This patch enables support for validating ECDSA signatures, which
are being deployed more and more in DNSSEC.
Proper validating can be tested by observing the AD flag in following
query (courtesy of Olafur Gudmundsson, CloudFlare):
$ dig ds-4.alg-14-nsec.dnssec-test.org
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
The upgraded forked-daapd required some more pregenerated ANTLR3 files,
but I forgot to add them to the patch. They are included here.
Signed-off-by: Espen Jürgensen <espenjurgensen+openwrt@gmail.com>
The configure script shipped by screen uses the presence of `elf.h` and `-lelf`
as indicator for an SVR4 system which implies a `#define BUGGYGETLOGIN`.
The SVR4 `getlogin()` replacement function does not compile with a musl
toolchain and we do not want it anyway, so patch configure to remove the broken
SVR4 detection logic.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Released version 1.5.13 with the following main changes :
- BUG/MINOR: check: fix tcpcheck error message
- CLEANUP: deinit: remove codes for cleaning p->block_rules
- DOC: Update doc about weight, act and bck fields in the statistics
- MINOR: ssl: add a destructor to free allocated SSL ressources
- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
- MEDIUM: ssl: replace standards DH groups with custom ones
- BUG/MINOR: debug: display (null) in place of "meth"
- BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
- BUG/MEDIUM: cfgparse: segfault when userlist is misused
- BUG/MEDIUM: stats: properly initialize the scope before dumping stats
- BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
- CLEANUP: checks: simplify the loop processing of tcp-checks
- BUG/MAJOR: checks: always check for end of list before proceeding
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
- BUG/MEDIUM: peers: apply a random reconnection timeout
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- MEDIUM: init: don't stop proxies in parent process when exiting
- MINOR: peers: store the pointer to the signal handler
- MEDIUM: peers: unregister peers that were never started
- MEDIUM: config: propagate the table's process list to the peers sections
- MEDIUM: init: stop any peers section not bound to the correct process
- MEDIUM: config: validate that peers sections are bound to exactly one process
- MAJOR: peers: allow peers section to be used with nbproc > 1
- DOC: relax the peers restriction to single-process
- CLEANUP: config: fix misleading information in error message.
- MINOR: config: report the number of processes using a peers section in the error case
- BUG/MEDIUM: config: properly compute the default number of processes for a proxy
Signed-off-by: heil <heil@terminal-consulting.de>
The ntpd package ships autoconf macros which attempt to test for the C99
compliance of `snprintf()` and `vsnprintf()`.
Those macros unconditionally consider the functions not compliant in a cross
compile setting and therfore break all subsequent configure tests because
the `snprintf` and `vsnprintf` symbols are shadowed with `#define` directives
redirecting them to their respectiv gnulib replacements.
The fortify source headers in turn will `#undef` those defines when wrapping
the associated functions and therfore cause all `conftest` programs to emit
a failure.
Pass the required magic autoconf cache variables via `CONFIGURE_VARS` to let
`./configure` assume C99 compliance of the affected functions, thus fixing
the build.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This is the pyserial package ported from oldpackages. It is a
bumped version and depends on python-light instead of python-mini
Signed-off-by: Micke Prag <micke.prag@telldus.se>
Add missing `sys/select.h` include to `ntripclient.c` to provide
declarations for `struct timeval` and `fd_set` under musl.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Include `poll.h` at the top of `ether/readpacket.c` to avoid nested
declaration errors caused by fortify source headers
- Add missing `sys/select.h` include to `serial/serial.c`
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Add `fcntl.h` to `nrhp/opennhrp.c` for `open()`, `O_WRONLY` etc.
- Add missing `sys/types.h` include to `nrhp/nrhp_common.h` to provide
required `u_int*_t` types under musl
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
The current package patches `makedefs` to probe for the existance
of the `nsl` and `resolv` libraries but uses the wrong variables
for the prefix, leading to `makedefs` probing the host directories,
not the staging dir ones.
Replace `$PKG_BUILD_DIR` with `$STAGING_DIR` to perform the library
tests in the correct directory.
Fixes the following error spotted by doing test builds against musl
which does not provide a `libnsl`:
.../mips-openwrt-linux-musl/bin/ld: cannot find -lnsl
collect2: error: ld returned 1 exit status
make: *** [master] Error 1
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This commit addresses two issues encountered while building pthsem for
x86_64/musl:
1) Autoconf incorrectly assumes a broken Glibc and thus falls back
to Linux compatibility code which runs into an unsupported
platform error with musl libc. Since musl provides a proper
implementation of `sigaltstack(2)`, force configure to use the
POSIX compliant code when musl libc is used.
2) The `pth_syscall.c` file undefines various libc function names
which breaks the indirection set up by fortify-source headers,
therefore forcibly disable fortify source in the OpenWrt Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Depending on both, GnuTLS and OpenSSL doesn't make sense, we should
use either TLS implementation but not both. Use GnuTLS for now and
get rid of OpenSSL dependency by explicitely telling the package's
build-system to do so using CONFIGURE_ARGS.
If future uses of libmicrohttpd require OpenSSL, it probably makes
most sense to build several variants of the package, i.e.
libmicrohttpd-openssl as well as libmicrohttpd-gnutls. As with most
packages making use of any TLS implementation, these are build-time
decissions resulting in conflicting variants of the same package
which cannot be installed simultanously.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The shadowsocks source uses the name `encrypt` which is already reserved by
the `unistd.h` header. Rename the local `encrypt` and `decrypt` functions to
`crypto_encrypt` and `crypto_decrypt` in order to prevent clashes with the
standard headers.
Fixes the following build error oberserved on the buildbot:
In file included from client.c:19:0:
crypto.h:18:5: error: conflicting types for 'encrypt'
int encrypt(int sockfd, struct link *ln);
^
In file included from .../staging_dir/toolchain-mipsel_mips32_gcc-4.8-linaro_musl-1.1.10/include/fortify/unistd.h:20:0,
from client.c:12:
.../staging_dir/toolchain-mipsel_mips32_gcc-4.8-linaro_musl-1.1.10/include/unistd.h:145:6: note: previous declaration of 'encrypt' was here
void encrypt(char *, int);
^
make[3]: *** [sslocal] Error 1
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
The configure script incorrectly mangles `CFLAGS` by attempting to remove
`-Werror` from it, thus turning `-Werror=format-security` into just
`=format-security` which will cause subsequent autoconf tests to fail.
Patch out the custom `CFLAGS` mangling to fix the build.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
aTanW
Jo-Philipp Wich
Ondřej Caletka
Nuno Goncalves
ejurgensen
Othmar Truniger
Nikos Mavrogiannopoulos
Nikos Mavrogiannopoulos
Ted Hess
heil
Micke Prag
Steven Barth
Daniel Golle
Daniel Golle
Luka Perkov
Luka Perkov
Álvaro Fernández Rojas
Maxim Storchak
Nicolas Thill