For configurations where another web server is running on port 80, running
acme.sh in standalone mode fails. Try to detect this and refuse to run; and
allow the user to configure a webroot directory to use the running webserver for
certificate verification.
This also updates acme.sh to the latest version.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
the freeradius3-mod-eap package. This prevents conflicts between
freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
file before. This fixes LEDE bug FS#678.
- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
cert valid for the duration of the LEDE release cycle (with some slack). This
fixes#4239.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* add "adb_forcedns" to redirect all dns requests
to local resolver (disabled by default)
* add "adb_forcesrt" to enable overall sort / duplicate removal
on low memory devices with less than 64 MB RAM (disabled by default)
Signed-off-by: Dirk Brenken <dev@brenken.org>
* no longer misuse ubus/procd service object for travelmate runtime
information, now save all required information directly
in a JSON file/format
* new 'status' init command to print runtime information
* add a configurable interface trigger timeout for
nested & slow modem/router setups, set 'trm_triggerdelay' accordingly
* change start priority & refine reload timings
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
* change start priority to get all interface trigger events, even on
fast hardware
* made default trigger delay more conservative to fix possible start up
issues
Signed-off-by: Dirk Brenken <dev@brenken.org>
As reported by @thornley-touchstar, there are some issues in the
showshortport and showport commands on the monitoring channel.
After short dicussion with upstream, the following patches were merged
upstream to fix the issue(s).
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
darkstat's configure script searches for libbsd for different routines,
so if it manages to pick it up, make sure the dependency is reflected.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Use newest acme.sh release (2.6.8).
Remove dependency on ca-certificates and add dependency on ca-bundle.
Update environment variable.
Signed-off-by: Daniel Halmschlager <da@halms.at>
* no longer misuse ubus/procd service object for adblock runtime
information, now save all required information directly
in a JSON file/format (/tmp/adb_runtime.json)
* new 'status' init command to print runtime information
* add a configurable interface trigger timeout for
nested or slow modem/router setups,
set 'adb_triggerdelay' accordingly (default 1 second)
* add support for pure http download utilities like wget-nossl
or uclient-fetch without libustream-ssl (http donwloads only!)
* fix stop action
* fix enabled/disabled action
* fix country code in regional list for china
* LuCI update to reflect all changes
Signed-off-by: Dirk Brenken <dev@brenken.org>
If interface is getting down by netifd (unplug ethernet cable)
mwan3track will not recognize this change. It will also generate an
additional down event when he notice does his tracking interface is offline.
Mwan3track will now be informed by a signal (trap) USR1 during down event
that the interface is already down. An additional down event will not be
generated.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Changelog:
* Fixed a regression of 1.6.4 which caused a crash in modperl/modpython
(not packaged)
* Fixed the behavior of verbose command in the sasl module.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This commit fixes bugs, cleans and enhances init.d script:
1. The first disk and interface was passed to mini_snmpd with extra
leading space.
This bug caused the first monitored disk and interface to be
inaccessible by SNMP daemon.
2. Automatically reload deamon if one of monitored interfaces goes
up/down.
Since mini_snmpd reads interface list only at startup, it won't
detect any interface which appeared after the daemon was started.
Fortunately we can use procd interface triggers to automatically
restart the daemon.
3. Replace hand-written direct ubus calls and json data filtering with
standard network functions.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* re-order all regional lists in adblocklist/easylist format
* add polish blocklist
* add chinese blocklist
* lists called now 'reg_<ch|pl|ro|ru>'
* changed interface trigger default in config to 'wan' only
* update / sync LuCI frontend (see luci repo for details)
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
[RELEASE] Released version 1.7.5 due to bug in compression
Released version 1.7.5 with the following main changes :
- BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
- BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
- BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
- BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
- DOC: fix parenthesis and add missing "Example" tags
- DOC: update the contributing file
- DOC: log-format/tcplog/httplog update
- MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
haproxy's Makefile already happens include/ after specifying PCRE_DIR
which would result in the following build errors on an external
toolchain that does not automatically search for headers in
$(STAGING_DIR):
mipsel-linux-gnu-gcc -Iinclude -Iebtree -Wall -O2 -g
-fno-strict-aliasing -Wdeclaration-after-statement -DBUFSIZE=16384
-DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 -DCONFIG_HAP_LINUX_SPLICE
-DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB
-DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS
-DUSE_ACCEPT4 -DNETFILTER -DUSE_GETSOCKNAME -DCONFIG_REGPARM=3
-DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_LUA
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/lua-5.3.3/include
-DUSE_PCRE
-I/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/include/include
-DUSE_PCRE_JIT -DCONFIG_HAPROXY_VERSION=\"1.7.4-patch02\"
-DCONFIG_HAPROXY_DATE=\"2017/04/01\" \
-DBUILD_TARGET='"linux2628"' \
-DBUILD_ARCH='""' \
-DBUILD_CPU='"generic"' \
-DBUILD_CC='"mipsel-linux-gnu-gcc"' \
-DBUILD_CFLAGS='"-O2 -g -fno-strict-aliasing
-Wdeclaration-after-statement -DBUFSIZE=16384 -DMAXREWRITE=1030
-DSYSTEM_MAXCONN=165530"' \
-DBUILD_OPTIONS='"USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1
USE_ZLIB=yes USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
USE_PCRE_JIT=1"' \
-c -o src/haproxy.o src/haproxy.c
In file included from include/types/proxy.h:33:0,
from include/proto/log.h:32,
from include/common/cfgparse.h:29,
from src/haproxy.c:65:
include/common/regex.h:31:18: fatal error: pcre.h: No such file or
directory
#include <pcre.h>
Fix this by stripping the additional include/ being added.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Some external toolchaind don't automatically search for headers in
$(STAGING_DIR), make sure we do pass TARGET_CPPFLAGS as appropriate.
This fixes build errors such as:
mipsel-linux-gnu-gcc -O2 -Wall -Wextra -DLUA_COMPAT_5_2 -DLUA_USE_LINUX
-c -o lua.o lua.c
lua.c:80:31: fatal error: readline/readline.h: No such file or directory
#include <readline/readline.h>
^
compilation terminated.
<builtin>: recipe for target 'lua.o' failed
make[6]: *** [lua.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Fixes build errors with toolchains that don't automatically search for
headers in STAGING_DIR (such as external toolchains) resulting in the
following build failures:
mipsel-linux-gnu-gcc -Os -pipe -mno-branch-likely -mips32r2 -mtune=24kc
-fno-caller-saves -Wno-unused-result -D_FORTIFY_SOURCE=1 -Wl,-z,now
-Wl,-z,relro -DUSE_SSL_CRYPTO -c options.c
In file included from options.c:62:0:
auth_algo.h:53:26: fatal error: openssl/hmac.h: No such file or
directory
#include <openssl/hmac.h>
^
compilation terminated.
Makefile:95: recipe for target 'options.o' failed
make[4]: *** [options.o] Error 1
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rework automatic mode (active scan/re-connection handling):
* much more procd & resource friendly
* now enabled by default
* save runtime information in ubus service (data section)
* final backend preparation for new LuCI-GUI (still WIP!)
* documentation update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Use CFLAGS_DEBUG which is already used for TARGET_CFLAGS to also pass
TARGET_CPPFLAGS.
This fixes build issues with toolchains that don't automatically search
for header files (e.g: sys/capability.h), such as stbgcc-4.8-1.5
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This allows users to use an external config file if required (for
example matching packets based on SNI hostname or REGEX patterns).
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Signed-off-by: Mircea Horea IONICĂ <mionica@gmail.com>
[RELEASE] Released version 1.7.4
Released version 1.7.4 with the following main changes :
- MINOR: config: warn when some HTTP rules are used in a TCP proxy
- BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
- BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
- BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
- BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
- BUG/MINOR: Fix "get map <map> <value>" CLI command
- BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
- BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
- BUG/MINOR: checks: attempt clean shutw for SSL check
- CONTRIB: tcploop: add limits.h to fix build issue with some compilers
- CONTRIB: tcploop: make it build on FreeBSD
- CONTRIB: tcploop: fix time format to silence build warnings
- CONTRIB: tcploop: report action 'K' (kill) in usage message
- CONTRIB: tcploop: fix connect's address length
- CONTRIB: tcploop: use the trash instead of NULL for recv()
- BUG/MEDIUM: listener: do not try to rebind another process' socket
- BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
- BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
- BUG/MEDIUM: connection: ensure to always report the end of handshakes
- BUG: payload: fix payload not retrieving arbitrary lengths
- BUG/MAJOR: http: fix typo in http_apply_redirect_rule
- MINOR: doc: 2.4. Examples should be 2.5. Examples
- BUG/MEDIUM: stream: fix client-fin/server-fin handling
- MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
- BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
- DOC/MINOR: Fix typos in proxy protocol doc
- DOC: Protocol doc: add checksum, TLV type ranges
- DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
- DOC: Protocol doc: add noop TLV
- MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
- BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
- MINOR: server: irrelevant error message with 'default-server' config file keyword.
- MINOR: doc: fix use-server example (imap vs mail)
- BUG/MEDIUM: tcp: don't require privileges to bind to device
- BUILD: make the release script use shortlog for the final changelog
- BUILD: scripts: fix typo in announce-release error message
Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
Update vnStat to 1.17 which fixes database issue.
Remove unecessary patch
Based on:
commit 79b6e9dc61 by
Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>