Added missing limits header. This is normally included in fortify-headers,
which I have disabled locally.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Properly quote arguments when assembling the command line and eval the
proto_run_command() invocation in order to prevent the shell from
improperly splitting the command arguments on $IFS.
Fixes: #10137
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Major version jump from v2.0 to v2.1
- Update haproxy download URL and hash
- Add new patches (see https://www.haproxy.org/bugs/bugs-2.1.2.html)
- Stop building LUA 5.3 in the haproxy build-process and use liblua5.3 as a dependency instead
Signed-off-by: Christian Lachner <gladiac@gmail.com>
Changelog:
* Fix OpenWRT with existing forwarder + fix dnsmasq restore issue
* Refactor service execution to better report errors
* Refactor merlin tz setup so it does not need to curl on boot
* Improve upgrade command for install.sh
* Do not mask curl error on install
* Fix timezone logging issue with Merlin
* Add support for Merlin John's fork
* Add raspbian support to installer
* Fix upgrade not reinstalling service
* Limit the aarch64 fix to merlin
* Reset DHCP DNS to self on Merlin router setup
* Fix memory issue with aarch64 based router
* Update Go version
* Allow override of detected env
* Setup timezone correctly on Merlin init script
* Don't ignore curl error on install
* Fix Asus Merlin John’s fork trust store issue
* Fix synology auto setup
* Fix report client info not enabled with setup-router option
* Add support for edgeos DHCP lease file locations
* Fix signal handling when running as a service
* Fix exit menu keyboard shortcut
* Do not fail on upgrade if uninstall failed
* Fix exit menu in installer
* Remove failing upx (for now)
* Make sure nextdns keeps running once ssh session is closed
* Add auto setup of Synology with DHCP server enabled
* Use router's DNS to discover more names
* Get A/AAAA from both answer and addition sections
* Ignore certain invalid names during discovery
* Fix activate with setup-router
* Fix serveral install issues
* Add exponential backoff to mdns probe retry
* Correctly end dhcp lease probing when discovery is cancelled
* Store DHCP/MDNS discovered addrs separately to avoid ping/pong
discovery
* Add DHCP lease support to client discovery
* Do not report mdns listen unreachable error as start will retry
* Reimplement mdns client discovery
* Fix installer GOARCH detection with arm6+
* Fix bin install on platforms needing sudo
* Correctly detect edgeos and ddwrt as routers
* Fix install.sh sudo
* Disable upx as it break many platforms
* Fix installer regression with merlin
* Fix mips64 detection
* Fix OpenWRT detection
* Fix UPX post build script
* Fix install with John's Asuswrt-Merlin fork
* Fix more DDWRT
* Fix DDWRT support
* Fix merlin service add/remove
* Use UPX to compress binaries typicially used on routers
* Revert "Remove direct dep on reflect"
* Use letters for installer menus
* Fix install script for upgrades not working if binary is running
* Do not return an error on mdns listen if at least one interface worked
* Fix installer for synology
* Fix pfSense support
* Remove the logs for each server on each connect
* Move install instructions to wiki
* Fix install.sh uid detection with merlin
* Fix install.sh for arm6+
* Add Synology init system support
* Fix install.sh
* Add a generic router setup that just changes the listen to public
* Update README
* Add auto setup support for EdgeOS
* Restore per OS install instruction in readme during installer beta
* Refactor install.sh
* Remove dep on golang.org/x/net/ipv[4|6]
* Remove direct dep on reflect
* Rewrite the zeroconf code to use dnsmessage instead miekg/dns
* Add auto setup support for DD-WRT
* Improve arch detection
* Add auto setup support for OpenWRT
* Add automatic router setup support
* Fix service
* Remove dep en seq on sysv style init scripts
* Add Entware init system support
* Report init system used on install and in UA
* Add EdgeOS support
* Reads /etc/hosts before forwarding queries to the upstream
* Fix localhost resolution with Linux arch empty /etc/hosts
* Use /etc/hosts file to resolve listen address and list on all IPs
listed
* Add support for multiple router firmware
* Fix hardened privacy disabling dual stack
* Add a config set sub command and refactor commands handling
* Add support for activate on freebsd
* Fix inverted MAC matching
* Add unit test for conf prefix match #35
* Activate uses listen address instead of static 127.0.0.1
* Improve FreeBSD integration
* Add FreeBSD support
* Fix a typo
* Use zip for windows archive
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
Edited PKG_RELEASE to 1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Compile tested: arm_cortex-a15_neon-vfpv4, TP-Link Archer C2600, master
Run tested: TP-Link Archer C2600
Change log for v2.99:
[FIX] Fixed broken JSON parsing (include missing uuid_site).
[FIX] FreeBSD: Fixed 10x support.
[FIX] OPNsense: Fixed path to xmllint.
[IMP] Switched to libtcmalloc minimal.
[IMP] Added metadata extraction from SSDP queries/responses.
[IMP] Added automatic building of bundled gperftools when enabled.
[IMP] Removed bundled packages that are no longer needed.
[IMP] Always display JSON status even when stale.
[IMP] CentOS: Added support for CentOS 8.
[IMP] CentOS: Removed support for CentOS 6.
[IMP] OPNsense: Added support for OPNsense 19x.
Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
Instead of the default nginx.conf file this file is a small variant
without examples that enables the /etc/nginx/conf.d/ directory.
It will pull in all configuration files from the conf.d directory.
So, other packages can add their server parts in the conf.d directory
without modifying the main nginx.conf file (cf. #9860).
Changed also the default logging behavior:
error_log stderr; # the init forwards it to logd
access_log off;
See the updated documentation at:
https://openwrt.org/docs/guide-user/services/webserver/nginx
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
Hurricane Electric provides a free IPv6inIPv4 tunnel. It changed its ipv4 ddns service, fully needed to keep the ipv6 tunnel up, to the domain tunnelbroker.net. Besides, the old he.net script was bugged because it doesn't had a [USERNAME] placement but instead two [DOMAIN]. The new tunnelbroker.net update URL, still provided by Hurricane Electric, is https://[USERNAME]:[PASSWORD]@ipv4.tunnelbroker.net/nic/update?hostname=[DOMAIN]&myip=[IP] and it gets the response good or nochg
Signed-off-by: Euler Alves <euler@alves.pro.br>
(fixed-signed-off-by and prefixed)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
PKG_RELEASE was incremented to 15 because of a fix in files/services
Signed-off-by: Euler Alves <euler@alves.pro.br>
(fixed-signed-off-by and prefixed)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since commit a62c0e5 apu-1-config is no longer being stipped down with
regards to being called with "--link-libtool". Example:
$ ./staging_dir/target-mips_24kc_musl/usr/bin/apu-1-config --link-libtool
-L/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -R/home/sk/tmp/openwrt/staging_dir/target-mips_24kc_musl/usr/lib -laprutil-1
$
Before the mentioned commit the "-R" argument was stripped off. And when the
Makefile adds this to TARGET_LDFLAGS this then ends up in the compiler test, as
an argument for the compiler, causing build failure:
checking whether the C compiler works... no
configure: error: in `/builder/shared-workdir/build/sdk/build_dir/target-arm_mpcore+vfp_musl_eabi/subversion-1.13.0':
configure: error: C compiler cannot create executables
config.log shows what's wrong:
configure:3140: x86_64-openwrt-linux-musl-gcc -Os -pipe ... <snip> ... -R/home/sk/tmp/sdk/master-x86-64/staging_dir/target-x86_64_musl/usr/lib -laprutil-1 conftest.c >&5
x86_64-openwrt-linux-musl-gcc: error: unrecognized command line option '-R'
This commit does away with these flags, they're not needed anyway. FPIC
is also removed, because it's detrimental to the applications [1] and
unnecessary as well.
Fixes: #11139
[1] https://wiki.gentoo.org/wiki/Project:Hardened/Position_Independent_Code_internals
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
In OpenWrt this module is available, but not part of the main package.
This commit disables the LoadModule directive for this module. Otherwise
following the installation of the main apache package the start of the
server would fail (due to the absence of this particular module).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This way there's no need to worry about overwriting another httpd binary
or symlink from another package, for example busyboxes httpd.
The init script is also renamed to apache2 for consistency.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
* rename smbd->ksmbd (upstream name change)
* ksmbd-tools: build with static glib2 (usmbd = ~90kb, smbuseradd = ~40kb)
* new etc folder location = /etc/ksmbd/smb.conf
* new database name = /etc/ksmbd/ksmbdpwd.db
* fixes "map to guest = Bad User" while userdb is also used
* fixes missing ipv6 support
* update/rename to "luci-app-ksmbd"
* remove UCI samba compatibility code for section names (ksmbd uses [share] + [globals] not [sambashare] + [global])
* ksmbd: release 3.1.1 version
* ksmbd: does not work if ipv6 module is not loaded or compiled in
* ksmbd: capsule ifdef CONFIG_SMB_INSECURE_SERVER with smb1 codes
* ksmbd: release 3.1.0 version
* ksmbd: fix over 80 character warnings
* ksmbd: rename smbd-tools to ksmbd-tools in travis.yml
* ksmbd: fix password db file location in travis.yml
* ksmbd: rename smbd prefix function to ksmbd
* ksmbd: rename smbd prefix source files to ksmbd
* Revert "smbd: set connection status with SMBD_SESS_EXITING instead of direct destory"
* ksmbd: rename smbd to ksmbd in .travis.yml
* smbd: rename module name to ksmbd.ko
* smbd: set connection status with SMBD_SESS_EXITING instead of direct destory
* smbd: previous session with same user and same password should be deleted
* smbd: only use global session table in smb2 session
* smbd: add support for ipv6
* smbd: fix empty macro issue from smbd_debug
* cifsd: fix printing of file names in find_next
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This should hopefully prevent issues with that option not showing up in the
GUI, like in #11095.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
nginx-ssl-util and nginx-ssl-util-nopcre are replacements for each other,
but cannot replace nginx-util (instead conflict with it).
The hard coded [::1] could lead to a nginx error if build without IPv6.
So, get the loopback addresses dynamically.
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
* Do not destroy the iterator twice if cur==this (segfault).
* Do not add the delimiter clim=='\0' when creating the SSL directives.
* Set the right SSL_SESSION_CACHE_ARG for nginx-util get_env.
* Remove static from the constexpr that are used only for Line::build.
* Concat strings instead of appending them for not using a non-const ref
(to remove some warnings of clang-tidy -checks=google-runtime-references)
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
This allows custom config parameters to be added to the generated config
files, enabling the original intended functionality per
https://openwrt.org/docs/guide-user/services/ups/software.nut.
Example usage from /etc/config/nut_server:
config driver 'apc'
option driver 'snmp-ups'
option snmp_version 'v3'
option port '172.16.100.5'
list other 'secLevel'
list other 'secName'
list other 'authPassword'
list otherflag 'notransferoids'
config other 'other_secLevel'
option value 'authNoPriv'
config other 'other_secName'
option value 'some_username'
config other 'other_authPassword'
option value 'some_password'
config other 'otherflag_notransferoids'
option value '1'
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>