As described in #28261 Not compiled with OpenSSL, the SSL variant of
the mailsend package is not actually being compiled with OpenSSL.
This is due to an upstream configure check borrowed from an ancient
version of BIND, which no longer works.
As a workaround we add `-DHAVE_OPENSSL=1` to the `TARGET_CFLAGS` when
building the SSL variant.
This results in a complaint about COPTS not being honoured correctly,
but results in `mailsend` compiled with OpenSSL (i.e. works).
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
(cherry picked from commit 444b62cbcc)
* refine the domain validator regarding prefix handling, esp.
relevant for ABP-syntax
* adapted the adguard feed to make use of the new prefix handling
* LuCI: various fixes & optimizations
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 27c44bf735)
* the debug mode now captures internal error output in a dedicated log file,
located by default in the banIP base directory as /tmp/ban_error.log
* replaced the non-functional recursive PID tree walk in f_rmpid with
a correct iterative implementation
* added several IP validator improvements
* fixed a copy-paste error in f_report
* fixed a uninitialized variable in f_actual
* fixed missing token validation in banip.cgi
* various other minor improvement & fixes
* removed abandoned nixspam feed
* LuCI: various fixes & optimizations
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit e724274907)
Improve the uci file coloring with nano-full.
Show unterminated strings more clearly (lightmagenta vs. white)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit a268b500d9)
Add the BondingShouldBeFree URL to the bsbf-openwrt-resources packages.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 6b23febb15)
Add the BondingShouldBeFree URL to the bsbf-resources packages.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit e3c7df1383)
Update bsbf-resources to the GIT HEAD of 2026-03-12. Add bsbf-plpmtu and
make bsbf-bonding depend on bsbf-plpmtu.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 709b2c629c)
Perform Path MTU Discovery without relying on ICMP errors, which are often
not delivered.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit bc1e10d8cc)
Starting from 1.9.2 python-evdev requires
include/uapi/linux/uinput.h headers for proper building.
Otherwise, it compiles but cannot be imported causing
KeyError: 'UI_FF'
Add uinput.h to LINUX_EVDEV_HEADERS
Signed-off-by: Ivan Belokobylskiy <belokobylskij@gmail.com>
With mjpg-streamer pending removal [1], it would be nice if we add
a compatible replacement which is under active development.
ustreamer offers a better performance, especially when the
camera supports MJPEG encoding in hardware.
The package already includes OpenWRT support files ./pkg/openwrt
but they needed heavy editing, so it is more efficient to copy
the scripts and configuration, instead of using patches.
Notable changes:
While the init.d script can run in the background when no camera is
connected, it is more efficient to indicate no active instances.
A hotplug script is introduced to start and stop the service when
cameras are added or removed.
If the configured format or encoding are unsupported, a compatible
alternative is automatically selected, so I changed the default
configuration to use MJPEG encoding in hardware for better performance.
HACKS:
MAKE_FLAGS += WITH_SETPROCTITLE=0
is added to workaround the following linker error:
undefined reference to setproctitle_init
This symbol is defined in libbsd, however adding the build dependency
does not resolve the error, because -lbsd is added conditionally, only
when uname -s contains linux. This is unreliable and fails when
cross-compiling on a macOS host. An upstream fix is needed.
An alternative is to use
PKG_UNPACK=$(HOST_TAR) -C $(PKG_BUILD_DIR) --strip=2 -xf $(DL_DIR)/$(PKG_SOURCE)
however this modifies the directory structure, so patches would need
path editing to maintain upstream compatibility.
TODO:
luci-app-mjpg-streamer which is also pending removal [2] is able to
open the HTTP stream from ustreamer. It would be nice to create
luci-app-ustreamer based on that.
[1] https://github.com/openwrt/packages/pull/28344
[2] https://github.com/openwrt/luci/pull/8221
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
(cherry picked from commit ab7fbfd12a)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* optimized the awk for the Top10 statistics in the DNS Report,
removed the faulty caching (reported in the forum)
* minor improvement in the f_switch function
* readme update
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 2657120d5f)
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.66.2
NetBird `v0.66.x` adds support for exposing a local HTTP service
from the CLI with the `netbird expose`[1] command, but only for
self-hosted deployments. Cloud support is coming.
[1]: https://docs.netbird.io/manage/reverse-proxy/expose-from-cli
---
`0.65.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.65.3
NetBird `v0.65.x` now includes a built-in reverse proxy[1], but only for
self-hosted deployments and is currently in beta. Cloud support is
coming soon.
Important: pre-shared keys or Rosenpass are currently incompatible with
the reverse proxy feature.
[1]: https://docs.netbird.io/manage/reverse-proxy
---
`v0.63.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.63.0
NetBird now supports private DNS zones[1].
[1]: https://docs.netbird.io/manage/dns/custom-zones
---
`v0.62.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.62.3
Upstream minimum Go requirement raised from `v1.24.x` to `v1.25.x`,
see the go.mod[1].
[1]: https://github.com/netbirdio/netbird/blob/v0.62.3/go.mod#L3-L5
---
Building `netbird` with Go 1.26.x fails with errors:
```
[...]
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:22:2: WaitReasonSelect redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:22:2: other declaration of WaitReasonSelect
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:23:2: WaitReasonChanReceive redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:23:2: other declaration of WaitReasonChanReceive
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:24:2: WaitReasonSemacquire redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:24:2: other declaration of WaitReasonSemacquire
[...]
```
Upstream Issue: https://github.com/netbirdio/netbird/issues/5290
Upstream PR: https://github.com/netbirdio/netbird/pull/5447
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
(cherry picked from commit df6533b96e)
Add `NB_DNS_STATE_FILE="/var/lib/netbird/state.json"` to the init
environment. This moves the state from the directory
`/root/.config/netbird` to the file `/var/lib/netbird/state.json` to
avoid storage wear. Note: the file is not preserved across reboots.
The state file contains information such as locally disabled routes and
other data primarily useful for desktop clients. In OpenWrt setups,
these changes are normally handled by the NetBird `management` server.
This matches the behavior prior to `netbird` v0.52.x, I have not
received any reports that this file caused problems before, so it is
unlikely to cause issues now.
The previous state file `/root/.config/netbird/state.json` can be removed.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
(cherry picked from commit 696c2b6096)
Use wan_$DEVICENAME naming scheme instead of using consecutive numbering
for the network name.
This makes it easier to match the network interface to the corresponding
network.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 1cb70a0b3c)
Set the device option for the network. This is solely for the ease of
matching the network to the corresponding network interface.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 6990436459)
* add support for OpenVPN netifd detection (thanks @egc112)
* add support for disable LAN->WAN forwarding when `strict_enforcement` is
set on start and restart (thanks @egc112)
* fix: always create marking chains for interfaces
* fix: insert DSCP/ICMP-related nft rules after marking chains
* fix: shellcheck-related improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit e799f47439)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: always print errors/warnings on non-quiet start
* bugfix: return proper enabled status in RPCD
* bugfix: return stupped status in RPCD when procd data is empty
* bugfix: correctly process verbosity=0
* delete LICENSE file and only keep it upstream
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 0058dd1233)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* the suspend/resume function now uses the external
DNS bridge when this function is used
* refine the f_nftadd function
* more file debug logging
* LuCI: add unfiltered DNS-Server to the DNS bridge selection
* LuCI: minor fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5a495b2240)
* fixed the debug errorfile handling
* fixed a typo in the nftadd function
* minor cornercase improvements
* LuCI: minor cleanups & fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 57ec85084c)
acme 3.1.2 added a new --cert-profile option to request specific certificates.
This makes it possible to request shortlived six day certificates from Letsencrypt.
Signed-off-by: Norman Gehrsitz <openwrt@gehrsitz.eu>
bsbf-autoconf-cellular creates a network with MBIM or QMI protocol using a
newly created network interface. It uses metric values from 1 to 8.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit a6be73da21)
Designate bsbf-openwrt-resources as the package to contain the BSBF
packages without a remote source to fetch.
Move bsbf-bonding and bsbf-usb-netdev-autodhcp into bsbf-openwrt-resources.
Change bsbf-usb-netdev-autodhcp to bsbf-autoconf-dhcp along with the logic.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 6037422f53)
* bugfix: support TMP and final block-list destination on different
partitions
* update pause-related code/defaults/validation
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 5ad634eac9)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
bsbf-bonding configures the system for the BondingShouldBeFree bonding
solution client.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit 292214e76a)
bsbf-usb-netdev-autodhcp creates a network with a DHCP client using a newly
created network interface. It uses metric values from 1 to 8.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit fea7b41d64)
bsbf-resources contains the resources for the BondingShouldBeFree bonding
solution client.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit e69b0b24fa)
TCP-in-UDP is a lightweight TCP in UDP tunnel utilising eBPF.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
(cherry picked from commit ea1ea71298)
* add explicit LICENSE file to the repository
* pretty up Makefile
* minor shell script styling improvements
* better parsing if individual dnsmasq instances are used in config
* functional test
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit eea712197e)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: don't mask RFC1918 in the support output
* bugfix: proper processing of downed interfaces
Thanks to everyone who reported/tested and @egc112 for collecting feedback.
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit abff4ba825)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* added a new firewall feature: the DNS‑Bridge.
This temporary DNS bridge ensures that an external fallback DNS server
is automatically used during local DNS restarts, providing Zero‑Downtime DNS resolution.
* The debug mode now captures internal error output in a dedicated log file,
located by default in the adblock base directory as /tmp/adb_error.log.
* LuCI: exposed the previously missing adb_cores option (auto‑detected by default).
* LuCI: added support for the new DNS‑Bridge options (Zero‑Downtime during DNS restarts).
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit d4a62496f9)
Daniel F. Dickinson
Dirk Brenken
Ivan Pavlov
Aleksey Vasilenko
Hannu Nyman
Maxim Storchak
Chester A. Unal
Ivan Belokobylskiy
Georgi Valkov
George Sapkin
Afiq Nazrie
Niklas Thorild
Wesley Gimenes
Stan Grishin
Norman Gehrsitz
Toke Høiland-Jørgensen