| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| |
|
|
| |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| |\
| |
| |
| |
| | |
pprindeville/strongswan-gencerts-change-sysconfdir
strongswan: change name of config base directory
|
| | |
| |
| |
| | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* support the RPZ trigger 'RPZ-CLIENT-IP' to always allow/block certain
clients based on their IP (currently only supported by bind!)
* avoid promiscuous mode in tcpdump setup for adblock reporting
* speed up dns report preparation
* support dns report mailing (/etc/init.d/adblock report mail)
* fix bind autodetection
* update LuCI-frontend (separate PR)
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \
| | |
| | | |
miniupnpd: introduce IGDv1 variant
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Microsoft Windows, Xbox and possibly other operating systems do not
support IGDv2. With IGDv2 enabled, they send a HTTP GET request for
rootDesc.xml and WANIPCn.xml, and then nothing happens. The Microsoft
implementation probably doesn't like the WANIPCn.xml response and
decides UPnP is not available. When miniupnpd is built without IGDv2
support, after the 2 HTTP GET requests, there is a HTTP POST request to
/ctl/IPConn, and miniupnpd configures the port forward as expected.
The runtime option force_igd_desc_v1=yes (UCI: igvd1) does not solve
this problem. It's possible this was enough in earlier miniupnpd
versions, but it does not fix the problem the current version.
Since we are a modern distro, we want to support the latest and
greatest, so we should default to IGDv2 enabled. Introducing a
menuconfig option to disable IGDv2 would only help people who build
their own images, so offer a separate package variant for IGDv1.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |\ \ \
| |_|/
|/| | |
atlas-sw-probe: add new package
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \
| | | |
| | | | |
strongswan: add certificate generation utility
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
clamav: add libiconv dependencies when build with NLS
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
NLS means Native Language Support and when you have it enabled (it is
not default), clamav can not be compiled as it shows following error:
Package clamav is missing dependencies for the following libraries:
libiconv.so.2
Also, it is required that package libiconv-full is compiled first/before
than clamav and then try to compile clamav.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
strongswan: add deprecation warning to ipsec script
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
/etc/profile.d/50-openvpn-easy-rsa.sh was not listed as configfile
and changes were lost during upgrades.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
onionshare-cli: add new package
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
libseccomp can't be built on ARC, so we must disable the option here as
well. A different fix was first proposed by @zxlhhyccc in #15377.
Fixes: #15313
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
strongswan: handle chacha20poly1305 as AEAD
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
chacha20policy1305 is also an AEAD cipher, and hence does not
permit a hash algorithm.
Fixes issue #15397.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A subshell caused by $(...) can't persistently modify globals as a
side-effect.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix compilation without deprecated OpenSSL APIs.
Backport upstream patch to fix stdout.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add patch fixing compilation without deprecated OpenSSL APIs.
Fix installation. This never worked as the section was misnamed.
Updated tool names.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
bonding: accept list of slaves in uci list notation
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.
Fixes: #11455
Fixes: https://github.com/openwrt/luci/issues/4473
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| | |/ / / /
|/| | | |
| | | | |
| | | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
strongswan: libnttft must not select strongswan
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The strongswan-libnttfft package should not select the strongswan
package, but should depend on it instead. Otherwise a circular
dependency is created.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fix post-merge comments in #15316 and update source.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.
To reproduce this bug, perform the following:
- Install safe-search
- Perform an OpenWRT firmware upgrade (choose to preserve user settings)
- Install safe-search again
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
|
| |/ / / /
| | | |
| | | | |
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \ \
| | | | |
| | | | | |
strongswan: add more crypto plugins
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds modules for BLISS signature scheme, NTRU and New Hope key
exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD,
ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE
XOF, and the Number Theoretic Transform library.
Signed-off-by: Derek Yerger <derek@altdevs.net>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
knot-resolver: update to version 5.3.1
|
| | | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Major changes are:
disable symlink by default.
remove smack inherit leftovers.
Enable guest access on IPC$ share by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove getrescources call because it is no longer
required.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a security fix, affecting 2.0.0 through to 2.0.9. Mosquitto instances
could be remotely DoS'd by authenticated clients.
Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Avoid "file not found"-error when embedding via Imagebuilder.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Retire weak algorithms like MD5 and 3DES.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|