This release is needed in order to build against the 6.18 kernel.
Removed upstreamed: 020-gcc15.patch
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 0e0c742d81)
Bump to version 0.1.3 and drop patch, which is in upstream.
Signed-off-by: Erik Larsson <who+github@cnackers.org>
(cherry picked from commit fee669b6d4)
Maintainer: me
Compile tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Run tested: x86_64, Dell EMC Edge620, OpenWrt 25.12.1
Description:Add nftables notrack for localhost traffic
- Removed. License is now included in the main project.
net/https-dns-proxy/Makefile:
- Bumped PKG_RELEASE to 5.
net/https-dns-proxy/files/etc/config/https-dns-proxy:
- Added 'option notrack_dns '1'' to the default configuration.
net/https-dns-proxy/files/etc/init.d/https-dns-proxy:
- Defined NOTRACK_NFT_FILE constant.
- Added 'notrack_dns' and 'notrack_ports' variables.
- Implemented 'notrack_nft' function to manage nftables rules for notracking local DNS traffic.
- Enabled loading of 'notrack_dns' boolean from configuration.
- Modified start_instance to collect listen_port into notrack_ports if notrack_dns is enabled.
- Modified start_service to call notrack_nft update/remove based on notrack_dns and collected ports.
- Modified stop_service to call notrack_nft remove.
- Updated service_started and service_stopped to trigger firewall config changes when notrack_dns is enabled.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit fa4b35ad53)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* Switch Hagezi URL to a more compact higher-level only domains list as we
prefer it anyways and there's less processing (thanks @dave14305)
* When update_config_sizes is unset, save collected sizes to RAM to improve
luci app performance (thanks @sshaikh)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 5e0b94f2a4)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
handle dalias/calias config currectly by dns challenge hook so it won't
break uacme when given
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
(cherry picked from commit d824c1fc90)
migrate old uacme specific config parameters into acme-common format.
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
(cherry picked from commit 2da557bbf5)
remake uacme hook scripts to base on acme-common,
and implements helper to able to use acme.sh DNS APIs
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
(cherry picked from commit 7f88cc5eb8)
currently acme metapackage only able to satisfied with acme-acmesh,
but make is satisfieable by uacme if it's already installed.
still defaults to acme.sh
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
(cherry picked from commit fe3d05090b)
The release tarball already contains a pre-generated _version.py with
the version hardcoded, so versioneer is not needed at build time.
Patch pyproject.toml to only require setuptools and remove
PKG_BUILD_DEPENDS:=python-versioneer/host.
Remove python-versioneer package as it is no longer needed.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 8c3bc3fcf9)
I could not reproduce the bug reported, but the update should fix it
anyway. Tested on Turris Omnia, OpenWrt r31111.
Signed-off-by: Marius Dinu <m95d+git at psihoexpert.ro>
[imported from mailing list]
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 164d5a0cf7)
The current pigeonhole Makefile is more complex than it needs to be, with
too many unique variables and the resulting package version
is currently this one:
```
dovecot-pigeonhole_2.3.21.0.5.21-r1_aarch64_cortex-a53.ipk
```
and based on Repology [1], it looks like we are the only GNU/Linux
distribution, who includes dovecot version and pigeonhole version
together. We should not include the extra dovecot version, because
even project [2] website does not do it except their tarball.
What we can do better is that we added and modify a little bit
EXTRA_DEPENDS, which ensures that pigenhole 0.5.21.1 will be used
for Dovecot 2.3, because of that, we can have package version as
it should be.
```
dovecot-pigeonhole_0.5.21-r1_arm_cortex-a9_vfpv3-d16.ipk
```
Because of the changed versioning, we can remove the dynamic shell
execution for version extraction.
[1] https://repology.org/project/dovecot-pigeonhole/versions
[2] https://pigeonhole.dovecot.org/download
Fixes: 6c6a40ab57 ("pigeonhole: fix runtime dependency on dovecot's ABI")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 547ac2e84e)
Use $(XARGS) variable instead of plain xargs command, consistent with
the dovecot package implementation. Remove unnecessary space in
EXTRA_DEPENDS version constraint.
Fixes failing error on buildbot:
```
make[3]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule.
Makefile:62: *** multiple target patterns. Stop.
time: package/feeds/packages/pigeonhole/compile#0.52#0.42#1.15
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d4f9e59a96)
The new DCO module depends on OpenVPN 2.7.1.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.7.1/Changes.rst
Removed upstreamed wolfSSL patches:
- 101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch
- 102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch
Reworked 100-mbedtls-disable-runtime-version-check.patch to use
MBEDTLS_VERSION_STRING instead of a mutable buffer.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
(cherry picked from commit 9faf26770b)
Signed-off-by: Sander van Deijck <sander@vandeijck.com>
fix: avoid unnecessary dnsmasq restarts (thanks @egc112)
fix: insert, not add dns policies to ensure higher priority than the DNS
hijack rules (thanks @egc112)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 727ca8a3a5)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Validate UCI config for syncthing service.
Switch instance name to syncthing.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit af5999ce2a)
Validate UCI config for strelaysrv service.
Switch instance name to strelaysrv.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 30199decfd)
Validate UCI config for stdiscosrv service.
Change default DB directory to /etc/stdiscosrv/db.
Switch instance name to stdiscosrv.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit d26083edf8)
* flock/serialize the etag writing in the f_etag function
* added various variables to local scope
* LuCI: removed needless ACL
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 01c7cf719e)
Bump version for quickly discovered issues with 3.7.0
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 0de3688f10)
* added an separate adblock rundir (/var/run/adblock)
* refine the cpu/core detection
* behaviour change: allowlist domains now also removes subdomains from the blocklist
* flock/serialize the etag writing in the f_etag function
* code clean-up/linting
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 157bd82ac0)
* fixed the initialization of the banIP rundir (reported in the forum)
* sanitize possible windows line endings in local block- and allowlist
* refine the cpu/core detection
* code clean-up/linting
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 420d966267)
Watchcat was failing to restart layer-3 interfaces when in mode
'restart_iface'. The previously attempted fix made the situation
worse in that it resulted in layer 2 interfaces also failing to
start.
This was because we are passed the interface name (e.g. eth0,
l2p0, or br-lan), but ifup needs the logical network (e.g. 'lan'
which corresponds to the network device).
Update to use find_config from /lib/network/config.sh to find the
logical network from the interface name, and use ifup on the
logical network to restart the underlying interface(s) associated
with the logical network.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit c3a85b96de)
As reported in #23410 Network interface reset doesn't work as expected
on a Wireguard VPN interface and in #27927 lt2p interface won't reboot,
and mentioned in #27248, the current implementation of the option to
restart an interface when connectivity check fails for some period does
not result in an interface restart for all interface.
Notably 'virtual' interfaces such as Wireguard and L2TP do not restart.
The solution that works is to use `ifup <interface>` instead of only
changing the link status.
This commit is based on the one in #27248 by @rondoval, who unfortunately
has not updated the commit message as requested for half a year.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 14e0e9e737)
* Fix path to fping and use fping as fping6
* For privacy, disable call to public API to check for Zabbix version update
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 2aadd0d97f)
Update package to 3.4.0.
Changes:
- Added binary wheels for RISC-V 64
- Fixed multiple rare crash paths during interpreter shutdown; now uses
the atexit module (subtle API change: getcurrent unavailable once
atexit fires)
- Fixed multiple race conditions in free-threaded (no-GIL) builds when
greenlets are accessed from multiple threads, some causing assertion
failures or interpreter crashes
- Several minor correctness fixes from automated code audit
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
(cherry picked from commit 15e2da047b)
Rui Salvaterra