Implement a new "cgi-exec" applet which allows to invoke remote commands
and stream their stdandard output back to the client via HTTP. This is
needed in cases where large amounts of data or binary encoded contents
such as tar archives need to be transferred, which are unsuitable to be
transported via ubus directly.
The exec call is guarded by the same ACL semantics as rpcd's file plugin,
means in order to be able to execute a command remotely, the ubus session
identified by the given session ID must have read access to the "exec"
function of the "cgi-io" scope and an explicit "exec" permission rule for
the invoked command in the "file" scope.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "command" specifiying the commandline
to invoke.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required ACL rules to grant exec access to
both the "date" and "iptables" commands. The "date" rule specifies the
base name of the executable and thus allows invocation with arbitrary
parameters while the latter "iptables" rule merely allows one specific
set of arguments which must appear exactly in the given order.
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "exec", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/bin/date", "exec" ],
[ "/usr/sbin/iptables -n -v -L", "exec" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When present on the build system dnsdist will try to make use of libcap. This
change adds an explicit dependency to ensure it's present at build time, to
prevent build failures when another package brings the dependency in.
Signed-off-by: James Taylor <james@jtaylor.id.au>
* remove 'ransomware' blocklist by abbuse.ch (discontinued)
from default adblock config
* fix/switch 'someonewhocares' config to https only
* fix curl download parameters to follow redirects and
suppress needless output
* made the tmp directory of sort operations configurable,
set 'adb_sorttmp' accordingly (only supported by 'coreutils-sort')
Signed-off-by: Dirk Brenken <dev@brenken.org>
This new release also installs additional 'shared utils' loadable
libraries in /usr/lib/ModemManager, so make sure we include them in
the packaging.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Update dnsdist to next major release 1.4.0. This release introduces
dependencies on libh2o-evloop and libwslay for support of DNS over
HTTPS.
Release Blog Post: https://blog.powerdns.com/2019/11/20/dnsdist-1-4-0/
Changelog: https://dnsdist.org/changelog.html#change-1.4.0
Also removes compatibility patches required for previous release that have
been incorporated upstream.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Maintainer: Darryl Sokoloski / @dsokoloski
Compile tested: arm_cortex-a15_neon-vfpv4, TP-Link Archer C2600, master
Run tested: TP-Link Archer C2600
Change log for v2.98:
[FIX] OpenWrt: Silence ABI warnings.
[FIX] Fixed socket buffer dead-lock (pop < 0 bytes).
[FIX] Silenced site UUID errors (moved to debug level).
[FIX] Updated to SPDX identifier for GPL license.
[IMP] Migrated from libjson-c to nlohmann JSON for Modern C++.
[IMP] Updated agent status with CPU utilization and sink service status.
[IMP] Reformatted sink queue utilization status output.
[IMP] Support OS-specific restarting.
[IMP] Added payload upload and update frequency control.
[IMP] Added MAC addresses to JSON interface list.
[IMP] Added option to send established flows to connecting clients.
[IMP] Added offline capture processing script.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Updates pdns-recursor to current stable 4.2.1. Also includes more complete fix
for boost.m4 BOOST::THREAD detection, removing dependency on boost-thread.
Signed-off-by: James Taylor <james@jtaylor.id.au>
Upgraded to pdns-4.2.1 and corrected issues with dependency management on
modules, in addition to moving zone2ldap under the ldap backend (It's only
compiled if ldap backend is enabled)
Signed-off-by: James Taylor <james@jtaylor.id.au>
Periodic update of the list of Google domains using
https://www.google.com/supported_domains
as a reference.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
Per discussion in https://github.com/openwrt/openwrt/pull/1804, iputils is
moving from the main openwrt repository to the packages feed, and is switching
from the abandoned skbuff.net upstream to github.com/iputils/iputils
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
This is a bugfix release.
Full changelog available at:
https://mosquitto.org/blog/2019/11/version-1-6-8-released/
Many smaller fixes in various areas, nothing particularly standout as of
special interest to OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
- Use HTTPS protocol for updating urls for afraid.org to protect the password.
- Bump/align package version number.
Signed-off-by: Kwonjin Jeong <gram25gwh@gmail.com>
Goes through firewalls easier.
Switched to xz tarball, which is both implicit and smaller.
Rearranged some stuff for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jo-Philipp Wich