aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
* Merge pull request #9983 from James-TR/pdns-4.2.0-bumpRosen Penev2019-09-13
|\ | | | | pdns: bump version to 4.2.0
| * pdns: bump version to 4.2.0James Taylor2019-09-13
| | | | | | | | | | | | | | | | | | | | Bump PowerDNS Authoritative DNS Server to 4.2.0. Release changelong can be found at https://doc.powerdns.com/authoritative/changelog/4.2.html#change-4.2.0 Compile Tested: OpenWRT Snapshot - armv7 Run Tested: Linksys WRT1900ACS - package runs correctly, not all functionality has been tested. Signed-off-by: James Taylor <james@jtaylor.id.au>
* | cgi-io: use splice() to stream backup archiveJo-Philipp Wich2019-09-13
| | | | | | | | | | | | This improves the I/O performance when outputting large backups. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* | cgi-io: pass appropriate HTTP error codes to failure()Jo-Philipp Wich2019-09-13
| | | | | | | | | | | | | | Instead of always replying with a generic 500 internal server error code, use more appropriate codes such as 403 to indicate denied permissions. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* | cgi-io: add download operationJo-Philipp Wich2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new `cgi-download` applet which allows to retrieve the contents of regular files or block devices. In order to initiate a transfer, a POST request in x-www-form-urlencoded format must be sent to the applet, with one field "sessionid" holding the login session and another field "path" containing the file path to download. Further optional fields are "filename" which - if present - will cause the download applet to set a Content-Dispostition header and "mimetype" which allows to let the applet respond with a specific type instead of the default "application/octet-stream". Below is an example for the required acl rules to grant download access to files or block devices: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "cgi-io", "objects": [ [ "download", "read" ] ] }' ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/etc/config/*", "read" ], [ "/dev/mtdblock*", "read" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* | cgi-io: use different acl scopes for path and command permissionsJo-Philipp Wich2019-09-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use the `cgi-io` scope to check for permission to execute the requested command (`upload`, `backup`) and the `file` scope to check path permissions. The reasoning of this change is that `cgi-io` is usually used in conjunction with `rpcd-mod-file` to transfer large file data out of band and `rpcd-mod-file` already uses the `file` scope to manage file path access permissions. After this change, both `rpc-mod-file` and `cgi-io` can share the same path acl rules. Write access to a path can be granted by using an ubus call in the following form: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/var/lib/uploads/*", "write" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* | seafile-seahub: update dependency to python-mysqlclientAlexandru Ardelean2019-09-13
| | | | | | | | | | | | | | | | | | | | The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705 For seahub this was omitted, since the Python dependencies are prefixed with `python-`, so it was missed during the grep search. And grepping just for `mysql` yields many results. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* | ddns-scripts: Use https for domains.google.comPaul Tobias2019-09-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without https the update fails with: ``` 132954 : #> /usr/bin/curl -RsS -o /var/run/ddns/myddns_ipv4.dat --stderr /var/run/ddns/myddns_ipv4.err --noproxy '*' 'http://CENSORED:***PW***@domains.google.com/nic/update?hostname=CENSORED&myip=CENSORED' 132954 : DDNS Provider answered: <HTML> <HEAD> <TITLE>Moved Temporarily</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> <H1>Moved Temporarily</H1> The document has moved <A HREF="https://domains.google.com/nic/update?hostname=CENSORED&amp;myip=CENSORED">here</A>. </BODY> </HTML> 132954 ERROR : IP update not accepted by DDNS Provider ``` Signed-off-by: Paul Tobias <tobias.pal@gmail.com>
* | smartsnmpd: Update to 2015-02-22 versionRosen Penev2019-09-12
| | | | | | | | | | | | | | | | Ran through 2to3 to get it to compile. Ran init script through shellcheck. Grouped several file writes. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | Merge pull request #9937 from mwarning/zerotierRosen Penev2019-09-12
|\ \ | | | | | | zerotier: license change and make sure path exists
| * | zerotier: make sure the /var/lib existsMoritz Warning2019-09-09
| | | | | | | | | | | | Signed-off-by: Moritz Warning <moritzwarning@web.de>
| * | zerotier: change license to BSL 1.1Moritz Warning2019-09-09
| | | | | | | | | | | | | | | | | | Business Source License. Signed-off-by: Moritz Warning <moritzwarning@web.de>
* | | yggdrasil: fix #9960 re: vendor fixWilliam Fleurant2019-09-12
| | | | | | | | | | | | Signed-off-by: William Fleurant <meshnet@protonmail.com>
* | | Merge pull request #9705 from commodo/python-mysqlclientRosen Penev2019-09-12
|\ \ \ | |_|/ |/| | python-mysql[client]: rename to python-mysqlclient & bump to version 1.4.4
| * | python-mysql: rename to python-mysqlclient & bump to version 1.4.4Alexandru Ardelean2019-09-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The package on PyPi is named `mysqlclient`. This should have been named `python-mysqlclient` from the start. There is a `mysql` package on PyPi already but that's a different code/package. Doing this should avoid any future confusion. There is no good time to do this rename; at least 19.07 has been branched already and this can go into the next release [in a year or so]. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* | | Merge pull request #9952 from neheb/rtRosen Penev2019-09-11
|\ \ \ | | | | | | | | rtorrent: Switch to static linking
| * | | rtorrent: Switch to using static libtorrentRosen Penev2019-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rtorrent is the only user of libtorrent. Statically link to save space. Added usleep patch. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | banip: update 0.2.1Dirk Brenken2019-09-10
| | | | | | | | | | | | | | | | | | | | * fix for #9954 Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | treewide: Change .*GPL.*+ licenses to SPDX compatible identifierSven Eckelmann2019-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL licenses. But a lot of packages did use a different, non-SPDX style with a "+" at the end instead of "-or-later". Signed-off-by: Sven Eckelmann <sven@narfation.org>
* | | | Merge pull request #9947 from eglooca/masterRosen Penev2019-09-09
|\ \ \ \ | |/ / / |/| | | netifyd: Updated to v2.92.
| * | | netifyd: Updated to v2.92.Darryl Sokoloski2019-09-09
| | | | | | | | | | | | | | | | Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* | | | Merge pull request #9948 from dibdot/banIPDirk Brenken2019-09-09
|\ \ \ \ | |/ / / |/| | | banip: update 0.2.0
| * | | banip: update 0.2.0Dirk Brenken2019-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * remove 'http-only' mode, all sources are now fetched from https sites * the backup mode is now mandatory ('/tmp' is the default backup directory), always create and re-use backups if available. To force a re-download take the 'reload' action. * support 'sshd' in addition to 'dropbear' for logfile parsing to detect break-in events * always update the black-/whitelist with logfile parsing results in 'refresh' mode (no new downloads) * rework the return code handling * tweak procd trigger * various small fixes * (s)hellsheck cosmetics Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | acme: depends on gnu-wgetYousong Zhou2019-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes openwrt/packages#9456 Ref: https://github.com/openwrt/packages/issues/9456 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* | | | wget: provides gnu-wgetYousong Zhou2019-09-09
| |_|/ |/| | | | | | | | | | | | | | | | | | | | So that packages like acme requiring features from it can depend on it explicitly, not the more basic "wget" which is also provided by "uclient-fetch" Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* | | softethervpn: Fix openssl header patchRosen Penev2019-09-06
| | | | | | | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | Merge pull request #9929 from dibdot/adblockDirk Brenken2019-09-06
|\ \ \ | | | | | | | | adblock: update 3.8.5
| * | | adblock: update 3.8.5Dirk Brenken2019-09-06
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * use raw procd interface trigger as last resort, if the adblock config is not available during startup * fix selective subdomain whitelisting for dnsmasq * fix a kresd restart issue with 'DNS File Reset' * fix a suspend/resume cornercase * disable the tld compression, if the number of blocked domains is greater than 'adb_maxtld' (default: 100000) * made the fw portlist configurable (default '53 853 5353') * preliminary support for inotify-like autoload features of dns backends like kresd in future Turris OS. If 'adb_dnsinotify' is set to 'true', all adblock related restarts and the 'DNS File Reset' will be disabled Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | Merge pull request #9931 from sebastian-de/ipfixRosen Penev2019-09-06
|\ \ \ | | | | | | | | ulogd2: Build IPFIX module
| * | | ulogd2: Build IPFIX moduleSebastian Fleer2019-09-06
| |/ / | | | | | | | | | | | | | | | add ulogd_output_IPFIX.so to ulogd-mod-extra Signed-off-by: Sebastian Fleer <dev@dwurp.de>
* / / lcdringer: Depend on vala/host insteadRosen Penev2019-09-06
|/ / | | | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | Merge pull request #9922 from neheb/ulRosen Penev2019-09-05
|\ \ | | | | | | ulogd2: Backport upstream patches
| * | ulogd2: Backport upstream patchesRosen Penev2019-09-05
| | | | | | | | | | | | | | | | | | IPFIX support was requested. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | Merge pull request #9891 from BKPepe/lighttpdJosef Schlehofer2019-09-05
|\ \ \ | |/ / |/| | lighttpd: Update to version 1.4.54
| * | lighttpd: Makefile polishingJosef Schlehofer2019-09-01
| | | | | | | | | | | | | | | | | | | | | | | | - Correct SPDX License Identifier - Move MAINTAINER, SUBMENU to more appropriate place - Use HTTPS in URL Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
| * | lighttpd: Update to version 1.4.54Josef Schlehofer2019-09-01
| | | | | | | | | | | | | | | | | | Fixes CVE-2019-11072 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* | | fastd: fix init script for multiple VPN instancesMatthias Schiffer2019-09-04
| | | | | | | | | | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* | | Merge pull request #9919 from ja-pa/samba4-security-fixJosef Schlehofer2019-09-04
|\ \ \ | | | | | | | | samba4: update to version 4.9.13 (security fix)
| * | | samba4: update to version 4.9.13 (security fix)Jan Pavlinec2019-09-04
| | | | | | | | | | | | | | | | | | | | | | | | Fixes CVE-2019-10197 Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
| * | | samba4: remove double quotes for reniceOever González2019-09-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The double quote thells the shell that the list returned from `pidof` is a single argument, therefore, `renice` will cry about a malformed input. With this commit, `renice` will be applied correctly to all the returned PIDs from `pidof`. The output of `renice` for the quoted list is as follows: `renice: invalid number '6592 6587 6586 6574'` `renice` does not show and does apply the nice value if the list is unquoted. Signed-off-by: Oever González <notengobattery@gmail.com> Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | Merge pull request #9845 from ja-pa/fix-aslr-pieRosen Penev2019-09-04
|\ \ \ | | | | | | | | Disable ASLR PIE in selected packages
| * | | usbip: disable ASLR PIEJan Pavlinec2019-09-04
| | | | | | | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | softethervpn: Add missing OpenSSL headerRosen Penev2019-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes compilation without OpenSSL deprecated APIs as well as -Werror=implicit-function-declaration. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | Merge pull request #9902 from neheb/mosh5Rosen Penev2019-09-03
|\ \ \ \ | | | | | | | | | | mosh: add package
| * | | | mosh: add packageJakub Tymejczyk2019-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl> Compile tested: ramips, Xiaomi Router 3G, fc54256 Run tested: ramips, Xiaomi Router 3G, 0f54d96 Description: Mosh is "Remote terminal application that allows roaming, supports intermittent connectivity, and provides intelligent local echo and line editing of user keystrokes". Project's site: https://mosh.org Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt updated by me Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl> (Makefile cleanup and size optimizations) Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | | | Merge pull request #9903 from mwarning/zerotierRosen Penev2019-09-03
|\ \ \ \ \ | |_|_|/ / |/| | | | zerotier: update to 1.4.4
| * | | | zerotier: update to release 1.4.4Moritz Warning2019-09-03
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Also allow path to local.conf to be set and enable linker optimisations to save a few bytes. Signed-off-by: Moritz Warning <moritzwarning@web.de>
* / / / apinger: Fix PKG_SOURCE_VERSIONRosen Penev2019-09-01
|/ / / | | | | | | | | | | | | | | | Too short Signed-off-by: Rosen Penev <rosenp@gmail.com>
* | | Merge pull request #9881 from aparcar/ipsec-toolsRosen Penev2019-09-01
|\ \ \ | |_|/ |/| | remove ipsec-tools and opennhrp
| * | ipsec-tools: removePaul Spooren2019-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed on GitHub[0] the package should be removed. [0]: https://github.com/openwrt/packages/issues/7832 > The package is effectively orphaned upstream and has been for some time. Given the security-sensitive nature of the package, an active maintainer community is essential for safe usage. Racoon's lack of support for IKEv2, despite it being stable for a long time, and the availability of next-generation tunneling systems such as wireguard, also would seem to limit its future value. Setkey's functionality has been subsumed by 'ip xfrm'. > If you disagree that ipsec-tools should be removed from OpenWRT, please say so now. If there are still use cases for it that are not met by other IKE implmenentations that would be good to know. But more importantly, I think you'll need to convince us that ipsec-tools is actually safe to operate on today's Internet given its current state of development. Signed-off-by: Paul Spooren <mail@aparcar.org>
Powered by cgit, Themed by Ted Yin.