As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
This reverts commit 0ddec62e69 as it was
backport too soon, we need to first wait for fixed libwolfssl being
available.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
There is no reason for the kmod to depend on the binary package
itself, neither for building nor for installing.
That dependency prevents phase1 from building the kmod even though
support is enabled in the binary.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This hotplug trigger unconditionaly restarts coova-chilli when the "wan"
interface sees action "ifup", without checking whether or not the
service is disabled or the upstream interface is actually called "wan".
This hotplug could be replaced by a suitable service trigger instead.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
debug is boolean option/flag so setting it to 9 doesn't work, while at
it I've synchronized boolean options from source code and sorted it
alphabeticaly with following command:
grep flag src/cmdline.ggo | cut -d \" -f2 | sort | tr '\n' '|'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Parallel building is causing a failure because it executes some
commands, such as patch, more than once.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Added -Wno-error to fix.
Also added patch to fix compilation without deprecated OpenSSL APIs.
Added PKG_BUILD_PARALLEL for faster compilation.
Switched libcyassl to libwolfssl.
Reorganized makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
matrixssl is still in the oldpackages repo,
so coova-chilli should not depend on it.
Remove the config option for selecting matrixssl lib
and the dependency declaration.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Before starting chilli instance, it first removes generated
files (/var/run/chilli*) for the instance. While deleting
generated files, it doesn't match full instance name.
Thus if coova-chilli config file (/etc/config/chilli) has
instances wlan11 and wlan1 in order,
when creating coova-chilli instance for wlan1, it is removing
files generated for wlan11 instances also (as it uses wlan1*
in remove command).
Fix issue by matching full instance name while removing old files.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
Signed-off-by: Bhargav Patel <br13patel@gmail.com>
UCI commands report errors in parsing coova-chilli
sample configuration file. Fix this issue by using
proper format in configuration.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
Chilli proxy is used when one does not want to setup AAA server
but want to handle AAA through http.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
Signed-off-by: Ramanathan Sivagurunathan ramzthecoder@gmail.com
Petr Štetiar
Thibaut VARÈNE
Rosen Penev
Dylan Bourdon
Sungbo Eo
Eneas U de Queiroz
Jaehoon You
Hannu Nyman
Etienne Champetier
Rajan Vaja
Imre Kaloz
Ted Hess
Ramanathan Sivagurunathan