* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit c2739705b9)
Tweak the package to better match the current file structure in the
upstream time zone database. Add missing aliases. Make some clarifications
* Combine -northmerica and -southamerica into -america, as all
current official America/xxx definitions were already in -northamerica
and only the unofficial/deprecated Brazil/xxx, Chile and Argentina were
in -southamerica. (Confusingly America/Sao_Paulo was in northamerica,
while Brazil was in southamerica.)
* Add PROVIDES for the old package names
* Add missing top-level dir country/nation alias links.
* Define Eire in -europe instead of -core.
* Rename -india to -indian, as it contains the Indian ocean islands
instead of the actual Asia/Kolkata zone for the mainland India.
* Add PROVIDES for the old package name
* Add 'Ocean' to all ocean zone titles.
* Make all zoneinfo-packages depend on zoneinfo-core, so that zone.tab,
the UTC based definitions and the still existing short zone codes are
always available.
* Clarify menuconfig menu as "Time Zone info"
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit b7b1fe6cb3)
* add housekeeping to the autoallow function, only the current uplink will be held
* fix small issues
* cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 97d6c8bf77)
* add the option 'ban_autoallowuplink' to limit the uplink autoallow function: 'subnet' (default), 'ip' or 'disable'
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 829a9a61c2)
Addition of routes to mwan3_connected ipset is broken. The ipset name was
changed from mwan3_connected_v4/6 to mwan3_connected_ipv4/6, but this
change was not reflected in mwan3rtmon.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 84b3de9eda)
Addition of iptables rules for mwan3 sticky rules is broken, resulting
in non-working sticky rules. The required parameters for the function
'mwan3_set_sticky_iptables' were passed in the wrong order.
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
* Update commit message
* Quoting function arguments
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 66257510d9)
*** MAKEFILE ***
* remove libubus dependency as it was causing issues
https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318
* move firewall hotplug directory/file creation out of default section into
pbr and pbr-iptables packages sections in preparation for dropping it from pbr
* fix no new line after output when uninstalling packages
*** UCI-DEFAULTS ***
* only add firewall include to firewall config if the include file exists
* add shellcheck exception to netifd uci-defaults file
*** SCRIPTS ***
* more informative logging for firewall and iface hotplug scripts
* more informative logging for firewall include script
*** SERVICE ***
* introduce lock-file to prevent package starting on external events if it hasn't
been auto- or manually started before
* use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02
* parse firewall WAN zone to append list of interfaces
* append error and warning "arrays" with new messages
* used shared memory to store the service output/logging messages
* improve is_ovpn function to filter out false positives when interface names started
with `tun`
* introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config
matches the device name in network config
* introduce opkg_get_version to compare versions of principal and luci packages
* better code to obtain AdGuardHome version with betas installed
* optimize code and add better logging for errors when inserting policies with iptables
* optimize code and add better logging for errors when inserting policies with nft
* bugfix: insert policies in all specified protocols
* bugfix: support using physical devices in policies in nft mode
* bugfix: use iptPrefix, not nftPrefix in iptables commands
* implement Tor support in nft mode
* bugfix: fix spelling for User File Syntax error
* restart service fully (instead of quick reload) for OpenVPN interface events, as
the order/number of supported interfaces
* more verbose output (showing handles) of status in nft mode
* improve `icmp_interface`, `ignored_interface`, `supported_interface` validation
regexes
* improve `interface`, validation regex
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit cdfff4a693)
This fixes "permission denied" error when access files as a normal user.
Reported-by: Anya Lin <hukk1996@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 42d340bce0)
* add support for a custom feeds file (/etc/banip/banip.custom.feeds). Add new or edit existing banIP feeds on your own with the integrated custom feed editor (LuCI-component
* add a new option 'ban_blockpolicy' to overrule the default bblock policy (block all chains), see readme for details
* change the feed file format and add a new ipthreat feed, see readme
* refine (debug) logging
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c5d9b3ded2)
This release includes security fixes. Please check the topics below for
details.
- CVE-2023-28755: ReDoS vulnerability in URI
- CVE-2023-28756: ReDoS vulnerability in Time
This release also includes some bug fixes. See the
https://github.com/ruby/ruby/releases/tag/v3_0_6 for further details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
add lighttpd-mod-webdav_min package alternative to lighttpd-mod-webdav
lighttpd-mod-webdav_min is more minimal than full lighttpd-mod-webdav.
lighttpd-mod-webdav_min does not support PROPPATCH, LOCK, UNLOCK, and
by not supporting those methods, removes dependencies on libxml2,
libsqlite3, and libuuid.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit ed6fe528c1)
modify build command for meson type: feature options
remove -Dwith_libev=disabled (option no longer has any effect)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit 4a3b62a92a)
The initial package submission was missing
some required and optional dependencies
due to lack of testing on a system without any python
related packages pre-installed.
Some optional but highly recommended dependencies
were discovered with the stdlib module as described in:
392a68e247/lang/python/README.mdFixes#20441
Signed-off-by: Julien Malik <julien.malik@paraiso.me>
(cherry picked from commit 1f25be97b6)
* add the new init command 'lookup', to lookup the IPs of domain names in the local lists and update them
* significant acceleration of the domain lookup function
* multiple small fixes and improvements
* readme update
* luci update (separate commit)
Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit c07fae25e7)
