commit ea66e463cf added a new config
option LIBCURL_HTTP_AUTH to enable or disable HTTP_AUTH support in
cURL. It defaulted the option to n (disabled).
However, prior to this change HTTP_AUTH was enabled for cURL, as the
configure script defaults to HTTP_AUTH enabled when it is not
explicitly disabled.
This impacts any consumer of cURL that uses HTTP_AUTH, including
authentication by username and password in the URL. (Confirmed via
run testing).
So we set the default for the option to y (enabled).
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 57e6f89c02)
- Update daemon to 2.3.9 to fix removal of nftables rules in
`upnp_forward` and return the correct internal port; also resulted in
the excessive opening of new ports. Accept interface names starting
with digits
- Build from GitHub releases to get a reliable HTTPS server, as the
HTTP-only/HTTPS mirror were only available ~85%/77% over 3 months
https://redirect.github.com/miniupnp/miniupnp/issues/770https://stats.uptimerobot.com/DwGDxUB914
- Build daemon with `--disable-pppconn` to remove the old/IGDv1-only
extra WANPPPConnection SSDP announcements workaround not included in
other implementations since >15y
- Build daemon with `--vendorcfg` to allow customisation of the
router/friendly name (+5 potential options) displayed in Windows
Explorer, 384 bytes extra required on ARMv7 (binary)
- Remove old (iptables variant only) patches, as no longer needed
- Remove `clean_ruleset_interval/threshold` UCI config options as not
standard/working since OpenWrt 22.03, as nftables not supported
Fixes: https://github.com/openwrt/openwrt/issues/18011
Fixes: https://github.com/openwrt/luci/issues/7759
Fixes: https://github.com/openwrt/packages/issues/26352
Signed-off-by: Self-Hosting-Group <selfhostinggroup-git+openwrt@shost.ing>
[update fixes tag]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 70ce349f1c)
nginx modules must not provide nginx which causes them to not be able
to be installed alongside nginx due to the new apk provide fixes.
Remove PROVIDES from modules.
Remove nginx-ssl from PROVIDES as there is no non-ssl variant, i.e. all
version provide ssl.
Set nginx-ssl as the default variant.
Remove non-existent config value.
Signed-off-by: George Sapkin <george@sapk.in>
(cherry picked from commit 63a666bd05)
* fixed f_uci function
* fixed f_switch function, reported in the turris forum
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit afce31650c)
658b14b main: Add `stderr` option for cgi-exec to redirect stderr to stdout
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
(cherry picked from commit 90e227e755)
Remove many obsolete files.
Makefile:
* remove netifd-flavour related code
* remove trailing white spaces
Init-script:
* proper deletion of default network rules for IPv{4,6}
* fix netifd function error when IPv6 is enabled
* remove trailing white spaces
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 89e29f7141)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* hardened the uci config parsing
* added a fast, flexible & secure domain validator function, it eliminates > 99 % of garbage inputs
- Please note: the "rule" in the feed file now only includes parameters for the domain validator,
see readme for details. Please nuke a custom feed file from former versions - they are no longer
compatible
* readme update
* LuCI: fixed a minor issue in the logread template
* LuCI: adapted the rule select options in the custom feed editor to use the new domain validator
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit b085131830)
* split travelmate.s in a new central travelmate function library (usr/lib/travelmate-functions.sh) plus
a smal service script (/usr/bin/travelmate-service.sh)
* the vpn-, mail- and login scripts are now using the central function library
* rework the ntp hotplug script
* harden the config parsing
* support the curl interface option to specify which network pathway is used for outgoing requests
* the travelmate status now includes the backend- and frontend version information
* LuCI: use a special travelmate interface, e.g. trm_wwan or use an existing wwan interface
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 990bf69fd7)
Current odhcpd in master writes MAC addresses with colons in his lease file,
this new odhcpd format leads to a crash loop in unbound (if DHCPv4 to SLAAC is selected).
Just remove the colons, before the processing in slaac_eui64 begins, fixes#28032
Signed-off-by: Dirk Brenken <dev@brenken.org>
As the python3-distutils was dropped while bumping the version
to 3.13.9 via 97a92f2e7a, remove the
python3-distutils from all packages that are currently using it.
OpenWrt already uses recent enough releases of these packages
that have adapted to work without distutils, so the dependency
can be safely removed.
Signed-off-by: Til Kaiser <mail@tk154.de>
This commit removes the non-empty APN requirement for initial EPS
bearer. An empty APN value is valid and means that the modem will use a
network provided APN offered by the operator.
Signed-off-by: Simonas Tamošaitis <simsasss@gmail.com>
resolveip returns 0 on success. This means that the while loop
will just run until all tries are exhausted. But this was not
the intended behaviour.
Fixes: 20ea72607b ("openconnect: make host dependency more resilient")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
pbr 1.2.1-r35
Makefile:
* split uci-defaults into different purpose files
* add handling of netifd integration
Config:
* update with default values for all options (thanks @betonmischer86)
Init-script:
* add netifd integration handling
* add ip() function to emulate ip rule replace
* add netbird intrfaces support (thanks @egc112)
* reorganize loading/handling of options in load_package_config()
* improve display of interface triggers in service_triggers()
* remove chains cleanup from stop_service() due to exclusive use of fw4 nft files
* improve status_service() output
* drop input and postrouting as valid options for policy chain
Uci-defaults files:
* 91-pbr-nft: cosmetic improvements
Default nft files:
* drop use of input and postrouting chanins
Custom User files:
* dns-prefetch: functional improvements (thanks @betonmischer86)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
In this repository, we do have radicale2, so OpenWrt
community should switch to use that version.
This version (= 1.x.x) is really old, no longer developed
and there are newer versions, which can be used e.g.
version 2.x.x, in this repo as radicale2 or there is
also version 3.x.x, which is not packaged for OpenWrt so far.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
If named gets stopped, then started again, but isc-dhcpd isn't also
restarted, then we want named to at least have the existing content.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Major changes are:
- Increase max ip connections(8->32) and max connections(128->256).
- Unset "guest_ok = yes" for ipc share by default.
- add new UCI option "allow_guest_ipc" to section (default disabled)
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
* fixed a typo in the allowlist/blocklist regex
* limit the f_switch function to only the suspend/resume actions
Signed-off-by: Dirk Brenken <dev@brenken.org>
* split block/logging rules (fixed#27990)
* adapt reload functions to support the new split logic
* the banIP status now includes the backend- and the frontend version information
* fixed a config parsing error with non existing dirs (reported in the forum)
* fixed a small reporting issue (reported in the forum)
* added a new public dns feed (by default restricted to outbound, ports 53 and 853)
* added a new gawk dependency due to significant performance gains
* LuCI: no longer call the logread binary, use rpc / the ubus log object instead
* LuCI: various code cleanups
* LuCI: various small usability improvements
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
This satisfies other packages which might depend on either chrony variant.
Should another package dependency request 'chrony', the default will be non-NTS
chrony via DEFAULT_VARIANT:=1 (mlichvar comment: to avoid pulling its large
dependencies).
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Remove requirement test code as it is already supplied by package
dependencies
Depend on ip6tables to satisfy description claim
Signed-off-by: Andris PE <neandris@gmail.com>
It seems this package is no longer maintained.
- The latest upstream commit is 4 years ago.
- Official website and IoC update servers
are unreachable.
https://crt.sh/?q=netstinky-api.wand.net.nz
No packages depend on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
It seems this software is no longer maintained.
- The latest upstream commit is 4 years ago.
- Author didn't respond security issue report. (CVE-2023-39141)
No packages depend on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
Updates to in-addr.arpa are being rejected with:
update failed: REFUSED
because we create an empty zone, and then try to add it again
when it already exists. So use modzone instead to update it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
FreeRADIUS yubikey plugin depends on obsolete libyubikey.
libyubikey has been removed from repo
due to upstream EoL. (9ea17111f0)
This commit will fix libyubikey dependency problem.
Signed-off-by: Yanase Yuki <dev@zpc.st>
New version of netopeer2 moved the install location of netopeer2-server
from /usr/bin to /usr/sbin.
Update the install location to reflect this change.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
With new sysrepo version, the .yang file are shipped with revision.
Update the package install to align to the new names.
The change of name doesn't cause regression as the revision is optional
on loading .yang files.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Bump to version 2025-06-12 and add pending patch for openthread-br for
CMake >= 4.0 support.
The package use an old cJSON version that cause compilation problem with
CMake >= 4.0 support. To handle this, add a pending patch to use an
external version of cJSON.
We already ship this package so it's trivial to use that instead of the
one in the openthread-br repository.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
According to [1] Basic Auth seems to be broken since a while for he.net.
The documentation [2] is outdated, and still mentions Basic Auth, but
switching to parameter-based authentication seems to fix the issue.
It also bumps PKG_RELEASE in order to ensure a new version is packaged.
[1]: https://github.com/openwrt/packages/issues/27593
[2]: https://dns.he.net/docs.html
Signed-off-by: Karol Babioch <karol@babioch.de>
Daniel F. Dickinson
Self-Hosting-Group
George Sapkin
Wesley Gimenes
Sandro Jäckel
Jonas Jelonek
Dirk Brenken
Paul Donald
Stan Grishin
Goetz Goerisch
Til Kaiser
Yanase Yuki
Simonas Tamošaitis
Christian Lamparter
David Connolly
Josef Schlehofer
Philip Prindeville
Andrea Pesaresi
Tianling Shen
Andris PE
Jan Hák
John Audia
Rui Salvaterra
Rosen Penev
Christian Marangi
Karol Babioch