fping requires either root or CAP_NET_PING to work, otherwise it is
useless. Use INSTALL_SUID so that fping will be setuid root, and thus
it will be usable by non-root users.
fping knows to drop root priviledges after it parses the command line
and creates the ping socket. You actually get a lot less code running
as root when you make it setuid root and run it from an unprivileged
user.
This is the same way net/iputils already handles "ping", which has the
same requirements.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Commit 44a16ca broke syslog-ng such that it no longer works with
logrotate, for example. Yes, you can manually stop and start the
service, but (1) you shouldn't have to and (2) it creates a window
where you potentially lose messages if the syslog UDP socket
overruns.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Linux kernel and iproute2 together now implement strict checking of the
existence of route tables.
Previously kernel does not support filtering by table id, now it does
and will error with nlmsgerr "ipv4: FIB table does not exist".
Previously iproute2 dump all routes and filter by table id in userspace,
now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add
protocol, table id and device to dump request")
Error scene
root@OpenWrt:/# ip route flush table 100
Error: ipv4: FIB table does not exist.
Flush terminated
root@OpenWrt:/# echo $?
2
Fixes: https://github.com/openwrt/packages/issues/12095
Ref: https://lists.openwall.net/netdev/2019/05/02/105
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
When libevhtp is added to a package's PKG_BUILD_DEPENDS (i.e. for
seafile-server), libevhtp's target package dependencies are not
automatically selected, in particular libevent2-openssl and
libevent2-pthreads.
Moreover, if libevent-openssl and libevent2-pthreads are not selected,
OpenSSL and thread support are disabled when compiling libevent2, which
in turn causes a compile error when building libevhtp.
This adds a config option, LIBEVHTP_BUILD_DEPENDS, that will select
libevent2-openssl and libevent2-pthreads (via LIBEVHTP_BUILD_SELECT)
when it is selected.
Other build dependencies are moved to PKG_BUILD_DEPENDS.
This also updates seafile-server to remove the (indirect) dependencies
added in 13d843fec1 and instead select
LIBEVHTP_BUILD_DEPENDS.
This also updates the maintainer's email address and adds myself as
another maintainer.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The init.d script for sshd never generates an ecdsa HostKey as seen
here:
for type in rsa ed25519
do
# check for keys
key=/etc/ssh/ssh_host_${type}_key
[ ! -f $key ] && {
# generate missing keys
[ -x /usr/bin/ssh-keygen ] && {
/usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&-
}
}
done
so we'll never succeed at loading one. Get rid of the resultant
error message in logging:
May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
If BI_PARM is never set, it's "" and causes
infinite loop (before my PR sent upstream) or
error out (after my PR sent upstream).
Append -b option only if it's valid.
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Unfortunately, meson's check is totally broken.
Fortunately, it's fairly easy to workaround.
Fixes compilation with all ARM platforms that don't support NEON.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If we execute `docker info` we get the following warning:
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
To fix this enable this in sysctl if docker is installed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Add a script that can collect data from mq (multi queue) and cake
qdiscs.
Script is reliant on collectd's 'exec' module.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The y-axis graph labels in logarithmic mode display in 'scientific'
notation eg: '1e+00' for 0, '1e+01' for 10, '1e+02' for 100 and so on.
This IMO is a pain in the backside for non scientific humans to read.
Modified output to display numbers up to 99,999 in conventional decimal
format and to revert to scientific notation for larger, thus the same
display space is taken.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
This is a fairly massive update that adds new dependencies.
Switched the CMAKE_OPTIONS to use ON/OFF as is done elsewhere.
Added a patch fixing compilation with libiconv-stub/full.
Add a small debug option to write to syslog debug information.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Commit 3a67097 removed the sed scripts that ran on neon-config. Now
there is build failure for Asterisk because a host include directory is
added to the build:
mips_24kc_musl/usr/lib/libintl-stub/include -I/store/buildbot/slave/shared-workdir/build/sdk/staging_dir/target-mips_24kc_musl/usr/include/libxml2 -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -fPIC -DAST_MODULE=\"res_calendar_exchange\" -DAST_MODULE_SELF_SYM=__internal_res_calendar_exchange_self -I/usr/include/neon -I/store/buildbot/slave/shared-workdir/build/sdk/staging_dir/target-mips_24kc_musl/usr/include -pthread -I/store/buildbot/slave/shared-workdir/build/sdk/staging_dir/target-mips_24kc_musl/usr/include
res_calendar_exchange.c:34:10: fatal error: ne_session.h: No such file or directory
#include <ne_session.h>
^~~~~~~~~~~~~~
compilation terminated.
This commit adds back the sed scripts.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Openwrt is a single user system. So keepalived is runnig as root.
If we add the config options `script_user root` and
`enabled_script_security' the following warnings are gone.
> local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are
being executed but script_security not enabled.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Rosen Penev
Lucian Cristian
Peter Stadler
Henrique de Moraes Holschuh
Philip Prindeville
Yousong Zhou
Syrone Wong
Jeffery To
Florian Eckert
Hannu Nyman
Kevin Darbyshire-Bryant
Eiji MATSUMOTO
Stan Grishin
Sebastian Kemper
Maxim Storchak
Toke Høiland-Jørgensen