Testing showed that additional syscalls are needed on ARMv7.
Add "clock_gettime64" and "statx" which seem to be used now instead
of "clock_gettime" and "stat" syscalls which are already listed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Backport a pending patch in order to DSCP-mark UDP traffic. This allows for
correct binning of traffic in diffserv-capable routers.
Additionally, remove Rosen Penev from the maintainers list, as per his request.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
The commit updating the seccomp filter didn't bump PKG_RELEASE.
Do that now.
Fixes: 1141ee1e5 ("transmission: add new syscalls to seccomp filter)"
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Testing showed that additional syscalls are needed on ARMv7.
Add "getegid32", "geteuid32", "getgid32" and "getrandom" as they are
all innocent.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add fadvise64_64 and fchmod syscalls needed on PowerPC platforms to
seccomp rules of transmission-daemon.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There's some kind of crash internally in wolfSSL. It doesn't seem like
anyone knows how to fix it. Just disable it for now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Allows the Makefile to be cleaned up and to have fewer dependencies.
There's no need for multiple TLS libraries to be installed.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
mbedcrypto should be searched, not mbedtls. Also, there is no pkgconfig
file with mbedtls. Fixed that as well. Removed Makefile hacks.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Transmission should stop early on system shutdown to avoid
for example fstab unmount disks when transmission is writing.
Signed-off-by: Francesco G <gfrancesco@users.noreply.github.com>
add missing 'peer_id_ttl_hours' and remove 'scrape_paused_torrents'
which is not exist in transmission wiki.
Signed-off-by: Richard Yu <yurichard3839@gmail.com>
--log-error in the init script was overriding it.
Added several optimizations to the init script for speed and correctness.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Things were done in the wrong order, leading to config_dir not being
chown'ed and subdirectories not being created in case of download_dir
being inside config_dir.
Fixes: 609109fa9 ("transmission: add seccomp filter and improve jail")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some firewalls mandate a minimum size of 4k for SYN packets, which
transmission does not do by default. Upstream issue here:
https://github.com/transmission/transmission/issues/964
Cleanup:
Fixed license info.
Removed two unnecessary patches.
Ran shell script through shellcheck.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The CONTRIBUTING.md requests an (or multiple) SPDX identifier for GPL
licenses. But a lot of packages did use a different, non-SPDX style with a
"+" at the end instead of "-or-later".
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Mainly a bugfix for XSS. Patches have been refreshed.
Added an upstream fix for TLS verification. Now enabled by default.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
It was requested as it can be useful under certain circumstances.
Disabled rpc_whitelist by default. Not only is there a firewall, but it denies access when IP address of the device is changed.
Added group support in UCI. Fixes cases where group does not match the user (nobody:nogroup).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
HTTPS verification is totally broken in Transmission. Unclear why. Disabling as a result.
Safari exposes a JavaScript bug that makes it not load. Fixed.
Portcheck was backported to HTTPS for testing initially. Seems like a good idea.
Makefile was also fixed to use the external libnatpmp. Smaller binary.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
libnatpmp was added as a dependancy to avoid built-in version.
Makefile went through a few adjustments to make it simpler.
CMake support is not happening since Travis is using a broken Ubuntu install.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Ran the transmission init script through shellcheck and fixed errors. Also cleaned up a bit.
Removed ionice support. Will reintroduce if procd adds support.
Removed config_overwrite debugging variable. No need for it.
Enabled TLS verify by default. Added a dependancy to ca-bundle as a result. This is a default in current trunk.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The original patch that forced internal usage hid an actual issue in the build system. Replace patch with upstream one.
Also reorganized the Makefile a bit and removed some cruft.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
v2: Previous maintainer relied on git version of Transmission for mbedtls support. Backport it to the stable instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
DNS rebinding protection introduced a new option. Use it to disable it as OpenWrt does not need it.
Adjusted Makefile to use the release instead of a git version. Also cleaned up and added LICENSE entries.
Eliminated useless patches. The syslog one actually doesn't log much. No need to mask the os release anymore either.
Added group entry to init script. Otherwise files end up being owned by user:root which is bogus.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Daniel Golle