| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
Signed-off-by: Stan Grishin <stangri@melmac.net>
initial commit
|
| |\
| |
| | |
owipcalc/maccalc: import from base
|
| | |
| |
| |
| |
| |
| |
| | |
This is a helpful utility, but it does not have any dependencies
in base repository. Move it to packages feed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| | |
| |
| |
| |
| |
| |
| | |
This is a helpful utility, but it does not have any dependencies
in base repository. Move it to packages feed.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |\ \
| | |
| | | |
iperf: import iperf3 and iperf from base
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | |/
| |
| |
| | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |\ \
| | |
| | | |
https-dns-proxy: bugfix: high CPU utilization
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
Changes:
- add rpcd dependecy
- handle rpcd in post inst/rm sections
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \
| | |
| | | |
ddns-scripts: fix wget-ssl path
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| |\ \ \
| | | |
| | | | |
isc-dhcp: support dynamic dns for 10/8 and 172.16/12
|
| | |/ /
| | |
| | |
| | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Includes 2.0.5 https://mosquitto.org/blog/2021/01/version-2-0-5-released/
Includes 2.0.4 https://mosquitto.org/blog/2020/12/version-2-0-4-released/
Includes 2.0.3 https://mosquitto.org/blog/2020/12/version-2-0-3-released/
Multiple fixes to broker and client and libraries, related the 2.x
changes.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jan Hak <jan.hak@nic.cz>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some users have reported that reloading dnsmasq does not always work. It
sometimes stop responding to DNS lookup requests after being reloaded.
This patch changes "safe-search-maintenance" so that it restarts dnsmasq
instead of reloading it.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Ensure that the best available IP is always used for all supported
safe-search providers. This is accomplished by periodically checking
DNS for the most recent list of IP addresses associated with each
provider.
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Nishant Sharma <codemarauder@gmail.com>
|
| | |/
|/|
| |
| | |
Signed-off-by: Nicholas Smith <nicholas.smith@telcoantennas.com.au>
|
| |/
|
|
|
|
| |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |\
| |
| | |
gateway-go: update to 0.1.95
|
| | |
| |
| |
| | |
Signed-off-by: Yu Fang <yu@iotserv.com>
|
| |/
|
|
|
|
|
|
| |
Start after named is running.
Add support for "cname", "domain", "mxhost", and "srvhost" configs.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |\
| |
| | |
smartsnmpd: remove dysfunctional package
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This package has been completely broken on several levels since
commit eadd5abe40a0 ("smartsnmpd: Update to 2015-02-22 version")
The update changed the configuration file syntax without fixing
the scripts generating this file. The OpenWrt package would
therefore fail to run.
Worse than that, the last upstream version is completely broken
is unable to generate proper snmp replies even if the
configuration file is fixed, This has been tested and verified
on both OpenWrt/realtek and Debian/amd64.
I considered fixing the package, but dropped it for the following
reasons
1) upstream has abandoned the project
2) the upstream fork "smithsnmp" continues to make aribitrary
changes to configuration files and other packaging challenges
3) the package is tied to the lua5.1 C API, and further upgrades
will be non-trivial
4) there are several other snmp daemons available in OpenWrt,
without any of these issues
5) no one is interested in this package
The last point is proven by the lack of testing and feedback.
The last update was not even tested by the person preparing and
commiting the update.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
|
| | |
| |
| |
| | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \
| | |
| | | |
clamav: allow configuring clamd to use TCP socket
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Something having to do with passing a file descriptor over spamd's
Unix socket causes the ClamAV milter to fail. The milter says "ERROR:
Unknown reply from clamd," and running strace on spamd reveals "No file
descriptor received. ERROR."
Some work by others can be found on the Internet that suggests using
a TCP socket for the communication between the milter and spamd fixes
this. Lucian Cristian confirmed this on OpenWrt.
I am not sure why the Unix socket does not work. I suspect it is something
related to musl, but I have not yet found evidence of this.
This merge request adds the option to configure spamd to use a TCP
socket, and it uses this as the default. The merge request also adds an
init script for clamav-milter.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
|
| |\ \ \
| | | |
| | | | |
gnunet: fix compilation with libdane
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* update to version 1.19.6
* remove default configuration files and documentation as
they are in the package `nginx-util`.
* do not install a `/etc/nginx/nginx.conf` file.
* use the dynamic `/etc/nginx/uci.conf` if the symlink (to
`/var/lib/nginx/uci.conf`) is not dead after calling
`nginx-util init_lan` (else try `/etc/nginx/nginx.conf`)
* replace nginx package by a dummy depending on `nginx-ssl`;
the dummies will be removed after a transition period.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* add proper io_uring kernel detection
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |\ \ \
| | | |
| | | | |
ksmbd: update to 3.3.3
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The major change are:
Fix memleak and invalid memory write issue
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
On Arch Linux, tcpreplay is picking up the host dnet-config and adding
OS paths, thereby breaking compilation. The easiest solution is to add
libdnet support as the previous commit fixes dnet-config on OpenWrt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* update to 4.13.3
* enable vfs io_uring module by default, if kernel supports it
* fix for possible exploit openwrt/packages#13758
* sanetize all external template/config inputs
* fix some shellcheck warnings
* remove old aio modules/deps
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
|
| |\ \
| | |
| | | |
openssh: Add FIDO2 hardware token support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.
Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.
OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.
[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049
Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add fadvise64_64 and fchmod syscalls needed on PowerPC platforms to
seccomp rules of transmission-daemon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
| |\ \ \
| | | |
| | | | |
[RFC] etebase: add package
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| |\ \ \ \
| | | | |
| | | | | |
[RFC] nginx-util: use UCI for server configuration
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
**tl;dr:** The functions `{add,del}_ssl` modify a server
section of the UCI config if there is no `.conf` file with
the same name in `/etc/nginx/conf.d/`.
Then `init_lan` creates `/var/lib/nginx/uci.conf` files by
copying the `/etc/nginx/uci.conf.template` and standard
options from the UCI config; additionally the special path
`logd` can be used in `{access,error}_log`.
The init does not change the configuration beside
re-creating self-signed certificates when needed. This is
also the only purpose of the new `check_ssl`, which is
installed as yearly cron job.
**Initialization:**
Invoking `nginx-util init_lan` parses the UCI configuration
for package `nginx`. It creates a server part in
`/var/lib/nginx/uci.conf` for each `section server '$name'`
by copying all UCI options but the following:
* `option uci_manage_ssl` is skipped. It is set to
'self-signed' by `nginx-util add_ssl $name`, removed by
`nginx-util del_ssl $name` and used by
`nginx-util check_ssl` (see below).
* `logd` as path in `error_log` or `access_log` writes them
to STDERR respective STDOUT, which are fowarded by Nginx's
init to the log daemon. Specifically:
`option error_log 'logd'` becomes `error_log stderr;` and
`option access_log 'logd openwrt'` becomes
`access_log /proc/self/fd/1 openwrt;`
Other `[option|list] key 'value'` entries just become
`key value;` directives.
The init.d calls internally also `check_ssl` for rebuilding
self-signed SSL certificates if needed (see below). And it
still sets up `/var/lib/nginx/lan{,_ssl}.listen` files as
it is doing in the current version (so they stay available).
**Defaults:**
The package installs the file `/etc/nginx/restrict_locally`
containing allow/deny directives for restricting the access
to LAN addresses by including it into a server part. The
default server '_lan' includes this file and listens on all
IPs (instead of only the local IPs as it did before; other
servers do not need to listen explicitly on the local IPs
anymore). The default server is contained together with a
server that redirects HTTP requests for inexistent URLs to
HTTPS in the UCI configuration file `/etc/config/nginx`.
Furthermore, the packages installs a
`/etc/nginx/uci.conf.template` containing the current setup
and a marker, which will be replaced by the created UCI
servers when calling `init_lan`.
**Other:**
If there is a file named `/etc/nginx/conf.d/$name.conf` the
functions `init_lan`, `add_ssl $name` and `del_ssl $name`
will use that file instead of a UCI server section (this is
similar to the current version).
Else it selects the UCI `section server $name`, or, when
there is no such section, it searches for the first one
having `option server_name '… $name …'`. For this section:
* `nginx-util add_ssl $name` will add to it:
`option uci_manage_ssl 'self-signed'`
`option ssl_certificate '/etc/nginx/conf.d/$name.crt'`
`option ssl_certificate_key '/etc/nginx/conf.d/$name.key'`
`option ssl_session_cache 'shared:SSL:32k'`
`option ssl_session_timeout '64m'`
If these options are already present, they will stay the
same; just the first option `uci_manage_ssl` will always be
changed to 'self-signed'. The command also changes all
`listen` list items to use port 443 and ssl instead of port
80 (without ssl). If they stated another port than 80
before, they are kept the same. Furthermore, it creates a
self-signed SSL certificate if necessary, i.e., if there is
no *valid* certificate and key at the locations given by
the options `ssl_certificate` and `ssl_certificate_key`.
* `nginx-util del_ssl $name` checks if `uci_manage_ssl` is
set 'self-signed' in the corresponding UCI section. Only
then it removes all of the above options regardless of the
value looking just at the key name. Then, it also changes
all `listen` list items to use port 80 (without ssl)
instead of port 443 with ssl. If stating another port than
443, they are kept the same. Furthermore, it removes the
SSL certificate and key that were indicated by
`ssl_certificate{,_key}`.
* `nginx-util check_ssl` looks through all server sections
of the UCI config for `uci_manage_ssl 'self-signed'`. On
every hit it checks if the SSL certificate-key-pair
indicated by the options `ssl_certificate{,_key}` is
expired. Then it re-creates a self-signed certificate.
If there exists at least one `section server` with
`uci_manage_ssl 'self-signed'`, it will try to install
itself as cron job. If there are no such sections, it
removes that cron job if possible.
For installing a ssl certificate and key managed by
another app, you can call:
`nginx-util add_ssl $name $manager $crtpath $keypath`
Hereby `$name` is as above, `$manager` is an arbitrary
string, and the the ssl certificate and its key are
indicated by their absolute path. If you want to remove
the directives again, then you can use:
`nginx-util del_ssl $name $manager`
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nft-qos: silence buildsystem errors
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
add IPKG_INSTROOT to init script to
silence build system errors
Signed-off-by: Imran Khan <gururug@gmail.com>
|