Fix compilation warning due to wrong cast.
In file included from ./include/linux/kernel.h:19,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:16:
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c: In function 'dmx_usb_write':
./include/linux/kern_levels.h:5:25: error: format '%d' expects argument of type 'int', but argument 4 has type 'size_t' {aka 'long unsigned int'} [-Werror=format=]
5 | #define KERN_SOH "\001" /* ASCII Start Of Header */
| ^~~~~~
./include/linux/printk.h:422:25: note: in definition of macro 'printk_index_wrap'
422 | _p_func(_fmt, ##__VA_ARGS__); \
| ^~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:41:45: note: in expansion of macro 'printk'
41 | #define dbg(format, arg...) do { if (debug) printk(KERN_DEBUG __FILE__ ": " format "\n" , ## arg); } while (0)
| ^~~~~~
./include/linux/kern_levels.h:15:25: note: in expansion of macro 'KERN_SOH'
15 | #define KERN_DEBUG KERN_SOH "7" /* debug-level messages */
| ^~~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:41:52: note: in expansion of macro 'KERN_DEBUG'
41 | #define dbg(format, arg...) do { if (debug) printk(KERN_DEBUG __FILE__ ": " format "\n" , ## arg); } while (0)
| ^~~~~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/dmx_usb_module-19.12.1/dmx_usb.c:409:9: note: in expansion of macro 'dbg'
409 | dbg("%s - minor %d, count = %d", __FUNCTION__, dev->minor, count);
| ^~~
cc1: all warnings being treated as errors
Fix simple compilation warning with checking statically allocated
variables and missing fallthrough.
Fix compilation warning:
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'ring_release':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:5489:6: error: the comparison will always evaluate as 'true' for the address of 'name' will never be NULL [-Werror=address]
5489 | && pfr->zc_device_entry->zc_dev.dev->name) {
| ^~
In file included from ./include/linux/rtnetlink.h:7,
from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:84:
./include/linux/netdevice.h:1986:33: note: 'name' declared here
1986 | char name[IFNAMSIZ];
| ^~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'ring_bind':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:5620:18: error: the comparison will always evaluate as 'false' for the address of 'sa_data' will never be NULL [-Werror=address]
5620 | if(sa->sa_data == NULL)
| ^~
In file included from /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:82:
./include/linux/socket.h:34:25: note: 'sa_data' declared here
34 | char sa_data[14]; /* 14 bytes of protocol address */
| ^~~~~~~
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c: In function 'hash_pkt_cluster':
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:3937:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
3937 | if(l3_proto == IPPROTO_TCP)
| ^
/home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/PF_RING-8.0.0/kernel/pf_ring.c:3944:3: note: here
3944 | case cluster_per_flow_2_tuple:
| ^~~~
cc1: all warnings being treated as errors
netatop: fix compilation warning for kernel module
Fix compilation warning for missing fallthrough.
Fix compilation warning:
/builder/shared-workdir/build/build_dir/target-mipsel_24kc_musl/netatop-3.1/module/netatop.c: In function 'getsockopt':
/builder/shared-workdir/build/build_dir/target-mipsel_24kc_musl/netatop-3.1/module/netatop.c:1619:26: error: this statement may fall through [-Werror=implicit-fallthrough=]
1619 | tasktype = 'g';
| ~~~~~~~~~^~~~~
/builder/shared-workdir/build/build_dir/target-mipsel_24kc_musl/netatop-3.1/module/netatop.c:1621:12: note: here
1621 | case NETATOP_GETCNT_PID:
| ^~~~
cc1: all warnings being treated as errors
Oskari Rauta [Fri, 12 May 2023 06:20:47 +0000 (09:20 +0300)]
podman: update to 4.5.0
- added btrfs-tools as a build depency
- switch from cni networking to recommended new standard, netavark.
- drop iptables config option (netavark handles that now)
- patch refreshed
List of changes: https://github.com/containers/podman/releases
Oskari Rauta [Fri, 12 May 2023 06:10:06 +0000 (09:10 +0300)]
aardvark-dns: add new package
aardvark-dns is companion for netavark, recent cni replacement on podman
git version used instead of release, to maintain maximal compatibility
with netavark, also using git version.
Description:
Aardvark-dns is an authoritative dns server for A/AAAA container records.
It can forward other requests to configured resolvers.
Oskari Rauta [Fri, 12 May 2023 05:39:28 +0000 (08:39 +0300)]
netavark: add new package
podman is moving from cni to netavark. Netavark supports currently
only iptables, so I was in touch some time ago with mainstream
maintainer and provided a "none" firewall driver - to make it possible
to use netavark without firewalling features. Driver cannot be selected
at this time without environment variable that selects it, so I made
a config file for openwrt and a wrapper script that takes advantage of
it.
Available options are iptables, nftables and none - but selecting
nftables just tells user that nftables isn't yet supported.
firewall "none" driver is not yet included in release, so that's why
we use git version instead. I chose latest commit instead of commit
with none driver.
Description:
Netavark is a rust based network stack for containers.
It is being designed to work with Podman but is also applicable for other OCI container management applications.
Fix compilation warning for stack limit and variable length array.
Fix compilation warning:
CC [M] /home/ansuel/openwrt-ansuel/openwrt/build_dir/target-aarch64_cortex-a53_musl/linux-ipq807x_generic/siit-1.2/siit.o
../siit-1.2/siit.c: In function 'ip4_fragment':
../siit-1.2/siit.c:988:9: error: ISO C90 forbids variable length array 'buff' [-Werror=vla]
988 | char buff[FRAG_BUFF_SIZE+hdr_len]; /* buffer to form new fragment packet */
| ^~~~
../siit-1.2/siit.c: In function 'siit_xmit':
../siit-1.2/siit.c:1359:1: error: the frame size of 2144 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
1359 | }
| ^
cc1: all warnings being treated as errors
Sebastian Kemper [Sat, 13 May 2023 18:54:01 +0000 (20:54 +0200)]
gnutls: load libunistring-optional gnulib module
Since a few days staging_dir/host/share/aclocal/ contains new m4 files
(libunistring-base.m4, libunistring-optional.m4, libunistring.m4 etc.)
that get applied during autoreconf. This changes the libunistring setup
enough that we run into problem (builds fail).
Load the libunistring-optional gnulib module in configure.ac to be able
to add/use the new configure switch "--with-included-libunistring".
This is at most a workaround. This should be followed up with gnutls
upstream to clean this up.
Glenn Strauss [Thu, 11 May 2023 00:52:05 +0000 (20:52 -0400)]
lighttpd: include mod_h2 in base package
The next version of lighttpd will move HTTP/2 support from the lighttpd
base executable into a separate module: mod_h2
Include patch to do so now, and update packaging to handle it.
HTTP/2 support is enabled by default since lighttpd 1.4.59, but if
HTTP/2 support is explicitly disabled in the configuration, then mod_h2
will not be loaded, thereby reducing lighttpd memory use.
Daniel Golle [Mon, 8 May 2023 11:21:36 +0000 (13:21 +0200)]
dovecot: update to version 2.3.20
v2.3.20 2022-12-22 Aki Tuomi <redacted>
+ Add dsync_features=no-header-hashes. When this setting is enabled and
one dsync side doesn't support mail GUIDs (i.e. imapc), there is no
fallback to using header hashes. Instead, dsync assumes that all mails
with identical IMAP UIDs contains the same mail contents. This can
significantly improve dsync performance with some IMAP servers that
don't support caching Date/Message-ID headers.
+ lua: HTTP client has more settings now, see
https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client
+ replicator: "doveadm replicator status" command now outputs when the
next sync is expected for the user.
- LAYOUT=index: duplicate GUIDs were not cleaned out. Also the list
recovery was not optimal.
- auth: Assert crash would occur when iterating multiple userdb
backends.
- director: Logging into director using master user with
auth_master_user_separator character redirected user to a wrong
backend, unless master_user_separator setting was also set to the same
value. Merged these into auth_master_user_separator.
- dsync: Couldn't always fix folder GUID conflicts automatically with
Maildir format. This resulted in replication repeatedly failing
with "Remote lost mailbox GUID".
- dsync: Failed to migrate INBOX when using namespace prefix=INBOX/,
resulting in "Remote lost mailbox GUID" errors.
- dsync: INBOX was created too early with namespace prefix=INBOX/,
resulting a GUID conflict. This may have been resolved automatically,
but not always.
- dsync: v2.3.18 regression: Wrong imapc password with dsync caused
Panic: file lib-event.c: line 506 (event_pop_global):
assertion failed: (event == current_global_event)
- imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT
configured did not return correct (private) unseen counts.
- lib-dict: Process would crash when committing data to redis without
dict proxy.
- lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH. Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment):
assertion failed: (data != NULL). v2.3.13 regression.
- lib-storage: mail_attribute_dict with dict-sql failed when it tried to
lookup empty dict keys.
- lib: ioloop-kqueue was missing include breaking some BSD builds.
- lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail
processes, because it expected "dns-client" socket to exist in the
current directory.
- oauth2: Using %{oauth2:name} variables could cause useless
introspections.
- pop3: Sending POP3 command with ':' character caused an assert-crash.
v2.3.18 regression.
- replicator: Replication queue had various issues, potentially causing
replication requests to become stuck.
- stats: Invalid Prometheus label names were created with specific
histogram group_by configurations. Prometheus rejected these labels.
v2.3.19.1 2022-06-14 Aki Tuomi <redacted>
- doveadm deduplicate: Non-duplicate mails were deleted.
v2.3.19 regression.
- auth: Crash would occur when iterating multiple backends. Fixes: Panic: file userdb-blocking.c:
line 125 (userdb_blocking_iter_next): assertion failed: (ctx->conn != NULL)
v2.3.19 2022-05-10 Aki Tuomi <redacted>
+ Added mail_user_session_finished event, which is emitted when the mail
user session is finished (e.g. imap, pop3, lmtp). It also includes
fields with some process statistics information.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ Added process_shutdown_filter setting. When an event matches the filter,
the process will be shutdown after the current connection(s) have
finished. This is intended to reduce memory usage of long-running imap
processes that keep a lot of memory allocated instead of freeing it to
the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ doveadm deduplicate: Performance is improved significantly.
+ imapc: COPY commands were sent one mail at a time to the remote IMAP
server. Now the copying is buffered, so multiple mails can be copied
with a single COPY command.
+ lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
https://doc.dovecot.org/admin_manual/lua/ for more information.
- auth: Cache lookup would use incorrect cache key after username change.
- auth: Improve handling unexpected LDAP connection errors/hangs.
Try to fix up these cases by reconnecting to the LDAP server and
aborting LDAP requests earlier.
- auth: Process crashed if userdb iteration was attempted while auth-workers
were already full handling auth requests.
- auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
introspection requests.
- dict: Timeouts may have been leaked at deinit.
- director: Ring may have become unstable if a backend's tag was changed.
It could also have caused director process to crash.
- doveadm kick: Numeric parameter was treated as IP address.
- doveadm: Proxying can panic when flushing print output. Fixes
Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
(ioloop == current_ioloop).
- doveadm sync: BROKENCHAR was wrongly changed to '_' character when
migrating mailboxes. This was set by default to %, so any mailbox
names containing % characters were modified to "_25".
- imapc: Copying or moving mails with doveadm to an imapc mailbox could
have produced "Error: Syncing mailbox '[...]' failed" Errors. The
operation itself succeeded but attempting to sync the destination
mailbox failed.
- imapc: Prevent index log synchronization errors when two or more imapc
sessions are adding messages to the same mailbox index files, i.e.
INDEX=MEMORY is not used.
- indexer: Process was slowly leaking memory for each indexing request.
- lib-fts: fts header filters caused binary content to be sent to the
indexer with non-default configuration.
- doveadm-server: Process could hang in some situations when printing
output to TCP client, e.g. when printing doveadm sync state.
- lib-index: dovecot.index.log files were often read and parsed entirely,
rather than only the parts that were actually necessary. This mainly
increased CPU usage.
- lmtp-proxy: Session ID forwarding would cause same session IDs being
used when delivering same mail to multiple backends.
- log: Log prefix update may have been lost if log process was busy.
This could have caused log prefixes to be empty or in some cases
reused between sessions, i.e. log lines could have been logged for the
wrong user/session.
- mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
Panic: Module context mail_crypt_user_module missing.
- mail_crypt: When LMTP was delivering mails to both recipients with mail
encryption enabled and not enabled, the non-encrypted recipients may
have gotten mails encrypted anyway. This happened when the first
recipient was encrypted (mail_crypt_save_version=2) and the 2nd
recipient was not encrypted (mail_crypt_save_version=0).
- pop3: Session would crash if empty line was sent.
- stats: HTTP server leaked memory.
- submission-login: Long credentials, such as OAUTH2 tokens, were refused
during SASL interactive due to submission server applying line length
limits.
- submission-login: When proxying to remote host, authentication was not
using interactive SASL when logging in using long credentials such as
OAUTH2 tokens. This caused authentication to fail due to line length
constraints in SMTP protocol.
- submission: Terminating the client connection with QUIT command after
mail transaction is started with MAIL command and before it is
finished with DATA/BDAT can cause a segfault crash.
- virtual: doveadm search queries with mailbox-guid as the only parameter
crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
assertion failed: (result != 0)
Dirk Brenken [Fri, 12 May 2023 20:30:29 +0000 (22:30 +0200)]
banip: release 0.8.6-1
* made the fetch utility function/autodetection more bullet proof
* no longer add suspicious IPs to the local blocklist when the nft set timeout has been set
* restructure internal functions & small fixes
Florian Eckert [Thu, 11 May 2023 09:43:20 +0000 (11:43 +0200)]
glib2: fix host build offline download
If buildsystem does not have a internet connection, then the build
fails. This is because of the fact, that glib2 is downloading and building
the missing dependencies during host compilation.
This cannot be allowed to happen. The package must also be built without
an internet connection.
Adding the missing host build dependency and removing the 'forcefallback'
fixes this issue.
The default runtime directory used by LXC is /run which doesn't exist
in OpenWrt. It causes errors like:
Failed to create lock for foo
lxc-create: foo: tools/lxc_create.c: main: 260 Failed to create lxc container
There has been workaround for that in the lxc-auto.init but it requires
installing "lxc-auto" package. Replacing that "ln -s" workaround with
Makefile specifying RUNTIME_PATH define allows using pure "lxc" in
OpenWrt (without the "lxc-auto").
Rafał Miłecki [Thu, 11 May 2023 11:27:32 +0000 (13:27 +0200)]
wsdd2: fix stopping service
Function start_service() is called whenever service may need reloading.
If SMB server is not running it could be simply because it has been
stopped. Reloading service in such case is not an error so:
1. Don't log error as it isn't one
2. Don't exit with error code as it was confusing procd
Jeffery To [Wed, 10 May 2023 15:49:46 +0000 (23:49 +0800)]
numpy: Avoid build user config files
This stops numpy from reading .numpy-site.cfg in the build user's home
directory. The code actually tries to find both .numpy-site.cfg and
site.cfg in the user's home directory; this patch prevents both.
Jeffery To [Fri, 17 Feb 2023 03:47:15 +0000 (11:47 +0800)]
numpy: Fix compilation when OpenBLAS support is not enabled
Currently, if OpenBLAS support is not enabled, a site.cfg file is not
written and numpy will use build host paths for libraries. If the build
host has any conflicting libraries, specifically libpython3.10.a, then
compilation will fail.
This ensures site.cfg is always written with buildroot paths.
Jeffery To [Wed, 10 May 2023 16:26:17 +0000 (00:26 +0800)]
numpy: Fix pyproject.toml-based build
The versions of setuptools and wheel pinned in pyproject.toml are older
than the versions available in the packages repo. This unpins the
versions so that the build can proceed.
Florian Eckert [Thu, 4 May 2023 11:10:38 +0000 (13:10 +0200)]
mwan3: reset score to up+down on connected
Set the score value to the maximum value when the connected function is
called. The same happens with a disconnected event, the score value is
there set to zero.
Florian Eckert [Mon, 28 Nov 2022 09:13:25 +0000 (10:13 +0100)]
mwan3: refactoring mwan3track action handling
Refactoring the score handling, so that only one action could take place
during run. The behaviour should be more comprehensible, since several
score actions are not processed at the same time.
Antonio Flores [Sun, 7 May 2023 03:53:46 +0000 (23:53 -0400)]
gnutls: update to v3.8.0
Fixes: https://github.com/openwrt/openwrt/issues/12542
The detailed list of changes follows:
* Version 3.8.0 (released 2023-02-09)
** libgnutls: Fix a Bleichenbacher oracle in the TLS RSA key exchange.
Reported by Hubert Kario (#1050). Fix developed by Alexander Sosedkin.
[GNUTLS-SA-2020-07-14, CVSS: medium] [CVE-2023-0361]
** libgnutls: C++ library is now header only. All definitions from
gnutlsxx.c have been moved into gnutlsxx.h. Users of the C++
interface have two options:
1. include gnutlsxx.h in their application and link against
the C library. (default)
2. include gnutlsxx.h in their application, compile with
GNUTLS_GNUTLSXX_NO_HEADERONLY macro defined and link
against the C++ library.
** libgnutls: GNUTLS_NO_STATUS_REQUEST flag and %NO_STATUS_REQUEST
priority modifier have been added to allow disabling of the
status_request TLS extension in the client side.
** libgnutls: TLS heartbeat is disabled by default.
The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. To enable back
support for it, supply --enable-heartbeat-support to configure
script.
** libgnutls: SRP authentication is now disabled by default.
It is disabled because the SRP authentication in TLS is not up to
date with the latest TLS standards and its ciphersuites are based
on the CBC mode and SHA-1. To enable it back, supply
--enable-srp-authentication option to configure script.
** libgnutls: All code has been indented using "indent -ppi1 -linux".
CI/CD has been adjusted to catch regressions. This is implemented
through devel/indent-gnutls, devel/indent-maybe and .gitlab-ci.yml’s
commit-check. You may run devel/indent-gnutls to fix any
indentation issues if you make code modifications.
** guile: Guile-bindings removed.
They have been extracted into a separate project to reduce complexity
and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
** minitasn1: Upgraded to libtasn1 version 4.19.
** API and ABI modifications:
GNUTLS_NO_STATUS_REQUEST: New flag
GNUTLS_SRTP_AEAD_AES_128_GCM: New gnutls_srtp_profile_t enum member
GNUTLS_SRTP_AEAD_AES_256_GCM: New gnutls_srtp_profile_t enum member
Stan Grishin [Sun, 7 May 2023 02:55:34 +0000 (02:55 +0000)]
https-dns-proxy: fixes/improvements
* use shared memory to store output data
* add family option to firewall json objects, due to reports that IPv6 hijacking
doesn't work without explicit family declaration
Dirk Brenken [Sat, 6 May 2023 20:41:56 +0000 (22:41 +0200)]
banip: release 0.8.5-1
* add support for external allowlist URLs to reference additional IPv4/IPv6 feeds, set 'ban_allowurl' accordingly
* make download retries in case of an error configurable, set 'ban_fetchretry' accordingly (default 5)
* small fixes
* readme update
* LuCI update (separate commit)
Stan Grishin [Fri, 5 May 2023 01:48:27 +0000 (01:48 +0000)]
pbr: ipv6 & migration bugfixes
* suppress RTNETLINK errors when inserting ipv6 routes
* only display global scope IPv6 gateways in status/WebUI
* stop and disable vpn-policy-routing when migrating
Anna Tikhomirova [Fri, 28 Apr 2023 20:12:37 +0000 (23:12 +0300)]
mwan3: fix addition of routes to mwan3_connected ipset
Addition of routes to mwan3_connected ipset is broken. The ipset name was
changed from mwan3_connected_v4/6 to mwan3_connected_ipv4/6, but this
change was not reflected in mwan3rtmon.
Anna Tikhomirova [Fri, 28 Apr 2023 20:33:39 +0000 (23:33 +0300)]
mwan3: fix addition of iptables rules for mwan3 sticky rules
Addition of iptables rules for mwan3 sticky rules is broken, resulting
in non-working sticky rules. The required parameters for the function
'mwan3_set_sticky_iptables' were passed in the wrong order.
Signed-off-by: Anna Tikhomirova <redacted>
* Update commit message
* Quoting function arguments Signed-off-by: Florian Eckert <redacted>
Gerard Ryan [Sat, 29 Apr 2023 06:25:49 +0000 (16:25 +1000)]
cache-domains: added pre-test.sh CI step
Some packages variants have conflicting dependencies with the
base packages and the CI test will fail to install before anything
can be done by the packages to setup the system for install.
This change adds a pre-test.sh that runs before the install so things
like the default libustream variant can be swapped out as shown in the
updated cache-domains.
Hannu Nyman [Sun, 30 Apr 2023 07:50:56 +0000 (10:50 +0300)]
zoneinfo: adjust to current timezone data file structure
Tweak the package to better match the current file structure in the
upstream time zone database. Add missing aliases. Make some clarifications
* Combine -northmerica and -southamerica into -america, as all
current official America/xxx definitions were already in -northamerica
and only the unofficial/deprecated Brazil/xxx, Chile and Argentina were
in -southamerica. (Confusingly America/Sao_Paulo was in northamerica,
while Brazil was in southamerica.)
* Add PROVIDES for the old package names
* Add missing top-level dir country/nation alias links.
* Define Eire in -europe instead of -core.
* Rename -india to -indian, as it contains the Indian ocean islands
instead of the actual Asia/Kolkata zone for the mainland India.
* Add PROVIDES for the old package name
* Add 'Ocean' to all ocean zone titles.
* Make all zoneinfo-packages depend on zoneinfo-core, so that zone.tab,
the UTC based definitions and the still existing short zone codes are
always available.
Stan Grishin [Mon, 1 May 2023 00:44:34 +0000 (00:44 +0000)]
pbr: update to 1.1.1-1
*** MAKEFILE ***
* remove libubus dependency as it was causing issues
https://forum.openwrt.org/t/policy-based-routing-pbr-package-discussion/140639/318
* move firewall hotplug directory/file creation out of default section into
pbr and pbr-iptables packages sections in preparation for dropping it from pbr
* fix no new line after output when uninstalling packages
*** UCI-DEFAULTS ***
* only add firewall include to firewall config if the include file exists
* add shellcheck exception to netifd uci-defaults file
*** SCRIPTS ***
* more informative logging for firewall and iface hotplug scripts
* more informative logging for firewall include script
*** SERVICE ***
* introduce lock-file to prevent package starting on external events if it hasn't
been auto- or manually started before
* use the `ip`, not `ip-full` command to prevent errors on OpenWrt 21.02
* parse firewall WAN zone to append list of interfaces
* append error and warning "arrays" with new messages
* used shared memory to store the service output/logging messages
* improve is_ovpn function to filter out false positives when interface names started
with `tun`
* introduce is_valid_ovpn to find OpenVPN tunnels where the device name in OpenVPN config
matches the device name in network config
* introduce opkg_get_version to compare versions of principal and luci packages
* better code to obtain AdGuardHome version with betas installed
* optimize code and add better logging for errors when inserting policies with iptables
* optimize code and add better logging for errors when inserting policies with nft
* bugfix: insert policies in all specified protocols
* bugfix: support using physical devices in policies in nft mode
* bugfix: use iptPrefix, not nftPrefix in iptables commands
* implement Tor support in nft mode
* bugfix: fix spelling for User File Syntax error
* restart service fully (instead of quick reload) for OpenVPN interface events, as
the order/number of supported interfaces
* more verbose output (showing handles) of status in nft mode
* improve `icmp_interface`, `ignored_interface`, `supported_interface` validation
regexes
* improve `interface`, validation regex
```
root@turris:~# python3
Python 3.10.9 (main, Feb 9 2023, 10:37:45) [GCC 11.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import eventlet
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/__init__.py", line 17, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/convenience.py", line 7, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/socket.py", line 4, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/green/_socket_nodns.py", line 11, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/__init__.py", line 3, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/greenio/base.py", line 32, in <module>
File "/usr/lib/python3.10/site-packages/eventlet/timeout.py", line 166, in wrap_is_timeout
TypeError: cannot set 'is_timeout' attribute of immutable type 'TimeoutError'
```
see 0.33.3 release notes for details - https://eventlet.net/doc/changelog.html#id1
git.99rst.org / openwrt-packages.git / log