* optimized uci config processing (list options)
* optimized icmp rules in pre-routing (thanks @brada)
* set inbound marker in pre-routing only if inbound logging is enabled (fixes#26044)
* fix cornercase in Set removal function
* print chain-, set- and rules-counter in the banIP status
* clean up logging und download queue handling
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
More than one device can be added to the gpsd at startup. Currently the gpsd
service start script in OpenWrt treats this as an option with only one value.
To allow multiple devices to be specified, the uci 'option device' must be
removed and a new uci 'list devices' is added.
This change means that several devices can be specified at gpsd start with
the new uci 'list devices' configuration.
Running configurations in the field are migrated by a migration script.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The 'readonly' option tells the GPSD that it is not allowed to write to the
GPS TTY, only reading the NMEA data stream is allowed. This option of the
GPSD must be set for my mobile radio device MV31, otherwise the GPSD can not
read the NMEA data stream on the GPS TTY because the GPSD blocks during
plugin probing.
gpsd:PROG: CORE: Probing "Garmin USB binary" driver...
gpsd:PROG: CORE: Probe not found "Garmin USB binary" driver...
gpsd:PROG: CORE: Probing "GeoStar" driver...
gpsd:PROG: Sent GeoStar packet id 0xc1
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The 'gpsd' offers the possibility to call the script '/etc/gpsd/device-hook'
when a GPS source was added or removed via gpsdctl.
In addition to the '/etc/gpsd/device-hook' call an event is now triggered
too after the 'gpsd' has started. This allows scripts to configurre 'gpsd'
receivers.
The following events are available for '/etc/hotplug.d/gpsd' scripts:
* ACTIVATE via '/etc/gpsd/device-hook'
* DEACTIVATE via '/etc/gpsd/device-hook'
* STARTED via '/etc/init.d/gpsd'
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This change makes it possible to add new gps device without restarting the
'gpsd' service by using the 'gpsdctl' command.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Currently, the 104-endianness_fix.patch does not apply, so lets manually
refresh it to apply and thus fix buildbot nginx builds.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This change introduces an optional configuration
of the netifd integration in the ModemManager package.
When disabled, it removes the NETIFD dependency and
other unwanted components from the root filesystem
during the build phase.
Additionally, in the modemmanager.common the netifd-proto.sh
inclusion line can be savely removed as there is no usage
of it in its functions.
Signed-off-by: Gilles Lenaerts <gilles.lenaerts_ext@softathome.com>
Version 3.3 isn't current any more, but current mxml v4 has breaking changes,
so if added should be a new package.
Not depended on by other packages.
Signed-off-by: Espen Jürgensen <espenjurgensen+openwrt@gmail.com>
Fixes podman build breakage which was caused by podman depending on
netavark, which in turn depends on rust-iptables.
rust-iptables requires rust 1.85.0 since commit 75825cd
75825cd9c1
Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com>
Modified 025-remove-unsupported-option.patch to both remove
the bsdtar command as it ends in errors, see below, and to
circumvent an error when extracting to overlayfs[1].
Error when extracting rootfs tarball with bsdtar:
tar --absolute-names --numeric-owner '--xattrs-include=*' -xpJf /var/cache/lxc//download/archlinux/current/amd64//default/rootfs.tar.xz -C /mnt/data/lxc/test/rootfs
./usr/bin/newgidmap: Cannot restore extended attributes on this system: Illegal byte sequence
lxc-create: test: ../src/lxc/lxccontainer.c: create_run_template: 1589 Failed to create container from template
lxc-create: test: ../src/lxc/tools/lxc_create.c: lxc_create_main: 318 Failed to create container test
1. https://github.com/openwrt/openwrt/issues/15888
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
Add gnu-tar as a dependency for lxc-create which is needed to
properly extract the root file system tarball. Without it,
symlink target of /bin/tar is busybox and it lacks proper
support to extract with xattrs. The default gnu-tar is actually
built without this support as well, but it is able to extract
the rootfs tarballs with a warning not an error which is not the
case with busybox which ends in an error.
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Several deps are missing based the output of lxc-checkconfig shown below
before this commit is applied.
CONFIG_IP_NF_TARGET_MASQUERADE and CONFIG_IP6_NF_TARGET_MASQUERADE are
only needed for lxc-net which we do not package.
% lxc-checkconfig | grep missing
Cgroup device: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
FUSE (for use with lxcfs): missing
checkpoint restore: missing
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
Additionally, two new patches have been added which remove checks for
options that OpenWrt currently does not package and can serve are
false positives for missing items from our kernel config, namely:
lxc-net and lxc-checkpoint
After applying this commit, below is the output showing that the kernel
config[1] should pass all tests for functionality:
% CONFIG=config ./lxc-checkconfig
LXC version 6.0.3
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Namespace limits:
cgroup: 383849
ipc: 383849
mnt: 383849
net: 383849
pid: 383849
time: 383849
user: 383849
uts: 383849
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
- /sys/fs/cgroup
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
1. Generated on 23-Feb-2025 running bcm27xx/bcm2712 on r28869+1
Signed-off-by: John Audia <therealgraysky@proton.me>
We do not package lxc-net or lxcfs so remove the lines within
lxc-checkconfig that looks forCONFIG_IP_NF_TARGET_MASQUERADE and
CONFIG_IP6_NF_TARGET_MASQUERADE which, as far as I know, is the only
part of lxc that needs them. Also remove the check for FUSE since we do
not pakcage lxcfs.
Without this commit, users will see these two as missing.
Signed-off-by: John Audia <therealgraysky@proton.me>
* add memory measurements:
- free memory in MB (MemAvailable from /proc/meminfo)
- script run max. used RAM in MB (VmHWM from /proc/$$/status)
* removed the obsolete (domain) lookup command in init script
* update the readme
Signed-off-by: Dirk Brenken <dev@brenken.org>
Trying to compile libffi now that automake has been updated to 1.17 will
fail, however there is no reason for us to be calling autoreconf as libffi
release tarballs already contain the generated configure script.
So, drop the unnecessary autoreconf that seems to be leftover from the
previous 3.4.2 bump as we dont have any patches targeting configure.ac nor
libffi in general.
Fixes: openwrt/openwrt#18041
Signed-off-by: Robert Marko <robimarko@gmail.com>
This redirects the debug output to stderr, allowing `mwan3 use` to be used in
scripts without polluting stdout.
Before:
mwan3 use wan curl -fsSL https://ifconfig.co/json | jq -er '.country_iso'
jq: parse error: Invalid numeric literal at line 1, column 8
curl: (23) Failure writing output to destination, passed 389 returned 0
After:
mwan3 use wan curl -fsSL https://ifconfig.co/json | jq -er '.country_iso'
Running 'curl -fsSL https://ifconfig.co/json' with DEVICE=eth2 SRCIP=192.168.0.1 FWMARK=0x3f00 FAMILY=ipv4
DE
Signed-off-by: Philipp Schmitt <philipp@schmitt.co>
3.4.7 Feb-8-2024
Add static trampoline support for Linux on s390x.
Fix BTI support for ARM64.
Support pointer authentication for ARM64.
Fix ASAN compatibility.
Fix x86-64 calls with 6 GP registers and some SSE registers.
Miscellaneous fixes for ARC and Darwin ARM64.
Fix OpenRISC or1k and Solaris 10 builds.
Remove nios2 port.
Signed-off-by: John Audia <therealgraysky@proton.me>
Updated and removed upstreamed patch.
Highlights relating to security:
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
Full release notes: https://www.openssh.com/txt/release-9.9p2
Signed-off-by: John Audia <therealgraysky@proton.me>
This propagates the exit code of the command wrapped by `mwan3 use` and
allows for example to use `mwan3 use` in monitoring scripts.
Before change:
shell command:
mwan3 use wan false >/dev/null && echo ok || echo fail
result:
ok
After change:
shell command:
mwan3 use wan false >/dev/null && echo ok || echo fail
result:
fail
Signed-off-by: Philipp Schmitt <philipp@schmitt.co>
* No more `/sbin/uci: Invalid argument output` when set to not update
dnsmasq instances (thanks @tmcqueen-materials for investigation!)
* Do not wait for interface.up on boot, hopefully this resolves the
boot-up start for everyone
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Move working directory from `/var/adguardhome` to
`/var/lib/adguardhome`, according to Linux FHS.
Add option to store PID file, defaulting to `/run/adguardhome.pid`.
Signed-off-by: Ryan Keane <the.ra2.ifv@gmail.com>
