| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
| |
This improves the I/O performance when outputting large backups.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
| |
Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
| |
The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705
For seahub this was omitted, since the Python dependencies are prefixed
with `python-`, so it was missed during the grep search.
And grepping just for `mysql` yields many results.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without https the update fails with:
```
132954 : #> /usr/bin/curl -RsS -o /var/run/ddns/myddns_ipv4.dat --stderr /var/run/ddns/myddns_ipv4.err --noproxy '*' 'http://CENSORED:***PW***@domains.google.com/nic/update?hostname=CENSORED&myip=CENSORED'
132954 : DDNS Provider answered:
<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://domains.google.com/nic/update?hostname=CENSORED&myip=CENSORED">here</A>.
</BODY>
</HTML>
132954 ERROR : IP update not accepted by DDNS Provider
```
Signed-off-by: Paul Tobias <tobias.pal@gmail.com>
|
| |
|
|
|
|
|
|
| |
Ran through 2to3 to get it to compile.
Ran init script through shellcheck. Grouped several file writes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\
| |
| | |
zerotier: license change and make sure path exists
|
| | |
| |
| |
| | |
Signed-off-by: Moritz Warning <moritzwarning@web.de>
|
| | |
| |
| |
| |
| |
| | |
Business Source License.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
|
| | |
| |
| |
| | |
Signed-off-by: William Fleurant <meshnet@protonmail.com>
|
| |\ \
| | |
| | | |
python-mysql[client]: rename to python-mysqlclient & bump to version 1.4.4
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The package on PyPi is named `mysqlclient`.
This should have been named `python-mysqlclient` from the start.
There is a `mysql` package on PyPi already but that's a different
code/package.
Doing this should avoid any future confusion.
There is no good time to do this rename; at least 19.07 has been branched
already and this can go into the next release [in a year or so].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
| |\ \ \
| | | |
| | | | |
rtorrent: Switch to static linking
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
rtorrent is the only user of libtorrent. Statically link to save space.
Added usleep patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
* fix for #9954
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
| |\ \ \ \
| |/ / /
|/| | | |
netifyd: Updated to v2.92.
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
|
| |\ \ \ \
| |/ / /
|/| | | |
banip: update 0.2.0
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* remove 'http-only' mode, all sources are now fetched from https sites
* the backup mode is now mandatory ('/tmp' is the default backup
directory), always create and re-use backups if available.
To force a re-download take the 'reload' action.
* support 'sshd' in addition to 'dropbear' for logfile parsing
to detect break-in events
* always update the black-/whitelist with logfile parsing results
in 'refresh' mode (no new downloads)
* rework the return code handling
* tweak procd trigger
* various small fixes
* (s)hellsheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes openwrt/packages#9456
Ref: https://github.com/openwrt/packages/issues/9456
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
So that packages like acme requiring features from it can depend on it
explicitly, not the more basic "wget" which is also provided by
"uclient-fetch"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \
| | | |
| | | | |
adblock: update 3.8.5
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* use raw procd interface trigger as last resort, if the
adblock config is not available during startup
* fix selective subdomain whitelisting for dnsmasq
* fix a kresd restart issue with 'DNS File Reset'
* fix a suspend/resume cornercase
* disable the tld compression, if the number of blocked domains
is greater than 'adb_maxtld' (default: 100000)
* made the fw portlist configurable (default '53 853 5353')
* preliminary support for inotify-like autoload features
of dns backends like kresd in future Turris OS. If 'adb_dnsinotify'
is set to 'true', all adblock related restarts and the
'DNS File Reset' will be disabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \
| | | |
| | | | |
ulogd2: Build IPFIX module
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
add ulogd_output_IPFIX.so to ulogd-mod-extra
Signed-off-by: Sebastian Fleer <dev@dwurp.de>
|
| |/ /
| |
| |
| | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \
| | |
| | | |
ulogd2: Backport upstream patches
|
| | | |
| | |
| | |
| | |
| | |
| | | |
IPFIX support was requested.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \
| |/ /
|/| | |
lighttpd: Update to version 1.4.54
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Correct SPDX License Identifier
- Move MAINTAINER, SUBMENU to more appropriate place
- Use HTTPS in URL
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Fixes CVE-2019-11072
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |\ \ \
| | | |
| | | | |
samba4: update to version 4.9.13 (security fix)
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes CVE-2019-10197
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The double quote thells the shell that the list returned from `pidof` is a
single argument, therefore, `renice` will cry about a malformed input.
With this commit, `renice` will be applied correctly to all the returned PIDs
from `pidof`.
The output of `renice` for the quoted list is as follows:
`renice: invalid number '6592 6587 6586 6574'`
`renice` does not show and does apply the nice value if the list is unquoted.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \
| | | |
| | | | |
Disable ASLR PIE in selected packages
|
| | | | |
| | | |
| | | |
| | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fixes compilation without OpenSSL deprecated APIs as well as
-Werror=implicit-function-declaration.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
mosh: add package
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Maintainer: Jakub Tymejczyk <jakub@tymejczyk.pl>
Compile tested: ramips, Xiaomi Router 3G, fc54256
Run tested: ramips, Xiaomi Router 3G, 0f54d96
Description:
Mosh is "Remote terminal application that allows roaming, supports
intermittent connectivity, and provides intelligent local echo and line
editing of user keystrokes".
Project's site: https://mosh.org
Makefile and patch taken from: https://github.com/mchwalisz/mosh-openwrt
updated by me
Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
(Makefile cleanup and size optimizations)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
zerotier: update to 1.4.4
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Also allow path to local.conf to be set and enable linker optimisations
to save a few bytes.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
|
| |/ / /
| | |
| | |
| | |
| | |
| | | |
Too short
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
remove ipsec-tools and opennhrp
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As discussed on GitHub[0] the package should be removed.
[0]: https://github.com/openwrt/packages/issues/7832
> The package is effectively orphaned upstream and has been for some
time. Given the security-sensitive nature of the package, an active
maintainer community is essential for safe usage. Racoon's lack of
support for IKEv2, despite it being stable for a long time, and the
availability of next-generation tunneling systems such as wireguard,
also would seem to limit its future value. Setkey's functionality
has been subsumed by 'ip xfrm'.
> If you disagree that ipsec-tools should be removed from OpenWRT,
please say so now. If there are still use cases for it that are
not met by other IKE implmenentations that would be good to
know. But more importantly, I think you'll need to convince us
that ipsec-tools is actually safe to operate on today's Internet
given its current state of development.
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The package requires ipsec-tools which will be removed from packages.git
Signed-off-by: Paul Spooren <mail@aparcar.org>
|
| |\ \ \
| | | |
| | | | |
unbound: update to 1.9.3
|