To support logging in net-snmp this commit introduces this feature. There is
a new uci config section 'logging'.
The following new parameters are used:
config logging
option log_file '/var/log/snmpd.log'
option log_file_priority 'i'
option log_syslog '0'
option log_syslog_facility 'd'
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 7b616873d6)
This commit adds function 'snmpd_snmpv3_add' to the init script
to support SNMPv3 config parsing.
The new uci config section has the following configuration parameters:
config v3
option username 'John'
option allow_write '0'
option auth_type 'SHA|MD5'
option auth_pass 'passphrase'
option privacy_type 'AES|DES'
option privacy_pass 'passphrase'
option RestrictOID 'yes|no'
option RestrictedOID '1.3.6.1.2.1.1.1'
This new section is only relevant if the snmp_version 'v1/v2c/v3' or 'v3'
is set in the uci section 'general'.
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 2fc221699d)
To use 'SNMPv3', the net-snmp package must be compiled with openssl support.
For this purpose, the current net-snmp is renamed into build 'nossl'.
This is a preparation commit to add the 'ssl' variant.
Signed-off-by: Christian Korber <ck@dev.tdt.de>
(cherry picked from commit b3530cc188)
The static build is not packaged and can therefore be removed as the build
artefact is not used.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c08e7f411b)
This commit includes inttypes.h to prevent the following error:
```
mibgroup/ieee802dot11.c: In function 'displayWiExt':
mibgroup/ieee802dot11.c:4563:26: error: expected ')' before 'PRIdPTR'
4563 | printf ( "%s sens: %" PRIdPTR "\n", "SIOCGIWSENS", *(intptr_t *)&info.sens );
| ~ ^~~~~~~~
| )
mibgroup/ieee802dot11.c:31:1: note: 'PRIdPTR' is defined in header '<inttypes.h>'; did you forget to '#include <inttypes.h>'?
30 | #include "util_funcs/header_generic.h"
+++ |+#include <inttypes.h>
31 |
```
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
(cherry picked from commit babc163fe3)
Use #elif defined instead of #elifdef as seen elsewhere throughout the patch
file. This avoids the following errors when compiling with GCC 11:
```
mibgroup/ucd-snmp/proc.c:45:2: error: invalid preprocessing directive #elifdef; did you mean #ifdef?
45 | #elifdef HAVE_PCRE_H
| ^~~~~~~
| ifdef
mibgroup/ucd-snmp/proc.c:243:2: error: invalid preprocessing directive #elifdef; did you mean #ifdef?
243 | #elifdef HAVE_PCRE_H
| ^~~~~~~
| ifdef
```
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
(cherry picked from commit 665bac8e17)
zabbix-sender and zabbix-get are only build if agentd is built.
Therefore do not allow selection them if the full agentd is not
being built.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 736edbfa2f)
* Fix path to fping and use fping as fping6
* For privacy, disable call to public API to check for Zabbix version update
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 2aadd0d97f)
When we updated the zabbix agent to use username zabbix-agent
we neglected to update ubus acls for zabbix-extra-network.
Therefore update the username for the network and wifi acls.
Will close#29058 once backported to 25.12.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 0268b7cbc4)
Ensure consist JSON formatting by using jq --tab . <filename>.json.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 6b555ae5e0)
As noted in #28709 OpenWrt contains CONFIG_
symbols for Zabbix even when no Zabbix package is selected.
This fixes and Closes#28709.
We add a 'guard' symbol for the menus and choices so the only
generate CONFIG symbols when 'Enable Zabbix'
(CONFIG_ZABBIX_ENABLE_ZABBIX) is selected.
We also make all the Zabbix packages depend on this symbol,
for consistency.
This operates much as the pseudo-package solution, but without
a pseudo-package required.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit f0576eb36b)
mod_s2s was refactored into a single mod_s2s.lua in the flat modules
directory in 0.12.x; remove the obsolete subdirectory install rule that
caused the package build to fail.
Also add util/human/ and util/prosodyctl/ which are new subdirectories
in 0.12.x not covered by the previous install rules.
Force libidn instead of ICU for stringprep
prosody's configure script auto-detects stringprep backends and prefers
ICU when available, generating -DUSE_STRINGPREP_ICU and including
<unicode/usprep.h>. The OpenWrt SDK staging directory does not provide
ICU development headers, so the build fails with:
encodings.c:271:10: fatal error: unicode/usprep.h: No such file or directory
The Makefile DEPENDS already declares +libidn. Pass --with-idn=idn to
explicitly select the libidn backend, which is available in the staging
directory.
Also, pass TARGET="../util/" to MAKE_FLAGS. OpenWrt has it's own TARGET
env var which clobbers the 'TARGET' var from prosody's build (specified
as 'TARGET?=../util/')
Adding a test.sh to check for the correct version (since prosody mostly
has lua scripts).
Security release addressing multiple vulnerabilities. 0.12.6 is
likely the last release of the 0.12.x series (EOL June 2026).
Upstream advisory: https://prosody.im/security/
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 42daa80ffe)
The prosody.im upstream updated the 0.12.4 tarball in-place, changing
its content without bumping the version. Update PKG_HASH to match the
currently published tarball.
Fixes: f4d305b73 ("prosody: update to 0.12.4")
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit bf50291ab1)
Upstream is preparing the migration to a new website. As part of this, they
will be dropping the `www` prefix. Also, the package source is updated to use
mc's official OSU OSL mirror over HTTPS.
Signed-off-by: Yury V. Zaytsev <yury@shurup.com>
(cherry picked from commit 047ac71184)
Use cp instead of install when installing libraries to not follow
symlinks and create duplicate files.
Fixes: aa89f847 ("mosquitto: update to 2.0.18")
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit cc4f8076d9)
The log file path is hardcoded as $HOME/.local/state/btop.log, i.e. to the router’s flash storage rather than to tmpfs. This patch sets the log file path to /tmp/log/btop.log
Signed-off-by: XCas13 <xcas13@gmail.com>
(cherry picked from commit 7c3e376967)
2026-04-06: Version 7.5.5
* New option --error-binary: Return an error if a
binary file is skipped.
* Fix: dos2unix error on empty input. The problem was introduced
in version 7.5.4.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6536260c01)
Patch release fixing build system issues with the 2.0.0 release.
2.0.0 introduced API changes including:
* Version macros for detection of incompatible API / version
* size_t as argument to allow longer base64 encoded strings
* Configurable line break functionality
* Flags field for encoder
* Helpers to calculate required output buffer maximum lengths
* Switched in-/out-pointers to void*
Link: https://github.com/libb64/libb64/blob/v2.0.0.1/CHANGELOG.md
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3650172e26)
Bug-fix release. Fixes 20+ bugs and includes some performance
improvements. All users are encouraged to upgrade.
Highlights (all platforms):
* Fixed a 4.1.0 bug that failed to report some filesystem errors
to RPC clients querying free space.
* Fixed a 4.1.0 bug that kept a torrent's updated queue position
from being shown.
* Fixed a 4.1.0 bug that caused torrents' queuing order to
sometimes be lost between sessions.
* Hardened .torrent parsing by exiting sooner if 'pieces' has
an invalid size.
* Reverted a 4.1.0 RPC change that broke some 3rd party code by
returning floats rather than integers for speed limit fields.
* Fixed crash when pausing a torrent and editing its tracker
list at the same time.
* Fixed 4.1.0 crash on arm32 by switching crc32 libraries to
Mark Adler's crcany.
* Require UTF-8 filenames in .torrent files (per BitTorrent spec).
* Fixed crash when parsing a .torrent file with a bad 'pieces' key.
* Fixed potential fd leak when launching scripts on POSIX systems.
* Changed network traffic algorithm to spread bandwidth more
evenly amongst peers.
Link: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4216ad05af)
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, release 3
- update PKG_RELEASE to 3
files/etc/init.d/https-dns-proxy:
- refactor nftable rules to explicitly add and flush the table and
chains instead of block replacement
- make nftable `delete table` call silent in `notrack_nft remove`
- update `notrack_nft remove` to check for absence of nftable table
instead of just checking the file
- ensure `notrack_nft remove` sets _error=1 on failure
- ignore dnsmasq instances with port 0 in
`dnsmasq_instance_append_force_dns_port`
tests/run_tests.sh:
- add test case to ensure dnsmasq port 0 is ignored
- update `notrack_nft remove` test to confirm success when both file
and table are absent
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 4bac71e3cd)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
Fix nftables rule directory creation
- Bump PKG_RELEASE to 2.
files/etc/init.d/https-dns-proxy:
- Add 'mkdir -p' before writing nftables rules to ensure the parent
directory exists. This fixes an issue where the directory might not
exist on initial installation, causing errors.
tests/run_tests.sh:
- Add comprehensive regression tests for notrack_nft.
- Mock 'nft' to track invocations and control return codes for testing.
- Patch 'NOTRACK_NFT_FILE' to a test-specific path for isolated testing.
- Verify 'notrack_nft' correctly creates the parent directory if missing.
- Test content of generated nftables snippet, idempotence, and removal.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 3d9a73bd7e)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Fixes https://github.com/openwrt/packages/issues/27952
Update avahi from 0.8 to 0.9-rc4. The 0.9 development line accumulates
four years of bug and security fixes since the 0.8 release (2020-02-18).
Notable improvements in 0.9-rc4 over 0.8:
Security (all CVEs previously backported as patches, now removed):
- CVE-2023-38469: reject TXT records whose total rdata exceeds
AVAHI_DNS_RDATA_MAX, preventing heap-buffer reads under crafted mDNS
- CVE-2023-38470: ensure each DNS label is at least one byte, preventing
an infinite loop on malformed packets
- CVE-2023-38471: extract host name via avahi_unescape_label() before
generating an alternative to avoid operating on a raw escaped string
- CVE-2023-38472: check that rdata pointer is non-NULL before passing to
avahi_rdata_parse() from dbus-entry-group
- CVE-2023-38473: derive alternative host name from its unescaped form,
fixing incorrect hostname collision resolution with escaped labels
Bug fixes (previously backported):
- Fix NULL-pointer crashes in avahi_s_*_browser_new() (#175)
- Avoid infinite loop in avahi-daemon simple-protocol by handling
AVAHI_WATCH_HUP event in client_work
- Fix potential undefined behaviour in avahi_dns_packet_consume_uint32:
cast uint8_t operands to uint32_t before shifting
- Fix memory/CPU leak in the simple event loop: cleanup_watches() was
zeroing timeout_req_cleanup instead of watch_req_cleanup, so completed
watches were never removed from the linked list
- Emit D-Bus error reply when avahi-daemon cannot resolve a hostname or
service, rather than crashing with a NULL dereference
- Increase ini-file-parser line buffer from 256 to 1024 bytes to handle
longer configuration values without silent truncation
Other changes:
- P2P tunnel support: IFF_MULTICAST is no longer required for
point-to-point interfaces when allow-point-to-point=yes
- Runtime directory: configure.ac now derives the socket path from
${runstatedir} (defaults to ${localstatedir}/run), so the
explicit patch reverting the /run hardcoding is no longer needed
- Patch 010-pkgconfig.patch (pkgconfig prefix alignment) is retained
as it has not been merged upstream
Dropped patches (all merged upstream):
020-revert-runtime-dir-systemd-change.patch
100-p2p-no-iff_multicast-required.patch
200-Fix-NULL-pointer-crashes-from-175.patch
201-Avoid-infinite-loop-in-avahi-daemon-by-handling-HUP-event.patch
202-avahi_dns_packet_consume_uint32-fix-potential-undefined-b.patch
203-Do-not-disable-timeout-cleanup-on-watch-cleanup.patch
204-Emit-error-if-requested-service-is-not-found.patch
205-conf-file-line-lengths.patch
300-CVE-2023-38469.patch through 304-CVE-2023-38473.patch
Library SONAMES unchanged: libavahi-common.so.3, libavahi-core.so.7,
libavahi-client.so.3 — no reverse dependency rebuilds required.
Disable libsystemd (not available on OpenWrt)
avahi 0.9-rc4 added --enable-libsystemd which defaults to enabled and
fails configure when libsystemd is not found via pkg-config. OpenWrt
does not provide libsystemd; disable it explicitly.
Also pass --with-systemdsystemunitdir=no to suppress the pkg-config
lookup for the systemd unit directory.
Drop po/ subdir from build
The 0.9-rc4 tarball is a raw git archive; po/Makefile.in.in is not
pre-generated as it was in the 0.8 release tarball. autopoint (from
gettext) is needed to install it, but is not available in the OpenWrt
SDK. Since OpenWrt does not use NLS translations, remove po/ from
SUBDIRS in Makefile.am to avoid the missing po/Makefile.in.in error
during configure.
In 0.9-rc4 the D-Bus system.d directory changed from
$(sysconfdir)/dbus-1/system.d to $(datadir)/dbus-1/system.d,
so avahi-dbus.conf is now installed under usr/share/dbus-1/system.d.
Update the install rule source path accordingly; keep the on-device
destination at /etc/dbus-1/system.d for compatibility.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 24c3026f94)
Christian Korber