Mirror of routing feed https://git-03.infra.openwrt.org/feed/routing/atom?h=master 2025-11-10T09:38:36Z 2025-11-10T09:38:36Z Josef Schlehofer 2025-06-16T20:40:05Z urn:sha1:03a13710eaedb137902c5fe72269dcd322e4065b Use INSTALL_CONF instead of INSTALL_DATA to install configuration files under /etc with correct permissions. This improves security by ensuring config files are not world-readable. INSTALL_DATA sets mode 0644, while INSTALL_CONF sets mode 0600. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> 2025-07-19T20:58:50Z Fabrice Fontaine 2025-06-16T13:29:02Z urn:sha1:d53907107d48331ef38978f7a259bc8eac3765a0 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 2025-03-06T19:40:11Z Rob White 2025-03-06T09:32:08Z urn:sha1:2fb5af6b55c2132a00fb1d98c6828601333372d7 Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, aarch64_cortex-a53, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, mips_24kc, aarch64_cortex-a53, x86-64 ; On 23.5, 24.10 and master/snapshot. Description: opennds (10.3.1) - This version is a bugfix update. Most importantly, this release fixes the issue where libmicrohttpd version 1.0.0 or higher prevented the openNDS daemon from starting. Numerous other minor fixes are also included. Details can be found here: https://github.com/openNDS/openNDS/releases/tag/v10.3.1 Signed-off-by: Rob White <rob@blue-wave.net> 2024-06-07T18:53:56Z Rob White 2024-06-07T16:28:19Z urn:sha1:4ac486b2d5ef4c965e6233bafb5709fd2a8d25de Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, aarch64_cortex-a53, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, mips_24kc, aarch64_cortex-a53, x86-64 ; On 23.5 and master/snapshot. Description: opennds (10.3.0) - This version is a minor upgrade that introduces some significant additional functionality. In addition it includes numerous enhancements bug fixes and cosmetic fixes. Additional functionality includes: 1. Support for integration of Mesh11sd meshnodes 2. Download protocol debugging 3. Resolving of fqdn ip addresses on CDN systems with multiple ip addresses 4. Support for specifying alternate dhcp leases file location Details can be found here: https://github.com/openNDS/openNDS/releases/tag/v10.3.0 Signed-off-by: Rob White <rob@blue-wave.net> 2023-11-28T16:25:33Z Rob White 2023-11-23T16:06:11Z urn:sha1:a5ec54aee3df6aa400e454ef0468127dcd0c6b25 Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03 Description: opennds (10.2.0) - This version is a minor upgrade that introduces some significant additional functionality. In addition it includes numerous enhancements bug fixes and cosmetic fixes. Additional functionality includes: * Pre-emptive Client Lists * Autonomous Block Lists * Internet hosted https FAS support for resource limited routers * Fair Usage Policy Details can be found here: https://github.com/openNDS/openNDS/releases/tag/v10.2.0 Signed-off-by: Rob White <rob@blue-wave.net> 2023-08-28T19:09:01Z Rob White 2023-08-28T15:19:06Z urn:sha1:88c98c910acccab694b3afb6d36d70ca429118a6 Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03 Description: opennds (10.1.3) Security Advisory. This version contains fixes for multiple potential security vulnerabilities Credit - Stanislav Dashevskyi - standash.github.io [standash] It also contains some minor bug fixes * Fix - Buffer overflow causing segfault - CVE-2023-41101 [bluewavenet] * Fix - Memory leaks due to passing allocated buffer into safe_asprintf() - CVE-2023-41102 [bluewavenet] * Fix - Remove deprecated preauth option [bluewavenet] * Fix - missing free in show_preauth_page if MHD does not respond [bluewavenet] * Fix - more safe_asprintf memory leaks [bluewavenet] * Fix - missing free for mark_auth [bluewavenet] * Fix - memory leak after starting authmon daemon [bluewavenet] * Fix - memory leak in encode_and_redirect_to_splashpage [bluewavenet] * Fix - Community themespec, voucher css and logo image [bluewavenet] * Fix - ThemeSpec, path to logo in page footer [bluewavenet] * Fix - ensure gatewayurl is urldecoded to fix broken css and images in themespec [bluewavenet] * Add - set default fas remote fqdn to disabled [bluewavenet] Signed-off-by: Rob White <rob@blue-wave.net> 2023-07-31T05:46:50Z Rob White 2023-07-30T20:02:17Z urn:sha1:e4a53c1354702bee3c66a14d30787f102fb008e4 Reinstate CONFLICTS:=nodogsplash Signed-off-by: Rob White <rob@blue-wave.net> 2023-07-31T05:46:50Z Rob White 2023-07-29T18:26:10Z urn:sha1:3eb9aa30566eb34608e6aacc55157dad46550a6a Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03 Description: opennds (10.1.2) Security Advisory. This version contains fixes for multiple potential security vulnerabilities Credit - Stanislav Dashevskyi - standash.github.io [standash] It also contains some minor bug fixes * Fix - Generate unique sha256 faskey if not set in config - CVE-2023-38324 [bluewavenet] * Fix - NULL pointer dereference if user_agent is NULL - CVE-2023-38320, CVE-2023-38322 [bluewavenet] * Fix - NULL pointer dereference if authdir is called with an incomplete or missing query string - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315 [bluewavenet] * Fix - remove deprecated and non-functioning unescape callback - CVE-2023-38316 [bluewavenet] * Fix - prevent potential recursive dependency and detect if conflicting package is installed [bluewavenet] Signed-off-by: Rob White <rob@blue-wave.net> 2023-07-15T05:21:14Z Rob White 2023-07-14T20:32:34Z urn:sha1:26f5f0f812c73a3d26f9643fbd3da7f56f5e9a8a Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03 opennds (10.1.1) * This version contains some minor bug fixes and documentation updates * Fix - send only contents of buffer, not entire buffer when serving page511 [bluewavenet] * Fix - Set fas_remotefqdn to gw_fqdn when overriding FAS settings [bluewavenet] * Fix - use absolute path for css and images in ThemeSpec [bluewavenet] * Fix - revert to old option names without underscores [bluewavenet] * Fix - FAS URL when fas_remotefqdn is not set [bluewavenet] Signed-off-by: Rob White <rob@blue-wave.net> 2023-06-23T09:28:18Z Rob White 2023-06-19T08:11:43Z urn:sha1:7b1911020b335492ecfd02f39fb0a4f1911b23db Maintainer: Rob White rob@blue-wave.net Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64 Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03 opennds (10.1.0) This version is a major upgrade including full migration to nftables and native uci configuration support even for generic Linux distributions. It also includes a significant refactoring of inbuilt memory management, improving long term reliability, fixing several memory leaks, buffer overflows and several edge case crashes. * Add - support for included custom binauth script [bluewavenet] * Add - emit a useful stderr message if auth_restore fails [bluewavenet] * Add - procd respawn threshold, respawn timeout and respawn retry parameters [bluewavenet] * Add - user friendly commandline message if already running [bluewavenet] * Fix - Enabling of Data volume quotas [bluewavenet] * Fix - use get_list_from_config instead of get_option_from_config [bluewavenet] * Fix - compiler warning - unused variable [bluewavenet] * Fix - remove redundant function call ipsetconf [bluewavenet] * Fix - walledgarden for both nftset and ipset on OpenWrt [bluewavenet] * Add - more meaningful output if attempt is made to restart when already running [bluewavenet] * Fix - resolve gatewayfqdn after startup [bluewavenet] * Fix - Choose forground or background running according to commandline arguments [bluewavenet] * Fix - remove superfluous debug message [bluewavenet] * Fix - replace sleep with procd_set_param term_timeout [bluewavenet] * Fix - make option enabled default to enabled [bluewavenet] * Fix - report authmon pid instead of opennds pid from authmon [bluewavenet] * Fix - ensure correct pid obtained for opennds [bluewavenet] * Add - StartLimitIntervalSec and StartLimitBurst to systemd service script [bluewavenet] * Fix - refactor remote downloads [bluewavenet] * Fix - suppress error message on ipset test failure [bluewavenet] * Fix - send non-syslog debug information to stdout by default [bluewavenet] * Add - C function to check heartbeat watchdog [bluewavenet] * Fix - Update generic Linux makefile [bluewavenet] * Fix - remove redundant ruleset struct definition [bluewavenet] * Fix - potential buffer overflow issue during config stage [bluewavenet] * Fix - remove unnecessary calls to free() in page 404 processing [bluewavenet] * Fix - remove redundant code from fw_iptables [bluewavenet] * Add - updates to binauth_log script [bluewavenet] * Add - updates for service startup, systemd and procd [bluewavenet] * Add - refactoring of commandline processing [bluewavenet] * Fix - remove debugging message [bluewavenet] * Fix - typo in client ruleset [bluewavenet] * Add - Refactor to use uci config directly even for Generic Linux [bluewavenet] * Add - Parsing for multi item lists with spaces in items [bluewavenet] * Add - use common library call get_option_fom_config [bluewavenet] * Add - support for direct use of uci format config file - string and integer parameters [bluewavenet] * Fix - Remove deprecated syslog_facility config setting [bluewavenet] * Add - thread busy message to ndsctl [bluewavenet] * Add - refactor configure_log_location [bluewavenet] * Fix - suppress LOG_NOTICE message when getting mac of interface [bluewavenet] * Fix - ndsctl error message [bluewavenet] * Fix - get_client_interface for levels 2 and 3 [bluewavenet] * Add - use common library write_log function [bluewavenet] * Add - Refactor memory management [bluewavenet] * Fix - fix and refactor upload rate limiting rules [bluewavenet] * Fix - Change a debug message from err to info [bluewavenet] * Add - refine common buffer sizes [bluewavenet] * Add - use initialised heap memory for redirect_to_splashpage [bluewavenet] * Add - user message to themespec [bluewavenet] * Add - auth_restore support ie reauth clients after a restart by default. [bluewavenet] * Add - Library call to preemptively re-auth clients after a restart or crash [bluewavenet] * Add - BinAuth, write an authenticated clients list [bluewavenet] * Add - library call "check_heartbeat" [bluewavenet] * Fix - Tidy up redundant code [bluewavenet] * Fix - change warning message to debug message when iw not installed [bluewavenet] * Add - library call to log to syslog [bluewavenet] * Fix - use initialised heap memory for client list entries [bluewavenet] * Fix - ignore legacy ipset firewall rule [bluewavenet] * Fix - refactor memory management for MHD calls - use heap memory for buffers etc [bluewavenet] * Fix - missing free causing memory leak [bluewavenet] * Fix - predefine and initialise buffer for send_redirect_temp [bluewavenet] * Add - support protocol "all" in firewall ruleset [bluewavenet] * Add - pre-allocation of initialised buffers [bluewavenet] * Fix - prevent buffer overrun on removing client [bluewavenet] * Add - update MHD connection timeout and connection limit [bluewavenet] * Add - chain ndsDLR for dynamic client download rate limiting rules [bluewavenet] * Add - Use Internal Polling Thread / Thread Per Connection in MHD [bluewavenet] * Add - some new default values [bluewavenet] * Fix - remove some redundant code and fix some compiler warnings [bluewavenet] * Fix - remove redundant library command string [bluewavenet] * Fix - Tidy up redundant iptables code [bluewavenet] * Add - convert trusted client support to nftables [bluewavenet] * Add - refer to nftables [bluewavenet] * Add - move code for generating authentication mark string to initial setup [bluewavenet] * Add - full nftset support with ipset import where required [bluewavenet] * Add - nftset support library calls [bluewavenet] * Add - ipset_to_nftset library call [bluewavenet] * Add - support for nftables version of append_ruleset and nftables_compile [bluewavenet] * Fix - buffer overflow in page_511 generation [bluewavenet] * Add - more nftables migration including rate quotas [bluewavenet] * Fix - change GatewayInterface to lower case [bluewavenet] * Add - upload and download limiting client flags for future use [bluewavenet] * add - lib calls "pad_string" and "replace_client_rule" [bluewavenet] * Add - further nftables migration [bluewavenet] * Fix - correctly parse options from legacy conf file [bluewavenet] * Fix - some compiler warnings and set min iptables version [bluewavenet] * Add - Generic Linux configure walledgarden [bluewavenet] * Add - Implementation of nftsets for walledgarden [bluewavenet] * Add - migration to nftables, next phase. [bluewavenet] * Add - library function delete_client_rule [bluewavenet] * Fix - remove duplicate definition [bluewavenet] * Add - First stage migration to nftables [bluewavenet] Signed-off-by: Rob White <rob@blue-wave.net>