Extends DDNS support for the Porkbun v3 JSON API with a custom update
script and service configuration.
See: https://porkbun.com/api/json/v3/documentation
Depends on cURL (with SSL) for transport. Porkbun authentication API keys
and secret keys are passed through the ddns-scripts "username" and
"password" variables, respectively. As Porkbun DNS is currently backed by
Cloudflare, also support ddns-scripts "rec_id" variable for specific
record targeting.
Signed-off-by: Ansel Horn <dev@cahorn.net>
ovh.com supports https and IPv6 since March 2024.
New API operates under domain dns.eu.ovhapis.com
Add IPv6 support, use https and updated domain for ovh.com.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
Update ZNC to latest release 1.9.1.
Changelog:
* https://wiki.znc.in/ChangeLog/1.9.1
Since we never provided modtcl, OpenWrt was never affected by
CVE-2024-39844.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* bugfix: users reported unexpected side effects with the newly introduced rpc-sys ubus service, reverted that part
*bugfix: made "tcpdump" optional
Signed-off-by: Dirk Brenken <dev@brenken.org>
The basicstation build fails since the change to the new major version
3.x of mbedtls, because of API changes in the new mbedtls version.
To fix the compilation for new mbedtls version, the waiting pullrequest
is backported as a patch.
Thanks to 'Glenn Strauss' to create this PR:
https://github.com/lorabasics/basicstation/pull/198
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* get rid of the opkg dependency
* fixed remaining hagezi category issues
* adblock still depends on 'gawk', but also accepts busybox awk. The readme describes two officially unsupported installation variants.
Signed-off-by: Dirk Brenken <dev@brenken.org>
For cnames with a local data target the A RR is not resolved and
missing in the response. As most applications don't send another
query and fail, these entries are placed in a rpz zone instead.
Signed-off-by: Tobias Waldvogel <tobias.waldvogel@gmail.com>
* added full 1Hosts feed support (4 categories)
* changed the OISD list sources to alternate wildcard domains syntax
* used only the adguard source in default config
* fixed a needless reload delay plus a few cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* new gawk dependency
* full hagezi support (all 32 categories)
* refine Stevenblack support
* refine whitelist handling
* fixed tcpdump command line for ports other than 53 (see #24685)
Signed-off-by: Dirk Brenken <dev@brenken.org>
ModemManager does not depend on Lua by its own, so make it possible to
not have a requirement on Lua if the rpcd integration is not needed.
Signed-off-by: Christian Svensson <blue@cmd.nu>
This version is the final version supporting iptables and:
* it separates the old iptables/nft-capable init script from the new nft-only init script
* the new nft-script is a significant rewrite of the old recursive calls/policy parsing
and tries to create inline nft sets which offers performance improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
clamav needs rust toolchain to build, add $(RUST_ARCH_DEPENDS) to
dependencies to avoid building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
We no longer use "epoll()", but a new library dependency "liburcu"
(user-space RCU) has been added.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
wgsd is written in Go, add $(GO_ARCH_DEPENDS) to dependencies to avoid
building on unsupported architectures.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Matthew Hagan has been absent for two years and this package lacks
proper maintenance. As I'm a user of this package, take over the
maintainership.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
- do not touch default configuration
- put the binary into /usr/bin as it's not a "system" application
- update GO_PKG path
- remove useless init script[1]
- other minor clean up
1. The database directory will be automatically created by the program.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This version brings two significant updates:
* support for text labels/names for the external lists
* better processing of the config update files, which cleans up
entries with missing URLs
Also:
* new config file contains names for all lists
* it tries to match existing URLs with the names from the new config file
and update user config as part of uci-defaults script
* contains minor updates to copyright/license/upstream URL/README
* updates the config update script to remove sysctl.org list as it's outdated
* adds two new remote lists: Hagezi and 1Hosts
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Makefile:
* update to latest upstream version
* remove PKG_SOURCE_DATE/PKG_SOURCE_RELEASE as they are no longer needed
* set TARGET_CFLAGS/TARGET_LDFLAGS
* update CMAKE_OPTIONS
* add CONFIGURE_ARGS to prepare for building with HTTP/3
* update package URL to upstream repo instead of documentation
* update package/description
* add README.md with link to documentation
init-script:
* do not run within image builder
* add a line which can be uncommented to remove outdated doh_server entries
020-src-options.c-add-version.patch:
* remove it, as it's no longer needed with version set in CMAKE_OPTIONS
Signed-off-by: Stan Grishin <stangri@melmac.ca>
The awk expression in mwan3_delete_iface_rules splits the `ip rule list`
output by spaces, therefore $1 contains the trailing colon (e.g., "1:",
"1000:"). The < and > operators compare such values as strings instead
of numbers, producing unexpected results (for example, "1:" > "1000").
Change the field separator to ":" for correct number comparison, so that
the right rules are removed.
An example error message that may appear before the fix:
Error: argument "1:" is wrong: preference value is invalid
It happens because `substr($1,0,4)` selects short numbers along with
the colon. In other cases wrong rules may be removed, for example, if
there is rule 10051, then rule 1005 will be removed.
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
UPnP rules now may have an optional regex filter on requester's
descriptions. This is a countermeasure against some UPnP exploiters
without shutting down UPnP service completely, albeit they can bypass it
by reporting innocent's descriptions maliciously.
Since the filter specifier is optional, existing valid config files will
still work.
This increases the executable's size by 1.3 kB from original 147.7 kB on
i386.
Signed-off-by: David Yang <mmyangfl@gmail.com>
With the recent update, it was discovered that curl causes high CPU usage,
until the solution is found, let's revert the commit.
Fixes: https://github.com/openwrt/packages/issues/24693
This reverts commit e29aaab606.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit writes the option hostname obtained via uci_get
system.@system[0].hostname to the snmpd.conf file if sysName
is not defined in /etc/config/snmpd.
Signed-off-by: Christian Korber <ckorber@tdt.de>
This is a bugfix release
Bug fixes:
- the fix for CVE-2024-5594 (refuse control channel messages with nonprintable characters) was too strict, breaking user configurations
with AUTH_FAIL messages having trailing CR/NL characters. This often happens if the AUTH_FAIL reason is set by a script.
- Http-proxy: fix bug preventing proxy credentials caching
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
The output format of `khost` has changed. This commit fixes the regexp
for IPv4. It fixes the issue of using a custom DNS to resolve current
address.
```bash
root@localhost:~# khost ns2.afraid.org
ns2.afraid.org. has IPv4 address 69.65.50.223
ns2.afraid.org. has IPv6 address 2001:1850:1:5:800::6b
Host ns2.afraid.org. has no MX record
root@localhost:~# khost --version
khost (Knot DNS), version 3.3.5
```
Signed-off-by: Denis Shulyaka <Shulyaka@gmail.com>
ci: Fix up Docker images' tag from version number
chore(deps): bump github.com/gin-contrib/cors from 1.3.1 to 1.6.0
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Handle not having a dynamic pool correctly without ipcalc.sh
generating noise about it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
The 'modemmanager' uses the 'dbus'. Status information can be retrieved
with the 'mmcli' command, this can also be output in json format.
This commit adds a new 'ubus' backend with which this information can
be easily accessed via ubus.
* ubus call modemmanager info
* ubus call modemmanager dump
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The upstream project is declared as bugfix-only and received no update
for about 2 years. The developement focus there has shifted. It does
not compile with current openwrt main branch.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
extensions/ACCOUNT/Makefile.am
change ${top_srcdir} to ../../ (used in 3.24) to fix the following error
cp: cannot stat '/Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.26/ipkg-install/usr/lib/iptables/libxt_ACCOUNT.so': No such file or directory
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Merge the following patches
201-fix-lua-packetscript.patch
210-freebsd-build-fix.patch
since they modify files created by 200-add-lua-packetscript.patch
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Fixes
make[6]: Entering directory '/Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/linux-6.6.36'
CC [M] /Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.24/extensions/LUA/prot_buf_ip.o
In file included from /Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.24/extensions/LUA/prot_buf_ip.c:20:
./include/net/checksum.h: In function 'csum_shift':
./include/net/checksum.h:90:40: error: implicit declaration of function 'ror32' [-Werror=implicit-function-declaration]
90 | return (__force __wsum)ror32((__force u32)sum, 8);
| ^~~~~
In file included from ./include/linux/kernel.h:22,
from ./include/linux/skbuff.h:13,
from ./include/linux/tcp.h:17,
from ./include/net/tcp.h:20,
from /Volumes/x64/openwrt/build_dir/target-x86_64_musl/linux-x86_64/xtables-addons-3.24/extensions/LUA/prot_buf_ip.c:21:
./include/linux/bitops.h: At top level:
./include/linux/bitops.h:135:21: error: conflicting types for 'ror32'; have '__u32(__u32, unsigned int)' {aka 'unsigned int(unsigned int, unsigned int)'}
135 | static inline __u32 ror32(__u32 word, unsigned int shift)
| ^~~~~
./include/net/checksum.h:90:40: note: previous implicit declaration of 'ror32' with type 'int()'
90 | return (__force __wsum)ror32((__force u32)sum, 8);
| ^~~~~
cc1: some warnings being treated as errors
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Backport pending patch, which was submitted to upstream via GitHub
to use modified function to compile it against miniupnpc 2.2.8.
Signed-off-by: Karol Kolacinski <kolacinskikarol@live.com>
Squashed using these commits:
- wifischedule: use `service` instead of direct path
- wifischedule: use `sort -u` instead of `uniq`
- wifischedule: restart cron only at the end of batch instead of after every change
- wifischedule: remove `[[` bash-isms
- wifischedule: trim trailing ws
- wifischedule: reduce `if` blocks
- wifischedule: quote variables and remove some more bash-isms
- wifischedule: simplify _get_uci_value`
- wifischedule: don't exit whole script just because `uci get somekey` fails somewhere
- wifischedule: revamp `_should_enable_wifi()`
- wifischedule: revamp `_format_daysofweek_list()`
- wifischedule: revamp `_enable_wifi_schedule()`
- wifischedule: minor refactoring
- wifischedule: mega revamp
- wifischedule: fixes
- wifischedule: touch-ups
- wifischedule: use only `awk` in `_cfg_list_entries()` to filter `uci`
- wifischedule: improve code docs
- wifischedule: inline `_crontab_format_dow_field()`
- wifischedule: refactor `_crontab_append_line()`
- wifischedule: add `_uci_bool()` and refactor `_arith_bool()`
- wifischedule: rename some functions
- wifischedule: refactor using shellcheck
- wifischedule: refactor `_wifi_get_interfaces()`
- wifischedule: refactor `_wifi_get_devices()`
- wifischedule: shellcheck fixes
- wifischedule: use logger instead of a logfile
- wifischedule: refactor global consts
- wifischedule: introduce main() func
- wifischedule: bump version
Signed-off-by: Jan Chren ~rindeal <dev.rindeal@gmail.com>
The `ssh_systemd_notify` function is causing compilation errors
when built against GCC 14.1. This is due to an incompatible pointer
type being passed to the connect function.
The connect function expects a pointer to `struct sockaddr`, but
was receiving a pointer to `struct sockaddr_un`.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
External scripts may only be specified with script-security 2 or higher,
otherwise OpenVPN fails at tunnel startup with an error.
This changes the previously hardcoded hotplug scripts to only be added if
script-security is 2 or higher is used.
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Release notes: https://www.openssh.com/txt/release-9.8
* 9.8p1 fixes CVE-2024-6387
* Adjusted Makefile to provide /usr/lib/sshd-session
* Given the troubles with -fzero-call-used-regs and all the
broken checks, makes sense to skip it
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
* removed an accidentally commited flag of the upcoming adblock 5.x, this fixes a startup regression without trigger interface
Signed-off-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Package tested: with manual install on different partition tested
Description: update to latest version of upstream
- Take advantage of bug fix in jsonfilter to get rid of array hack, should
improve memory footprint quite a bit
- Implement substring matching in dates so you can collect data for a specific
day, hour or run bin reports for histograms
- Report title now contains specified date range, footer percentages
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Fix incorrect uci config syntax, caused by a careless newbie contributer.
Modify function append_param_arg() in init script, to support hyphenated
arguments.
Add more command parameters as uci options, no value is set to keep it default.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
description: Since IPv6 is present in everyday use, we need to include
information about IPv6 addresses & routes in SNMP
example:
IP-MIB::ipAddressOrigin.ipv6
IP-MIB::ipAddressOrigin[ipv6]["00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fd:00:00:09:02:55:00:00:00:00:00:00:00:00:01:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:00:09:ff:fe:06:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:02:09:ff:fe:00:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:ae:84:c6:ff:fe:25:8c:ce"] = linklayer
tested:
23.05-snapshot
master snapshot
with LibreNMS, OpenWRT device IPv6 Addresses & Routes are properly recognized
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
This commit adds a uci configuration file and makes the gatling server
controllable by procd.
Co-authored-by: Moritz Warning <moritzwarning@web.de>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
Allow measuring ping latency and CPU details at idle as a baseline before
measuring under data transfer loading. This allows better determination of
Latency Under Load, a critical bufferbloat parameter. The CPU details can
also be used to verify idle conditions or examine CPU frequency against
ping variations and jitter.
Change the default test duration to 30 seconds, which is adequate for SQM
tuning while reducing bandwidth consumption for upstream netperf servers.
Change the default ping host from gstatic.com to one.one.one.one, which is
widely available and generally shows lower latency.
When warning of internal netperf errors, suggest running netperf directly
to view error details.
Other minor updates include:
- clear tmp file names for safety in case of traps
- simplify ping code, argument parsing and number validation
- fix cases of wrong protocol usage with hostname as ping target
- drop unneeded egrep usage
Also update README accordingly, with clearer usage text and terminology.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
As per @Ansuel's not about ctx cleanup in error path, decided to rework
the patch.
Changes and Improvements:
Smart Pointers for Memory Management:
* The `EVP_PKEY_ptr` and `X509_NAME_ptr` smart pointers
are used to manage the memory of `EVP_PKEY` and `X509_NAME`
objects respectively to ensure proper cleanup.
Error Handling:
* Improved error messages and exception handling to provide
more information about what went wrong.
Resource Cleanup:
* Ensured all allocated resources are now properly freed
in case of an error to prevent memory leaks.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Previously the "use" command had the following shortcomings:
* a subprocess was created instead of replacing the shell process
* whitespace in arguments was not handled correctly
Implementation detail:
In shell context the `"$@"` expression should be used (instead of `$*`).
This allows the safe handling of arguments containing whitespace.
Closes: #20001
Signed-off-by: Lars Kruse <devel@sumpfralle.de>
Currently, the nfs-kernel-server package exports /mnt by default after
it is installed. This is not a good default behavior, as it may expose
sensitive data to the network if a user mounts something on /mnt. This
commit commented out the line that exports /mnt, so the user has to
enable it explicitly.
Signed-off-by: Yangyu Chen <cyy@cyyself.name>
* relax the firewall pre-check if fw4 is not running
* replace former stale tor feed source with 'https://www.dan.me.uk/torlist/?exit'
* add openvpn log term/search pattern example to the readme
* the default config now includes only log terms for dropbear and LuCI, all others are optional
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
This is a bugfix release containing several security fixes.
Security fixes
--------------
- CVE-2024-4877: Windows: harden interactive service pipe.
Security scope: a malicious process with "some" elevated privileges
could open the pipe a second time, tricking openvn GUI
into providing user credentials (tokens), getting full access
to the account openvpn-gui.exe runs as.
- CVE-2024-5594: control channel: refuse control channel messages
with nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn log,
or cause high CPU load.
- CVE-2024-28882: only call schedule_exit() once (on a given peer).
Security scope: an authenticated client can make the server "keep the session"
even when the server has been told to disconnect this client
Bug fixes
---------
- fix connect timeout when using SOCKS proxies
- work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers
- Add bracket in fingerprint message and do not warn about missing verification
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
tlsv1.3 support is broken in curl 8.8.0 with mbedtls 3.6.0.
See curl/curl#13653 and Mbed-TLS/mbedtls#9210 for more details.
A workaround was implemented in upsteam code, see curl/curl@0c4b4c1 and curl/curl@5f9017d
This commit includes patches generated from upstream commits.
fix#24365#24386
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Due to changes in elfutils in order to
simplify the build for static libraries only,
the zlib functions that libelf depends on
are no longer linked within the static libelf library.
If frr were to use pkg-config, no change would be necessary,
however, the AC_CHECK_LIB macro is used, so add the link manually.
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Bump to latest 2.0.26 release
apache2/mod_proxy_uwsgi: let httpd handle CL/TE for non-http handlers CVE-2024-24795 (Eric Covener)
remove race-condition over termination of uWSGI process when using need-app and lazy-apps (Hanan .T)
fix 32-bit compilation with GCC14 (Rosen Penev)
uwsgiconfig: get compiler version with -dumpfullversion (Riccardo Magliocchetti)
Fix uwsgi_regexp_match() with pcre2 (Alexandre Rossi)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Updated 010-configure-uname.patch as source changed.
Removed 100-example-conf-in.patch as not needed any more.
Release message:
This release has a fix for the DNSBomb issue CVE-2024-33655. This has a
low severity for Unbound, since it makes Unbound complicit in targeting
others, but does not affect Unbound so much.
To mitigate the issue new configuration options are introduced.
The options discard-timeout: 1900, wait-limit: 1000
and wait-limit-cookie: 10000 are enabled by default. They limit the
number of outstanding queries that a querier can have. This limits
the reply pulse, and make Unbound less favorable for the issue.
With the config wait-limit-netblock and wait-limit-cookie-netblock
the parameters can be fine tuned for specific destinations.
More information on the attack and Unbound's mitigations are
presented further down.
Other fixes in this release are that Unbound no longer follows symlinks
when truncating the pidfile. Unbound also does not chown the pidfile,
this is for safety reasons. There are also a number of fixes for RPZ, in
handling CNAMEs. There is a memory leak fix for the edns client subnet
cache. For DNSSEC validation a case is fixed when the query is of type
DNAME. The unbound-anchor program is fixed to first write to a temporary
file, before replacing the original. This handles disk full situations,
and because of it unbound-anchor needs permission to create that file,
in the same directory as the original file. There is also a fix for
IP_DONTFRAG, to disable fragmentation instead of the opposite.
The option cache-min-negative-ttl can be used to set the minimum TTL
for negative responses in the cache. It complements existing options to
set the maximum ttl for negative responses and to set the minimum and
maximum ttl but not specifically for negative responses.
The option cachedb-check-when-serve-expired option makes Unbound use
cachedb to check for expired responses, when serve-expired is enabled,
and cachedb is used. It is enabled by default.
The -q option for unbound-checkconf can be added to silence it when
there are no errors.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
Remove one patch - instead of messing with BUILDCXXFLAGS there we
properly define it via CONFIGURE_ARGS inside Makefile of the package.
Refresh remaining patch.
Signed-off-by: Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
* fixed a possible "Argument list too long" error in the f_log function
* fixed multiple, incomplete digit character classes
* fixed/optimized split file handling
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Remove the ancient package with experimental cake options,
from time when cake was not yet officially here.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The message 'MM_CONNECT_IN_PROGRESS' is a status message, not an error
message. To avoid confusion, the message has been removed.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
This commit improves the automatic reconnect logic. If the modem cannot
establish a connection, for example due to poor reception, the
proto_block_restart prevents the interface from trying to reconnect.
To enforce the connection, this commit adds a new option that allows the
system to attempt to establish a connection indefinitely.
Signed-off-by: Oliver Sedlbauer <osedlbauer@tdt.de>
* made sure, that the domain lookup always add the found IPs to the underlying allow-/blocklist-Set
* major readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Switch source to .xz according to CONTRIBUTING.md
- Switch project URL to HTTPS
- Drop upstreamed patch
- Refresh remaining patch
- Adopt the package
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
Fixes:
zebra/zebra_netns_notify.c: In function 'zebra_ns_ready_read':
zebra/zebra_netns_notify.c:265:40: error: implicit declaration of function 'basename' [-Wimplicit-function-declaration]
265 | if (strmatch(VRF_DEFAULT_NAME, basename(netnspath))) {
| ^~~~~~~~
Fixed by including libgen.h, then since basename may modify its
parameter, allocate a copy on the stack, using strdupa, and pass the
temporary string to basename.
According to the man page for basename:
With glibc, one gets the POSIX version of basename() when
<libgen.h> is included, and the GNU version otherwise.
The POSIX version of basename may modify the contents of path,
so we should to pass a copy when calling this function.
[1] https://man7.org/linux/man-pages/man3/basename.3.html
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
The IETF fork is unmaintained. In addition, the versioning is incompatible with apk.
010-uclibc.patch is pointless as uclibc is no longer used by OpenWrt.
020-fix-core-dump-while-parsing-interface-list.patch was an upstream
backport. No longer needed.
Added tls=no to avoid mbedtls dependency.
mDNSIdentify is gone.
Added back patches from version 878.200.35. They required manual
refreshing. 120-reproducible-builds.patch is probably needed. Not sure
about 100-linux_fixes.patch.
Add OpenEmbedded patches. Some crash fixes. mdnsd is less noisy with
them.
Log stderr to the log. Otherwise there's no output.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
You have to enable the CONFIG_TCP_MD5SIG kernel config option to be able
to use the BGP MD5 authentication.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Add to uci-defaults script a migration from old deprecated options to new:
use_staging to staging
keylength to key_type
remove standalone
add missing validation_method
We still support the old options in the acme.init if old config was copied after installing of the newer version of the acme-common.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
- Remove obsolete OpenSSL patch - upstream handles it by itself now
- Refresh another patch
- Remaining patches are unaffected
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
struct msghdr under musl uses padding ints for 64-bit, which means we
can't direct initialize like this. Switch to initializing each member
explicitly.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The webroot option was deprecated and users should use the /var/run/acme/challenge by default.
The folder itself should be exposed to web.
The simplest way to do this is to create a symlink from /www.
This is a default web location for most routers and should cover most cases.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
* fix regex for nixspam and sslbl feed
* list the pre-routing limits in the banIP status
* small fixes and log improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
- New major LTS release
- Update haproxy PKG_VERSION and PKG_HASH
- Enabled QUIC support. It still has to be enabled in the haproxy config
- See changes: http://git.haproxy.org/?p=haproxy-3.0.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
frr-libfrr and frr-vtysh are required components, which makes their
menuconfig entries obsolete. Merge them in the frr package.
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
Fixes [1]
lib/vty.c: In function 'vty_mgmt_resume_response':
lib/vty.c:195:27: error: 'VTYSH_READ' undeclared (first use in this function); did you mean 'VTY_READ'?
195 | vty_event(VTYSH_READ, vty);
| ^~~~~~~~~~
| VTY_READ
The error is a bug in frr: not all use cases of the VTYSH_* enums are
guarded by #ifdef VTYSH. These enums are enabled by the VTYSH macro,
which is defined if sub package frr-vtysh is enabled in menuconfig.
According to support ticket [2], building without frr-vtysh is
no longer supported.
[1] https://github.com/openwrt/packages/issues/24063
[2] https://github.com/FRRouting/frr/issues/15752#issuecomment-2059328993
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
This fixes it with musl support. Also fixed several -Wformat warnings.
Main problem was __fd_mask not existing on musl but fd_mask existing.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Refresh 900-musl-compat.patch, add missing headers & fixes incompatible pointer type is now an error.
Signed-off-by: Aditya Nugraha <vortexilation@gmail.com>
The use_staging option was deprecated in 9d2d8787ca.
But it still has a bigger priority than the staging option.
This happens because config_get_bool returns 0 when the use_staging option wasn't set.
So the next check for the staging var emptiness is always false.
As the simplest fix, use the config_get staging that returns a plain string when the option is not set and if it's empty then fallback to the use_staging.
Once the use_staging option is removed we should get back to the config_get_bool staging.
Also use config_get_bool debug.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
It seems that PR #24113 introduced incorrect hashes for multiple packages.
So, lets fix all of them at once.
Signed-off-by: Robert Marko <robimarko@gmail.com>
The sslh Makefile's default target "all" now also tries to compile a new version sslh-ev.
To disable its compilation the Build/Compile is overridden and to call directly "make sslh-select" or "make sslh-fork" depending on CONFIG_SSLH_SELECT.
Some changes from 001-configfile-fix.patch were applied to the upstream and we can remove them.
The only left is a notice "sslh command line arguments override the config".
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Milinda Brantini