When alt_config_file is set, global_defs() returns before creating
the PID file directory. stunnel then fails to start because it
cannot write its PID file to the nonexistent directory.
Move the PID directory creation and ownership setup above the
alt_config_file early return so it runs regardless of config mode.
Fixes: openwrt/openwrt#28982
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Jan Pavlinec <jan.pavlinec1@gmail.com> is no longer maintaining
these packages. Remove him from the PKG_MAINTAINER field across
all affected packages.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* add: ucode-mod-uloop dependency
* add: parallel downloads using uloop
* fix: explicit allow for domains from allow-lists
* fix: get environment information for getInitStatus RPCD call
* add: update tests
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This patch fixes two issues in the netifd protocol script:
1. Fix logic error in deprecated option filtering:
Previously, ${f%%:*} was called before checking for the deprecated
flag (:d). This stripped the suffix and made the check [ "${f#*:}" = "d" ]
always fail. The cleaning of $f is now deferred until after this check.
2. Improve parameter quoting for specific options:
- Adds single quotes to --push and --push-remove parameters to handle
spaces (e.g., "route 10.0.0.0 255.255.255.0").
- Unifies quoting for 'file' type options to improve shell safety.
- Refactors the build logic using a case statement for better
extensibility.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* fix: ensure output in CLI in status and quick start commands
* fix: ensure relevant directories exist when using a (gzip) cache file on
first boot
* add: update functional tests
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Add a new netcup DDNS provider using the netcup DNS api
(ccp.netcup.net) with API key authentication.
Configuration mapping:
* username = netcup customer number
* password = netcup API password
* param_enc = netcup API key (generated in the CCP)
* domain = fully qualified subdomain to update (e.g. home.example.de)
* param_opt = (optional) root/zone domain override (e.g. example.de)
When omitted the root domain is derived by stripping the
leftmost label from 'domain'. This only works correctly for
a single subdomain level (e.g. "home.example.de").
param_opt MUST be set explicitly in two cases:
1. Deep subdomains: domain=test.internal.example.org
2. ccSLD apex domains: domain=example.co.nz
Signed-off-by: Tim Flubshi <flubshi@gmail.com>
Update bsbf-resources to the GIT HEAD of 2026-03-24. Add bsbf-rate-limiting
and make bsbf-bonding depend on bsbf-rate-limiting.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Read PRETTY_NAME from /etc/os-release via /bin/sh for distro output.
Bump PKG_RELEASE to account for the package configuration change.
Signed-off-by: Kamil Bienkiewicz <perceivalpercy@gmail.com>
* renamed f_query to f_search (Query => Search)
* add better input validation to the f_search function,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big pcap files
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add better input validation to the f_content and f_search functions,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big Sets
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Fixes multiple security critical bugs with H3 handling. CVE submission is
pending.
- Updated haproxy PKG_VERSION and PKG_HASH
- Removed get-latest-patches.sh as it is not used anymore.
- See changes: http://git.haproxy.org/?p=haproxy-3.2.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- Process 'up'/'down' events to manage interface status.
- Add IPv4/IPv6 addresses and routes via netifd-proto.
- Parse DNS/search domains from foreign options.
- Convert netmasks and CIDR strings with new helpers.
- Apply MTU settings from OpenVPN environment.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
- Default to '--ifconfig-noexec' and '--route-noexec' to allow hotplug
script to handle IP and routing configuration.
- Only append '--auth-user-pass-verify' if the option is explicitly
configured to avoid unexpected authentication requirements.
- Fix missing retrieval of 'auth_user_pass', 'askpass', and 'tls_verify'.
- Remove redundant '--config' parameter (managed by option_builder).
- Simplify 'script_security' assignment logic.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
The 'ddns-scripts' packages still uses not the procd service handling.
This commit changes this.
This change also resolves the issue where, if a UCI configuration is
already present, the process is blocked during installation via APK and
does not complete.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Config:
* update pause_timeout default value to 60
* add config option rpcd_token
Init script:
* add validation for rpcd_token
Ucode script:
* fix: always reload config options on RPCD calls to prevent stale values
* fix: shell_quote curl params
* fix: do not reload is_tty on each call
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update the openvpn package to the latest version in
the 2.6.x branch while development of the 2.7.x branch
become stable enough to merge.
Signed-off-by: Sander van Deijck <sander@vandeijck.com>
* fix: detect/support point-to-point interfaces in dynamic routing mode
* fix: avoid IPv4/IPv6 address collisions on Tor policies
* fix: do not set triggers on boot when service is disabled in config
* fix: more robust forward stop/enable
Signed-off-by: Stan Grishin <stangri@melmac.ca>
At startup there's a race situation where "chronyc waitsync" (and thus
chrony-hotplug) will exit right away because it can't bind to loopback.
This change tries quite hard to make chrony-hotplug wait for loopback to
come up before running chronyc.
Fixes#28434.
Signed-off-by: Florian Wagner <florian@wagner-flo.de>
* refine the domain validator regarding prefix handling, esp.
relevant for ABP-syntax
* adapted the adguard feed to make use of the new prefix handling
* LuCI: various fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
* the debug mode now captures internal error output in a dedicated log file,
located by default in the banIP base directory as /tmp/ban_error.log
* replaced the non-functional recursive PID tree walk in f_rmpid with
a correct iterative implementation
* added several IP validator improvements
* fixed a copy-paste error in f_report
* fixed a uninitialized variable in f_actual
* fixed missing token validation in banip.cgi
* various other minor improvement & fixes
* removed abandoned nixspam feed
* LuCI: various fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Adds the misssing build dependencies to remove the
"Cannot import 'setuptools.build_meta'" build error with 25.12.0-rc1 to 25.12.0-rc5
Signed-off-by: dwardor <benjamin.reveille@gmail.com>
