Fix shellcheck SC2230
> which is non-standard. Use builtin 'command -v' instead.
Once applied to everything concerning OpenWrt we can disable the busybox
feature `which` and save 3.8kB.
Signed-off-by: Paul Spooren <mail@aparcar.org>
GCC10 defaults to -fno-common, which breaks compilation when there are
multiple definitions of implicit "extern" variables. Remove the extra
definitions.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
From CHANGES_2.4:
SECURITY: CVE-2020-11984 (cve.mitre.org)
mod_proxy_uwsgi: Malicious request may result in information disclosure
or RCE of existing file on the server running under a malicious process
environment. [Yann Ylavic]
SECURITY: CVE-2020-11993 (cve.mitre.org)
mod_http2: when throttling connection requests, log statements
where possibly made that result in concurrent, unsafe use of
a memory pool. [Stefan Eissing]
SECURITY:
mod_http2: a specially crafted value for the 'Cache-Digest' header
request would result in a crash when the server actually tries
to HTTP/2 PUSH a resource afterwards.
[Stefan Eissing, Eric Covener, Christophe Jaillet]
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
test_storage: fix compilation with musl 1.2.0
datastorage/test: improve scalability and performance
datastorage: fixed use of wrong client search
general: add memory auditing
memory auditing: bug fixes to memory auditing and hearing map
datastorage: fixes to linked list handling
tcpsocket: fix read callback function and arbitrary memory allocations
tcpsocket: leave loop if we read 0 byte
Furthermore, you can now dump the memory usage by sending a SIGHUP to
dawn process.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This fixes misleading errors in the status file, and increases buffer
sizes to match the python implementation.
Signed-off-by: Karl Palsson <karlp@etactica.com>
At the moment ss-server seems to be the only component using these two
options. It also accepts "local_address" of either ip4 or ip6 address,
but the meaning is different from that of ss-local, ss-tunnel etc.
where it is for listen bind
With this commit, we start deprecation process of uci option
"bind_address". The name was replaced with "local_addr" in upstream
project commit 5fa98a66 ("Fix #1911") and available as json config
option "local_address". This upstream change was released in 3.2.0
Link: 4a42da641b
Link: https://github.com/openwrt/packages/issues/12931
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.
File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
netifd is clever enough to handle the peerdns and default route
arguments, so we can just let them get passed along, and when
ppp-up invokes proto_send_update, netifd will only apply what
is needed
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Do not manually overwrite the paths of gdbus-codegen or glib-mkenums
in the ModemManager package build, as modifying the configure.ac ends
up requiring a full autoreconf.
Since MM 1.14, git builds or autoreconf-ed source package builds
require autoconf-archive installed in the build system, and so the
build would fail if this happens.
The update to overwrite the paths was to force using the gdbus-codegen
and glib-mkenums provided by the "host" glib2 package instead of the
"target" glib2 package (see fa8ad6e69c),
but these tools are really the same in both as they're python
programs, arch independent.
Tested in a local build where the setup detects and uses the correct
glib tool paths from the target:
/home/user/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/gdbus-codegen
/home/user/openwrt/staging_dir/target-mips_24kc_musl/usr/bin/glib-mkenums
Fixes https://github.com/openwrt/packages/issues/12958
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
This is to make explicit the conditional select of libunwind is only
needed for libopenvswitch. If we spill it over other packages, the
generated kconfig will have recursive dependency issue. 2 new patches
were made for this goal
The other thing is that "+libunwind" will cause it to be built if any of the
packages defined in this Makefile is enabled (y or m). This is at the moment
by-design of the build system.
Libunwind does not support architectures like arc. Use conditional select To
avoid (libunwind) build failures like the following,
checking for ELF helper width... configure: error: Unknown ELF target: arc
make[3]: *** [Makefile:65: /data/openwrt/build_dir/target-arc_arc700_uClibc/
libunwind-1.3.1/.configured_68b329da9893e34099c7d8ad5cb9c940] Error 1
Things like "+PACKAGE_openvswitch-libopenvswitch:libunwind" will also result in
recursive deps error for chains of 3 nodes. Kconfig construct like the
following will be made
config A
tristate
select B
depends on !(C) || (x)
config B
tristate
select C
config C
tristate
config x
bool
Other changes include
- Shared use of variable ovs__common_depends was removed
- Ovn doc build was patched out
Link: https://github.com/openwrt/packages/pull/12959#issuecomment-665021413
Reported-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Simplified Makefile as a result of meson transition.
Fixed license information.
Updated URL.
Added patch to fix linking issue.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
If two openfortivpn scripts are started at the same time, a race
condition can occur where the conditional evaluates to true, but the
symlink exists by the time the other script tries to create it
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Block restart of the interface if the openfortivpn fails to authenticate.
Without this check, with a bad password, netifd will continually
hit the VPN endpoint with connection attempts
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>