Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When we run docker image and export too many ports, dockerd will output some errors like "too many open files", it is caused by max-file limitation.
Now, we start dockerd using procd, just add a statement to fix this problem.
Signed-off-by: Fuying Wang <805447391@qq.com>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
CFLAGS were not being passed. This was breaking builds with ASLR.
Pass proper PIC command to gcc with $(fPIC).
Don't install static libraries. Keep those for InstallDev only.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CFLAGS were not being passed, breaking ASLR builds.
Switched to using PKG_SOURCE_DATE for the version.
Added PKG_BUILD_PARALLEL for faster compilation.
Added license information.
Small Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CFLAGS were not being passed which was breaking ASLR builds.
Fixed license header.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL for consistency.
Passed proper $(FPIC) value.
Several other Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Removed PKG_FIXUP. It has no meaning with CMake.
Replaced PKG_INSTALL with CMAKE_INSTALL. Consequentially, removed
InstallDev section.
Added ABI_VERSION to force package rebuilds when it increases.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license tag.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes issue where CFLAGS were not being passed. This was breaking ASLR
builds.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL. Changed install paths based on PKG_INSTALL paths.
Added --disable-debug to make sure debug code is disabled.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
There is a wrinkle in terms of sending mail immediately when using
msmtpq-ng-mta instead of a typical mail server. We document that
in the package description.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
If the spool or lock dir exist before msmtp's initscript runs we
need to modify the permisions to be appropriate instead of just
bailing, otherwise non-root can't send mail.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
On OpenWrt nc (netcat) connectivity test makes more sense than
ping because a) for non-root users ping is not permitted, and
b) nc is a default binary included with OpenWrt.
We do, however, have to change the upstream default from using
`nc -vz` to `printf "<http head request>"|nc` (with openwrt
nc if text is sent then nc closes after a response and fails
if no connection is made; the response is already thrown away
(to /dev/null) by the existing code).
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
On a Debian system without python3-distutils install, uwsgi-cgi was
failing to build because it couldn't import sysconfig from distutils.
OpenWrt packages should be using the OpenWrt python not the system
python. In addition we need to use python3 not python2, even when
both are available.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
* fix a dns restart issue if 'flush dns cache' is set
* fix a suspend/resume issue, the status wasn't properly updated
* fix a long standing query issue
* rework return code handling, mostly for debugging
* various cleanups & cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
Small Makefile reorganization.
Switch BUILD_PARALLEL to 1. Seems to work now.
Added nanosleep patch that replaces usleep usage.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Development moved to GitHub. Update URLs.
Cleaned up Makefile a bit for consistency between packages.
Added patch that removes deprecated bzero.
Ran init script through shellcheck. Fixed minor warnings.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove SSL patch that has been made obsolete by upstream updates.
Update monit package to the latest release: v5.26.0. This release
supports TLSv1.3 and fixes a few bugs and vulnerabilities.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>