| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
[1] https://github.com/alpinelinux/aports/tree/master/main/apache2
[2] https://httpd.apache.org/docs/2.4/suexec.html
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
Hides away the contents of the log directory from others.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
| |
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
|
| |
|
|
| |
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
|
| |
|
|
| |
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
|
| |
|
|
| |
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
|
| |
|
|
| |
Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
|
| |\
| |
| | |
libreswan: update to 3.32
|
| | |
| |
| |
| |
| |
| | |
also add -flto to compiler flags
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |/
|
|
| |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| |\
| |
| | |
etesync-server: add package and configuration for running with uwsgi on nginx [RFC]
|
| | |
| |
| |
| |
| |
| | |
Setup pyhton3-django-etesync-journal using uWSGI with Nginx.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| |\ \
| | |
| | | |
sslh: Add http probe support
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Warren Ng <looklookson@gmail.com>
|
| |\ \ \
| | | |
| | | | |
nginx: update all-module configurations
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
nginx-all-module also provides nginx-ssl and shoud have configuration file uwsgi_params
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
treewide: add conffiles
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
ifstat: make dependency on libnetsnmp conditional
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The upstream package supports it with a configure switch.
Defaulting to 'with SNMP support' as it was before.
Signed-off-by: Christophe Lermytte <gentoo@lermytte.be>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Othmar Truniger <github@truniger.ch>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Oleg Derevenetz <oleg-derevenetz@yandex.ru>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
According to a comment in programs/pluto/kernel_xfrm_interface.c:177:
* IFLA_XFRM_IF_ID was added to mainline kernel 4.19 linux/if_link.h
with older kernel headers 'make USE_XFRM_INTERFACE_IFLA_HEADER=true'
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Integrate with uci to support 'enabled/disabled' startup option and
override netify's default auto network selection.
config netifyd
option enabled 0
option autoconfig 1
autoconfig: Use netify's in-built interface selection
else use 'internal/external_if' definitions.
Also persist important agent config across sysupgrade
agent.uuid, serial.uuid, site.uuid
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
acme: Update acme.sh URL, add support for challenge & domain alises.
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Will O'Neill <0100wrxb@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
hotplug scripts are sourced not exec'd so #!/bin/sh /etc/rc.common
doesn't pull in the functions defined in /etc/rc.common thus since
'enabled' isn't defined the following sequence always fails:
enabled miniupnpd || exit 0
Unfortunately sourcing /etc/rc.common doesn't appear to work so come up
with some alternatives.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
pdns: fix compilation with boost 1.73
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
pdns-recursor: fix compilation with boost 1.73
|
| | |/ / / /
| | | | |
| | | | |
| | | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Netopeer2: update Netopeer2 and dependencies to master
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
libnetconf2 to 1.1.24
libyang to 1.0.167
sysrepo to 1.4.58
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
https://lists.freedesktop.org/archives/modemmanager-devel/2020-May/007828.html
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
|
| |\ \ \ \
| | | | |
| | | | | |
wifidog-ng: remove incorrect PKG_BUILD_DIR override
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As wifidog-ng builds a kernel module, it must use a PKG_BUILD_DIR in
KERNEL_BUILD_DIR instead of BUILD_DIR, otherwise old build artifacts may
be incorrectly reused when switching between different targets of same
architecture without a full clean.
Instead of fixing up the override, just remove it and instead move the
kernel.mk include above package.mk, so PKG_BUILD_DIR is set up correctly
by default.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |\ \ \ \
| | | | |
| | | | | |
nextdns: Update to version 1.5.7
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Algin Maduro <1469047+mad-it@users.noreply.github.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Review of my PR to add readsb requested to use codeload. Update vallumd
to use codeload as well, so that things are consistent.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |\ \ \ \
| | | | |
| | | | | |
fping: add new config option to install SUID root
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fping requires either root or CAP_NET_PING to work, otherwise it is
useless. Use INSTALL_SUID so that fping will be setuid root, and thus
it will be usable by non-root users.
fping knows to drop root priviledges after it parses the command line
and creates the ping socket. You actually get a lot less code running
as root when you make it setuid root and run it from an unprivileged
user.
This is the same way net/iputils already handles "ping", which has the
same requirements.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
davfs2: fix compilation with newer neon
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
sysrepo: update to 1.4.2
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
openssh-server: deprecate the ecdsa HostKey
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|