As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
This reverts commit 0ddec62e69 as it was
backport too soon, we need to first wait for fixed libwolfssl being
available.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca0976c82829addc23e9e8b95885c910ee)
The _init() function collides with a _init() function in crti.o.
This results in the following error in OpenWrt:
arc-openwrt-linux-gnu/bin/ld: libxt_coova.o: in function `_init':
/lib/gcc/arc-openwrt-linux-gnu/11.3.0/crti.o:(.init+0x4): first defined here
collect2: error: ld returned 1 exit status
make[7]: *** [Makefile:22: libxt_coova.so] Error 1
Fix this by suing a constructor attribute instead. This function will
still be called after the shared library was loaded.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 55297e45c8)
There is no reason for the kmod to depend on the binary package
itself, neither for building nor for installing.
That dependency prevents phase1 from building the kmod even though
support is enabled in the binary.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This intends to replace the hotplug script. It still hardcodes "wan"
interface name (as several other packages do) for lack of a deterministic
way to detect the actual wan iface before it is brought up, but at least
it is fully integrated with procd and will not start a disabled service.
The interface trigger forcefully restarts chilli as a simple reload may
not be sufficient to recover from wan changes.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This hotplug trigger unconditionaly restarts coova-chilli when the "wan"
interface sees action "ifup", without checking whether or not the
service is disabled or the upstream interface is actually called "wan".
This hotplug could be replaced by a suitable service trigger instead.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Coova Chilli creates "undo" firewall scripts that are intended to be run
when the daemon is shut down. Failure to do so results in leftover
entries in firewall and duplicated ones if chilli is subsequently
restarted.
Execute these scripts when the service stops.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Coova Chilli will fail to start if e.g. it cannot resolve names in its
configuration (like uamserver, radiusserver, etc) which is typically the
case when wan is unavailable. Prevent this situation by delaying startup
if wan is not available.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
"fg" and "pidfile" parameters are already used in the init script,
so they are not controllable by config file anyway.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
If miniportal option is enabled, some haserl scripts are provided which
present a simple login web page. To make it functional haserl is required.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
debug is boolean option/flag so setting it to 9 doesn't work, while at
it I've synchronized boolean options from source code and sorted it
alphabeticaly with following command:
grep flag src/cmdline.ggo | cut -d \" -f2 | sort | tr '\n' '|'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Code in option_cb was referencing $chilli_inst variable which was
declared as local, thus the instance startup logic in start_chilli was
referencing variable which would always get value of 1, effectively
making `disabled` config option useless.
So I've fixed it with simpler config_get_bool and while at it, I've simplified the
surrounding code little bit as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Parallel building is causing a failure because it executes some
commands, such as patch, more than once.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Added -Wno-error to fix.
Also added patch to fix compilation without deprecated OpenSSL APIs.
Added PKG_BUILD_PARALLEL for faster compilation.
Switched libcyassl to libwolfssl.
Reorganized makefile for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
As it currently stands, the version of coova-chilli the packages feed
will not compile against 4fd8722056
I've quasi-backported (could not find a single commit which fixes these
particular issues) https://github.com/coova/coova-chilli 's formatting
on the impacted sections, and it compiles.
Once a new version is added to the feed this patch can likely be
dropped.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
matrixssl is still in the oldpackages repo,
so coova-chilli should not depend on it.
Remove the config option for selecting matrixssl lib
and the dependency declaration.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Remove the obsolete firewall configuration as the legacy firewall
package was removed in a901329781.
And at the same time, define in the configuration the correct paths
for the firewall rules, installed as /etc/chilli/{up|down}.sh
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Before starting chilli instance, it first removes generated
files (/var/run/chilli*) for the instance. While deleting
generated files, it doesn't match full instance name.
Thus if coova-chilli config file (/etc/config/chilli) has
instances wlan11 and wlan1 in order,
when creating coova-chilli instance for wlan1, it is removing
files generated for wlan11 instances also (as it uses wlan1*
in remove command).
Fix issue by matching full instance name while removing old files.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>
Signed-off-by: Bhargav Patel <br13patel@gmail.com>
UCI commands report errors in parsing coova-chilli
sample configuration file. Fix this issue by using
proper format in configuration.
Signed-off-by: Rajan Vaja <rajan.vaja@gmail.com>