp
/git/openwrt/build_dir/target-mips_24kc_musl/libreswan-3.27/include/lswseccomp.h:24:10: fatal error: seccomp.h: No such file or directory
#include <seccomp.h>
^~~~~~~~~~~
add missing dependency nspr
add nss-utils dependency to able to import x509 Certificates to fix the error
ipsec import west.p12
/usr/sbin/ipsec: line 239: pk12util: not found
/usr/sbin/ipsec: line 84: certutil: not found
remove libnss dependency, nss-utils util will pull it.
remove unused build option KERNELSRC not necesscay since b4b98e2922.
Signed-off-by: Antony Antony <antony@phenome.org>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed PowerDNS server links correctly against libraries. I'm unable to test
all the backend modules as I don't have suitable backing stores set up for each.
Description:
PowerDNS is a versatile nameserver which supports a large number of different
backends ranging from simple zonefiles to relational databases and load
balancing/failover algorithms. PowerDNS tries to emphasize speed and security.
This commit includes the authoritative nameserver, backends and additional tools
https://www.powerdns.com/auth.html
Signed-off-by: James Taylor <james@jtaylor.id.au>
Change log for v2.88:
[IMP] Added support for search and replace privacy expressions.
[IMP] Added support for masking external addresses with private address ranges.
[IMP] When enabled, trigger a sink update on start-up.
[IMP] Added flow hash cache.
[IMP] Added HTTPS as a super-protocol of SSL.
[IMP] Add ability to save DNS hint cache to non-volatile (persistent) memory.
[IMP] Save sink responses when "json_save" is enabled.
[IMP] Added dynamic sink URL cloud configuration.
[IMP] Implemented per-detection-thread packet capture queue.
[IMP] Added support for a loadable serial UUID.
[IMP] Added configuration option to override sink connection timeout.
[IMP] Idle flow TTLs tunable via configuration directives.
[IMP] Added idle TCP flow multiplier to keep TCP flows in memory longer.
[IMP] Added new flow metadata "first_update_at" timestamp.
[IMP] Added complete reference sample configuration file.
[IMP] Various optimizations and fixes for FreeBSD.
[IMP] Employ advisory locking when writing output files.
[FIX] Ensure all configuration files are preserved on upgrades.
[FIX] Fixed automatic interface role detection for nethserver/shorewall.
[FIX] Memory usage fixes using profiling tools.
[UPD] Updated to nDPI v2.9.0-dev-709a87c.
[OPT] Flush and compress upload queue as soon as possible.
[OPT] Significantly reduced detection thread locking times.
[DEV] Added example plugin submodule to repository.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Use link-time optimization and --gc-sections --as-needed ldflags
Reduces ipk size by 20%
Remove unnecessary dependencies
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Fix license info to use SPDX name.
Switched to wget instead of curl to avoid having a dependency on 2 SSL
libraries.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in bridge-utils.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[PKG_RELEASE bump]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
OpenWrt toolchains already use correct CFLAGS for every ARM target
There is no reason to use conservative CFLAGS now
It also causes compile error with GCC 9.1.0
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Moving the DNSDIST package into the IP Addresses and Names subcategory under Network. This will make it easier to find since it will be with other DNS tools.
Signed-off-by: James Taylor <james@jtaylor.id.au>
With this change it is now possible to combine interface action events.
If an interface action is generated by netifd or mwan3 for example ifup,
ifdown, connectd or disconnected and this action is configured in the inteface
uci section, then the conntrack table is flushed by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This fixes a crash that happens when dhcpd is configured with a failover
peer, and the failover peer goes down. The crash is due to a dereference
of a freed object. When tracing is enabled (which is the default) the
object in question is referenced by the tracing code and so doesn't get
freed prematurely. I have observed this crash on two different target
platforms (mips and x86_64), and it is reproducible on non-OpenWRT
distros by building isc-dhcpd using --disable-tracing.
This has been reported to ISC, but their response was that it's a low
priority as the simple work-around is to leave tracing enabled.
Re-enabling the tracing code only increases the size of the executable
by about 24KB.
Signed-off-by: Heath Kehoe <yaheath@gmail.com>
Current version in OpenWrt (3.16.2) fails against the Arch Linux
in System Rescue CD's NBD as rootfs (to allow sharing ISO across
network). Based on resolved issues and web searching it seems
nbd had endianness issues (which affected my ath79 device).
This updates to 3.19 which allows System Rescue CD PXE boot with
NBD rootfs to work.
Removed patches no longer required due to upstream changes, and
added new configure option (--without-libnl) required to avoid
linking against full libnl and libnl-genl (if present in build).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* change iptables whitelist target from 'ACCEPT' to 'RETURN'
to stop traversing the banIP chain and resume at the next chain
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add patch that detects when -latomic is needed.
Fix compilation without deprecated OpenSSL APIs.
Hard-code lua to avoid luajit dependency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit 32aaaaa led to failures when openwrt ARCH did not match kernel
ARCH, and this may not be its only side-effect.
This restores the previous Build/Compile and Build/Install, using the
default ones only when using external toolchain; in this case, ARCH is
set to LINUX_KARCH.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Two seperate package names were chosen instead of menu selected options
because dependents need a ready (large) package in release directory.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
Expressions '-o', '-a', and '\( \)' within test or '[ ]' are obsolete.
POSIX allows few arguments to test, so long expressions are not
portable. '[ p -a q ]' can be replaced with '[ p ] && [ q ]' instead.
Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
This removes radicale-py2, the Py2 variant, and renames radicale-py3 to
radicale.
This also makes a number of changes:
* Actually use the Python package build system (from python3-package.mk)
* Download source from PyPI instead of GitHub git repo
* Remove unnecessary PKG_DEFAULT_DEPENDS definition
* Depend on python3-urllib instead of python3-email (now that urllib is
separate from python3-light and has python3-email as a direct
dependency)
* Move package description from menuconfig help to the actual
description field
* Remove unnecessary preinst script (default prerm will stop the
service now that the package name matches the init.d script name)
* Remove unnecessary lib/upgrade/keep.d entry (changed conffiles are
preserved by sysupgrade by default)
* Remove unnecessary postinst script (Python build system will set the
correct shebang)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
libevhtp 1.2.18 made API changes, and unbundled oniguruma.
To adapt seafile-server, some patches from Alexandre Rossi's debian
packaging at http://sousmonlit.zincube.net/~niol/repositories.git/
were applied.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Instead, use @jow-'s suggestion of just checking for the presence of the
executables to find the installed web servers.
Fixes#8529.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Libevhtp is building a static library, used by seafile-server.
Every time the libevhtp binary changes, seafile-server needs a release
bump.
Leave a note in the libevhtp Makefile, as a reminder.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The Makefile currently redefine the Compile and Install functions.
This is not working when using an external toolchain because some
flags are not interpreted, like CROSS_COMPILE. It is possible to
override the MAKE_FLAGS and MAKE_INSTALL_FLAGS instead.
Signed-off-by: Sébastien Blin <sebastien.blin@savoirfairelinux.com>
Update to latest stable release 5.54
Add new options ticketKeySecret and ticketMacSecret to uci validation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Maintainer: me
Compile tested: armv7l, OpenWRT SDK
Run tested: armv7l Linksys WRT1900ACS, OpenWrt SNAPSHOT, r9987-655fff1571 -
confirmed dnsdist links correctly against dependencies and doesn't experience
errors at run-time when enabling features.
Description:
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is
to route traffic to the best server, delivering top performance to legitimate
users while shunting or blocking abusive traffic.
dnsdist is dynamic, its configuration language is Lua and it can be changed at
runtime, and its statistics can be queried from a console-like interface or an
HTTP API.
https://dnsdist.org/Closes: PowerDNS/pdns#3294
Signed-off-by: James Taylor <james@jtaylor.id.au>
Simplified the Makefile and fixes compilation with uClibc-ng. Also added
IPv6 support.
Took the time to clean up the Makefile with other useful options.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
BIND now requires POSIX thread and IPv6 support to build
Add filter-AAAA plugin
Remove unrecognized options
Remove patch that no longer needed
- 002-autoconf-ar-fix.patch
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* remove needless sort step to reduce system load
* change maxqueue default in backend and LuCI frontend
to '4' to reduce (default) system load
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Major new release of mosquitto.
This release rolls up the initial 1.6.0 release, plus the subsequent
build/bug fixes of 1.6.1 and 1.6.2.
Original upstream changelogs:
https://mosquitto.org/blog/2019/04/version-1-6-released/https://mosquitto.org/blog/2019/04/version-1-6-1-released/https://mosquitto.org/blog/2019/04/version-1-6-2-released/
Major features of interest:
* MQTTv5 support
* performance improvements
* ALPN support
* OCSP staping support
* OpenSSL Engine support
* TLSv1.0 support dropped
Currently adds two patches to continue supporting OpenSSL engine support
being disabled, and a missing header include. These are both tracked
upstream and are expected to be dropped in a subsequent release.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Commit b32f8d4ff0 broke compilation
of Subversion on systems where unixodbc package is present.
This partial revert fixes issue #8975.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
gnunet-reclaim-sqlite is no more in 0.11.4.
Also remove duplicate files also contained in gnunet-utils package.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Plugin options are properties of shadowsocks deployment as a whole,
including both server and each client components. Multiple client
instances accessing the same server will need to share the same plugin
settings
With this change, plugin options will need to specified to "server" and
"ss-server" section, not to each component section.
Fixes: c19e949 ("shadowsocks-libev: add plugin options support")
Reference: https://github.com/openwrt/packages/issues/8903#issuecomment-489674137
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Add a package for the Semtech lora-gateway-hal.
This package includes three sub packages which
are libloragw, lora-gateway-tests and lora-gateway-utils.
Signed-off-by: Xue Liu <liuxuenetmail@gmail.com>
- update to 1.0.77
- apply patches from Rosen Penev for compatibility with uClibc-ng
- add an option for rotation_rate selection
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
It seems ever since the switch to uClibc-ng, this builds perfectly fine.
Moved PKG_MAINTAINER variable for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since no Python packages are produced by this package, including
python-package.mk is unnecessary.
This removes the reference to python-package.mk. (PKG_RELEASE is
unchanged as this should have no effect on the build.)
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For some reason, several C++ headers are not included. Include them.
Also added const fixes to get it to build with uClibc++.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This change changes the maintainer to
`Alexandru Ardelean <ardeleanalex@gmail.com`
for all Python packages owned by
`Gergely Kiss <mail.gery@gmail.com>`
No functional changes.
Bumping PKG_RELEASE on each package that is updated.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
