Stan Grishin [Fri, 17 Feb 2017 10:29:35 +0000 (02:29 -0800)]
vpnbypass: reworked output formatting and logic.
vpnbypass: No longer depends on hardcoded WAN interface name).
vpnbypass: Table ID, IPSET name and FW_MARK as well as FW_MASK can be defined in config file.
vpnbypass: Uses iptables, not ip rules for handling local IPs/ranges.
vpnbypass: More reliable creation/destruction of VPNBYPASS iptables chain.
vpnbypass: Updated Web UI enables/start and stops/disables service.
vpnbypass: Beautified output.
Dirk Brenken [Fri, 3 Mar 2017 13:39:38 +0000 (14:39 +0100)]
travelmate: release 0.4.0
* add an "active mode", where travelmate will be restarted
every n seconds (default 60) and checks existing uplink connection
regardless of ifdown event trigger (disabled by default)
* enhance multiple radio support
* fix the ap detection
* respect different radios during scanning & connection handling
* cosmetics
Daniel Golle [Fri, 3 Mar 2017 08:02:51 +0000 (09:02 +0100)]
freeradius3: build and package support for LDAP
The lack of LDAP support was one of the things which prevented users
from migrating from freeradius2 to freeradius3.
Enable LDAP in freeradius3 so we can finally burry freeradius2.
Reported-by: Martin Mueller <redacted> Signed-off-by: Daniel Golle <redacted>
Eric Luehrsen [Thu, 2 Mar 2017 05:28:35 +0000 (00:28 -0500)]
unbound: improve maintenance of trust anchor
Unbound UCI tries to protect embedded flash from excess
use. Unbound RFC5011 KSK tracking can rewrite root.key
every few minutes to an hour. It also writes and destroys
files in the same directory during the process.
Recommended UCI delays for copying busy work in /var/
back to /etc/ may be too conservative. These are all
changed from 28 to 9 days.
The RFC5011 KSK results were also destroyed by an
init.d restart, even if /var/ is mounted on persistent
storage like USB drive. /var/lib/unbound/root.key is
now preserved during this process, unless a newer key
is installed in /etc/ manually or package update.
Dirk Brenken [Mon, 27 Feb 2017 20:42:53 +0000 (21:42 +0100)]
adblock: release 2.4.0
* add tld compression,
this new "top level domain compression" removes up to 40 thousand
needless host entries from the block lists and
lowers the memory footprint for the dns backends by 8-10 MByte
* optimize restart behavior in case of an error
* cosmetics
Eric Luehrsen [Thu, 23 Feb 2017 02:35:56 +0000 (21:35 -0500)]
unbound: Update to 1.6.1 with 2017 trust anchor
Unbound 1.6.1 has a few bug fixes for resource leaks,
configuration robustness, compile environment interaction,
and maintaining the trust anchor. The 2017 trust anchor
(DS) is built into unbound and unbound-anchor.
File /etc/unbound/root.key holds 2010/2017 DS record until 2018
https://www.icann.org/resources/pages/ksk-rollover
https://www.iana.org/domains/root
boost: 1.63 Revision 3 -> Python 3.6 Support Fixed and Unsupported Target Fixes
Update:
- Python 3.6 support fixed. It is now correctly compiled and available.
Fixes:
- disabled context and fiber for unsupported targets
There are several architectures which are not supported by context nor
fiber. Because of this, Boost build was failing targets. This created the
situation where the other boost libs were not being built and consequently,
becoming unavailable at the OpenWRT/LEDE repositories.
To solve this issue, it was necessary to disabled fiber and context for
the incompatible targets.
Boost.Fiber is disabled for:
-> ar7, rb532, brcm63xx.smp, brcm63xx, brcm47xx, brcm47xx.legacy, brcm2708,
au1000, ath25, adm8668 and adm5120.
Boost.Context is disabled for:
-> avr32, octeon and netlogic.
pptpd: run service in foreground for procd compatibility
To have service working nicely with procd it should be running in the
foreground. Otherwise it's not possible to e.g. stop it with the init.d
script. Luckily for us pptpd has a simple switch that allows it.
Rafał Miłecki [Wed, 22 Feb 2017 07:19:49 +0000 (08:19 +0100)]
lighttpd: fix regression in local-redir used with url.rewrite-once
This fixes upstream regression introduced in 1.4.40. It was reported &
debugged in https://redmine.lighttpd.net/issues/2793
This fix is queued for 1.4.46 in the personal/gstrauss/master upstream
branch.
BangLang Huang [Tue, 21 Feb 2017 06:49:50 +0000 (14:49 +0800)]
libndpi: add new package
nDPI is an open source LGPLv3 library for deep-packet inspection. Based
on OpenDPI it includes ntop extensions. It had been tried to push the
source code into the OpenDPI source tree but nobody answered emails
so the ntop team had decided to create their own source tree.
github site: https://github.com/ntop/nDPI
official site: http://www.ntop.org/
Rafał Miłecki [Mon, 20 Feb 2017 11:18:17 +0000 (12:18 +0100)]
lighttpd: update to 1.4.45
Update to 1.4.42 introduced a problem with starting lighttpd as
OpenWrt/LEDE service. It was stopping whole init process at sth like:
783 root 1124 S {S50lighttpd} /bin/sh /etc/rc.common /etc/rc.d/S50lighttpd boot
799 root 1164 S /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
It was hanging until getting random pool:
[ 176.340007] random: nonblocking pool is initialized
and then immediately the rest of init process followed:
[ 176.423475] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0
[ 176.430754] jffs2_build_filesystem(): unlocking the mtd device... done.
[ 176.437615] jffs2_build_filesystem(): erasing all blocks after the end marker... done.
This was fixed in 1.4.44, but bump directly to 1.4.45 while at it.