Update to v14.18.3
January 10th 2022 Security Releases:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
The previous one was wrong, and it did not work. It could be checked
inside compiled package in control.tar.gz that there was missing
``conffiles`` file with content `/etc/config/tvheadend`
It is also possible to verify that the config is not overwritten on the router
by running ``opkg install tvheadend --force-reinstall``
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Add flag "--lookup-default-namespace" to signal that wg-installer should
look already established wireguard sessions in the default namespace.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit removes iptables backend support and leaves only the
netfilter backend support. This means that:
- iptables and nftables firewall based systems (firewall3 and firewall
4) are supported trough the netfilter instance mode
- the iptables/xtables mode support is disabled
For more information on the modes and how to use the new netfilter
instance checkout https://www.jool.mx/en/intro-jool.html
This move is made out of the commit upstream that sets firewall4 as the
default for new default buils and based on the conversation in #16818
and was decided that the netfilter interface is the priority since
iptables support will be dropped in the foreseeable future.
While at it update the templates provided.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
This avoids to add liburiparser as dependency.
Package tvheadend is missing dependencies for the following libraries:
liburiparser.so.1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
libreswan makefile detects macos (darwin) and changes build logic
but OpenWrt is always Linux so it is required to specify linux as
target platfrom
This patch specifies Linux as a target platfrom
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer
the initd need the correct binary name to start the process
the link for github source need also to be fixed (only the information one)
fix the BuildDate
updated copyright
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
Check if a peer is already existing with a given public key. Introduce a
response code for signaling why the server rejected the request.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Use shellcheck to rework the code. Use "export" to return variables from
a function call. Further, fix typos.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* bump to 4.7.0
* enable DNS over TLS (uses libssl which was already a dependency)
* add libcurl dependency for new zone-to-cache feature.
Co-Authored-By: wout@wbnet.eu
Signed-off-by: Peter van Dijk <peter.van.dijk@powerdns.com>
Latest Apple clang (v13) defines __cplusplus=199711 by default, but
protobuf requires at least 201103 (c++11)
Backported patch to fix c++ detection:
30fe936a88
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
tcsh requires host-tool (gethost) to generate tc.defs.c file.
To build this tool on macos, it is required to run ./configure
script wihout target vars/flags, but this package is not
splitted to host and target build.
This patch splits build to host and target builds to compile
host-tool(gethost) first, then compile tsch.
Due to lack of support of separate building host and target,
OpenWrt Makefile is modified to do it in the order below:
1. build host-tool (gethost)
2. build sh.err.h header for target
3. build tc.const.h header for target
4. copy gethost tool from host staging dir to target build dir
5. touch (make -t) gethost to protect it from recompiling
6. build tsch for target
It is required to do step 2 and 3 because 'make -t' generates
empty files but these files required to build tcsh
Patch 020-cross.patch has been removed due to not required
anymore (gethost build is separated and not affected by
target configure flags and vars)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
./configure script detects macos specific system headers
(IOKit/serial/ioss.h and sys/ttycom.h) that are not available
during compile time. There is no way to pass ac_cv_* vars to
./configure script due to perl wrappers
To fix this issue, fake(empty) headers provided during compile
time if build host is MacOS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
setup.py detects macos (darwin) and adds -flat_namespace flag. This
flag is not compatible with GCC that is used to compile target.
This patch patch disables darwin detection
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Version 1.0.1 brought the following changes:
[v1.0.1] - 2021-11-26
Primarily fixes a few issues in the kernel module that were found
during a quick review from Russell King:
https://lore.kernel.org/netdev/YYPThd7aX+TBWslz@shell.armlinux.org.uk/https://lore.kernel.org/netdev/YYPU1gOvUPa00JWg@shell.armlinux.org.uk/
- mdio: The mvls subcommand now supports flushing the ATU
- mdio-netlink: Plug some glaring holes around integer overflows of
the PC.
- mdio-netlink: Release reference to MDIO bus after a transaction
completes.
So, update to the latest version and switch the kernel module back
to fetching tarballs like the userspace tool does.
Signed-off-by: Robert Marko <robimarko@gmail.com>
lpc21isp Makefile detects Darwin and defines __APPLE__ that is not
required for cross-compile build for OpenWrt
This patch sets OSTYPE="Linux" due to OpenWrt is always Linux
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
luaossl detects OS and changes compilation flags depends on OS.
If Darwin is detected then it adds GCC non-compatible flags.
OpenWrt is always Linux so build OS detection is disabled
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
hwinfo host-compile builds hwinfo entirely that is not really
required. It is required to build only some host tools to
generate ids and isdn related C-code
This patch changes host build to build only required host tools
Added patch to remove malloc.h using as deprecated, not required
and not supported on macos system (stdlib.h has required functions
on Linux and MacOS systems)
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
neon detects Darwin on target build and fails due to darwin-specific
build behaviour. OS detection is disable (as non required) via
ne_cv_os_uname=Linux as a part of CONFIGURE_VARS
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Qemu version updated to 6.2.0, patch set refreshed for it.
Options --disable-jemalloc --disable-tcmalloc was replaced
by --enable-malloc=CHOICE, defaults to system.
Libudev search was moved from configure to meson.build, and now it's
not so easy to disable it. Even though --disable-mpath present.
Delete patches 0008-falloc and 0009-fs - they're already in 6.2.0.
Signed-off-by: Vladimir Ermakov <vooon341@gmail.com>