| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: allow domains bugfix & canary domains support
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* fix bug in download_lists and adb_allow to prevent unintended exclisions from
the block-lists of domains containing allowed domain. Fixes issue:
https://github.com/stangri/source.openwrt.melmac.net/issues/160
* add support for returning NXDOMAIN/blocking iCloud & Mozilla canary domains,
disabled by default
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* update waf-cross-answers for 4.14.x
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* update to 4.14.14
* fixes: CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746, CVE-2022-32742
Signed-off-by: Andrew Sim <andrewsimz@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |/ / / /
| | | |
| | | |
| | | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* switch to using uci wrappers instead of direct uci calls
* add support for iCloud canary domains
https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| | | | |
| | | | | |
unbound: update to version 1.16.3
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changelog: https://www.nlnetlabs.nl/projects/unbound/download/#unbound-1-16-3
- Fixes: CVE-2022-3204
Refreshed one patch
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It was a bit confusing to use *verbosity* level for Dry Run mode. Add
explicity switch for it and designed DRY_RUN variable to make code
easier to understand.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rename variable to make code easier to understand. This variable
specifies how many times in row ddns script tried to update IP without a
success.
Previous name ("ERR_UPDATE") didn't suggest it was for counting
anything. It also didn't specify was error was it related to.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Local suggests something related to the local network or available
locally only. All that code related to the "local" IP was actually
dealing with *current* device external IP address. Using name "current"
should make code a bit easier to understand.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Rename variable to make code easier to understand. This variable
specifies how many times ddns script should try to send a request.
Previous name ("retry_count") suggested it was for *counting* attempts.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |\ \ \ \
| | | | |
| | | | | |
simple-adblock: update to 1.9.1-1
|
| | | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* remove obsolete block-lists from config
* add removal of obsolete lists to config-update
* add AdGuard team's block-list to config
* improve allow command
* improve nftset support
* move config load to uci_load_validate, which required some code refactoring which
looks dramatic, but isn't
* always use dnsmasq_restart instead of dnsmasq_hup for all dns resolution options
for dnsmasq
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \
| | | | |
| | | | | |
curl: bugfix: github source url
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* fixes https://github.com/openwrt/packages/issues/19456
Signed-off-by: Stan Grishin <stangri@melmac.ca>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
mwan3: Switch default track_ip targets from Google DNS to Cloudflare DNS
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: James White <james@jmwhite.co.uk>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Source: https://github.com/pagekite/libpagekite/pull/78
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Changelog: https://mosquitto.org/blog/2022/08/version-2-0-15-released/
Changelog: https://mosquitto.org/blog/2021/11/version-2-0-14-released/
2.0.15 is bigger security and bugfix release. 2.0.14 had a couple of
minor changes and was skipped for OpenWrt.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Release Notes:
https://forum.torproject.net/t/urgent-stable-release-0-4-5-14-0-4-6-12-and-0-4-7-10
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* auto-whitelist ext. dns lookup domain
* add public doh server blocklist source
* whitespace fixes in adblock.sources
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \
| | | |
| | | | |
adblock: add lightswitch05 source
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: James McGuire <jamesm51@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
snowflake-proxy doesn't write any files
=> run in read-only rootfs environment
the process needs to read SSL certs but no other files
=> only exposed path is /etc/ssl/certificates (read-only)
running as unpriviledged user with no additional capabilities
=> set no-new-privs bit
By default procd-ujail also isolates the process by executing it in
a separate new IPC and PID namespace.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | | |
Package Tor's Snowflake system components so users can offer e.g.
a standalone Snowflake proxy on their routers or other devices.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Gatling is a high-performance webserver from fefe. It gives a
fairly decent feature-set at really small size. And its fast.
Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Martin Hübner <martin.hubner@web.de>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |\ \ \
| | | |
| | | | |
knot-resolver: update to 5.5.3
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* fixes CVE-2022-40188
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |/ / /
| | |
| | |
| | | |
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
mausezahn is a multicast traffic generator which is part of the
netsniff-ng sources. This utility is needed for the upcoming
kernel-selftests-net-forwarding package. Add a new package for it.
netsniff-ng will automatically detect all installed dependencies and
build only the utilities whose dependencies are installed (meaning:
mausezahn is not build when for example libcli is not installed and
other tools are not build if for example zlib is missing). Depending
on the selected packages (netsniff-ng or mausezahn) the OpenWrt build
system has to trigger netsniff-ng's configure script, which will then
pick up and automatically build the programs (mausezahn, netsniff-ng,
trafgen, ...) for which all dependencies are installed.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The new package would help measuring one-way delays using ICMP type 13
packets. This is important for various scripts that automatically adjust
CAKE shaper bandwidth based on the observed bufferbloat. They need to
understand whether the delay is on the way up or on the way down, so
that they can adjust the bandwidth of the proper part of the shaper.
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth-historic/108848
https://forum.openwrt.org/t/cake-w-adaptive-bandwidth/135379
V2: refreshed patches
Signed-off-by: Alexander E. Patrakov <patrakov@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes multiple security issues:
CVE-2022-38178 - Fix memory leak in EdDSA verify processing
CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query
CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected
CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer
CVE-2022-2795 - Prevent excessive resource use while processing large
delegations
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This version better decodes SSID names which contain emoji, control
characters, and other non-ascii characters.
https://github.com/awilliams/wifi-presence/pull/8
Signed-off-by: Adam Williams <pwnfactory@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |\ \ \
| | | |
| | | | |
mdio-tools: update to 1.2.0
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Update the mdio-netlink kmod and userspace mdio-tools to version 1.2.0.
This allows dropping the time64 musl patch which was upstreamed.
[v1.2.0] - 2022-09-15
---------------------
- mdio: A new addressing mode "mmd-c22": Used to access MMDs attached
to MDIO controllers without Clause 45 support by using registers 13
and 14 in the device's Clause 22 register space
- mdio: Pretty print gigabit link capability information from a PHY's
extended status register
- mdio: Pretty print lots of status information from MMDs (C45 PHYs)
- mvls: Decode priority override information of ATU entries
- mvls: Table listings now always prints out the device information,
even on single chip systems.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | | |
* update to lighttpd 1.4.67 release hash
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
|
| |\ \ \
| |/ /
|/| | |
vpnc-script: restart dnsmasq when openconnect disconnects
|
| | | |
| | |
| | |
| | | |
Signed-off-by: David Bentham <db260179@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
* unbound: fix domain search regression
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use an upstream commit to ensure time_t is defined in upsclient.h,
fixing a compile failure in collectd.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|