Commit Graph

2392 Commits

Author SHA1 Message Date
Karl Palsson 91605abdf8 net/mosquitto: support more config fields in init script
Adds the "notifications" option which is important when connecting
mosquitto to rabbitmq for instance.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-05-05 11:39:02 +00:00
David Thornley 56178f5c34 net/mosquitto: Added further security configuration options for bridge section
Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
2017-05-05 11:39:02 +00:00
Karl Palsson 245c21e4ad net/mosquitto: use PROVIDES for -client tools also
Earlier, PROVIDES handling was clarified for the broker and the library.
Use the same style to properly provide the -client-ssl and -client-nossl
packages.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-05-05 11:39:02 +00:00
Dirk Brenken 710965eb12 adblock: backport updates to 2.6.2
Backport updates in 2.5.0-2.6.2 from master.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-04-30 00:01:55 +03:00
Val Kulkov 51e67dae00 subversion: add unixodbc dependency
Compile tested: LEDE HEAD

If unixodbc package is present in the environment, subversion
fails to compile due to missing dependencies.

Fixes the dependency on unixodbc if unixodbc package is selected.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>

(cherry picked from commit 06a529df35)
2017-04-19 17:19:18 +03:00
Hannu Nyman 8e1027aa1a lighttpd: disable trigger_b4_dl module due to buildbot failure
trigger_b4_dl fails to build in the 17.01 buildbot and that causes
also three other modules to be unbuilt (userdir, usertrack, webdav).

As a quick fix, disable trigger_b4_dl to see if the three missing
modules then build ok in the buildbot.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-04-18 16:16:37 +03:00
Hannu Nyman f9e9984818 Revert "lighttpd: add new modules, upd URLs, add restart()"
This reverts commit 18d7593c72.

Buildbot did not build the new version successfully due to
krb5 detection problems. Let's revert to the previous version,
so that 17.01.1 can be built in a stable way.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-04-09 21:38:28 +03:00
Glenn Strauss 18d7593c72 lighttpd: add new modules, upd URLs, add restart()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>

cherry picked from commit 6e788aca0c
Hopefully this will fix compilation of some plugins in the 17.01 buildbot.
signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-04-08 11:10:59 +03:00
Eric Luehrsen 79a48b009f unbound: improve interface trigger behavior
procd interface triggers may be busy. Unbound hard restarts will
flush the cache. This might happen frequently depending on how
interface triggers occur.

Change the procd trigger to reduce occurences. Load this trigger
prior to netifd (START=20), but only truly start Unbound from
the trigger rather than immediately in init. Clean up log entries
in scripts after Unbound, NTP, and DNSSEC are established.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-04-04 23:03:33 -04:00
Eric Luehrsen eba418ab59 unbound: support copy without dash update
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-04-04 23:03:33 -04:00
Eric Luehrsen b315a07e99 unbound: fix hotplug iface and ntp restarts
Unbound is configured to restart on hotplug/iface but this can result
in numerous restarts at boot. Unbound also has a restart for NTP.
This was observed to generate trouble and even with procd robustness
too many crashes might occur (rare). Unbound would not be running.

Give more care to /var/lib/unbound/root.key during restarts. Use procd
for iface restarts. Check pidof() to wait one more second for Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-04-04 23:03:33 -04:00
Eric Luehrsen ab0be4f26c unbound: bugfix init race condition invalid FQDN
options 'add_local_fqdn' and 'add_wan_fqdn' can be affected
by race conditions when they are at level 4. Interface name
may not be returned by network tools. The conf file has bad
record formats and Unbound just will not load. Detect this
and fall back to only the host FQDN (level 3).

squash: improve documentation wording and format codes.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-04-04 23:03:33 -04:00
Audric Schiltknecht 0413f84f28 unbound: fix odhcpd trigger script
Read UNBOUND_TXT_DOMAIN from main unbound configuration.
This prevents records to be added into Unbound in the default 'lan' zone.

Signed-off-by: Audric Schiltknecht <storm+github@chemicalstorm.org>
2017-04-04 23:03:33 -04:00
Thomas Heil 375a5e839f package: haproxy
[RELEASE] Released version 1.7.5 due to bug in compression

 Released version 1.7.5 with the following main changes :
  - BUG/MEDIUM: peers: fix buffer overflow control in intdecode.
  - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers
  - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is enabled
  - BUG/MINOR: filters: Don't force the stream's wakeup when we wait in flt_end_analyze
  - DOC: fix parenthesis and add missing "Example" tags
  - DOC: update the contributing file
  - DOC: log-format/tcplog/httplog update
  - MINOR: config parsing: add warning when log-format/tcplog/httplog is overriden in "defaults" sections

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-04-03 13:51:53 +02:00
Thomas Heil 40e4aad519 package: haproxy
Correct Download Url to http://www.haproxy.org/download/1.7/src

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-03-28 13:17:29 +02:00
Thomas Heil d9e977d29b package: haproxy bump to latest stable 1.7.4
[RELEASE] Released version 1.7.4

    Released version 1.7.4 with the following main changes :
        - MINOR: config: warn when some HTTP rules are used in a TCP proxy
        - BUG/MINOR: spoe: Fix soft stop handler using a specific id for spoe filters
        - BUG/MINOR: spoe: Fix parsing of arguments in spoe-message section
        - BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying to parse OCSP file
        - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup
        - BUG/MINOR: Fix "get map <map> <value>" CLI command
        - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the data layer
        - BUG/MEDIUM: ssl: switchctx should not return SSL_TLSEXT_ERR_ALERT_WARNING
        - BUG/MINOR: checks: attempt clean shutw for SSL check
        - CONTRIB: tcploop: add limits.h to fix build issue with some compilers
        - CONTRIB: tcploop: make it build on FreeBSD
        - CONTRIB: tcploop: fix time format to silence build warnings
        - CONTRIB: tcploop: report action 'K' (kill) in usage message
        - CONTRIB: tcploop: fix connect's address length
        - CONTRIB: tcploop: use the trash instead of NULL for recv()
        - BUG/MEDIUM: listener: do not try to rebind another process' socket
        - BUG/MEDIUM: filters: Fix channels synchronization in flt_end_analyze
        - BUG/MAJOR: stream-int: do not depend on connection flags to detect connection
        - BUG/MEDIUM: connection: ensure to always report the end of handshakes
        - BUG: payload: fix payload not retrieving arbitrary lengths
        - BUG/MAJOR: http: fix typo in http_apply_redirect_rule
        - MINOR: doc: 2.4. Examples should be 2.5. Examples
        - BUG/MEDIUM: stream: fix client-fin/server-fin handling
        - MINOR: fd: add a new flag HAP_POLL_F_RDHUP to struct poller
        - BUG/MINOR: raw_sock: always perfom the last recv if RDHUP is not available
        - DOC/MINOR: Fix typos in proxy protocol doc
        - DOC: Protocol doc: add checksum, TLV type ranges
        - DOC: Protocol doc: add SSL TLVs, rename CHECKSUM
        - DOC: Protocol doc: add noop TLV
        - MEDIUM: global: add a 'hard-stop-after' option to cap the soft-stop time
        - BUG/MINOR: cfgparse: loop in tracked servers lists not detected by check_config_validity().
        - MINOR: server: irrelevant error message with 'default-server' config file keyword.
        - MINOR: doc: fix use-server example (imap vs mail)
        - BUG/MEDIUM: tcp: don't require privileges to bind to device
        - BUILD: make the release script use shortlog for the final changelog
        - BUILD: scripts: fix typo in announce-release error message

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-03-28 11:43:37 +02:00
Thomas Heil 6678d0478c package: memcached - upgrade to latest stable
bump to version 1.4.36

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-03-28 11:35:30 +02:00
heil 3c36d4388c package: haproxy
- bump to stable 1.7.3 and pending patches from upstream

Signed-off-by: heil <heil@terminal-consulting.de>
2017-03-16 22:37:37 +01:00
Dirk Brenken afe6be45e3 adblock: backport updates upto 2.4.0-2
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

Original commit messages:

adblock: update 2.3.2
* optimize memory consumption &
  enable overall sort only on devices with > 64MB RAM,
  this prevents sort related kernel dumps
(cherry picked from commit 8c5b9a0802)

adblock: release 2.4.0
* add tld compression,
  this new "top level domain compression" removes up to 40 thousand
  needless host entries from the block lists and
  lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
(cherry picked from commit ed470f0dcc)

adblock: release 2.4.0 (release 2)
* add missing sort step if tld compression was disabled
(cherry picked from commit b3b9972eac)
2017-03-04 18:20:24 +02:00
Eric Luehrsen 8e153c9684 unbound: improve maintenance of trust anchor
Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.

Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.

The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-03-02 00:55:49 -05:00
Eric Luehrsen ef0c0eeab0 unbound: Update to 1.6.1 with 2017 trust anchor
Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.

File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-03-02 00:48:24 -05:00
Eric Luehrsen 412fd1bbf4 unbound: bugfix add_local_fqdn with empty ULA
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-03-02 00:48:24 -05:00
Eric Luehrsen b23d25fd2f unbound: improve robustness with dhcp scripts
When for example 'package/net/adblock' and DNSSEC vs NTP robustness
is enabled, significant restart thrashing can occur at boot up. DHCP
lease triggers may be occuring at the same time. Unbounds DNS-DHCP
may be incomplete until new DHCP solicit events. Solve this by
leaving a passive but complete host conf file during lease trigger.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-03-02 00:48:24 -05:00
Eric Luehrsen 26b26917a6 Unbound: bug fix odhcpd and add auto adblock
Bug fix dhcp4_slaac6 option was adding to all IP6 routes.
Filtering was added to this process to only include addresses
served from "this dhcp interface."

adblock 2.3.0 file output is now detected and automatically
integrated into Unbound local-zones. adblock deposites its
block site zone-files into /var/lib/unbound. If this is not
desired, then disable adblock or reconfigure to avoid Unbound.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-03-02 00:48:24 -05:00
Eric Luehrsen a4d4b6d874 unbound: error in README.md for unbound+dnsmasq 2017-03-02 00:48:24 -05:00
Rafał Miłecki 95463a50e3 pptpd: run service in foreground for procd compatibility
To have service working nicely with procd it should be running in the
foreground. Otherwise it's not possible to e.g. stop it with the init.d
script. Luckily for us pptpd has a simple switch that allows it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fixes: 15e7f611af ("pptpd: convert init script to procd")
2017-02-23 10:22:45 +01:00
Rafał Miłecki 726aed1e45 lighttpd: fix regression in local-redir used with url.rewrite-once
This fixes upstream regression introduced in 1.4.40. It was reported &
debugged in https://redmine.lighttpd.net/issues/2793
This fix is queued for 1.4.46 in the personal/gstrauss/master upstream
branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-23 10:22:44 +01:00
Rafał Miłecki ff823746ad lighttpd: update to 1.4.45
Update to 1.4.42 introduced a problem with starting lighttpd as
OpenWrt/LEDE service. It was stopping whole init process at sth like:
  783 root      1124 S    {S50lighttpd} /bin/sh /etc/rc.common /etc/rc.d/S50lighttpd boot
  799 root      1164 S    /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

It was hanging until getting random pool:
[  176.340007] random: nonblocking pool is initialized
and then immediately the rest of init process followed:
[  176.423475] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[  176.430754] jffs2_build_filesystem(): unlocking the mtd device... done.
[  176.437615] jffs2_build_filesystem(): erasing all blocks after the end marker... done.

This was fixed in 1.4.44, but bump directly to 1.4.45 while at it.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-23 10:22:43 +01:00
Dirk Brenken ac596200ca adblock: update 2.3.1
* various optimizations & corner case fixes
* removed no longer needed debug information
* polished up for forthcoming LEDE release ;-)

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5cf40c94ee)
2017-02-17 00:20:34 +02:00
Stijn Tintel f492265424 net-snmp: add engineID config options
According to the snmpd.conf man page, the engineID of an snmp agent
should be consistent through time. However, it seems that the engineID
changes every reboot. Add options to configure how the engineID is
generated. The default setting generates it based on the MAC address of
the eth0 interface.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-15 13:12:22 +01:00
Yousong Zhou 48aca2b236 xl2tpd: backporting fix for race condition causing xl2tpd hang
The patch was taken from https://github.com/xelerance/xl2tpd/pull/125

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-14 19:38:42 +08:00
Nikos Mavrogiannopoulos 67de57b923 ocserv: updated to 0.11.7
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-02-12 10:28:58 +01:00
Dirk Brenken aa4df29f72 adblock: 2.3.0 (package release 3)
* refine too optimistic wget/uclient-fetch timeout defaults
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 5e4cd25103)
2017-02-12 10:47:39 +02:00
Stijn Tintel 5d5498f364 vallumd: bump to 0.1.3
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-10 09:32:58 +01:00
Christian Schoenebeck bb6a10c69f [lede-17.01] ddns-scripts: New update url for service duiadns.net
- new update url for service duiadns.net
- updated public_suffix_list.dat

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-02-09 21:25:18 +01:00
Dirk Brenken 2c9e7ddc5f adblock: 2.3.0 (package release 2)
* update readme regarding unbound integration
* cosmetics

Signed-off-by: Dirk Brenken <dev@brenken.org>
(cherry picked from commit 1e7a1b380b)
2017-02-07 21:06:31 +02:00
Jo-Philipp Wich 06198d9c8c Revert "vnstat: update to v1.16"
This reverts commit 79b6e9dc61.

Undo the recent vnstat update due to upstream bugs preventing database
restoration.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-06 11:02:16 +01:00
Eric Luehrsen 82b297d7c3 unbound: expand UCI to cover some popular dnsmasq features
Unbound+DHCP (server of your choice) should be able to replicate
a lot of what dnsmasq provides. With this change set Unbound
still works with dnsmasq, but also it can work with a plain
DHCP server. Features have been added within the UCI itself
to act like dnsmasq.

- alone: name each interface relative to router hostname
- alone: prevent upstream leakage of your domain and '.local'
- dnsmasq: use dnsmasq UCI to configure forwarding clauses
- dhcp: work with odhcpd as example of companion DHCP-DNS
- dhcp: convert DHCPv4 leases into EUI64 SLAAC for DNS records
- all: enable encrypted remote unbound-control using splice conf
- all: allow user spliced conf-files for hybrid UCI and manual conf
-- 'unbound_srv.conf' will be spliced into the 'server:' clause
-- 'unbound_ext.conf' will add clauses to the end, example 'forward:'

README HOW TO for dnsmasq-in-serial, dnsmasq-in-parallel, and
unbound-with-odhcpd have better/added UCI starters. HOW TO for
including unbound_srv.conf and unbound_ext.conf are added.
Document new UCI: add_local_fqdn, add_wan_fqdn, dhcp4_slaac6,
dhcp_link, domain, and domain_type

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 20:08:30 +01:00
Eric Luehrsen 1a458a5697 unbound: expand UCI support for odhcpd DHCP-DNS
This is bare minimum change in 'unbound.sh' and
'dnsmasq.sh' to migrate the UCI option set for
more flexibility. The boolean(s) to link to
dnsmasq are being changed to a state to include
odhcpd. It is executable but a small step for
clear change management.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 20:08:30 +01:00
Eric Luehrsen 51e605f1de unbound: add odhcpd specific scripts to link DHCP-DNS
The UCI for Unbound already links to dnsmasq, but what
if with Unbound, we want to configure a plain dhcp server.
Most servers can call a script for lease events. That
script can then formulate DNS records and load them
with unbound-control (dependency).

The files added here work with OpenWRT/LEDE odhcpd, such
that it can be run alone. They can be used as examples
for any dhcp server. 'odhcpd.sh' is to be called by
odhcpd when a lease event occurs. 'odhcpd.awk' is called
internal to the shell script. The awk script handles
any tricky reformating that may be required.

/etc/config/dhcp
config odhcpd 'odhcpd'
  option leasetrigger '/usr/lib/unbound/odhcpd.sh'

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 20:08:30 +01:00
Eric Luehrsen 2f923ec281 unbound: improve NTP hotplug behavior when Unbound is disabled
If Unbound was disabled and at later time enabled, then it
would operate in DNSSEC less-secure mode. When NTP hotplug
was called, the timestamp file was not updated. This was
found testing Unbound vs other tools (bind, dnsmasq).

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 20:08:30 +01:00
Dirk Brenken 06a9de2d02 adblock: release 2.3.0
* automatically selects dnsmasq or unbound as dns backend
* add the new 'adguard' source, a combined/quite effective block list
* remove needless dns backend restarts
* optimize adblock restart behavior
* optimize block list processing on inotify enabled filesystems
* better return code checking on block list download
* fix boot function/startup on Chaos Calmer
* fix a bug in blocklist removal function
* add more (optional) debug output
* move backup options to global config
* documentation update

Signed-off-by: Dirk Brenken <dev@brenken.org>
2017-02-05 20:07:18 +01:00
Hauke Mehrtens 25be7a2220 tor: update to version 0.2.9.9
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-05 19:54:43 +01:00
Daniel Engberg 7ba28a5783 net/stunnel: Update to version 5.40
Update stunnel to 5.40

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-02-05 19:41:50 +01:00
Hannu Nyman fd6f15ec3f rsync and cifs-utils: update download address
samba.org has apparently started to enforce https-only downloads,
so update the download links for rsync and cifs-utils.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-05 19:41:50 +01:00
Damiano Renfer f390d77d4d net/dnscrypt-proxy: update to 1.9.4
Signed-off-by: Damiano Renfer damiano.renfer@gmail.com
2017-02-05 19:41:50 +01:00
Stijn Tintel 59313e6480 strongswan: enable IKEv2 Mediation Extension
Closes #3905.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-05 19:41:50 +01:00
Jo-Philipp Wich b4ef335746 pen: update to v0.34.0
Update the pen package to upstream release v0.34.0 in order to fix the
following build error reported by the buildbot:

    ssl.o: In function `ssl_create_context':
    ssl.c:(.text+0x9c): undefined reference to `SSLv3_method'
    collect2: error: ld returned 1 exit status

Also switch from PKG_MD5SUM to PKG_HASH with SHA256 while we're at it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-05 19:40:06 +01:00
Jo-Philipp Wich 9d441d2c34 socat: work around missing stddef.h include
The buildbots fail to build socat due to the following error:

    nestlex.c:14:7: error: unknown type name 'ptrdiff_t'

It appears that certain source files do not include all required headers,
depending on the configure options passed to socat.

Work around the error by passing `-include stddef.h` via `TARGET_CFLAGS` to
forcibly inject this header file into all compilation units.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-05 19:38:38 +01:00
Peter Wagner 06525f0d3b ntpd: cleanup Makefile and hotplug script
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-02-05 19:38:37 +01:00