currently acme metapackage only able to satisfied with acme-acmesh,
but make is satisfieable by uacme if it's already installed.
still defaults to acme.sh
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
The new DCO module depends on OpenVPN 2.7.1.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.7.1/Changes.rst
Removed upstreamed wolfSSL patches:
- 101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch
- 102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch
Reworked 100-mbedtls-disable-runtime-version-check.patch to use
MBEDTLS_VERSION_STRING instead of a mutable buffer.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
* fixed two issues in the mail template, reported in the forum
* tweak the f_report function
* changed the f_actual function to reduce subshell calls
* further optimize the monitor function:
* fixed a possible RDAP rate-limit race condition,
serialize the rdap_tsfile via flock
* block_cache bounded growth, when the cache reaches 500
entries it resets to empty, preventing unbounded string growth
in the monitor loop
* set the printf format string in single quotes (overall)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Build without PKG_FIXUP:=autoreconf
This was introduced with: a79c49578c
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: Intel N150
Signed-off-by: John Audia <therealgraysky@proton.me>
If the renewal-time isn't set for the host, but it's forced to send,
send the subnet renew time value instead.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Now that ISC-DHCP is EOLs, users might want to transparently
to the functionality of Kea. This supports most of the
functionality of ISC-DHCP for v4.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Configuring Kea JSON files is not trivial, and this might impede
the adoption of Kea as a DHCP server. There are, however, many
users who used its predecessor ISC-DHCP, at least for DHCPv4.
A filter could ingest the legacy UCI and synthesize a JSON config
file for Kea DHCPv4.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* fixed a parsing issue in the DNS reporting,
see https://github.com/openwrt/packages/pull/29063 for details
* optimized the CGI/Adblock Remote Allow
* optimized the TLD function
* optimized the mail include
* removed needless forks
* various code-cleanups & small fixes
* updated the readme
* LuCI: small fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
When upgrading specific packages manually, like:
apk upgrade bind-dig
the bind-libs package is not upgraded automatically, which results in
problems when running the program, for example:
root@OpenWrt:~# dig
Error loading shared library libisc-9.20.10.so: No such file or directory (needed by /usr/bin/dig)
Error loading shared library libdns-9.20.10.so: No such file or directory (needed by /usr/bin/dig)
Error loading shared library libisccfg-9.20.10.so: No such file or directory (needed by /usr/bin/dig)
Error relocating /usr/bin/dig: cfg_map_getname: symbol not found
Error relocating /usr/bin/dig: irs_resconf_getndots: symbol not found
Error relocating /usr/bin/dig: isc_managers_destroy: symbol not found
Error relocating /usr/bin/dig: dns_fixedname_init: symbol not found
Error relocating /usr/bin/dig: isc_nm_read: symbol not found
Error relocating /usr/bin/dig: dns_rdata_init: symbol not found
Error relocating /usr/bin/dig: isc_random_uniform: symbol not found
[...]
This has happened to me twice on OpenWRT 24.10.
To fix this, enforce that the version of bind-libs matches the version
of any dependent packages. Use the same approach as in
net/knot/Makefile: make the dependency be present twice, once in the
DEPENDS variable, the other one in the EXTRA_DEPENDS variable.
Also, add an explicit EXTRA_DEPENDS variable to other internal
dependencies. For example, versions of the bind-server-filter-aaaa and
bind-server packages must match.
Tested on snapshot, on x86/64.
Signed-off-by: Mateusz Jończyk <mat.jonczyk@o2.pl>
* removed needless fork/exec calls (#29010)
* removed needless eval calls
* added parallel country and ASN feed downloads (#29010)
* rework the IP monitor:
* IP extraction, counting, and threshold detection now run
entirely inside a single gawk process
* added a dynamic cache management and a three-tier IP deduplication
* added asynchronous/non-blocking RDAP requests
* hardend the cgi script and mail template
* fixed#28998
* LuCI: added more status information
* LuCI: more fixes & optimizations (e.g. #8486)
* readme update
Co-authored-by: Colin Brown <devs@coralesoft.nz>
Signed-off-by: Dirk Brenken <dev@brenken.org>
As we're seeing in various test.sh scrip runs, importing 'email' fails
with not finding 'urllib' and vice-versa.
Then via a7e96ec91 ("python3-email: add python3-urllib as dependency")
I created a circular dependency.
So, might as well merge the two packages into one (named python3-urllib)
and updates all dependencies to pull python3-urllib.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The python3-pkg-resources package does not exist in OpenWrt.
The only distutils/setuptools usage in fail2ban 1.1.0 is in
filterpyinotify.py and filtersystemd.py, both of which are
optional backends not available on OpenWrt. They are loaded
lazily via ImportError-guarded calls and the default auto
backend falls through to polling without them.
Also add test.sh with basic import and CLI smoke test.
Add me as maintainer.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Remove PROVIDES from all OVS kernel packages. The provider-
alternation logic in scripts/package-metadata.pl generates
recursive Kconfig dependencies when kmod-openvswitch-intree
provides kmod-openvswitch, because userspace packages
(openvswitch, ovsd, ovn-host) that +depend on kmod-openvswitch
get cross-referenced against the intree provider via
PACKAGE_<provider> < PACKAGE_<requester> conditions.
Verified locally: make defconfig produces zero OVS-related
recursive dependency errors with PROVIDES removed entirely.
The previous selective approach (keeping PROVIDES only for
openvswitch-intree) did not resolve the userspace recursion.
Users must install kmod-openvswitch-intree explicitly instead
of relying on provider alternation.
Fixes: openwrt/openwrt#22664
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When alt_config_file is set, global_defs() returns before creating
the PID file directory. stunnel then fails to start because it
cannot write its PID file to the nonexistent directory.
Move the PID directory creation and ownership setup above the
alt_config_file early return so it runs regardless of config mode.
Fixes: openwrt/openwrt#28982
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Jan Pavlinec <jan.pavlinec1@gmail.com> is no longer maintaining
these packages. Remove him from the PKG_MAINTAINER field across
all affected packages.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* add: ucode-mod-uloop dependency
* add: parallel downloads using uloop
* fix: explicit allow for domains from allow-lists
* fix: get environment information for getInitStatus RPCD call
* add: update tests
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This patch fixes two issues in the netifd protocol script:
1. Fix logic error in deprecated option filtering:
Previously, ${f%%:*} was called before checking for the deprecated
flag (:d). This stripped the suffix and made the check [ "${f#*:}" = "d" ]
always fail. The cleaning of $f is now deferred until after this check.
2. Improve parameter quoting for specific options:
- Adds single quotes to --push and --push-remove parameters to handle
spaces (e.g., "route 10.0.0.0 255.255.255.0").
- Unifies quoting for 'file' type options to improve shell safety.
- Refactors the build logic using a case statement for better
extensibility.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* fix: ensure output in CLI in status and quick start commands
* fix: ensure relevant directories exist when using a (gzip) cache file on
first boot
* add: update functional tests
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Add a new netcup DDNS provider using the netcup DNS api
(ccp.netcup.net) with API key authentication.
Configuration mapping:
* username = netcup customer number
* password = netcup API password
* param_enc = netcup API key (generated in the CCP)
* domain = fully qualified subdomain to update (e.g. home.example.de)
* param_opt = (optional) root/zone domain override (e.g. example.de)
When omitted the root domain is derived by stripping the
leftmost label from 'domain'. This only works correctly for
a single subdomain level (e.g. "home.example.de").
param_opt MUST be set explicitly in two cases:
1. Deep subdomains: domain=test.internal.example.org
2. ccSLD apex domains: domain=example.co.nz
Signed-off-by: Tim Flubshi <flubshi@gmail.com>
Update bsbf-resources to the GIT HEAD of 2026-03-24. Add bsbf-rate-limiting
and make bsbf-bonding depend on bsbf-rate-limiting.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Read PRETTY_NAME from /etc/os-release via /bin/sh for distro output.
Bump PKG_RELEASE to account for the package configuration change.
Signed-off-by: Kamil Bienkiewicz <perceivalpercy@gmail.com>
* renamed f_query to f_search (Query => Search)
* add better input validation to the f_search function,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big pcap files
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add better input validation to the f_content and f_search functions,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big Sets
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
