If a firmware build with curl without mbedtls, install transmission from openwrt official repo will fail to start
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
(cherry picked from commit 2311e79218)
It's not possible to configure custom Transmission web home as corresponding
env var gets overwritten by the command that sets CA bundle env var.
Signed-off-by: Leonid Bogdanov <leonidbogdanov86@gmail.com>
(cherry picked from commit c662aefd9a)
Transmission 4.0.3 started using the ftruncate64 syscall.
Add it to the list of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 142bbc77f1)
Apparently the "revcmsg" syscall is now needed, add it to the list
of allowed syscalls.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6afcc1bc88)
The tranmission UCI config options
- `config_overwrite`
- `incomplete_dir_enabled`
- `watch_dir_enabled`
are all booleans, so we have to retrieve them using `config_get_bool` in order
to make sure they are properly interpreted in case the user sets them to a
keyword (`true`/`false`, `on`/`off` etc.) and not an integer (`0`/`1`).
Signed-off-by: Salim B <git@salim.space>
(cherry picked from commit 63dc13d7d2)
To fix the errors:
Sun Apr 10 14:19:41 2022 daemon.err transmission-daemon[29831]: [2022-04-10 14:19:41.098] watchdir Failed to open directory "/mnt/sda1/openwrt/transmission/watch" (2): No such file or directory (watchdir.c:358)
and
Sun Apr 10 14:20:18 2022 daemon.err transmission-daemon[30175]: [2022-04-10 14:20:18.641] Couldn't create "/mnt/sda1/openwrt/transmission/incomplete": Permission denied (file-posix.c:243)
References:
- https://github.com/openwrt/packages/issues/17674
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit cbc1b0790d)
The function `create_host_record_from_host` fails if the `dns` option
is not set in the host entry.
This sets a default to the `dns` variable in order to fix this error.
Fixes: #22691
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
(cherry picked from commit 8d60419251)
The "Extra DNS" option allows to create records from the DHCP
"Hostnames" configuration entries.
This allows to create such records from the DHCP "Static leases"
configuration entries too.
Fixes: #22593
Signed-off-by: Julien Cassette <julien.cassette@gmail.com>
(cherry picked from commit b4a31f92de)
When selecting both iperf3 and iperf3 ssl, there is a problem that
both packages install same binary file.
This patch fixes this issue by adding conflict between those packages.
Signed-off-by: Jakub Raczynski <myszsoda@gmail.com>
(cherry picked from commit cea45c75c0)
In the Makefile the library installation was accidentally called
"Package/iperf3/install" and not "Package/libiperf3/install". Fix this
typo. Thanks to Hartmut spotting this.
Also the iperf3-ssl does not need to depend on libiperf3.
Fixes ae48be8e21 ("iperf3: add shared libiperf library and link iperf3 dynamically")
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit dc59d98c2c)
Add library for creating own functions with iperf3 functionality.
Example: https://github.com/esnet/iperf/blob/master/examples/mis.c
This library is needed by python3-iperf3.
Build iperf3 binary with dynamically linked libiperf3. However, still
build iperf3-ssl as static binary due to a lack of shipping two libiperf
versions.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ae48be8e21)
Fixes CVEs:
- CVE-2023-50387: Validating DNS messages containing a lot of DNSSEC signatures
could cause excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-50868: Preparing an NSEC3 closest encloser proof could cause
excessive CPU load, leading to a denial-of-service condition.
- CVE-2023-4408: Parsing DNS messages with many different names could cause
excessive CPU load.
- CVE-2023-5517: Specific queries could cause named to crash with an assertion
failure when nxdomain-redirect was enabled.
- CVE-2023-5679: A bad interaction between DNS64 and serve-stale could cause
named to crash with an assertion failure, when both of these features were
enabled.
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit d277e41e78)
This is the latest version and brings compatibility with OpenSSL 3.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 78dcc29e47)
this prevents the daemon exiting when a configured device
is not plugged in.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 4d461aacca)
Harmless to carry this fix until procd.sh adds the param
This parameter will mean umdns advertises not just "OpenWrt" but a more
appropriate string:
"Apple LaserWriter Pro 630"
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 60be001775)
Commit driver_home defaults before continuing
Fix missing path for serial number acquisition
Store current device if no previously configured device had one.
Also set CHAR_DEV so the printer can get its driver sent on first run.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit c54cb399f3)
replace -a with &&
shorten uci commands via variables
add optional ieee1284_id parameters
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit d1b868b407)
The spec https://developer.apple.com/bonjour/printing-specification/bonjourprinting-1.2.1.pdf
notes:
... if the meaning of any of the TXT record keys is changed, the txtvers value
will be incremented. The current value of this key is “1”, and if this key does not exist in
the TXT record, the default value of “1” is assumed. The txtvers SHOULD be the first
key/value pair in the TXT record.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 55d00e3821)
Don't run procd with a name of p9100d or p9101d etc.
Use the original binary name: p910nd.
This way, all supplied parameters should be visible via e.g.:
ps
xargs -0 < /proc/{procid}/cmdline
Revise all p910nd strings to the variable DAEMON_NAME or CONFIG where
appropriate.
Signed-off-by: Paul Donald <newtwen@gmail.com>
(cherry picked from commit 3f04d2d791)
The config.yml is an example of a tunnel local configuration.
But the cloudlfared treat it as a real config and fails to start.
So to avoid problems let's comment all the statements.
The `url: http://localhost:8000` is not a valid config option.
Additionally add a smale of configuring ingres rules.
The cloudflared.config has missing option token.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
(cherry picked from commit b3580a76d8)
We need stable path to persist configurations and read log from LuCI.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 272cff0d1c)
* fixes https://github.com/openwrt/packages/issues/22674
* rename resolver_health_check to is_resolver_running for readability
* reorder functions in the init file by name
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit f519b68401)
* added ujail for crowdsec-firewall-bouncer
* set nice to reduce priority for process
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 23.05.0
(cherry picked from commit a8df73ce72)
The latest nmap version 7.9.3 currently fails to compile with OpenSSL 1.1 [1],
it required to backport upstream patch to fix the compilation. [2]
[1] https://github.com/nmap/nmap/issues/2516
[2] d6bea8dcde
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 2c87004346)
The version, which is currently in OpenWrt 22.03 requires Go 1.20.
See the output:
../../../../../dl/go-mod-cache/github.com/netbirdio/wireguard-go@v0.0.0-20230524172305-5a498a82b33f/tun/tun_linux.go:362:18: undefined: errors.Join
note: module requires Go 1.20
Having Go 1.20 in OpenWrt 22.03 could be time consuming and as it is the stable branch, it seems like better idea to downgrade netbird to version 0.17.0, which is the latest version, which requires to use Go 1.19.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
1. Add new options:
--http3 Enable HTTP/3 support (H3 first)
--timeout Timeout for outbound DNS queries to remote upstream servers in a human-readable form (default: 10s)
2. Allows listen on multiple interfaces and ports
Signed-off-by: Anya Lin <hukk1996@gmail.com>
(cherry picked from commit 47b4ebc5cb)
Signed-off-by: Anya Lin <hukk1996@gmail.com>
These patches were introduced for old version, which we had in this repository from upstream in commit 129b7c3 ("nmap: fix ncat proxy mode with upstream patches"), but because nmap was recently updated in commit c12313f ("nmap: bump to 7.93
"), they are not required anymore.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This allows changes to the Python build system apply more easily to the
package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 4195e5c4a8)
This package isn't compatible with the new Python build process yet, so
force the old build process for now.
This also adds a call to Py3Build/Install, for when the new build
process can be used.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit da55275f3b)
This package requires poetry to build using the new Python build process
but poetry is not available, so force the old build process for now.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 705176cd6a)
* update to 2023-10-25 upstream version which fixes the crashes on logging on ath79
* remove no longer needed 030-src-logging.c-fix-crash.patch
* update 010-cmakelists-remove-cflags.patch to work with a new version
* update 020-src-options.c-add-version.patch to work with a new version
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 6b92b6c6d2)
* update service triggers so that procd_add_raw_trigger is only
executed on boot and not on other service actions
* remove outdated iface hotplug script
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 5dd08fe23f)
Convert package to PCRE2 by porting a pending patch from a closed PR.
The PR is old but the code never changed and is simple enough to check
the changes. The patch apply directly with no changes (aside from
commenting out the travis CI file)
The PR was never merged as PCRE2 at times was too new and they were
trying to find a better regex lib.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit db305165c9)
Mainly security release, fixing CVE-2023-3961, CVE-2023-4091,
CVE-2023-4154, CVE-2023-42669 and CVE-2023-42670. For more details see:
https://www.samba.org/samba/history/samba-4.18.8.html
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from commit c9c5f62e30)
The host build replaces the use of the host pip requirements file. This
also updates the dependants of setuptools-scm to depend on the host
build.
This also removes the toml host pip requirements file as toml is not
used by any other package.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 3ee4e7297c)
For detailed changes, see https://curl.se/changes.html#8_4_0
Switching to tar.bz2 for the time being as tar.xz is not yet available.
Fixes CVE-2023-38546 and CVE-2023-38545.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
(cherry picked from d353218c32)
Add upstream patch adding support for pcre2 and update dependency to
require libpcre2 instead of libpcre.
--with-pcre2-8 is now needed to exclude support for pcre and only
require pcre2 as net-snmp still use and try to use pcre by default.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit daf29ecbb2)
The commands in the function 'stop_service' do not stop the service.
Rather, they are commands that are to be executed when the service has
already been stopped. By renaming the function, the commands are now
executed after the service has been stopped.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 9b67f7d134)
Move atftp to PCRE2 as PCRE is flagged as EOL and won't receive security
updates anymore.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f81a1a1212)