libpcre2's JIT support is controlled with a compile-time flag.
When PHP is compiled against it (external libpcre2 - not PHP's bundled
version) as in our use-case, then it tries to auto-detect whether
JIT support is enalbed or not - but this is done based on a guess
when cross-compiling.
So instead of guessing, we need to tell the actual OpenWrt configuration
of libpcre2 to PHP.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Run AdGuard Home without superuser privileges, by granting the binary
capabilities through ujail.
AdGuard Home writes new config files, so it must have r/w access to the
directory where these files live. Which means existing configs must be
migrated to a new directory, /etc/adguardhome, by default.
CAP_NET_BIND_SERVICE and CAP_NET_RAW capabilities are based on the
official documentation linked below.
Link: https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#running-without-superuser-linux-only
Signed-off-by: George Sapkin <george@sapk.in>
When building kmod-32 package for the first time (clean build_dir), it
builds and installs fine. When building for 2nd time, sometimes
(probably some race condition?) it fails to build in install step with
following error:
for tool in insmod lsmod rmmod depmod modprobe modinfo; do \
ln -s kmod /tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/$tool; \
done
ln: failed to create symbolic link '/tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/insmod': File exists
ln: failed to create symbolic link '/tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/lsmod': File exists
ln: failed to create symbolic link '/tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/rmmod': File exists
ln: failed to create symbolic link '/tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/depmod': File exists
ln: failed to create symbolic link '/tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/modprobe': File exists
ln: failed to create symbolic link '/tmp/build_dir/target-aarch64_cortex-a73+neon-vfpv4_musl/kmod-32/ipkg-install/usr/bin/modinfo': File exists
Lets fix it by backporting upstream fix.
Fixes: #27171
Link: https://lore.kernel.org/r/20240306145804.135709-1-lucas.de.marchi@gmail.com
Upstream-Status: Backport [c5054b2150]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Description:
updated to new upstream release version 0.0.34
Maintainer: Kerma Gérald <gandalf@gk2.net>
Run tested: mediatek/filogic, BPI-R3, Openwrt 24.10.2
Signed-off-by: S. Brusch <ne20002@gmx.ch>
Shell expects a matching library version to be installed. Specify a
matching version using EXTRA_DEPENDS.
Signed-off-by: George Sapkin <george@sapk.in>
Add back the regex searching for valid IP address when getting IP
address via web.
Fixes: 9cdd1a1660 ("ddns-scripts: refactor get_current_ip()")
Signed-off-by: Qian Suyao <qiansuyao@gmail.com>
* skip rdap requests/replies with placeholders for all IPv4/IPv6 addresses
* sanitize possible bogus config values, e.g. '/dev/null' as a directory
* change URL for beycyber feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
I received an email from Aaron Goodman saying that he is no longer working
with mwan3 and asking me to remove him from the PKG_MAINTAINER list.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This is long overdue. Honestly I dislike that packaging
is hardcoding it this way. It's error-prone, as we can see.
Knot Resolver source does contain the up to date anchors,
and it also (optionally) installs them. Still, I'm not up to
larger changes in OpenWrt packaging right now.
Signed-off-by: Vladimír Čunát <vladimir.cunat@nic.cz>
Knot Resolver 5.7.6 (2025-07-17)
================================
Security
--------
- DoS: fix a rare segfault in `resolve` function (!1720)
Someone controlling the DNS traffic might be able
to trigger this crash intentionally and too often.
- DoS: drop a wrong assertion/crash (!1721)
Someone controlling the DNS traffic will most likely be able
to trigger this crash intentionally and too often.
Knot Resolver 5.7.5 (2025-04-24)
================================
Security
--------
- DoS: fix unconfirmed crashes with the line below (!1683)
[system] requirement "h && h->end > h->begin" failed in queue_pop_impl
Improvements
------------
- tests: disable problematic config.http test (#925, !1678)
- validator: accept a confusing NODATA proof with insecure delegation (!1678)
Bugfixes
--------
- daemon/http: DoH stream got stuck after returning an error code (!1652)
- stats: request latency was very incorrect in some cases (!1678)
Signed-off-by: Vladimír Čunát <vladimir.cunat@nic.cz>
e5500 is the only powerpc64 target we have in tree, but it's not
supported by golang[1]. Since it's hard to opt e5500 out from the
supported arch list, simply remove powerpc64 from it for now.
1. https://github.com/golang/go/issues/19074
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
`ubus.call(sprintf('network.interface.%s', ifname), 'status', {})`
returns null if the interface `ifname` doesn't exists (yet).
For pppoe interfaces using `option ipv6 auto`, a virtual interface suffixed `_6`
is automatically created once the connection is established,
but until then it doesn't exists.
Fixes: 6423781254 ("mwan3: reimplement rpcd plugin using ucode")
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf needs to be 644
so that it can be read to prevent the following since dbus runs as an
unprivileged user:
dbus-daemon[12465]: Encountered error 'Failed to open "/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf": Permission denied' while parsing '/etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Switching to the dbus user in edc5a534 also needed to redefine the
location of dbus.pid into the directory under its ownership. This
commit fixes that omission.
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Makefile:
- bugfix: change references to melmac.net to melmac.ca
README:
- add basic README with the link to full documentation
Config:
- add heartbeat_domain
- add heartbeat_sleep_timeout
- add sanity_check
- add update_config_sizes
Init Script:
- a lot of visual output improvements, especially with verbosity=2
- better output separation for different verbosity levels
- removed unneeded runningErrorFile
- bugfix: updated runningConfigFile
- updated runningStatusFile and added runningStatusFileLock
- moved append_url() higher up for better visibility
- refactor force-redownload/restart on some config changes functionality
- improve count_blocked_domains
- add internal debug_log() for debugging functions where output is captured
- unified all json add/get calls in the same formatting
- major rework on json() to allow storing of error/warning messages as json objects
- added some error/warning messages
- renamed `cache()` function to `adb_file()` to better reflect functionality
- added functionality to test the dnsmasq config before restarting dnsmasq with ad-blocking
- added functionality to throw warnings if TLDs or leading-dot domains are discovered
in the final block-list file (can be disabled by `sanity_check` option)
- added functionality to test DNS resolution after resolver restart with `heartbeat_domain`
for `heartbeat_sleep_timeout` seconds
- added functionality to revert the resolver's config/ad-blocking if heartbeat domain cannot
be resolved after resolver restart
- added `ALLOWED_TMP` variable/file for better processing of external allow-lists
- added debug output to log with the elapsed time for each step of processing
- drastically improved final block-list optimization with the new awk script
- minor other performance improvements
- added check_tld/check_leading_dot CLI commands to show domains breaking sanity checks
- added validate functions to triggers
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Makefile:
- add SPDX-Identifier-License
- update Copyright
README:
- add basic README with the link to full documentation
Config:
- add debug_dnsmasq
- add procd_boot_trigger_delay
Init Script:
- move extra_command calls high up for visibility
- bump packageCompat to sync with luci app
- implement support for debug_dnsmasq to dump dnsmasq debug into $packageDebugFile
- create $runningStatusFile json-file allowing more verbose errors/warnings messages
- replaced `state add` calls with json add calls to store errors/warnings messages
- remove no longer needed errorSummary, warningSummary
- ensure environment is only loaded once per run via $load_environment_flag
- bugfix: update is_{host,hostname,domain,ipv4,mac_address} functions to properly sort policy entries
- bugfix: change references to melmac.net to melmac.ca
- add some new error/warning messages
- add delay before service is started on boot via procd_boot_trigger_delay
- bugfix: add logic to identify unknown policy entries instead of silently failing on them
- store error/warning messages as json objects in ubus data for luci app
- update load_validate_config with debug_dnsmasq and procd_boot_trigger_delay entries
Signed-off-by: Stan Grishin <stangri@melmac.ca>
On my "test" router (5 wans, 2 tracking ips per wan), before any rework,
prometheus-node-exporter-lua mwan3 average scraping time was 1230ms
(scraping only the interfaces), after optimizing the shell version,
average time was down to 485ms, with ucode we are now at 41ms.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Using $(...) to call an internal function causes a fork().
Pass the name of the return variable as first parameter,
and write to it using 'export -n'.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
pgrep is pretty slow as it needs to read all /proc/*/cmdline
or /proc/*/status, and it's called twice per wan.
Add STARTED and PID files to speedup mwan3_get_mwan3track_status().
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This is a preparation for adding an utility function readfile() to read
directly to a variable. Using '$(cat ...)' causes a fork/execve which is
extremely slow just to read '~2' chars.
(commit message from Florian Eckert)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Just use 'job -p' to list the subprocesses currently running,
so we do not needed the global variables TRACK_PID and SLEEP_PID anymore
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
