* add: ucode-mod-uloop dependency
* add: parallel downloads using uloop
* fix: explicit allow for domains from allow-lists
* fix: get environment information for getInitStatus RPCD call
* add: update tests
Signed-off-by: Stan Grishin <stangri@melmac.ca>
This patch fixes two issues in the netifd protocol script:
1. Fix logic error in deprecated option filtering:
Previously, ${f%%:*} was called before checking for the deprecated
flag (:d). This stripped the suffix and made the check [ "${f#*:}" = "d" ]
always fail. The cleaning of $f is now deferred until after this check.
2. Improve parameter quoting for specific options:
- Adds single quotes to --push and --push-remove parameters to handle
spaces (e.g., "route 10.0.0.0 255.255.255.0").
- Unifies quoting for 'file' type options to improve shell safety.
- Refactors the build logic using a case statement for better
extensibility.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* fix: ensure output in CLI in status and quick start commands
* fix: ensure relevant directories exist when using a (gzip) cache file on
first boot
* add: update functional tests
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Add a new netcup DDNS provider using the netcup DNS api
(ccp.netcup.net) with API key authentication.
Configuration mapping:
* username = netcup customer number
* password = netcup API password
* param_enc = netcup API key (generated in the CCP)
* domain = fully qualified subdomain to update (e.g. home.example.de)
* param_opt = (optional) root/zone domain override (e.g. example.de)
When omitted the root domain is derived by stripping the
leftmost label from 'domain'. This only works correctly for
a single subdomain level (e.g. "home.example.de").
param_opt MUST be set explicitly in two cases:
1. Deep subdomains: domain=test.internal.example.org
2. ccSLD apex domains: domain=example.co.nz
Signed-off-by: Tim Flubshi <flubshi@gmail.com>
Update bsbf-resources to the GIT HEAD of 2026-03-24. Add bsbf-rate-limiting
and make bsbf-bonding depend on bsbf-rate-limiting.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Read PRETTY_NAME from /etc/os-release via /bin/sh for distro output.
Bump PKG_RELEASE to account for the package configuration change.
Signed-off-by: Kamil Bienkiewicz <perceivalpercy@gmail.com>
* renamed f_query to f_search (Query => Search)
* add better input validation to the f_search function,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big pcap files
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add better input validation to the f_content and f_search functions,
to compensate for the very limited Wildcard ACL mechanisms in LuCI, see
https://github.com/openwrt/luci/issues/8435 for reference
* LuCI: add a proper poll mechanism to mitigate Reporting timeouts
on "Search" and "Refresh", even with big Sets
* LuCI: Refine some ACLs
* LuCI: more fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
- Fixes multiple security critical bugs with H3 handling. CVE submission is
pending.
- Updated haproxy PKG_VERSION and PKG_HASH
- Removed get-latest-patches.sh as it is not used anymore.
- See changes: http://git.haproxy.org/?p=haproxy-3.2.git;a=shortlog
Signed-off-by: Christian Lachner <gladiac@gmail.com>
- Process 'up'/'down' events to manage interface status.
- Add IPv4/IPv6 addresses and routes via netifd-proto.
- Parse DNS/search domains from foreign options.
- Convert netmasks and CIDR strings with new helpers.
- Apply MTU settings from OpenVPN environment.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
- Default to '--ifconfig-noexec' and '--route-noexec' to allow hotplug
script to handle IP and routing configuration.
- Only append '--auth-user-pass-verify' if the option is explicitly
configured to avoid unexpected authentication requirements.
- Fix missing retrieval of 'auth_user_pass', 'askpass', and 'tls_verify'.
- Remove redundant '--config' parameter (managed by option_builder).
- Simplify 'script_security' assignment logic.
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
The 'ddns-scripts' packages still uses not the procd service handling.
This commit changes this.
This change also resolves the issue where, if a UCI configuration is
already present, the process is blocked during installation via APK and
does not complete.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Tested-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Config:
* update pause_timeout default value to 60
* add config option rpcd_token
Init script:
* add validation for rpcd_token
Ucode script:
* fix: always reload config options on RPCD calls to prevent stale values
* fix: shell_quote curl params
* fix: do not reload is_tty on each call
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Update the openvpn package to the latest version in
the 2.6.x branch while development of the 2.7.x branch
become stable enough to merge.
Signed-off-by: Sander van Deijck <sander@vandeijck.com>
* fix: detect/support point-to-point interfaces in dynamic routing mode
* fix: avoid IPv4/IPv6 address collisions on Tor policies
* fix: do not set triggers on boot when service is disabled in config
* fix: more robust forward stop/enable
Signed-off-by: Stan Grishin <stangri@melmac.ca>
At startup there's a race situation where "chronyc waitsync" (and thus
chrony-hotplug) will exit right away because it can't bind to loopback.
This change tries quite hard to make chrony-hotplug wait for loopback to
come up before running chronyc.
Fixes#28434.
Signed-off-by: Florian Wagner <florian@wagner-flo.de>
* refine the domain validator regarding prefix handling, esp.
relevant for ABP-syntax
* adapted the adguard feed to make use of the new prefix handling
* LuCI: various fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
* the debug mode now captures internal error output in a dedicated log file,
located by default in the banIP base directory as /tmp/ban_error.log
* replaced the non-functional recursive PID tree walk in f_rmpid with
a correct iterative implementation
* added several IP validator improvements
* fixed a copy-paste error in f_report
* fixed a uninitialized variable in f_actual
* fixed missing token validation in banip.cgi
* various other minor improvement & fixes
* removed abandoned nixspam feed
* LuCI: various fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
Adds the misssing build dependencies to remove the
"Cannot import 'setuptools.build_meta'" build error with 25.12.0-rc1 to 25.12.0-rc5
Signed-off-by: dwardor <benjamin.reveille@gmail.com>
