Add DDNS update support for blazingfast.io Anycast DNS via their
REST API. Authentication is performed via JWT token obtained from
the login endpoint. Zone records are fetched to verify the record
type before update, ensuring IPv4 services only target A records
and IPv6 services only target AAAA records.
Service, zone and record IDs are passed via param_opt as
space-separated key=value pairs:
service_id=X zone_id=Y record_id=Z
curl --config file approach is used throughout to avoid eval and
shell injection from user-controlled values. Supports both IPv4
and IPv6. For dual-stack, create two separate DDNS service sections
with their respective record IDs.
Tested on GL.iNet MT5000 (Brume 3) running OpenWrt with
ddns-scripts 2.8.2.
Signed-off-by: Fotios Kitsantas <fkitsantas@icloud.com>
Maintainer: Alexandru Ardelean <ardeleanalex@gmail.com>
ping @feckert
First of all big thanks to all involved devs, porting this to proto is not a minor task and besides some small quirks it is working well.
(Not all that happy with the use of a default route instead of /1 routes, because you loose internet if the tunnel goes down but that is just me nitpicking)
However I had problems with default routing as the host routes to the server endpoint were missing.
I tracked it down to code in the `openvpn-hotplug` script and made some changes and in my testing it appears to work now.
As a bonus I also added code for a future implementation of the `nohostroute` option.
Problem:
The host routes were created by just using route setup this however does not work.
Solution:
using `proto_add_host_dependency` seems the better solution.
Furthermore the correct guard for IPv6 seems to be `net_gateway_ipv6` instead of `route_ipv6_gateway` however even the correct guard is only working if ipv6 source routing is disabled on wan6, so perhaps we should consider removing the guard entirely.
For now I left it in place with a warning.
I have tested it on X86 running master build from 5 days ago, both for IPv4 and IPv6
Please have a look and consider implementing.
Thanks
Signed-off-by: Erik Conijn <egc112@msn.com>
The ola host build (HostBuild path that produces ola_protoc_plugin)
failed in clean buildbot environments with:
configure: error: Missing the uuid library
even though libuuid is provided by tools/util-linux and is staged
at $(STAGING_DIR_HOST)/lib/pkgconfig/uuid.pc.
Root cause: HOST_CONFIGURE_VARS overrode PKG_CONFIG_PATH with
PKG_CONFIG_PATH="$(STAGING_DIR_HOSTPKG)/usr/protobuf-compat/lib/\
pkgconfig:$(PKG_CONFIG_PATH)"
$(PKG_CONFIG_PATH) here is the make-time variable, which is never
set for host context (include/host-build.mk only exports it as a
per-rule env variable, not a make variable). It therefore expanded
to the empty string, and the resulting single-entry PKG_CONFIG_PATH
overrode the exported defaults from host-build.mk, hiding uuid.pc
from the host pkg-config wrapper.
Fix: refer to the env variable via shell expansion ($$PKG_CONFIG_PATH)
instead of the make variable. The make recipe expands $$ to $, and
the shell resolves $PKG_CONFIG_PATH from the inherited environment
populated by include/host-build.mk (which sets it to
$(STAGING_DIR_HOST)/lib/pkgconfig:$(HOST_BUILD_PREFIX)/lib/pkgconfig).
Fixes: 5e4f937e ("ola: use protobuf-compat instead of protobuf")
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
When luci-proto-openvpn is selected in `make menuconfig`,
openvpn-openssl is picked up automatically. As mbedTLS is the default
TLS package, set DEFAULT_VARIANT on openvpn-mbedtls so that it is used
by default.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
Add DDNS update support for blazingfast.io Anycast DNS via their
REST API. Authentication is performed via JWT token obtained from
the login endpoint. Zone records are fetched to verify the record
type before update, ensuring IPv4 services only target A records
and IPv6 services only target AAAA records.
Service, zone and record IDs are passed via param_opt as
space-separated key=value pairs:
service_id=X zone_id=Y record_id=Z
curl --config file approach is used throughout to avoid eval and
shell injection from user-controlled values. Supports both IPv4
and IPv6. For dual-stack, create two separate DDNS service sections
with their respective record IDs.
Tested on GL.iNet MT5000 (Brume 3) running OpenWrt with
ddns-scripts 2.8.2.
Signed-off-by: Fotios Kitsantas <fkitsantas@icloud.com>
To find the correct network interface to create a network entry for, check
which driver is driving the network interface.
Restrict creating a network entry with DHCP client to network interfaces
driven by the cdc_ether, r8152, rndis_host, or ipheth driver.
Ensure UCI section name derived from interface name is proper.
Do not disable using DNS servers advertised by the ISP. This was a
requirement of bsbf-bonding. We can now do this as we transparently proxy
all DNS traffic to Xray which resolves queries.
Do not exit non-zero as it's useless.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Update bsbf-resources to the GIT HEAD of 2026-05-16.
- files/etc/uci-defaults/99-bsbf-bonding:
- Do not ever exit non-zero. It prevents the script from being deleted
after it's run.
- Fix creating a new wan zone.
- Do not disable using DNS servers advertised by the ISP. We can now do
this as we transparently proxy all DNS traffic to Xray which resolves
queries.
- files/usr/sbin/bsbf-bonding:
- Attempting to source a file that doesn't exist breaks the rest of the
script. Therefore, only source /etc/bsbf/bsbf-bonding.conf if it
exists. Then, print to stderr if the configuration is improper.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
This software is no longer maintained because upstream
repository has been archived by the owner.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
- gated f_load behind a ubus socket check at the end of adblock.sh
to harden against pre-ubus invocations
- added a 'adb_bver' fallback in f_log for invocation paths without prior f_load execution
- minor code improvements and fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
- gated config sanity checks at the end of banip-functions.sh
behind 'ban_action' to skip them on init script sourcing paths (enable/disable/help)
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'ban_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
so f_log has a valid 'ban_logcmd' available if the library check fails
- minor code improvements and fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
- gated config sanity checks at the end of travelmate-functions.sh
behind 'trm_action' to fix init script enable/disable/help paths
- added a ubus socket guard around f_system to harden against pre-ubus sourcing
- added a 'trm_bver' fallback in f_log for sourcing paths without prior f_system execution
- reordered system utility references before system library sourcing,
so f_log has a valid 'trm_logcmd' available if the library check fails
- minor code improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
Changes since 0.25.1:
0.27.0:
* util: Removed GNUNET_CRYPTO_symmetric_derive_iv API
* util: Deprecate GNUNET_CRYPTO_symmetric_* APIs
* util: Revise GNUNET_CRYPTO_hkdf_* APIs for safe variadic
arguments. Fixes#10898
0.26.x:
* util: Revise crypto API to prevent misuse of key material
* util: Add various TIME related helper APIs
* pils: Ship missing header
* pq: fix NULL reporting in arrays
* pq: fix consistency check errors
* util: fix UTF-8 uppercase/lowercase conversion API insanity
0.25.2:
* build: Various build system and detection logic improvements
* reintroduce some flat file storages
Drop patches that have been merged upstream:
- 0001-meson-convert-SQLite-version-detection-to-compile-time
- 0002-meson-convert-cURL-version-detection-to-compile-time
- 0003-meson-convert-libsodium-version-detection-to-compile
- 0004-meson-convert-cURL-SSL-library-detection-to-compile
- 0007-namecache-install-sql-files
- 0008-namecache-build-flat-namecache-plugin
Refresh 0005-meson-detect-libcurl-gnutls.patch for the upstream
switch from cc.compiles to cc.run for the cURL SSL backend check.
Link: https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.27.0
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Upstream repository has been archived by the owner, so
this software is no longer maintained.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
It seems this software is no longer maintained, because
upstream repository has been deleted.
No packages depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Update bsbf-resources to the GIT HEAD of 2026-05-14.
- Improve bsbf-bonding --uninstall logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
before acme is an empty package that depend either acme-acmesh or uacme.
but this boolean logic in depend ignored by apk itself.
let's make a virtual keyword
witch both acme.sh and uacme provides.
acme.sh is explicit default.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Tracks upstream curl 8.20.0 (April 2026 release).
Changes since 8.14.1 cover six upstream releases (8.15.0 - 8.20.0).
Highlights:
* async-thrdd: use thread queue for resolving
* build: make NTLM disabled by default
* lib: add thread pool and queue
* lib: drop support for < c-ares 1.16.0
* lib: make SMB support opt-in
* multi.h: add CURLMNWC_CLEAR_ALL
* rtmp: drop support
* cmake: drop support for CMake 3.17 and older
* Various TLS, HTTP/3, altsvc and resolver bug fixes.
Link: https://curl.se/changes.html#8_20_0
Link: https://github.com/curl/curl/blob/curl-8_20_0/RELEASE-NOTES
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 4.0.0:
- Add Zstandard decompression support for compressed web content
- Improve WolfSSL compatibility and SSL host name validation
- Improve IPv6 address support and Connection header handling
- Drop legacy pcre1 support; PCRE2 is now required
- Fix multiple memory leaks and socket leaks
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 26.1:
- Add SSL/TLS certificate validation for server-server links by default
(new SSLVerify option to disable)
- Add systemd sd_notify protocol support
- Add Autojoin option for automatic channel joining on connect
- Automatically maximize file descriptor limit at startup
- Add Docker/container documentation and Dockerfile
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changes since 2.2.8:
- Fix crash related to FD_SET and socket timeout handling
- Fix build_absolute_url when if_indextoname() returns NULL
- Add support for C23 and glibc 2.43 string function signatures
- Improve poll() usage and C++ compiler compatibility
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Fixes symlink traversal vulnerability (CVE-2025-26625) that allowed
writing files outside the repository on checkout/pull.
Other changes since 3.5.1:
- Add --refetch option to force re-download of LFS objects
- Add --json and --dry-run options for fetch operations
- Improve .netrc handling on Windows and macOS root CA support
- Upgrade to Go 1.25 (requires Linux kernel 3.2+)
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
The package is not actively-maintained and doesn't compile with modern
Protobuf. Switch it to compat version.
Signed-off-by: George Sapkin <george@sapk.in>
Switch mosh to -std=c++17 to fix compilation with newer Protobuf.
Link with libatomic necessary for MIPS and PowerPC.
Signed-off-by: George Sapkin <george@sapk.in>
Update bsbf-resources to the GIT HEAD of 2026-05-11.
- Do not add more than 8 WANs with files/etc/uci-defaults/99-bsbf-bonding.
- resources-client/bsbf_bonding.nft now destroys the bsbf_bonding table
before adding it. Therefore, no need to delete the table anymore. And use
the destroy command to successfully exit even when the table doesn't exist.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Add the network entries that bsbf-autoconf-cellular and bsbf-autoconf-dhcp
create, to the firewall wan zone.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Bug-fix release. Fixes 20+ bugs and includes some performance
improvements. All users are encouraged to upgrade.
Highlights (all platforms):
* Fixed a 4.1.0 bug that failed to report some filesystem errors
to RPC clients querying free space.
* Fixed a 4.1.0 bug that kept a torrent's updated queue position
from being shown.
* Fixed a 4.1.0 bug that caused torrents' queuing order to
sometimes be lost between sessions.
* Hardened .torrent parsing by exiting sooner if 'pieces' has
an invalid size.
* Reverted a 4.1.0 RPC change that broke some 3rd party code by
returning floats rather than integers for speed limit fields.
* Fixed crash when pausing a torrent and editing its tracker
list at the same time.
* Fixed 4.1.0 crash on arm32 by switching crc32 libraries to
Mark Adler's crcany.
* Require UTF-8 filenames in .torrent files (per BitTorrent spec).
* Fixed crash when parsing a .torrent file with a bad 'pieces' key.
* Fixed potential fd leak when launching scripts on POSIX systems.
* Changed network traffic algorithm to spread bandwidth more
evenly amongst peers.
Link: https://github.com/transmission/transmission/releases/tag/4.1.1
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fotios Kitsantas