To find the correct network interface to create a network entry for, check
which driver is driving the network interface.
Restrict creating a network entry with DHCP client to network interfaces
driven by the cdc_ether, r8152, rndis_host, or ipheth driver.
Ensure UCI section name derived from interface name is proper.
Do not disable using DNS servers advertised by the ISP. This was a
requirement of bsbf-bonding. We can now do this as we transparently proxy
all DNS traffic to Xray which resolves queries.
Do not exit non-zero as it's useless.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Update bsbf-resources to the GIT HEAD of 2026-05-16.
- files/etc/uci-defaults/99-bsbf-bonding:
- Do not ever exit non-zero. It prevents the script from being deleted
after it's run.
- Fix creating a new wan zone.
- Do not disable using DNS servers advertised by the ISP. We can now do
this as we transparently proxy all DNS traffic to Xray which resolves
queries.
- files/usr/sbin/bsbf-bonding:
- Attempting to source a file that doesn't exist breaks the rest of the
script. Therefore, only source /etc/bsbf/bsbf-bonding.conf if it
exists. Then, print to stderr if the configuration is improper.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
This software is no longer maintained because upstream
repository has been archived by the owner.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
- gated f_load behind a ubus socket check at the end of adblock.sh
to harden against pre-ubus invocations
- added a 'adb_bver' fallback in f_log for invocation paths without prior f_load execution
- minor code improvements and fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
- gated config sanity checks at the end of banip-functions.sh
behind 'ban_action' to skip them on init script sourcing paths (enable/disable/help)
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'ban_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
so f_log has a valid 'ban_logcmd' available if the library check fails
- minor code improvements and fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
- gated config sanity checks at the end of travelmate-functions.sh
behind 'trm_action' to fix init script enable/disable/help paths
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'trm_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
so f_log has a valid 'trm_logcmd' available if the library check fails
- minor code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
Changes since 0.25.1:
0.27.0:
* util: Removed GNUNET_CRYPTO_symmetric_derive_iv API
* util: Deprecate GNUNET_CRYPTO_symmetric_* APIs
* util: Revise GNUNET_CRYPTO_hkdf_* APIs for safe variadic
arguments. Fixes#10898
0.26.x:
* util: Revise crypto API to prevent misuse of key material
* util: Add various TIME related helper APIs
* pils: Ship missing header
* pq: fix NULL reporting in arrays
* pq: fix consistency check errors
* util: fix UTF-8 uppercase/lowercase conversion API insanity
0.25.2:
* build: Various build system and detection logic improvements
* reintroduce some flat file storages
Drop patches that have been merged upstream:
- 0001-meson-convert-SQLite-version-detection-to-compile-time
- 0002-meson-convert-cURL-version-detection-to-compile-time
- 0003-meson-convert-libsodium-version-detection-to-compile
- 0004-meson-convert-cURL-SSL-library-detection-to-compile
- 0007-namecache-install-sql-files
- 0008-namecache-build-flat-namecache-plugin
Refresh 0005-meson-detect-libcurl-gnutls.patch for the upstream
switch from cc.compiles to cc.run for the cURL SSL backend check.
Link: https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.27.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Upstream repository has been archived by the owner, so
this software is no longer maintained.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
It seems this software is no longer maintained, because
upstream repository has been deleted.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Update bsbf-resources to the GIT HEAD of 2026-05-14.
- Improve bsbf-bonding --uninstall logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
before acme is an empty package that depend either acme-acmesh or uacme.
but this boolean logic in depend ignored by apk itself.
let's make a virtual keyword
witch both acme.sh and uacme provides.
acme.sh is explicit default.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Tracks upstream curl 8.20.0 (April 2026 release).
Changes since 8.14.1 cover six upstream releases (8.15.0 - 8.20.0).
Highlights:
* async-thrdd: use thread queue for resolving
* build: make NTLM disabled by default
* lib: add thread pool and queue
* lib: drop support for < c-ares 1.16.0
* lib: make SMB support opt-in
* multi.h: add CURLMNWC_CLEAR_ALL
* rtmp: drop support
* cmake: drop support for CMake 3.17 and older
* Various TLS, HTTP/3, altsvc and resolver bug fixes.
Link: https://curl.se/changes.html#8_20_0
Link: https://github.com/curl/curl/blob/curl-8_20_0/RELEASE-NOTES
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 4.0.0:
- Add Zstandard decompression support for compressed web content
- Improve WolfSSL compatibility and SSL host name validation
- Improve IPv6 address support and Connection header handling
- Drop legacy pcre1 support; PCRE2 is now required
- Fix multiple memory leaks and socket leaks
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 26.1:
- Add SSL/TLS certificate validation for server-server links by default
(new SSLVerify option to disable)
- Add systemd sd_notify protocol support
- Add Autojoin option for automatic channel joining on connect
- Automatically maximize file descriptor limit at startup
- Add Docker/container documentation and Dockerfile
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 2.2.8:
- Fix crash related to FD_SET and socket timeout handling
- Fix build_absolute_url when if_indextoname() returns NULL
- Add support for C23 and glibc 2.43 string function signatures
- Improve poll() usage and C++ compiler compatibility
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes symlink traversal vulnerability (CVE-2025-26625) that allowed
writing files outside the repository on checkout/pull.
Other changes since 3.5.1:
- Add --refetch option to force re-download of LFS objects
- Add --json and --dry-run options for fetch operations
- Improve .netrc handling on Windows and macOS root CA support
- Upgrade to Go 1.25 (requires Linux kernel 3.2+)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
Switch mosh to -std=c++17 to fix compilation with newer Protobuf.
Link with libatomic necessary for MIPS and PowerPC.
Signed-off-by: George Sapkin <george@sapk.in>
Update bsbf-resources to the GIT HEAD of 2026-05-11.
- Do not add more than 8 WANs with files/etc/uci-defaults/99-bsbf-bonding.
- resources-client/bsbf_bonding.nft now destroys the bsbf_bonding table
before adding it. Therefore, no need to delete the table anymore. And use
the destroy command to successfully exit even when the table doesn't exist.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Add the network entries that bsbf-autoconf-cellular and bsbf-autoconf-dhcp
create, to the firewall wan zone.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Bug-fix release. Fixes 20+ bugs and includes some performance
improvements. All users are encouraged to upgrade.
Highlights (all platforms):
* Fixed a 4.1.0 bug that failed to report some filesystem errors
to RPC clients querying free space.
* Fixed a 4.1.0 bug that kept a torrent's updated queue position
from being shown.
* Fixed a 4.1.0 bug that caused torrents' queuing order to
sometimes be lost between sessions.
* Hardened .torrent parsing by exiting sooner if 'pieces' has
an invalid size.
* Reverted a 4.1.0 RPC change that broke some 3rd party code by
returning floats rather than integers for speed limit fields.
* Fixed crash when pausing a torrent and editing its tracker
list at the same time.
* Fixed 4.1.0 crash on arm32 by switching crc32 libraries to
Mark Adler's crcany.
* Require UTF-8 filenames in .torrent files (per BitTorrent spec).
* Fixed crash when parsing a .torrent file with a bad 'pieces' key.
* Fixed potential fd leak when launching scripts on POSIX systems.
* Changed network traffic algorithm to spread bandwidth more
evenly amongst peers.
Link: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
- added opt-in protection against access points with locally-administered (LAA) BSSIDs
- added a special trm_maxretry value '0', enabling unlimited connection retries
- removed obsolete connection-tracking functions (too many uci updates/flash wear)
- all runtime files now live under a single /var/run/travelmate/ directory
- various code cleanups & fixes
- LuCI: made the new UCI option 'trm_eviltwin' available
- LuCI: more cleanups
- readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
mptcpd is the only consumer of libell; bump PKG_RELEASE so the
package is rebuilt against ell 0.83 once that update lands.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
update to 2026.03.18, release 3
- update PKG_RELEASE to 3
files/etc/init.d/https-dns-proxy:
- refactor nftable rules to explicitly add and flush the table and
chains instead of block replacement
- make nftable `delete table` call silent in `notrack_nft remove`
- update `notrack_nft remove` to check for absence of nftable table
instead of just checking the file
- ensure `notrack_nft remove` sets _error=1 on failure
- ignore dnsmasq instances with port 0 in
`dnsmasq_instance_append_force_dns_port`
tests/run_tests.sh:
- add test case to ensure dnsmasq port 0 is ignored
- update `notrack_nft remove` test to confirm success when both file
and table are absent
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Maintainer: Rob White rob@blue-wave.net
Compile tested: All
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, mips_24kc,
aarch64_cortex-a53; On 24.10, 25.12 and master/snapshot.
Description: wifi-chipset-detect (1.0.0)
This is a new package that reports in json format the chipset
and driver capabilities of installed wireless hardware.
Developed originally for use where Captive Portal
and Mesh Backhaul networks are being built.
It provides a stand alone script to detect details of the physical
wireless hardware without requiring the radios to be enabled.
There are no dependencies over and above the basic OpenWrt flash image.
It is based on functionality built into the OpenNDS and Mesh11sd packages.
The json formatted output is displayed on the terminal screen.
It is also written to the file /tmp/wifidetect.
This version does not require the Captive Portal
or Mesh network to be running.
Full details can be seen here:
https://github.com/openNDS/wifi-chipset-detect
Signed-off-by: Rob White <rob@blue-wave.net>
Update bsbf-resources to the GIT HEAD of 2026-05-06.
- Remove bsbf-route as bsbf-mptcp now includes the functionality it
provides.
- Remove bsbf-plpmtu as that functionality is now provided with the
plp-mtu-discovery package.
- Remove bsbf-tcp-in-udp as it's not a production-ready solution as it is.
- Add bsbf-client-web.
- Update the dependencies of bsbf-mptcp to curl, fping, ip-full, and
mptcpize.
- Remove files/etc/config/bsbf-mptcp as that functionality is now provided
using the /etc/bsbf/bsbf-mptcp-subflow-backup file.
- Remove files/etc/hotplug.d/iface/99-bsbf-mptcp as that functionality is
now provided by the bsbf-mptcp service.
- Update the dependencies of bsbf-bonding to bsbf-client-web, bsbf-mptcp,
bsbf-rate-limiting, and xray-core.
- Get rid of fw4 dependency and 99-bsbf-bonding.nft in favour of
resources-client/bsbf_bonding.nft. Add a oneshot service to apply it at
boot.
- Move from bsbf-openwrt-resources to bsbf-resources directory as we now
install resources-client/xray.json and resources-client/bsbf_bonding.nft.
- Add the bsbf-bonding command.
- Run `bsbf-bonding --enable` at the end on the uci-defaults script.
- Add the tc package as a dependency for bsbf-rate-limiting.
Fixes: https://github.com/openwrt/packages/issues/29306
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The current check would match a uci device section that doesn't say if the
interface is a bridge. Check that the type option is bridge to address
this.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:
Fix nftables rule directory creation
- Bump PKG_RELEASE to 2.
files/etc/init.d/https-dns-proxy:
- Add 'mkdir -p' before writing nftables rules to ensure the parent
directory exists. This fixes an issue where the directory might not
exist on initial installation, causing errors.
tests/run_tests.sh:
- Add comprehensive regression tests for notrack_nft.
- Mock 'nft' to track invocations and control return codes for testing.
- Patch 'NOTRACK_NFT_FILE' to a test-specific path for isolated testing.
- Verify 'notrack_nft' correctly creates the parent directory if missing.
- Test content of generated nftables snippet, idempotence, and removal.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Dirk Brenken