| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
libseccomp can't be built on ARC, so we must disable the option here as
well. A different fix was first proposed by @zxlhhyccc in #15377.
Fixes: #15313
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
strongswan: handle chacha20poly1305 as AEAD
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
chacha20policy1305 is also an AEAD cipher, and hence does not
permit a hash algorithm.
Fixes issue #15397.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A subshell caused by $(...) can't persistently modify globals as a
side-effect.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Fix compilation without deprecated OpenSSL APIs.
Backport upstream patch to fix stdout.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add patch fixing compilation without deprecated OpenSSL APIs.
Fix installation. This never worked as the section was misnamed.
Updated tool names.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
bonding: accept list of slaves in uci list notation
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Rework the bonding.sh protocol handler to accept slave interface names
encoded in uci list notation. Also replace ifconfig up/down with ip
link calls while we're at it.
Fixes: #11455
Fixes: https://github.com/openwrt/luci/issues/4473
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| | |/ / / /
|/| | | |
| | | | |
| | | | | |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
strongswan: libnttft must not select strongswan
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The strongswan-libnttfft package should not select the strongswan
package, but should depend on it instead. Otherwise a circular
dependency is created.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Stan Grishin <stangri@melmac.net>
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fix post-merge comments in #15316 and update source.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |/ / / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch prevents multiple cron jobs from being created to run the
safe-search-maintenance script.
To reproduce this bug, perform the following:
- Install safe-search
- Perform an OpenWRT firmware upgrade (choose to preserve user settings)
- Install safe-search again
Signed-off-by: Gregory L. Dietsche <gregory.dietsche@cuw.edu>
|
| |/ / / /
| | | |
| | | | |
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \ \
| | | | |
| | | | | |
strongswan: add more crypto plugins
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Adds modules for BLISS signature scheme, NTRU and New Hope key
exchange algorithms, and dependencies ChaCha20-Poly1305 AEAD,
ChaCha20 XOF, MGF1 mask generation function, SHA3 hasher SHAKE
XOF, and the Number Theoretic Transform library.
Signed-off-by: Derek Yerger <derek@altdevs.net>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
knot-resolver: update to version 5.3.1
|
| | | |/ / /
| |/| | |
| | | | |
| | | | | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Major changes are:
disable symlink by default.
remove smack inherit leftovers.
Enable guest access on IPC$ share by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
MacOS ignores Bonjour services for which TXT records are not returned. This changes forces umdns service to return a TXT record (`daemon=ksmbd`) for the ksmbd service. The exact content is unimportant and to the best of my knowledge nothing reads the `daemon` tag.
Symptoms of the problem (which are also debugging steps):
* Finder refuses to open the OpenWRT "computer" in the Network list.
* Discovery.app (Bonjour Browser) lists the _ssh._tcp service, but the submenu for it doesn't unfold and no address is shown.
* `dns-sd -L OpenWrt _smb._tcp` doesn't return any address.
Signed-off-by: Kirill Nikolaev <cyril7@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove getrescources call because it is no longer
required.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is a security fix, affecting 2.0.0 through to 2.0.9. Mosquitto instances
could be remotely DoS'd by authenticated clients.
Release notes at: https://github.com/eclipse/mosquitto/blob/v2.0.10/ChangeLog.txt
CVE number has not yet been assigned.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
- Update haproxy download URL and hash
Signed-off-by: Christian Lachner <gladiac@gmail.com>
|
| |\ \ \ \
| | | | |
| | | | | |
xinetd: honor ${IPKG_INSTROOT} when sourcing /lib/functions.sh
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Avoid "file not found"-error when embedding via Imagebuilder.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Retire weak algorithms like MD5 and 3DES.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Prior to this commit, the acme service attempted to obtain certificates
once and then terminated, regardless of whether the certificate could be
obtained or not. This commit introduces a new uci option "retries" to
the "certificate" section. If this option is set to N, the acme service
will attempt to obtain the certificate up to N times before terminating.
There is a waiting pause between the retries to comply with the rate
limits of Let'sEncrypt.
The waiting pause is:
- 2 minutes for staging certificates
- 24 minutes for production certificates
The current "Failed Validation" rate limits of Let'sEncrypt are:
- staging: 60 per hour -> 1 failure every 1 minute in avg.
- production: 5 per hour -> 1 failure every 12 minutes in avg.
This means that we are within rate limits by a factor of two.
By default the option "retries" is set to "1", which means that acme
behaves as before by default. If the variable is set to "0", infinite
retries are performed.
This feature is helpful, when you already want to initiate the
certificate request, but you are still waiting for your dns server to be
configured, your network to appear or other conditions.
Signed-off-by: Leonardo Mörlein <git@irrelefant.net>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Before this commit, issue_cert always returned 1 no matter if uacme
returned 1, 2, 3, ... With this commit, the return code of the uacme
binary is propagated. Therefore the caller of issue_cert can
differentiate between "no renew necessary" and "an error occurred".
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With this commit, the run-acme script can be included into other scripts
by setting INLCUDE_ONLY=1.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Compile and run tested on: mvebu (Turris Omnia)
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Derived from the ipsec initd script, with the following changes:
(1) various code improvements, corrections (get rid of left/right
updown scripts, since there's only one), etc;
(2) add reauth and fragmentation parameters;
(3) add x.509 certificate-based authentication;
and other minor changes.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
strongswan: remove synthesized ipsec conf files
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If you shutdown ipsec service, and it doesn't clean up
/var/ipsec/ipsec.conf, then when you start swanctl service it
might see an incompatible file on startup. Remedy is to
remove unneeded files when shutting down the service. They
can always be regenerated when the service starts again.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
xray-core: Update to 1.4.2
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Updated geo datas to latest version.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | |/ / /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Since v1.4.1, Xray has introduced a new feature to transfer data via
browsers, which can disguise itself as a normal browser to cheat
network censorship.
For more details, see https://github.com/XTLS/Xray-core/pull/421.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
netifyd supports a '-F' filter option in 'bpf' notation to filter
packets from its consideration.
Add support for a uci 'filter' option. eg. filter to exclude SSDP
multicasts from a particularly noisy device:
option filter 'not (udp and dst 239.255.255.250 and dst port 1900 and src 192.168.1.5)'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Anton Ryzhov <anton@ryzhov.me>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: George Iv <zhoreeq@users.noreply.github.com>
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Even it's only cosmetic and should not affect the function of regular system,
fix the name of the IPKG_INSTROOT variable.
Typo was added long ago with 8400c9a6ec799.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
|
| |/ / / /
| | | |
| | | |
| | | |
| | | | |
* fix housekeeping of external list sources
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |\ \ \ \
| |/ / /
|/| | | |
git-lfs: update to version 2.13.3
|