This section was renamed some time ago. Although this would be fixed by
the uci-default migration script, we should set this correctly in the
example config file right away.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Bump net-mtools to release 3.1 as kernel selftests now require version
3.0+.
All patch merged upstream.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Update nginx init script to announce http related services over mdns.
Signed-off-by: Mohd Husaam Mehdi <husaam.mehdi@iopsys.eu>
[ bump PKG release, improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bumping ot-br-posix that openthread-br is based on to latest code.
Due to some major changes required some more compilation flags, and in order to avoid the ot-br agent had to add some dependencies as well
Dependecies:
1. kmod-tun: otherwise the otbr fails to load and crashed immidiedtly
Compilation flags:
1. OTBR_NAT64, OT_NAT64_BORDER_ROUTING set to OFF: a temporary workaround to a compilation problem with openwrt, could be reverted once the issue here is fixed: openthread/ot-br-posix#2606
2. OT_TARGET_OPENWRT: wasn't assumed from OTBR_OPENWRT in some targets
Signed-off-by: Itay Shoshani <itai.sho@gmail.com>
* optimized procd settings for better performance
* made the log monitor working again (even on master with apk migration issues)
* reworked the fetch autodetection function (still broken in master due to apk migration)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* optimized procd settings for better performance
* reworked autodetection functions (still broken in master due to apk migration)
* made the tld function optional, set 'adb_tld' accordingly (enabled by default)
* reworked count function
* various code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add SUBMENU variable for some packages in Network category.
Add title for `dnscrypt-proxy` package.
Shorten TITLE variable for `xray-core` package.
Filesystem:
- cifs-utils
File Transfer:
- onionshare-cli
IP Addresses and Names:
- dnscrypt-proxy2
- family-dns
- https-dns-proxy
- mdns-repeater
- nextdns
- smartdns
Version Control Systems:
- git-lfs
Wireless:
- dawn
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Support for EAP-MSCHAPv2 authentication scheme is added.
Different from the previously supported schemes, this one is
usually asymmetric in the way that server auth method (pubkey) is
different from the client auth method (eap-mschapv2).
The code handles this asymmetry automatically.
A new UCI config section mschapv2_secrets is added where the user
can specify the EAP identities and their passwords that are
accepted by the server. AFAIK, there is no way to select which
EAP IDs should be accepted by which remote, except setting
`eap_id` to something different than `%any`. But `eap_id`
does not support template matching, so either only a single
identity or all can be configured for one remote. This is why
the EAP identities are not subsections of remotes, but are
a standalone section.
Signed-off-by: Martin Pecka <peci1@seznam.cz>
Signed-off-by: Martin Pecka <peckama2@fel.cvut.cz>
Before this commit, if a user configures multiple remotes in UCI,
each remote generates one output section of pools.
This doesn't hurt because swanctl just merges all of them,
but it is apparently not needed to have N copies of the same.
This commit changes the behavior to only create one pools
section at the end of the generated swanctl config.
Signed-off-by: Martin Pecka <peci1@seznam.cz>
Signed-off-by: Martin Pecka <peckama2@fel.cvut.cz>
Changes since v0.12:
7fb6416 tests: fix segfault with no /etc/protocols (#286)
0dddc42 README: Update branch references in badge URLs
5eea3f4 github: Update branch names for actions
b102523 scripts: get debug info for bug reports
334bb9c Make listening socket creation optional. (#297)
a4e7b65 {etc,man}: improve check_route address notification flag documentation (#301)
ffa276f Support ELL 0.68 l_netlink_message API. (#303)
269f10a gh: daily validation of the ELL compatibility (#308)
824ff8c Support listener events (#304)
5d9f33a Some clean-ups (#305)
05a08bf lib: switch to v4.0.1: only added items (#306)
3702487 scripts: debug: also print system info (#307)
5d8db15 ell: only include 'ell/ell.h' header (#309)
772afe9 AUTHORS: Update e-mail addresses.
0c36dba mptcpd 0.13
Drop backported patches which are part of the release.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make PKG_VERSION compatible with apk by dropping the C char,
simplifying Makefile also otherwise. Also remove unnecessary
variables.
Refresh patches (just cosmetics for CI).
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* minimal fix to support all download utilities in currently broken apk snapshots
(see https://github.com/openwrt/openwrt/issues/16907 for details)
Signed-off-by: Dirk Brenken <dev@brenken.org>
The following error occurs when CONFIG_USE_APK is set.
```
ln /mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/usr/lib/git-core/git /mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/usr/bin/git
ln /mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/usr/lib/git-core/git-shell /mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/usr/bin/git-shell
touch /mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git.installed
mkdir -p /mnt/gl-mt6000-main/openwrt/staging_dir/target-aarch64_cortex-a53_musl/root-mediatek/stamp
SHELL= flock /mnt/gl-mt6000-main/openwrt/tmp/.root-copy.flock -c 'cp -fpR /mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/. /mnt/gl-mt6000-main/openwrt/staging_dir/target-aarch64_cortex-a53_musl/root-mediatek/'
cp: '/mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/./usr/bin/git' and '/mnt/gl-mt6000-main/openwrt/staging_dir/target-aarch64_cortex-a53_musl/root-mediatek/./usr/bin/git' are the same file
cp: '/mnt/gl-mt6000-main/openwrt/build_dir/target-aarch64_cortex-a53_musl/git-2.46.2/.pkgdir/git/./usr/bin/git-shell' and '/mnt/gl-mt6000-main/openwrt/staging_dir/target-aarch64_cortex-a53_musl/root-mediatek/./usr/bin/git-shell' are the same file
make[2]: *** [Makefile:167: /mnt/gl-mt6000-main/openwrt/staging_dir/target-aarch64_cortex-a53_musl/root-mediatek/stamp/.git_installed] Error 1
```
Use $(LN) instead of ln and use relative paths.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
After the SIM has been successfully unlocked, it is initialized. This can
take longer on some modems, so we must wait until the modem is ready to
execute the next commands.
Otherwise the modem cannot be enabled and aborts with the following
error message:
error: couldn't enable the modem: 'GDBus.Error:org.freedesktop.ModemManager1.Error.Core.WrongState: modem in initializing state'
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If a configured 'plmn' is deleted from the configuration between a connection
setup, it will continue to be used because the modem remembers it.
Therefore, the 'plmn' stored in the modem must be deleted when a new
connection is established if it is no longer in the configuration.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In the current implementation of the modemmanager 'proto', if a 'plmn' and a
'technology' is configured, the 'plmn' is set first and then second the
'technology' on a 'proto' setup.
However, this is problematic if a 'technology' has already been set in an
earlier run. It is possible, that this previously set 'technology' is not
available at the current location, as the modem remembers the setting.
To fix this, first set the technology and then the plmn.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the ModemManager is started with debug, all outputs are written to the
system log. To simplify debugging, a logging file is now created under
'/var/log/mm.log' in this case. This simplifies error analysis.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit comments out the `log-level` line in the template
config file to use default value from upstream, default should be 2.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Modify EXTRA_DEPENDS in package section to meet APK packaging
requirements.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
[ fix dependency also for nginx-full ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The full implementation of netstat can be useful,
for example, showing inodes of sockets or displaying
protocol families not supported by the busybox
version.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Maintainer: Tom Stöveken <tom@naaa.de>
Compile tested: SDK for OpenWrt 23.05.5
Run tested: x86/64 @ Intel(R) Celeron(R) CPU N3160 @ 1.60GHz, OpenWrt 23.05.5
Description:
Updated to version 0.13.0
Signed-off-by: Tom Stöveken <tom@naaa.de>
Having both double quotes and parentheses in package
description may lead into troublewith apk, if parentheses
are located so that they get passed "outside" the quoted
parameter, and get interpreted as a token for shell.
Example:
ash: -c: line 1: syntax error near unexpected token `('
bash: -c: line 1: `/OpenWrt/e8450/staging_dir/host/bin/fakeroot
/OpenWrt/e8450/staging_dir/host/bin/apk mkpkg --info "name:ddns
-scripts-pdns" --info "version:2.8.2-r51" --info "description:D
ynamic DNS Client scripts extension for "PowerDNS" via API. It
requires: "option param_opt(Optional Parameter)" to be a valid
Avoid that by using single quotes in the detailed descriptions.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Bump ariang version to 1.3.7.
Signed-off-by: Roc Lai <laipeng668@qq.com>
[ improve commit description and title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add pending patch fixing support for MbedTLS 3.x.
Small variation to the provided PR from [0] to remove the dropped
mbedtls/certs.h header.
[0] https://github.com/umurmur/umurmur/pull/190
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The IPv6 address is separated by ':' instead of '.', so we need to add
':' in DNS_CHARSET.
See: 'https://github.com/openwrt/packages/issues/25051'
Fixes: #25051
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* bump PKG_RELEASE
* update commit message
Signed-off-by: Xiaolong Zhang <xliilQwQ@outlook.com>
In dropping the dummy-package, also the extra dependency for
nginx-ssl-util needed to be dropped.
Fixes: #25250
Fixes: b75050d59e ("nginx-util: drop nginx-util dummy packages")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Nginx hardcode the libxml2 include path to /usr/include/libxml2. This
works in a local build as pretty much everyone have the libxml2 library
installed but doesn't on buildbot container as the library doesn't
exist.
This effectively makes the host library leak intro library detection but
doesn't actually link to it as linking is still done with the correct
library in staging dir.
To fix this add a patch to define custom libxml2 include directory
instead of hardcoding it to host library.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Enough transition period has passed for nginx-util dummy package. Finally
drop it for good and drop the extra dependency.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Drop extra dependency <2 for nginx-util. The reason is not clear and
cause problems with APK package creation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Enough transition period has passed for nginx dummy package. Finally
drop it for good and add Provides for nginx default.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Mute warning on procd init.d script enable as nginx_util is tried to be
called from /usr/bin host system. Limit it to be called only if
nginx-util is present.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Maintainer: Antonio Pastor / @APCCV
Compile tested: ipq806x (23.05.3, snapshot)
Run tested: ipq806x - C2600: start server, connect from MacOS, read/write files to home share, create/update TimeMachine backups
Description:
No changes to package other than using latest available upstream code base. Starting Netatalk 4.x build uses meson instead of autotools.
Signed-off-by: Antonio Pastor <antonio.pastor@gmail.com>
I don't think anyone uses this package, which currently does not build.
In addition, the cryptocurrency hype died off a long time ago.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* bump compat version to accommodate new strings
* improve the output() function (thanks @bigsmile74)
* implement support for user-configurable per-instance dnsmasq confdirs
for dnsmasq.conf|dnsmasq.ipset|dnsmasq.nftset options
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update Makefile to include dependencies: conntrack and libmosquitto.
Conntrack: Added to resolve a bug in Apfree-Wifidog that caused long-lived user connections to persist after logout.
Libmosquitto: Integrated as a preparatory measure for future support of the MQTT protocol; implementation is still in progress.
For detailed information, please refer to the release notes:
https://github.com/liudf0716/apfree-wifidog/releases/tag/7.10.2082.
Additionally, a new /etc/wifidogx directory has been created to store the local authentication portal page for users uploading their own portal pages.
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
- Refactored wifidogx.init to improve code structure and readability.
- Added local authentication support, allowing authentication without a server.
Signed-off-by: Dengfeng Liu <liudf0716@gmail.com>
* bump compat version to accommodate new strings
* update dnsmasq-related code to better support separate confdirs
for separate instances
* remove procd_lan_interface as it didn't reflect that it's a list of devices
* introduce procd_lan_device list
* improve the output() function (thanks @bigsmile74)
* remove duplicate uci_get_device
* improve ipv6 detection and interface setup
* improve dhcp force detection for interfaces name differently from lan
* fix array/element parameters for some json operations
* remove unneeded null redirects for `try` calls
* remove (iptables-only) capitalized chain names form validation
* working pbr-netifd flavor
Signed-off-by: Stan Grishin <stangri@melmac.ca>
If the "name" parameter is not provided, then updates to a subdomain
A/AAAA record result in the subdomain being removed from the record.
This change always provides the "name" parameter to correct that behavior.
Signed-off-by: Dillon Dixon <github@dillon.io>
Forgot to bump the 'PGK_RELEASE' in the last change in 'mwan3'.
Fixes: 619629ce85 ("mwan3: close flock fd when starting mwan3.user scripts")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Changes from @stangri
* remove unneeded `\n` escapes
* cosmetic improvements to make code more consistent
* remove duplicate uci_get_device()
* add more output on start/stop
* remove wan up detection on boot/start
* address Tor policies errors
* prevent interface_routing() failures for downed interfaces
Changes from @bigsmile74:
* improve is_integer()
* improve is_domain()
* improve filter_options()
* imrove is_ipv4() so that is_ipv4_netmask() can be retired
* improve is_phys_dev so that is_phys_dev_quick() can be retired
* add the dhcp.lan.force=0 warning
Signed-off-by: Stan Grishin <stangri@melmac.ca>
clamav-milter 1.3.0 and onward log:
WARNING: Ignoring deprecated option AllowSupplementaryGroups at /tmp/clamav/clamav-milter.conf:5
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Hyphens in named sections are a no-no
uci: Parse error (invalid character in name field) at line 1, byte 37
Changed '-' to '_' to fix error to allow UCI parsing.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
* fixed gathering/printing of system information in travelmate status
* make use of a central command selector function
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed gathering/printing of system information in adblock status
* added missing hagezi category (samsung tracker)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed gathering/printing of system information in banIP status
* removed broken iblocklist.com feeds
* updated readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Bump sstp-client to 1.0.20 release. This fix compilation error with new
PPPd version 2.5.0 as some API changed.
Patch automatically refreshed.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
New features:
* explicitly add allowed domains on download/allow to the dnsmasq.servers
config file
Cleanup:
* remove unneeded EXTRA_COMMANDS
* remove unneeded EXTRA_HELP
* remove unnecessary `\n` escapes
* remove unnecessary line breaks from output on download
Optimization:
* simplify is_integer()
* replace long if with case
* more verbose output on download
Signed-off-by: Stan Grishin <stangri@melmac.ca>
When "set_reload_if_sync" is set, the service is reloaded when the
configuration changes. For dnsmasq this means that the service, if
stopped, is started, and we don't want this in the backup node.
Signed-off-by: Francesco Benini <francy.benini@gmail.com>
When "set_reload_if_sync" is not set in the hotplug script, the service
is not expected to reload. That is not true because even if not set, the
value is set to the default 1 (reload active) or equals the parameter
set when "keepalived_hotplug" is called.
The default behavior should be:
- Reload if set_reload_if_sync is called
- NOT reload if set_reload_if_sync is NOT called
A similar fix is ported to "set_update_target".
Signed-off-by: Francesco Benini <francy.benini@gmail.com>
Some init.d scripts like firewall and sqm do not return the actual state
of the service if called with "running" parameter. This result in the
init script called with "start" parameter and the service may not load
the new configuration. Firewall init script is one of this
An option is added in order to skip the "running" check for the service.
Signed-off-by: Francesco Benini <francy.benini@gmail.com>
Add support for NJS module. Various patch are required to make this
module correctly compile with the required library mainly related on
detecting config flags.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Disable additional entry in feature test probably added in new version
of Nginx and never notice. Also declare "no" instead of empty value for
cc test.
While at it also refresh the patch.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes compatibility with ppp-2.5.0 and newer.
We also need to change the PKG_SOURCE_URL since the previous URL is no
longer working and automated downloads from the project homepage are
not desired due to bandwidth restrictions. Have a look at the project
homepage [1] for details.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[1] https://dianne.skoll.ca/projects/rp-pppoe/
This new check in the proto modemanager prevents the SIM card from being
blocked and therefore PUK is not required. If the PIN is entered incorrectly
in the 'uci' configuration, it makes no sense to try this several times
until the PUK is required. Should it nevertheless happen that the PUK
is required, then this will logged.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The variable interface is used in the sub-function 'modemmanager_check_state'.
However, this is not an argument of the function and so the global value
is used. Addding the variable as an function call argument fixes this.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
To make the source clearer, the program parts for the 'locked' and 'failed'
cases are outsourced to sub-functions.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The correct values are prefixed with 'modem.generic'. This is missing
for the value 'state' and 'state-failed-reason.
While we're at it, let's move the readout of 'state-failed-reason' to the
failed case, because that's the only place it's needed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This makes debugging at system startup easier and shows how long we are
waiting for the ModemManager to start.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* Updating package to 2.54.0
* Changed Makefile to install binary to /usr/bin (as in upstream)
* Updated init.rc script with new path
Signed-off-by: R4SAS I2P <r4sas@i2pmail.org>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.5
Description:
updated the initd script creating the nftables rules for the bouncer
to adapt and support the crowdsec-firewall-bouncer's (from 0.0.30)
new internal rule creation mechanism.
* supports comments (introduced with a #), for MAC addresses
in the allow and block list, e.g. 26:5e:a0:6a:9c:da # Test
* added hagezi threat ip feed
* added an adguard logterm to the readme
* removed the broken talos feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fixed adblock status reporting
* optimized the mail template
* removed unanswered DNS requests from reporting
* various small fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* switch to dstnat chain from dstnat_lan chain for dns & tor policies (thanks @egc112)
* re-introduce procd_lan_interface for better LAN detection
* improve is_domain function
* introduce health-check for requried fw4 chains
* bugfix: avoid double counters for dns policies
* bugfix: remove faulty counters for tor policies
* rename interface_process to process_interface for better code readability
* overhaul pbr.user.aws script for a much better performance and more compact
(gzipped) storage of the ranges json locally (thanks @bigsmile74)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
nut was recently upgraded to 2.8.1 which includes a change in
configure.ac that uses /run for the pidfile if it exists during build.
Explicitly specify --with-pidpath to use the path that was used with
2.8.0 and prior.
The symptom here was that there'd be leftover processes when nut-monitor
was restarted.
Fixes: 82f36e0c78 ("nut: update to 2.8.1")
Fixes: https://github.com/openwrt/packages/issues/24106
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Omit usually unused features:
- ipn.StateStore implementation using AWS SSM
- BIRD Internet Routing Daemon client
- tstun TAP device for bridging
- Kubernetes kubectl configuration utility
- Command line completion script generation
This shaves off about 500kb from the final executable.
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.5
Description:
updated to new upstream release version 0.0.31
* implement system health check on start for required fw4 table/chains
* add error messages for failed health checks
* move resolver check & config from load_package_config to load_environment
* no longer filter only static rules for pbr_* tables
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Since 3fa5ee0b28
OpenWrt no longer disables SCTP support by default.
It caused the leak of libsctp dependency to iperf3.
Here we disable it explicitly to fix the build.
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Knot Resolver 5.7.4 (2024-07-23)
================================
Security
--------
- reduce buffering of transmitted data, especially TCP-based in userspace
Also expose some of the new tweaks in lua:
(require 'ffi').C.the_worker.engine.net.tcp.user_timeout = 1000
(require 'ffi').C.the_worker.engine.net.listen_{tcp,udp}_buflens.{snd,rcv}
Improvements
------------
- add the fresh DNSSEC root key KSK-2024 already, Key ID 38696
Incompatible changes
--------------------
- libknot 3.0.x support is dropped
Upstream last maintained 3.0.x in spring 2022.
Knot Resolver 5.7.3 (2024-05-30)
================================
Improvements
------------
- stats: add separate metrics for IPv6 and IPv4
Bugfixes
--------
- fix NSEC3 records missing in answer for positive wildcard expansion
with the NSEC3 having over-limit iteration count
Knot Resolver 5.7.2 (2024-03-27)
================================
Bugfixes
--------
- fix on 32-bit systems with 64-bit time_t
Signed-off-by: Jan Hák <jan.hak@nic.cz>
1. Mount hosts files since the daemon is in ujail
2. Set hosts options at last as all other options set after it will
be ignored
Drop redundant reload_service func while at it.
Fixes: ecdf98767e ("dnsproxy: add hosts configurations")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Migrate "all_servers" and "fastest_addr" to new option "upstream_mode".
Fixes: d0823a8244 ("dnsproxy: Update to 0.73.2")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.4
Description:
updated to new upstream release version 0.0.30
* allow using WG servers as gateways if explicitly set in supported_interface
* automatically execute user scripts in /etc/pbr.d/
* change the dnsmasq restart logic on start/reload/restart
* further nft file atomic mode-related code cleanup
* fix spelling in error message
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* BUGFIX: correctly identify available RAM
* BUGFIX: properly store remote list filesize in config
* shellcheck updates
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* fixed auto allow-/blocklist-issue with IPv6 addresses in CIDR notation
* removed edrop feed from readme (had been removed from feeds for a while)
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Replaced SF project and download URLs with nwtime ones.
The project is now hosted at https://linuxptp.nwtime.org/.
- Removed 020-gcc14.patch. Missing include was fixed upstream
in v4.2.
- Added patch to disable MAC library autodetection. That
can silently pick up unwanted dependencies, depending on
package build order. We can add linuxptp-<mac lib> variants
of this package later if there are users of authenticated
PTP.
Signed-off-by: Shenghao Yang <me@shenghaoyang.info>
Split configuration in global and per-network sections.
This change breaks existing configurations.
The following per-network settings are available:
* allow_managed
* allow_global
* allow_default
* allow_dns
See https://docs.zerotier.com/config/#network-specific-configuration
Signed-off-by: Óscar García Amor <contact@ogarcia.me>
Reviewed-by: Moritz Warning <moritzwarning@web.de>
Sometimes mdns-repeater quits or crashes, leaving service stopped. This commit should fix that by enabling respawn in procd.
Signed-off-by: Tina DiPierro <tina@dipier.ro>
Upstream repository[1] is now read-only.
It seems daemonlogger is no longer maintained.
[1] https://github.com/Cisco-Talos/Daemonlogger
Signed-off-by: Yanase Yuki <dev@zpc.st>
Makefile:
* remove pbr-iptables flavour
Init-script:
* improve detection of wireguard server and client instances
* integrate wg_server_and_client into init script
* remove traffic_killswitch() and trap() and related options/code
* remove internal nft_file_support variable as fw4 nft file is the only running mode
* improve debug() and is_supported_interface() functions
* improve detection of incompatible user script files
* double-quote some strings due to shellcheck errors
* flush ip rules from pbr tables instead of deleting last one
Other files:
* remove /usr/share/pbr/pbr.user.wg_server_and_client as obsolete
* remove references to the file above in config on update thru uci-defaults
* minor updates to netifd uci-defaults script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Adjust openssh's versioning to be compatible with apk:
8.9p1-r2 --> 8.9_p1-r2
"_p" is an allowed semantic suffix, so use that.
(Alternative might have been 8.9.1-r2)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
netbird supports the wireguard kernel module, but it can work without it in userspace,
losing some performance, but we know in advance that netbird will run as root,
therefore supporting the wireguard kernelspace with better performance.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Extends DDNS support for the Porkbun v3 JSON API with a custom update
script and service configuration.
See: https://porkbun.com/api/json/v3/documentation
Depends on cURL (with SSL) for transport. Porkbun authentication API keys
and secret keys are passed through the ddns-scripts "username" and
"password" variables, respectively. As Porkbun DNS is currently backed by
Cloudflare, also support ddns-scripts "rec_id" variable for specific
record targeting.
Signed-off-by: Ansel Horn <dev@cahorn.net>
ovh.com supports https and IPv6 since March 2024.
New API operates under domain dns.eu.ovhapis.com
Add IPv6 support, use https and updated domain for ovh.com.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
Update ZNC to latest release 1.9.1.
Changelog:
* https://wiki.znc.in/ChangeLog/1.9.1
Since we never provided modtcl, OpenWrt was never affected by
CVE-2024-39844.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
The basicstation build fails since the change to the new major version
3.x of mbedtls, because of API changes in the new mbedtls version.
To fix the compilation for new mbedtls version, the waiting pullrequest
is backported as a patch.
Thanks to 'Glenn Strauss' to create this PR:
https://github.com/lorabasics/basicstation/pull/198
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.
Signed-off-by: Dirk Brenken <dev@brenken.org>
For cnames with a local data target the A RR is not resolved and
missing in the response. As most applications don't send another
query and fail, these entries are placed in a rpz zone instead.
Signed-off-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
* added full 1Hosts feed support (4 categories)
* changed the OISD list sources to alternate wildcard domains syntax
* used only the adguard source in default config
* fixed a needless reload delay plus a few cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new gawk dependency
* full hagezi support (all 32 categories)
* refine Stevenblack support
* refine whitelist handling
* fixed tcpdump command line for ports other than 53 (see #24685)
Signed-off-by: Dirk Brenken <dev@brenken.org>
ModemManager does not depend on Lua by its own, so make it possible to
not have a requirement on Lua if the rpcd integration is not needed.
Signed-off-by: Christian Svensson <blue@cmd.nu>
This version is the final version supporting iptables and:
* it separates the old iptables/nft-capable init script from the new nft-only init script
* the new nft-script is a significant rewrite of the old recursive calls/policy parsing
and tries to create inline nft sets which offers performance improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
clamav needs rust toolchain to build, add $(RUST_ARCH_DEPENDS) to
dependencies to avoid building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
We no longer use "epoll()", but a new library dependency "liburcu"
(user-space RCU) has been added.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
wgsd is written in Go, add $(GO_ARCH_DEPENDS) to dependencies to avoid
building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Matthew Hagan has been absent for two years and this package lacks
proper maintenance. As I'm a user of this package, take over the
maintainership.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
- do not touch default configuration
- put the binary into /usr/bin as it's not a "system" application
- update GO_PKG path
- remove useless init script[1]
- other minor clean up
1. The database directory will be automatically created by the program.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This version brings two significant updates:
* support for text labels/names for the external lists
* better processing of the config update files, which cleans up
entries with missing URLs
Also:
* new config file contains names for all lists
* it tries to match existing URLs with the names from the new config file
and update user config as part of uci-defaults script
* contains minor updates to copyright/license/upstream URL/README
* updates the config update script to remove sysctl.org list as it's outdated
* adds two new remote lists: Hagezi and 1Hosts
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Makefile:
* update to latest upstream version
* remove PKG_SOURCE_DATE/PKG_SOURCE_RELEASE as they are no longer needed
* set TARGET_CFLAGS/TARGET_LDFLAGS
* update CMAKE_OPTIONS
* add CONFIGURE_ARGS to prepare for building with HTTP/3
* update package URL to upstream repo instead of documentation
* update package/description
* add README.md with link to documentation
init-script:
* do not run within image builder
* add a line which can be uncommented to remove outdated doh_server entries
020-src-options.c-add-version.patch:
* remove it, as it's no longer needed with version set in CMAKE_OPTIONS
Signed-off-by: Stan Grishin <stangri@melmac.ca>
The awk expression in mwan3_delete_iface_rules splits the `ip rule list`
output by spaces, therefore $1 contains the trailing colon (e.g., "1:",
"1000:"). The < and > operators compare such values as strings instead
of numbers, producing unexpected results (for example, "1:" > "1000").
Change the field separator to ":" for correct number comparison, so that
the right rules are removed.
An example error message that may appear before the fix:
Error: argument "1:" is wrong: preference value is invalid
It happens because `substr($1,0,4)` selects short numbers along with
the colon. In other cases wrong rules may be removed, for example, if
there is rule 10051, then rule 1005 will be removed.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
UPnP rules now may have an optional regex filter on requester's
descriptions. This is a countermeasure against some UPnP exploiters
without shutting down UPnP service completely, albeit they can bypass it
by reporting innocent's descriptions maliciously.
Since the filter specifier is optional, existing valid config files will
still work.
This increases the executable's size by 1.3 kB from original 147.7 kB on
i386.
Signed-off-by: David Yang <mmyangfl@gmail.com>
With the recent update, it was discovered that curl causes high CPU usage,
until the solution is found, let's revert the commit.
Fixes: https://github.com/openwrt/packages/issues/24693
This reverts commit e29aaab606.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit writes the option hostname obtained via uci_get
system.@system[0].hostname to the snmpd.conf file if sysName
is not defined in /etc/config/snmpd.
Signed-off-by: Christian Korber <ckorber@tdt.de>
This is a bugfix release
Bug fixes:
- the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations
with AUTH_FAIL messages having trailing CR/NL characters. This often happens if the AUTH_FAIL reason is set by a script.
- Http-proxy: fix bug preventing proxy credentials caching
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Jonas Jelonek