DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add dependency on ca-bundle without which the HTTPS fetches fail.
Add "-x" option to force HTTP/1.1 instead of HTTP/2.0
Add a workaround for bug in libcurl <7.530 that prevents it from
working at all when built with mbedtls.
Signed-off-by: Darren Tucker <dtucker@dtucker.net>
Acked-by: Aaron Drew <aarond10@gmail.com>
If a service section is not presented in the configuration then stunnel will
always start anyway. This ends in a crash loop because the configuration is not
valid.
Checking in "uci" mode if a service section is presented and only then
start the stunnel service will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Do not send a SIGHUP on reload configuration let procd restart the
service with stop/start. This is saver.
Add uci generated stunnel file to procd "file" attribute to
reload/restart the stunnel service.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* add config_path option since the controller mode needs a persisting path to be used
* add patch to fix a bug in the controller code (https://github.com/zerotier/ZeroTierOne/issues/553)
* disable zerotier by default, as the default settings let it connect to a public network
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Remove unsupported "notify" script during uci config generation.
This change will remove keepalived warnings on startup.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Append use_vmac with no_val_ so that the uci generation will treat this
as an boolean option. If the option is set then a interface with
vrrp.{virtual_router_id} is added to the system.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If ip is referenced in the instance section it is not necessary to add a
device option on every "ip_address". In most sitution it es enough to
add only an ip. Allow empty device option will solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the option 'use_vmac' is selected in a keepalived config and
kmod-macvlan is not installed then keepalived raise an error.
Netlink: error: Not supported, type=(16), seq=1510647577, pid=0
vmac: Error creating VMAC interface vrrp.42 for vrrp_instance xxx!!!
Add 'kmod-macvlan' to the package dependency list fixes this error.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
That is, since we don't require gssapi or libpskc, avoid
accidental builds with it.
Closes#5474
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
matrixssl is still in the oldpackages repo,
so coova-chilli should not depend on it.
Remove the config option for selecting matrixssl lib
and the dependency declaration.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
A vulnerability was discovered in the processing of wildcard synthesized
NSEC records. While synthesis of NSEC records is allowed by RFC4592,
these synthesized owner names should not be used in the NSEC processing.
This does, however, happen in Unbound 1.6.7 and earlier versions.
(see https://unbound.net/downloads/CVE-2017-15105.txt)
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
When using the configuration under "Unbound and odhcpd" in the package's
README.md, the scripts generated a malformed config file for unbound, due
to an "ip route" command giving extra output lines with the string
"anycast" where the awk script expects an address. These are now filtered.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
New upstream release fixes the following security issues:
* CVE-2017-3145: BIND was improperly sequencing cleanup operations on
upstream recursion fetch contexts, leading in some cases to a use-after-free
error that can trigger an assertion failure and crash in named.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
The iptables-mod-geoip is usually used in conjunction with some
wrapper scripts which manipulate the GeoIP database and then kick out
one or more iptables rules. This package contains (1) the script to
download the most recent version of the MaxMind freemium database and
(2) another script which mangles the database into sets up iptables
rules.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit moves xtables-addons from
https://github.com/openwrt/openwrt/tree/master/package/network/utils/xtables-addons
into the package feed repository to allow for dependencies on other feed
packages, such as Perl.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
[fix commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Make most dependencies depend on the selection state of the respective
plugins requiring them. This cuts down compile time considerably when
plugins like MySQL support are disabled.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Write *.ip file with current registered IP, whenever "get_registered_IP" is called (used by next luci-app-ddns version)
Changed detection of cURL proxy support #3876
Reread data from ubus if "get_local_ip" from "ip_network" #5004#3338
Fix godaddy_com_v1 #5285
Implement "param_opt" for "cloudflare_com_v4" #5097
Inside logfile "*password*" printed in stead of real password #5281 and others
Add ipv4 service "dnsever.com" #5178
Add ipv4 service "myip.co.ua" #5199
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
This guarantees for the package feeds that
the mk files will always be available for all packages.
Will need to see about external-feed Python packages
a bit later.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
openvswitch fails to build on my Arch Linux system, as it tries to use my build
host's sphinx-build with OpenWrt's python. Add an override to ensure this can't
happen.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Build depends refer to source package names, not binary package names.
In many cases, PKG_BUILD_DEPENDS simply duplicated runtime dependencies of
a source package's binary packages; as the corresponding source packages
are implicitly added as bulid dependencies, PKG_BUILD_DEPENDS can simply be
dropped in these cases. In the other cases, *_BUILD_DEPENDS is fixed to
refer to the correct source package name.
Dependency of mysql-server is adjusted from libncursesw to libncurses
(as libncursesw is a virtual package provided by libncurses), so the build
dependency on ncurses is emitted unconditionally.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
A + sign does not have meaning in build depends. This Makefile was
overlooked in the previous treewide commit.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
W. van den Akker
Rosen Penev
Yousong Zhou
Stan Grishin
Darren Tucker
Florian Eckert
Moritz Warning
Sebastian Kemper
Nikos Mavrogiannopoulos
Hannu Nyman
Eric Luehrsen
Michael Heimpold
Daniel Golle
Daniel Gimpelevich
Noah Meyerhans
Philip Prindeville
Jo-Philipp Wich
Christian Schoenebeck
Peter Wagner
Dirk Brenken
Alexandru Ardelean
Matthias Schiffer
Max Berger
Daniel Engberg
Daniel Salzman
Ted Hess
Maxim Storchak