As discussed on GitHub[0] the package should be removed.
[0]: https://github.com/openwrt/packages/issues/7832
> The package is effectively orphaned upstream and has been for some
time. Given the security-sensitive nature of the package, an active
maintainer community is essential for safe usage. Racoon's lack of
support for IKEv2, despite it being stable for a long time, and the
availability of next-generation tunneling systems such as wireguard,
also would seem to limit its future value. Setkey's functionality
has been subsumed by 'ip xfrm'.
> If you disagree that ipsec-tools should be removed from OpenWRT,
please say so now. If there are still use cases for it that are
not met by other IKE implmenentations that would be good to
know. But more importantly, I think you'll need to convince us
that ipsec-tools is actually safe to operate on today's Internet
given its current state of development.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Needed for classpath. GCJ is also needed but that can be dealt with
separately.
Fix compilation with musl by defining _GNU_SOURCE. What's funny here is
that if __USE_GNU gets replaced, the host build fails. The man page says
_GNU_SOURCE for pthread_getattr_np but glibc violates that statement.
Removed classpath dependency. classpaths must select jamvm, not the other
way around.
Removed target whitelist. Switched to blacklist.
Fixed License information.
Various other cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Introduce further ACL checks to verify that the request-supplied
upload location may be written to. This prevents overwriting things
like /bin/busybox and allows to confine uploads to specific directories.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
"scope": "cgi-io",
"objects": [
[ "/etc/certificates/*", "write" ],
[ "/var/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When we run docker image and export too many ports, dockerd will output some errors like "too many open files", it is caused by max-file limitation.
Now, we start dockerd using procd, just add a statement to fix this problem.
Signed-off-by: Fuying Wang <805447391@qq.com>
Updated live555 to 2019.08.28
Add TARGET_CFLAGS to LIVE555 CFLAGS to fix compilation with ASLR.
Several other Makefile cleanups and optimizations.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* automatically add open uplinks to your wireless config,
e.g. hotel captive portals (disabled by default)
* shift net status check in a separate function
* (s)hellcheck cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
CFLAGS were not being passed. This was breaking builds with ASLR.
Pass proper PIC command to gcc with $(fPIC).
Don't install static libraries. Keep those for InstallDev only.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CFLAGS were not being passed, breaking ASLR builds.
Switched to using PKG_SOURCE_DATE for the version.
Added PKG_BUILD_PARALLEL for faster compilation.
Added license information.
Small Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CFLAGS were not being passed which was breaking ASLR builds.
Fixed license header.
Added PKG_BUILD_PARALLEL for faster compilation.
Added PKG_INSTALL for consistency.
Passed proper $(FPIC) value.
Several other Makefile cleanups.
Signed-off-by: Rosen Penev <rosenp@gmail.com>