| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Remove upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fix the auto-detection for pppoe and 6in4 tunnel interfaces
* add the new 'ban_nftpolicy' option to expose the nft set policy, values: memory (default), performance
* add the new 'ban_nftlogevel' option to expose the nft syslog level, values: emerg, alert, crit, err, warn (default),
notice, info, debug, audit
* status optimizations
* logging optimizations
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
| |
Fixes: #19637
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added `cgroupsns` to jail, otherwise you get this failure:
```
Mon Mar 6 14:46:05 2023 user.err : jail: Not using namespaces, capabilities or seccomp !!!
```
Error is here, seems to indicate that we're running a jail without using any capability.
https://lxr.openwrt.org/source/procd/jail/jail.c#L2847
Decided to use minimal effort approach
Signed-off-by: BackSlasher <nitz.raz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
simple protocol support script for netifd.
netifd protocol support for cni networks makes
defining network for podman and other similar
systems using cni networking much easier and simpler.
with cni protocol support, on a cni network, where firewall
and portmapper is disabled, you may control firewalling
with openwrt's standard firewall configuration.
for example, create a container that hosts web content on
port 80 with static ip on your cni network, if your
network is 10.88.0.0/16, use for eg. 10.88.0.101 as
your containers static ip address. Create a zone, cni
to your firewall and add your interface to it.
Now you can easily set up redirectiong to 10.88.0.101:80
to expose it's port 80 to wan for serving your website.
Protocol has only one setting: device, on podman this
often is cni-podman0. This protocol may also be used
on other equillavents, such as netavark (cni replacement
in podman), where device as default is podman0.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
| |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| |\
| |
| | |
samba4: update to 4.17.5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* update to 4.17.5
* changelog: https://www.samba.org/samba/history/samba-4.17.5
* refresh patch
* CVE-2022-42898: Samba's Kerberos libraries and AD DC failed to guard against integer overflows when parsing a PAC on a 32-bit system, which allowed an attacker with a forged PAC to corrupt the heap.
https://www.samba.org/samba/security/CVE-2022-42898.html
* CVE-2022-37966: This is the Samba CVE for the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A Samba Active Directory DC will issue weak rc4-hmac session keys for use between modern clients and servers despite all modern Kerberos implementations supporting the aes256-cts-hmac-sha1-96 cipher.
On Samba Active Directory DCs and members 'kerberos encryption types = legacy' would force rc4-hmac as a client even if the server supports aes128-cts-hmac-sha1-96 and/or aes256-cts-hmac-sha1-96.
https://www.samba.org/samba/security/CVE-2022-37966.html
* CVE-2022-37967: This is the Samba CVE for the Windows Kerberos Elevation of Privilege Vulnerability disclosed by Microsoft on Nov 8 2022.
A service account with the special constrained delegation permission could forge a more powerful ticket than the one it was presented with.
https://www.samba.org/samba/security/CVE-2022-37967.html
* CVE-2022-38023: The "RC4" protection of the NetLogon Secure channel uses the same algorithms as rc4-hmac cryptography in Kerberos, and so must also be assumed to be weak.
https://www.samba.org/samba/security/CVE-2022-38023.html
* BUG 15210: synthetic_pathref AFP_AfpInfo failed errors.
This resolves errors logged during macOS TimeMachine backups.
https://bugzilla.samba.org/show_bug.cgi?id=15210
Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
|
| | |
| |
| |
| |
| |
| | |
Changelog: https://github.com/fatedier/frp/releases/tag/v0.48.0
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| |/
|
|
|
|
| |
A restart is only required if `$conf_file` has been modified.
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| |
|
|
|
|
|
| |
This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=f923597f4bdea424dc28b1d026269df060596fac
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
| |
This patch is taken from
https://git.alpinelinux.org/aports/commit/?id=f923597f4bdea424dc28b1d026269df060596fac
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
|
|
| |
* major performance improvements: clean-up/optimize all nft calls
* add a new "ban_reportelements" option,
to disable the (time consuming) Set element count in the report (enabled by default)
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
| |
* Full changelog available at:
* https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.25
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently compilation fails because of:
```
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
```
What's interesting package gets built but when trying to access UI there's
`404: page not found` error.
It has been reported in multiple places:
* https://github.com/AdguardTeam/AdGuardHome/issues/5559
* https://github.com/AdguardTeam/AdGuardHome/issues/4595
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport a pending PR to add nftables support.
Upstream PR: https://github.com/v2rayA/v2rayA/pull/805
As nftables merged ipv4/ipv6 support into a single command, so simply
enable ipv6 support by default.
While at it, backport a upstreamed fix for simple-obfs plugin.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
| |
Update from 0.12.0 -> 0.14.2
Release notes: https://github.com/netbirdio/netbird/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a major release, both in numbering and in effort! It's been in
active development for over a year and has a huge list of changes --
over a thousand commits -- since Transmission 3.00.
For more information about the release see
https://github.com/transmission/transmission/releases/tag/4.0.0
https://github.com/transmission/transmission/releases/tag/4.0.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
* finalized the LuCI frontend preparation (this is the minmal version to use the forthcoming LuCI frontend)
* added a Set survey, to list all elements of a certain set
* changed the default logterm for asterisk
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
| |
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| |
|
|
|
|
|
| |
1. Add `kmod-inet-diag` as a dependency since it is needed for https://sing-box.sagernet.org/configuration/dns/rule/#process_name
2. Remove redundant `default n` (https://github.com/openwrt/openwrt/commit/8bc72ea7be3976711dacc09f0fdab061d6e5152a)
Signed-off-by: Van Waholtz <brvphoenix@gmail.com>
|
| |
|
|
|
|
|
|
| |
- Update haproxy download URL and hash
- This release fixes a critial flaw known as CVE-2023-25725. See:
http://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |\
| |
| | |
isc-dhcp: allow no default route
|
| | |
| |
| |
| | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | |
| |
| |
| | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Netbird is similar vpn service as tailscale and zerotier.
Description:
NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
It requires zero configuration effort leaving behind the hassle of opening ports, complex firewall rules, VPN gateways, and so forth.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Glen Huang <i@glenhuang.com>
|
| |\ \
| | |
| | | |
clamav: update to 0.104.4
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* remove upstreamed 100-cmake-fix-findcurses.patch
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These patches should not be backported to OpenWrt, otherwise tproxy
won't work for devices connected to br-lan (bypassed by the fw rules).
We have introduced a new compile-time flag for new version (which
is not released yet), but it's unnecessray to backport redudant
patches as here is still at the old version.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Glen Huang <i@glenhuang.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Also added patch that is from alpine's same package to assist building on musl.
Hostpkg build on musl also kept failing, so I added few more overrides, which
made it work perfectly.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |\ \ \
| | | |
| | | | |
ddns-scripts: Add njal.la provider
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Add njal.la provider. Use the key as password. Username is not needed.
Signed-off-by: Tobias Hilbig <web.tobias@hilbig-ffb.de>
|
| |\ \ \ \
| | | | |
| | | | | |
curl: update to 7.88.1
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* https://curl.se/changes.html#7_88_1
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Maintainer : @yangfl (David Yang)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-01262c921c)
Run tested : r7800 OpenWrt git master (r22104-01262c921c)
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update crowdsec to latest upstream release version 1.4.6
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma GĂ©rald <gandalf@gk2.net>
Run tested: ipq40xx/generic, Fritzbox 4040, Openwrt 22.03.3
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add oisdbig as new feed
* LuCI frontend preparation:
- the json feed file points always to /etc/banip/banip.feeds (and is no longer compressed)
- supply country list in /etc/banip/banip.countries
* update readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* add missing wan-forward chain (incl. report/mail adaption)
* changed options:
- old: ban_blockforward, new: ban_blockforwardwan and ban_blockforwardlan
- old: ban_logforward, new: ban_logforwardwan and ban_logforwardlan
* add missing dhcp(v6) rules/exceptions
* update readme
Previously run tested by certain forum users (and by me).
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Maintainers : @hauke (Hauke Mehrtens) and @tripolar (Peter Wagner)
Build system : Arch Linux x86_64
Build tested : r7800 OpenWrt git master (r22104-01262c921c)
Run tested : r7800 OpenWrt git master (r22104-01262c921c)
Signed-off-by: Daniel Bermond <danielbermond@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Zuev Aleksandr <A.Zuev@stdev.su>
|
| |\ \ \
| |_|/
|/| | |
ddns-scripts: enable IPv6 for easydns.com
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
easydns.com has supported IPv6 for awhile now using
the same update URL as IPv4. This duplicates the IPv4
entry for IPv6 to enable support for it.
Signed-off-by: James Buren <braewoods+mgh@braewoods.net>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Moritz Warning <moritzwarning@web.de>
|