* add captive portal domains automatically to the related
domain whitelist (dhcp option 'rebind_domain'),
if rebind protection/RFC1918 is enabled
Signed-off-by: Dirk Brenken <dev@brenken.org>
This updates the package to use the default PyBuild/Compile, instead of
defining a custom Build/Compile.
This also updates the source url and adds a src package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This renames the Python 2 twisted package to python-twisted, and updates
dependents (i.e. obfsproxy) to reference the updated name.
This also fixes conflicts between the Python 2 and 3 packages. Twisted
installs some scripts to /usr/bin, and previously scripts for both
packages used the same names. This adds a "3" suffix to scripts
installed by python3-twisted.
This also adds python[3]-setuptools as a dependency, as the scripts
installed to /usr/bin depend on pkg_resources (part of setuptools).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When OpenSSL is built without deprecated APIs, pkg-config first tries
OpenSSL in the staging directory but fails as it cannot find the
deprecated SSL_library_init function and ends up finding the system one.
Added PKG_BUILD_PARALLEL for faster compilation.
Added -Wl,--gc-sections to LDFLAGS to save ~10KB from the resulting ipk.
Reworked configure section as some of those options were renamed or
removed.
Removed EXTRA_* hacks that are no longer necessary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Using an external toolchain, it was discovered that net-snmp would
link with the Perl library (-lperl) from the host rather than from the
target.
Since we do not provide Perl as a dependency to net-snmp, the solution
is to disable support for it.
Fixes issue #8217.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
This is a minor bugfix release. Full changelog available at:
https://mosquitto.org/blog/2019/02/version-1-5-7-released/
Most relevant to OpenWrt are probably:
* fixing persistent store bloat
* fix sorting of included config files
* fix errors related to per_listener_settings
Signed-off-by: Karl Palsson <karlp@etactica.com>
Move loading credential function before cert renewal call as credentials might be needed for some renewal operations ( ex: DNS )
Signed-off-by: Adrien DAURIAT <16813527+dauriata@users.noreply.github.com>
[toke@toke.dk: Port to master branch]
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This is a bugfix and security release.
CVE-2018-12551: If Mosquitto is configured to use a password file for
authentication, any malformed data in the password file will be
treated as valid. This typically means that the malformed data becomes
a username and no password. If this occurs, clients can circumvent
authentication and get access to the broker by using the malformed
username. In particular, a blank line will be treated as a valid empty
username. Other security measures are unaffected.
=> Users who have only used the mosquitto_passwd utility to create and
modify their password files are unaffected by this vulnerability.
CVE-2018-12550: If an ACL file is empty, or has only blank lines or
comments, then mosquitto treats the ACL file as not being defined,
which means that no topic access is denied. Although denying access to
all topics is not a useful configuration, this behaviour is unexpected
and could lead to access being incorrectly granted in some
circumstances.
CVE-2018-12546. If a client publishes a retained message to a topic
that they have access to, and then their access to that topic is
revoked, the retained message will still be delivered to future
subscribers. This behaviour may be undesirable in some applications,
so a configuration option `check_retain_source` has been introduced to
enforce checking of the retained message source on publish.
Plus the following bugfixes:
* wills not sent to websocket clients
* spaces now allowed in bridge usernames
* durable clients not receiving offline messages with
per_listener_settings==true
* compilation with openssl without deprecated apis
* TLS working over SOCKS
* better comment handling in config files
Full changelog available at: https://github.com/eclipse/mosquitto/blob/fixes/ChangeLog.txt#L1
Signed-off-by: Karl Palsson <karlp@etactica.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function, removes a duplicate
option, and removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
issue_cert fuction may return without calling post_checks, which leaves
port 80 open and uhttpd configuration is not restored is listen_http was
set.
Always call post_checks when returning from issue_cert.
Signed-off-by: Alexey I. Froloff <raorn@raorn.name>
git is hard. :-(
Reported-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Fixes: 4629f043e0 ("znc: update to 1.7.2")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also fixes some validation, makes variable declarations local,
removes unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Refresh patches
Remove --enable-static and --enable-dynamic because they're enabled by default
Enable parallel compilation
Fix compile without IPv6
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
It is increasingly likely 240/4 and 0/8 netblocks will be allocated as
unicast globally rout-able and reachable address space
240/4 is already enabled throughout linux and openwrt.
Permit these address blocks under bcp38 address validation, ie. remove
those ranges from the block list:
list match '0.0.0.0/8' # RFC 1700
list match '240.0.0.0/4' # RFC 5745
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[bump package - minor tweaks to commit message - remove commented lines]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also adds a service_triggers() function and removes some
unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Switched URL to @SAVANNAH for more mirrors.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_LICENSE info.
Minor reorganization for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- fix reporting for bogus hostnames with underscores
- no longer accidently overwrite existing 'serversfile' entries in dhcp
config which reference to the adblock jail list
- remove needless 'no_mail' flag
- refined log message regarding tcpdump requirement for reporting
Signed-off-by: Dirk Brenken <dev@brenken.org>
gitweb is missing a dependencies on perlbase-filetest and
perlbase-storable. It fails to start without these packages.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also corrects a variable name typo ("proxy" instead of
"proxy_host").
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Since the functions in procd.sh invoke "initscript" variable which is
not defined when imported procd.sh from hotplug scripts. And this
results in error when calling basename utility.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:50 2019 user.notice nft-qos-monitor: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 250 192.168.11.109/60566 reply www.google.com is 216.58.215.68
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mtalk.google.com is <CNAME>
Sun Jan 20 12:34:50 2019 daemon.info dnsmasq[15340]: 251 192.168.11.109/43456 reply mobile-gtalk.l.google.com is 173.194.222.188
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:50 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: BusyBox v1.28.4 () multi-call binary.
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Usage: basename FILE [SUFFIX]
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]:
Sun Jan 20 12:34:51 2019 daemon.debug dnsmasq-script[15340]: Strip directory path and .SUFFIX from FILE
Sun Jan 20 12:34:51 2019 user.notice nft-qos-dynamic: ACTION=update, MACADDR=xxxxxx, IPADDR=192.168.11.109, HOSTNAME=Honor_Play
Signed-off-by: Rosy Song <rosysong@rosinson.com>