- new package dependency: curl (plus one of the wpad variants)
- optional package dependencies:
- 'msmtp' for email notification support
- 'wireguard' or 'openvpn' for vpn support
- removed WEP support, only WPA/WPA2/WPA3 are supported!
- new, more robust setup wizard (CLI and LuCI)
- more robust captive portal detection
- randomize mac addresses with every uplnk connect
- automatic vpn handling during uplink switch (only classic/simple
client-setups for wireguard or openvpn are supported)
- email notifications after successful uplink connections
- automatically disable uplinks after n minutes, e.g. for timed
connections
- automatically (re-)enable uplinks after n minutes, e.g. after failed
login attempts
- complete LuCI rewrite - migrated to client side JS (separate PR)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Don't build the sntp binary and libevent2-pthread dependency unless
ntp-utils is selected.
Re-add ntp-keygen dependency libevent2-core.
Fixes openwrt#10307
Signed-off-by: Kenneth J. Miller <ken@miller.ec>
Currently the passed VERSION includes the release, which is usually not
part of the compiled binary. Removing it simplifies the `grep` command
to check for correct package output during runtime tests.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Run trivial check if the compiled binary works on the architecture. Do
so by comparing the printed version by the binary with the Makefile
version. The release is OpenWrt specific, so cut it off.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The CI only tests packages if a Makefile changed, e.g. containing a
version or release bump. This covers package related files as at least
the package release must change whenever a file was touched.
The `test.sh` file is a runtime test used to verify working packages
within OpenWrt containers. This file can independently change and will
never be included in the package ipk files, therefore trigger the CI on
its changes as well.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Removed iconv const patch. After discussing with upstream. it turns out
that libiconv-full in OpenWrt is broken.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Additional to manual runtime tests this CI addition runs a custom test
script per package. Ideally this lowers the errors of package bumps,
something which is time consuming when done manually for multiple
architectures.
This CI uses the official OpenWrt containers and tries to install and
run compiled packages. The run depends on the content of `test.sh`,
which is an `ash` script. It's called with the *packge name* and
*package version* as arguments. This allows different behaviour if
a single package generates multiple IPK files. The version is usable for
the most trivial runtime check, e.g. `tmux -V | grep "$2"`.
The current approach uses the qus project[1] which contains multiple
QEMU binaries to run various architectures.
[1]: https://github.com/dbhi/qus
Signed-off-by: Paul Spooren <mail@aparcar.org>
Vulnerabilities fixed:
* CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
* CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).
Imported patches from the debian package.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This commit adds a linter which checks most common filetypes, including
Shell and Lua. Ideally this improves the quality of especially `init`
scripts written in Shell.
Signed-off-by: Paul Spooren <mail@aparcar.org>