| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Update copyright in Makefile
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a security fix, affecting 2.0.0 through to 2.0.9. Mosquitto instances
could be remotely DoS'd by authenticated clients.
Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| |
|
|
|
|
| |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |\
| |
| | |
xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
|
| | |
| |
| |
| |
| |
| | |
Avoid "file not found"-error when embedding via Imagebuilder.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This commit should also get rid of pointless option warnings.
Also removed an extra ) that was causing a bad cpu value.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Faster and less error prone.
Small cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
Retire weak algorithms like MD5 and 3DES.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | |
| |
| |
| | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | |
| |
| |
| |
| |
| | |
The libcap package was moved to OpenWrt base.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| | |
| |
| |
| |
| |
| | |
For some reason Python3 jumped from 3.9.2 to 3.9.4 in about a week.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Prior to this commit, the acme service attempted to obtain certificates
once and then terminated, regardless of whether the certificate could be
obtained or not. This commit introduces a new uci option "retries" to
the "certificate" section. If this option is set to N, the acme service
will attempt to obtain the certificate up to N times before terminating.
There is a waiting pause between the retries to comply with the rate
limits of Let'sEncrypt.
The waiting pause is:
- 2 minutes for staging certificates
- 24 minutes for production certificates
The current "Failed Validation" rate limits of Let'sEncrypt are:
- staging: 60 per hour -> 1 failure every 1 minute in avg.
- production: 5 per hour -> 1 failure every 12 minutes in avg.
This means that we are within rate limits by a factor of two.
By default the option "retries" is set to "1", which means that acme
behaves as before by default. If the variable is set to "0", infinite
retries are performed.
This feature is helpful, when you already want to initiate the
certificate request, but you are still waiting for your dns server to be
configured, your network to appear or other conditions.
Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
|
| | |
| |
| |
| |
| |
| | |
Something is weird there. Can't reproduce on CI or locally.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This was missing in the initial commit.
Add AUTORELEASE as well for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Before this commit, issue_cert always returned 1 no matter if uacme
returned 1, 2, 3, ... With this commit, the return code of the uacme
binary is propagated. Therefore the caller of issue_cert can
differentiate between "no renew necessary" and "an error occurred".
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
|
| | |
| |
| |
| |
| |
| |
| | |
With this commit, the run-acme script can be included into other scripts
by setting INLCUDE_ONLY=1.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
|
| | |
| |
| |
| |
| | |
Compile and run tested on: mvebu (Turris Omnia)
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
|
| | |
| |
| |
| | |
Signed-off-by: Javier Marcet <javier@marcet.info>
|
| |\ \
| | |
| | | |
strongswan: migrate to swanctl configs
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Derived from the ipsec initd script, with the following changes:
(1) various code improvements, corrections (get rid of left/right
updown scripts, since there's only one), etc;
(2) add reauth and fragmentation parameters;
(3) add x.509 certificate-based authentication;
and other minor changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |\ \
| | |
| | | |
strongswan: remove synthesized ipsec conf files
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If you shutdown ipsec service, and it doesn't clean up
/var/ipsec/ipsec.conf, then when you start swanctl service it
might see an incompatible file on startup. Remedy is to
remove unneeded files when shutting down the service. They
can always be regenerated when the service starts again.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch to building with CMake for faster compilation.
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \
| | | |
| | | | |
cache-domains: Fixed host files directory
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* Hid unnecessary output
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
xray-core: Update to 1.4.2
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Updated geo datas to latest version.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since v1.4.1, Xray has introduced a new feature to transfer data via
browsers, which can disguise itself as a normal browser to cheat
network censorship.
For more details, see https://github.com/XTLS/Xray-core/pull/421.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Libdvbcsa is a free implementation of the DVB Common Scrambling Algorithm DVB/CSA - with encryption and decryption capabilities.
OpenWrt packages like `tvheadend` and `minisatip` can benefit from it.
Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
python-eventlet & python-greenlet: add new packages
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Notes:
Build is disabled for arc and mips because
greenlet isn't ported for these platforms
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
python-flask-socketio: add new package
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
python-pysocks: add new package
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
netifyd supports a '-F' filter option in 'bpf' notation to filter
packets from its consideration.
Add support for a uci 'filter' option. eg. filter to exclude SSDP
multicasts from a particularly noisy device:
option filter 'not (udp and dst 239.255.255.250 and dst port 1900 and src 192.168.1.5)'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Anton Ryzhov <anton@ryzhov.me>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec799.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
| | |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | | |
* fix housekeeping of external list sources
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Swith to building with CMake to avoid huge patching of the stock
Makefile.
Reorganize Makefile for consistency between packages.
Add patch to fix deprecated OpenSSL functions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|