nut was recently upgraded to 2.8.1 which includes a change in
configure.ac that uses /run for the pidfile if it exists during build.
Explicitly specify --with-pidpath to use the path that was used with
2.8.0 and prior.
The symptom here was that there'd be leftover processes when nut-monitor
was restarted.
Fixes: 82f36e0c78 ("nut: update to 2.8.1")
Fixes: https://github.com/openwrt/packages/issues/24106
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
Omit usually unused features:
- ipn.StateStore implementation using AWS SSM
- BIRD Internet Routing Daemon client
- tstun TAP device for bridging
- Kubernetes kubectl configuration utility
- Command line completion script generation
This shaves off about 500kb from the final executable.
Signed-off-by: Zephyr Lykos <git@mochaa.ws>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.5
Description:
updated to new upstream release version 0.0.31
* implement system health check on start for required fw4 table/chains
* add error messages for failed health checks
* move resolver check & config from load_package_config to load_environment
* no longer filter only static rules for pbr_* tables
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Since 3fa5ee0b28
OpenWrt no longer disables SCTP support by default.
It caused the leak of libsctp dependency to iperf3.
Here we disable it explicitly to fix the build.
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
Knot Resolver 5.7.4 (2024-07-23)
================================
Security
--------
- reduce buffering of transmitted data, especially TCP-based in userspace
Also expose some of the new tweaks in lua:
(require 'ffi').C.the_worker.engine.net.tcp.user_timeout = 1000
(require 'ffi').C.the_worker.engine.net.listen_{tcp,udp}_buflens.{snd,rcv}
Improvements
------------
- add the fresh DNSSEC root key KSK-2024 already, Key ID 38696
Incompatible changes
--------------------
- libknot 3.0.x support is dropped
Upstream last maintained 3.0.x in spring 2022.
Knot Resolver 5.7.3 (2024-05-30)
================================
Improvements
------------
- stats: add separate metrics for IPv6 and IPv4
Bugfixes
--------
- fix NSEC3 records missing in answer for positive wildcard expansion
with the NSEC3 having over-limit iteration count
Knot Resolver 5.7.2 (2024-03-27)
================================
Bugfixes
--------
- fix on 32-bit systems with 64-bit time_t
Signed-off-by: Jan Hák <jan.hak@nic.cz>
1. Mount hosts files since the daemon is in ujail
2. Set hosts options at last as all other options set after it will
be ignored
Drop redundant reload_service func while at it.
Fixes: ecdf98767e ("dnsproxy: add hosts configurations")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Migrate "all_servers" and "fastest_addr" to new option "upstream_mode".
Fixes: d0823a8244 ("dnsproxy: Update to 0.73.2")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.4
Description:
updated to new upstream release version 0.0.30
* allow using WG servers as gateways if explicitly set in supported_interface
* automatically execute user scripts in /etc/pbr.d/
* change the dnsmasq restart logic on start/reload/restart
* further nft file atomic mode-related code cleanup
* fix spelling in error message
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* BUGFIX: correctly identify available RAM
* BUGFIX: properly store remote list filesize in config
* shellcheck updates
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* fixed auto allow-/blocklist-issue with IPv6 addresses in CIDR notation
* removed edrop feed from readme (had been removed from feeds for a while)
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Replaced SF project and download URLs with nwtime ones.
The project is now hosted at https://linuxptp.nwtime.org/.
- Removed 020-gcc14.patch. Missing include was fixed upstream
in v4.2.
- Added patch to disable MAC library autodetection. That
can silently pick up unwanted dependencies, depending on
package build order. We can add linuxptp-<mac lib> variants
of this package later if there are users of authenticated
PTP.
Signed-off-by: Shenghao Yang <me@shenghaoyang.info>
Split configuration in global and per-network sections.
This change breaks existing configurations.
The following per-network settings are available:
* allow_managed
* allow_global
* allow_default
* allow_dns
See https://docs.zerotier.com/config/#network-specific-configuration
Signed-off-by: Óscar García Amor <contact@ogarcia.me>
Reviewed-by: Moritz Warning <moritzwarning@web.de>
Sometimes mdns-repeater quits or crashes, leaving service stopped. This commit should fix that by enabling respawn in procd.
Signed-off-by: Tina DiPierro <tina@dipier.ro>
Upstream repository[1] is now read-only.
It seems daemonlogger is no longer maintained.
[1] https://github.com/Cisco-Talos/Daemonlogger
Signed-off-by: Yanase Yuki <dev@zpc.st>
Makefile:
* remove pbr-iptables flavour
Init-script:
* improve detection of wireguard server and client instances
* integrate wg_server_and_client into init script
* remove traffic_killswitch() and trap() and related options/code
* remove internal nft_file_support variable as fw4 nft file is the only running mode
* improve debug() and is_supported_interface() functions
* improve detection of incompatible user script files
* double-quote some strings due to shellcheck errors
* flush ip rules from pbr tables instead of deleting last one
Other files:
* remove /usr/share/pbr/pbr.user.wg_server_and_client as obsolete
* remove references to the file above in config on update thru uci-defaults
* minor updates to netifd uci-defaults script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Adjust openssh's versioning to be compatible with apk:
8.9p1-r2 --> 8.9_p1-r2
"_p" is an allowed semantic suffix, so use that.
(Alternative might have been 8.9.1-r2)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Sometimes the wan connection needs time to be established (e.g. cold
boot after power loss) and the service may crash as the internet is
yet available. Add a trigger to reload the service once the wan
interface is up.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
netbird supports the wireguard kernel module, but it can work without it in userspace,
losing some performance, but we know in advance that netbird will run as root,
therefore supporting the wireguard kernelspace with better performance.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Extends DDNS support for the Porkbun v3 JSON API with a custom update
script and service configuration.
See: https://porkbun.com/api/json/v3/documentation
Depends on cURL (with SSL) for transport. Porkbun authentication API keys
and secret keys are passed through the ddns-scripts "username" and
"password" variables, respectively. As Porkbun DNS is currently backed by
Cloudflare, also support ddns-scripts "rec_id" variable for specific
record targeting.
Signed-off-by: Ansel Horn <dev@cahorn.net>
ovh.com supports https and IPv6 since March 2024.
New API operates under domain dns.eu.ovhapis.com
Add IPv6 support, use https and updated domain for ovh.com.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
Update ZNC to latest release 1.9.1.
Changelog:
* https://wiki.znc.in/ChangeLog/1.9.1
Since we never provided modtcl, OpenWrt was never affected by
CVE-2024-39844.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
The basicstation build fails since the change to the new major version
3.x of mbedtls, because of API changes in the new mbedtls version.
To fix the compilation for new mbedtls version, the waiting pullrequest
is backported as a patch.
Thanks to 'Glenn Strauss' to create this PR:
https://github.com/lorabasics/basicstation/pull/198
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.
Signed-off-by: Dirk Brenken <dev@brenken.org>
For cnames with a local data target the A RR is not resolved and
missing in the response. As most applications don't send another
query and fail, these entries are placed in a rpz zone instead.
Signed-off-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
* added full 1Hosts feed support (4 categories)
* changed the OISD list sources to alternate wildcard domains syntax
* used only the adguard source in default config
* fixed a needless reload delay plus a few cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new gawk dependency
* full hagezi support (all 32 categories)
* refine Stevenblack support
* refine whitelist handling
* fixed tcpdump command line for ports other than 53 (see #24685)
Signed-off-by: Dirk Brenken <dev@brenken.org>
ModemManager does not depend on Lua by its own, so make it possible to
not have a requirement on Lua if the rpcd integration is not needed.
Signed-off-by: Christian Svensson <blue@cmd.nu>
This version is the final version supporting iptables and:
* it separates the old iptables/nft-capable init script from the new nft-only init script
* the new nft-script is a significant rewrite of the old recursive calls/policy parsing
and tries to create inline nft sets which offers performance improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
clamav needs rust toolchain to build, add $(RUST_ARCH_DEPENDS) to
dependencies to avoid building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
We no longer use "epoll()", but a new library dependency "liburcu"
(user-space RCU) has been added.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
wgsd is written in Go, add $(GO_ARCH_DEPENDS) to dependencies to avoid
building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Matthew Hagan has been absent for two years and this package lacks
proper maintenance. As I'm a user of this package, take over the
maintainership.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
- do not touch default configuration
- put the binary into /usr/bin as it's not a "system" application
- update GO_PKG path
- remove useless init script[1]
- other minor clean up
1. The database directory will be automatically created by the program.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This version brings two significant updates:
* support for text labels/names for the external lists
* better processing of the config update files, which cleans up
entries with missing URLs
Also:
* new config file contains names for all lists
* it tries to match existing URLs with the names from the new config file
and update user config as part of uci-defaults script
* contains minor updates to copyright/license/upstream URL/README
* updates the config update script to remove sysctl.org list as it's outdated
* adds two new remote lists: Hagezi and 1Hosts
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Wesley Gimenes