* remove upstreamed gcc10 and cerrno patches
* disable SSO and OIDC as it needs Rust/Cargo support
Signed-off-by: Moritz Warning <moritzwarning@web.de>
Exit directly will result procd service inactive and uci
configuration changes are no longer monitored.
Reported-by: Lvc Revincx <revincx233@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b1651c5d54)
1. Switched to use prebuilt web files to get rid of massive Node.js.
2. Increased nofile limitation to avoid "too many open files" error.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d629a6f8b2)
- Removed an upstreamed patch
- Move logs to /var/log in accordance with FHS 3.0
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit ff8f25cb98)
Manually added new env variable `XDG_DATA_HOME` which won't be passed
by procd by default.
Removed upstreamed patch.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c7b5e7ed67)
Breaking changes:
The database has been replaced with boltdb to try to solve the problem
of database corruption.
Note that the data will not be migrated, but the previous data will be
retained. If you need the previous data, just downgrade v2rayA (v1.5.4).
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 21e98e952f)
- Added missing conffiles
- Refreshed init srcipt to adapt the new arguments
- Renamed package name to lowercase (suggestion from upstream)
- Updated dependencies and license
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 16e453e4ac)
Refreshed init script to adapt new arguments accepted by the program.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 60c917089f)
v2rayA is a Linux web GUI client of Project V which supports V2Ray,
Xray, Shadowsocks, ShadowsocksR, Trojan and Pingtunnel.
Wiki: https://github.com/v2rayA/v2rayA/wiki
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 90ec599f9e)
Changes to time_t cause SIGSEGV error on 32bit system and cause ripe
atlas malfunction. (registration successful but no traffic)
Also introduce minor patch to fix some compilation warning.
While at it move PKG_RELEASE to AUTORELEASE macro.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 14c5dfe4c1)
Fixes mistake in dbe79e409d, the
cloudflare PROVIDES got mixed up with digitalocean.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 001564ed83)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove PKG_RELEASE version bump
* ddns-scripts-services: provide ddns-scripts_service
* ddns-scripts-cloudflare: provide ddns-scripts_digitalocean.com-v2
* ddns-scripts-freedns: provide ddns-scripts_freedns_42_pl
* ddns-scripts-godaddy: provide ddns-scripts_godaddy.com-v1
* ddns-scripts-noip: provide ddns-scripts_no-ip_com
* ddns-scripts-nsupdate: provide ddns-scripts_nsupdate
* ddns-scripts-route53: provide ddns-scripts_route53-v1
* ddns-scripts-cnkuai: provide ddns-scripts_cnkuai_cn
https://github.com/openwrt/packages/pull/13509 renamed many ddns-scripts
packages, but didn't include a PROVIDES for the old package names to
make updates work well.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit dbe79e409d)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Remove PKG_RELEASE version bump
tailscale version, tailscaled -version and the web UI reported the wrong
version number which doesn't cause any issues, but it can be confusing.
This is fixed by specifying the version in go ldflags similar to how
it's done in many other go packages and the official tailscale Dockerfile.
version.Long version can not be specified in GO_PKG_LDFLAGS_X because it
contains a space and GO_PKG_LDFLAGS_X is always split at a space.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
(cherry picked from commit 738f44be4f)
The genhash binary is only built when IPVS is enabled, so make its
installation depend on IPVS being enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 624d2278e7)
When we explicitly declare, that we would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then we should
make sure, that we either endup with curl having that support, or it
shouldn't be available at all, otherwise we risk, that we end up with
regressions like following:
configure:25299: checking for wolfSSL_Init in -lwolfssl
configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
from conftest.c:47:
target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
#include <wolfssl/wolfcrypt/sp_int.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
and in the end thus produce curl without https support:
curl: (1) Protocol "https" not supported or disabled in libcurl
So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:
checking for wolfSSL_Init in -lwolfssl... no
configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
References: #19005, #19547
Upstream-Status: Accepted [https://github.com/curl/curl/pull/9682]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 9140f366ef)
options.h header is needed after bump of libwolfssl to version 5.5.1,
otherwise libcurl autodetection for libwolfssl availability fails and
libcurl is then compiled without https support.
Fixes: #19547
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 317575755a)
(cherry picked from commit ef545e0317)
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit verbosity]
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.
So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages
using wolfSSL library.
Same bump has been done in buildroot in commit f1b7e1434f66 ("treewide:
fix security issues by bumping all packages using libwolfssl").
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 845d81ca09)
(cherry picked from commit f624e41f38)
Section 'Persistence' in 'luci-app-mosquitto' is unusable without 'persistence'
section in config file.
Signed-off-by: Ptilopsis Leucotis <PtilopsisLeucotis@yandex.com>
Fixes multiple security issues:
CVE-2022-38178 - Fix memory leak in EdDSA verify processing
CVE-2022-3080 - Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query
CVE-2022-2906 - Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected
CVE-2022-2881 - When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer
CVE-2022-2795 - Prevent excessive resource use while processing large
delegations
Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 58bcd3fad37eaf56d4dbeecc0c73abe464e7e987)
