ovpn-dco is currently incompatible with the SafeXcel EIP-197
cryptographic engine. Disable async until this is fixed.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:Add nftables notrack for localhost traffic
- Removed. License is now included in the main project.
net/https-dns-proxy/Makefile:
- Bumped PKG_RELEASE to 5.
net/https-dns-proxy/files/etc/config/https-dns-proxy:
- Added 'option notrack_dns '1'' to the default configuration.
net/https-dns-proxy/files/etc/init.d/https-dns-proxy:
- Defined NOTRACK_NFT_FILE constant.
- Added 'notrack_dns' and 'notrack_ports' variables.
- Implemented 'notrack_nft' function to manage nftables rules for notracking local DNS traffic.
- Enabled loading of 'notrack_dns' boolean from configuration.
- Modified start_instance to collect listen_port into notrack_ports if notrack_dns is enabled.
- Modified start_service to call notrack_nft update/remove based on notrack_dns and collected ports.
- Modified stop_service to call notrack_nft remove.
- Updated service_started and service_stopped to trigger firewall config changes when notrack_dns is enabled.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Add --no-build-isolation to PYTHON_SETUP_ARGS. Without it, pip creates
an isolated build environment which fails during cross-compilation
because _sysconfigdata is missing for the target arch.
Add test.sh verifying python3-sepolgen module loads correctly and
selinux-audit2allow binary is functional.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Add HOST_PYTHON3_PIP_VARS and --no-build-isolation to MAKE_VARS.
Without --no-build-isolation, pip creates an isolated build environment
which fails during cross-compilation because _sysconfigdata is missing.
Aligns with python-selinux which already has this fix.
The libsemanage pywrap uses the host Python's EXT_SUFFIX to name the
C extension, so we will use the PYCEXT env-var to correct that.
Add basic test.sh to verify the semanage Python bindings load correctly
in environments without SELinux kernel support.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Add --no-build-isolation to PYTHON_SETUP_ARGS. Without it, pip creates
an isolated build environment which fails during cross-compilation
because _sysconfigdata is missing for the target arch.
Add test.sh with basic import and API sanity checks.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* Switch Hagezi URL to a more compact higher-level only domains list as we
prefer it anyways and there's less processing (thanks @dave14305)
* When update_config_sizes is unset, save collected sizes to RAM to improve
luci app performance (thanks @sshaikh)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Valkey is a community fork of the key-value database Redis.
It is a drop in replacement to Redis so most of the files are
derived from their Redis equivalent.
Co-authored-by: George Sapkin <george@sapk.in>
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
fix: avoid unnecessary dnsmasq restarts (thanks @egc112)
fix: insert, not add dns policies to ensure higher priority than the DNS
hijack rules (thanks @egc112)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Major changes since 3.10.0:
4.0:
- add CORS_ALLOW_PRIVATE_NETWORK setting for Local Network Access spec support
- add async middleware support, reducing overhead on async views
- remove deprecated CORS_REPLACE_HTTPS_REFERER and CorsPostCsrfMiddleware
- remove three header names from default allowed list (accept-encoding, dnt, origin)
4.3:
- fix access-control-allow-credentials header not being omitted on
non-allowed responses
4.6:
- drop support for Django 3.2 through 4.1
4.9:
- add Django 6.0 support
- tighten validation of sequence-type settings (e.g. CORS_ALLOW_METHODS)
Add PYPI_SOURCE_NAME:=django_cors_headers as the 4.x sdist uses
underscores in the filename.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Changelog since 0.9.6.1:
- add product version number to the PRODID tag in iCalendar output
- add support for GEO tags in vCards
- various bugfixes and compatibility improvements
Also need to update setup.cfg at build time to insert the version
to allow the package to build.
Otherwise we get
```
2026-04-21T08:17:17.9341927Z File "/builder/staging_dir/hostpkg/lib/python3.14/site-packages/setuptools/config/setupcfg.py", line 296, in __setitem__
2026-04-21T08:17:17.9342520Z parsed = self.parsers.get(option_name, lambda x: x)(value)
2026-04-21T08:17:17.9343117Z File "/builder/staging_dir/hostpkg/lib/python3.14/site-packages/setuptools/config/setupcfg.py", line 602, in _parse_version
2026-04-21T08:17:17.9343777Z return expand.version(self._parse_attr(value, self.package_dir, self.root_dir))
2026-04-21T08:17:17.9344201Z ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2026-04-21T08:17:17.9344938Z File "/builder/staging_dir/hostpkg/lib/python3.14/site-packages/setuptools/config/setupcfg.py", line 421, in _parse_attr
2026-04-21T08:17:17.9345544Z return expand.read_attr(attr_desc, package_dir, root_dir)
2026-04-21T08:17:17.9345876Z ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2026-04-21T08:17:17.9346409Z File "/builder/staging_dir/hostpkg/lib/python3.14/site-packages/setuptools/config/expand.py", line 191, in read_attr
2026-04-21T08:17:17.9346947Z return getattr(module, attr_name)
2026-04-21T08:17:17.9347261Z AttributeError: module 'vobject' has no attribute 'VERSION'
2026-04-21T08:17:17.9598878Z
```
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Patch release with stability and correctness fixes over 2.4.3:
- fix memory leak in certain array creation paths
- fix thread-safety issues in ufunc dispatch
- fix hash collisions in np.isin() on certain inputs
- fix OpenBLAS threading hang on ARM targets
- miscellaneous annotation and documentation improvements
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* flock/serialize the etag writing in the f_etag function
* added various variables to local scope
* LuCI: removed needless ACL
Signed-off-by: Dirk Brenken <dev@brenken.org>
Add PYPI_SOURCE_NAME:=lru_dict as the sdist tarball filename
uses underscores while PYPI_NAME uses hyphens.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
* added an separate adblock rundir (/var/run/adblock)
* refine the cpu/core detection
* behaviour change: allowlist domains now also removes subdomains from the blocklist
* flock/serialize the etag writing in the f_etag function
* code clean-up/linting
Signed-off-by: Dirk Brenken <dev@brenken.org>
Introduce a new `ipv6` proto option for OpenVPN netifd integration and
export it to the hotplug environment. IPv6 remains enabled by default,
but can now be explicitly disabled per instance.
Update the hotplug helper to apply IPv6 addresses and routes only when
IPv6 is enabled, allowing cleaner IPv4-only tunnel deployments.
Also improve route handling by:
- ignoring invalid default gateway values (0.0.0.0 / ::)
- replacing fixed `seq` loops with shell-safe while loops
- keeping trusted peer host routes conditional on valid gateways
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* fixed the initialization of the banIP rundir (reported in the forum)
* sanitize possible windows line endings in local block- and allowlist
* refine the cpu/core detection
* code clean-up/linting
Signed-off-by: Dirk Brenken <dev@brenken.org>
The release tarball already contains a pre-generated _version.py with
the version hardcoded, so versioneer is not needed at build time.
Patch pyproject.toml to only require setuptools and remove
PKG_BUILD_DEPENDS:=python-versioneer/host.
Remove python-versioneer package as it is no longer needed.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
George Sapkin