This patch enables support for validating ECDSA signatures, which
are being deployed more and more in DNSSEC.
Proper validating can be tested by observing the AD flag in following
query (courtesy of Olafur Gudmundsson, CloudFlare):
$ dig ds-4.alg-14-nsec.dnssec-test.org
Signed-off-by: Ondřej Caletka <ondrej@caletka.cz>
Released version 1.5.13 with the following main changes :
- BUG/MINOR: check: fix tcpcheck error message
- CLEANUP: deinit: remove codes for cleaning p->block_rules
- DOC: Update doc about weight, act and bck fields in the statistics
- MINOR: ssl: add a destructor to free allocated SSL ressources
- BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten
- MEDIUM: ssl: replace standards DH groups with custom ones
- BUG/MINOR: debug: display (null) in place of "meth"
- BUG/MINOR: cfgparse: fix typo in 'option httplog' error message
- BUG/MEDIUM: cfgparse: segfault when userlist is misused
- BUG/MEDIUM: stats: properly initialize the scope before dumping stats
- BUG/MEDIUM: http: don't forward client shutdown without NOLINGER except for tunnels
- CLEANUP: checks: fix double usage of cur / current_step in tcp-checks
- BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end
- CLEANUP: checks: simplify the loop processing of tcp-checks
- BUG/MAJOR: checks: always check for end of list before proceeding
- BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct
- BUG/MEDIUM: peers: apply a random reconnection timeout
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- MEDIUM: init: don't stop proxies in parent process when exiting
- MINOR: peers: store the pointer to the signal handler
- MEDIUM: peers: unregister peers that were never started
- MEDIUM: config: propagate the table's process list to the peers sections
- MEDIUM: init: stop any peers section not bound to the correct process
- MEDIUM: config: validate that peers sections are bound to exactly one process
- MAJOR: peers: allow peers section to be used with nbproc > 1
- DOC: relax the peers restriction to single-process
- CLEANUP: config: fix misleading information in error message.
- MINOR: config: report the number of processes using a peers section in the error case
- BUG/MEDIUM: config: properly compute the default number of processes for a proxy
Signed-off-by: heil <heil@terminal-consulting.de>
The ntpd package ships autoconf macros which attempt to test for the C99
compliance of `snprintf()` and `vsnprintf()`.
Those macros unconditionally consider the functions not compliant in a cross
compile setting and therfore break all subsequent configure tests because
the `snprintf` and `vsnprintf` symbols are shadowed with `#define` directives
redirecting them to their respectiv gnulib replacements.
The fortify source headers in turn will `#undef` those defines when wrapping
the associated functions and therfore cause all `conftest` programs to emit
a failure.
Pass the required magic autoconf cache variables via `CONFIGURE_VARS` to let
`./configure` assume C99 compliance of the affected functions, thus fixing
the build.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Add missing `sys/select.h` include to `ntripclient.c` to provide
declarations for `struct timeval` and `fd_set` under musl.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Add `fcntl.h` to `nrhp/opennhrp.c` for `open()`, `O_WRONLY` etc.
- Add missing `sys/types.h` include to `nrhp/nrhp_common.h` to provide
required `u_int*_t` types under musl
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
The shadowsocks source uses the name `encrypt` which is already reserved by
the `unistd.h` header. Rename the local `encrypt` and `decrypt` functions to
`crypto_encrypt` and `crypto_decrypt` in order to prevent clashes with the
standard headers.
Fixes the following build error oberserved on the buildbot:
In file included from client.c:19:0:
crypto.h:18:5: error: conflicting types for 'encrypt'
int encrypt(int sockfd, struct link *ln);
^
In file included from .../staging_dir/toolchain-mipsel_mips32_gcc-4.8-linaro_musl-1.1.10/include/fortify/unistd.h:20:0,
from client.c:12:
.../staging_dir/toolchain-mipsel_mips32_gcc-4.8-linaro_musl-1.1.10/include/unistd.h:145:6: note: previous declaration of 'encrypt' was here
void encrypt(char *, int);
^
make[3]: *** [sslocal] Error 1
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
The configure script incorrectly mangles `CFLAGS` by attempting to remove
`-Werror` from it, thus turning `-Werror=format-security` into just
`=format-security` which will cause subsequent autoconf tests to fail.
Patch out the custom `CFLAGS` mangling to fix the build.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Change `sys/signal.h` include to just `signal.h`. The build otherwise fails
due to `-Werror` with the following message:
In file included from rfcnb-io.c:43:0:
.../staging_dir/toolchain-mipsel_mips32_gcc-4.8-linaro_musl-1.1.10/include/sys/signal.h:1:2: error: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/signal.h> to <signal.h>
^
cc1: all warnings being treated as errors
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Ship a `net/ppp_defs.h` replacement header since musl does not provide one
but `pppd/pppd.h` provided by pppd is needing it.
- Add missing `sys/types.h` includes
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Replace the nonstandard `SIGCLD` signal name with the proper `SIGCHLD` spelling
as the `SIGCLD` alias is not provided by musl.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
fixed sed when filtering IP address from nslookup output
because "Server:" block might have multiple address lines.
Thanks to Arjen de Korte
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Prefer linux/if_ether.h over netinet/if_ether.h if available since the
musl libc if_ether.h header does not allow mixing with kernel headers,
it will result in a struct ethhdr redefinition error.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
- Include `sys/user.h` if `__WORDSIZE` is undefined
- Add `fcntl.h` to `libscc.c` in order to declare `loff_t`
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Let configure include `sys/if_tun.h` when testing for `netinet/if_ether.h`
to detect the Kernel/libc header conflict on musl.
After this patch, configure will correctly detect `netinet/if_ether.h` as
unusable and the subsequent compilation will not attempt to use it.
Fixes the following compatibility error:
In file included from .../staging_dir/toolchain-mips_mips32_gcc-4.8-linaro_musl-1.1.9/include/linux/if_tun.h:20:0,
from linux/device.c:24:
.../staging_dir/toolchain-mips_mips32_gcc-4.8-linaro_musl-1.1.9/include/linux/if_ether.h:137:8: error: redefinition of 'struct ethhdr'
struct ethhdr {
^
In file included from .../staging_dir/toolchain-mips_mips32_gcc-4.8-linaro_musl-1.1.9/include/net/ethernet.h:10:0,
from linux/../have.h:180,
from linux/../system.h:26,
from linux/device.c:21:
.../staging_dir/toolchain-mips_mips32_gcc-4.8-linaro_musl-1.1.9/include/netinet/if_ether.h:96:8: note: originally defined here
struct ethhdr {
^
make[5]: *** [linux/device.o] Error 1
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Switch the mtr package to the upstream `newdns` git branch.
This will fix compilation on Glibc, uClibc and musl without requiring
further patches.
Note that the base version of this branch is 0.85, not 0.86 so the
lower version number is intentional.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Avoid non-pointer use of `FILE` type since its just a forward declaration
- Build with -D_GNU_SOURCE to expose required `struct tcphdr` members
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Add missing `sys/ttydefaults.h` include to `config.c`
- Restrict usage of `error.h` to glibc and uclibc only
- Avoid including `linux/if_tun.h` on non-glibc/uclibc to prevent
musl kernel/libc header conflicts
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Pass HAVE_RLIM_T via TARGET_CPPFLAGS since configure uses that define
but never actually declares it.
Without doing that, `config.h` tries to declare `rlim_t` itself which
leads to `config.h:126:16: error: 'long long long' is too long for GCC`
with musl on at least x86_64.
Also refresh patches while we're at it.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
sqm-scripts for a long time interprets a "Down- or Upload speed" of zero as
an indication that the shaper should be disabled. Note that really shaping
an individual direction down o zero will make the link effectively dead
for tcp (think reverse ACK traffic). Son instead of allowing the user to
configure something broken, 0 was "over-loaded" to denote no shaping
since several years, but that information has not been documented visibly
to the users. This commit aims at fixing that oversight.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
- Ship a net/ppp_defs.h replacement header since musl does not provide one
but pppd/pppd.h provided by pppd is needing it.
- Replace deprecated MSG_TRYHARD flag with the proper MSG_DONTROUTE one
- Unconditionally include string.h in bcrelay to avoid undeclared memset()
and strcpy() warnings.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Make vsftpd to compile with musl, while preserving uclibc compatibility.
When using musl:
* disable UTMPX functionality
* disable -lnsl option in upstream Makefile
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Add missing includes to libbridge.h to define struct timeval and the
required u_int*_t types under musl.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Do not include netinet/if_ether.h for musl to prevent struct ethhdr
redeclarations.
Also define NETDB_INTERNAL if needed to fix compilation of the network
backends.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This fixes multiple issues like upload/download problems on seahub
and also makes it possible to use the new HTTP syncing feature
which doesn't work with libevhtp 1.2.10 at all.
That allows to restart transmission when it crashes, to limit
the memory used by it, as well as be jailed in the directories
it is supposed to access.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
- [PATCH 1/2] BUG/MEDIUM: stats: properly initialize the scope before
- [PATCH 2/2] BUG/MEDIUM: http: don't forward client shutdown without
- [PATCH 3/8] BUG/MINOR: check: fix tcpcheck error message
- [PATCH 4/8] CLEANUP: checks: fix double usage of cur / current_step
- [PATCH 5/8] BUG/MEDIUM: checks: do not dereference head of a
- [PATCH 6/8] CLEANUP: checks: simplify the loop processing of
- [PATCH 7/8] BUG/MAJOR: checks: always check for end of list before
- [PATCH 8/8] BUG/MEDIUM: checks: do not dereference a list as a
- [PATCH 09/10] BUG/MEDIUM: peers: apply a random reconnection timeout
- [PATCH 10/10] DOC: Update doc about weight, act and bck fields in the
- [PATCH 11/14] MINOR: ssl: add a destructor to free allocated SSL
- [PATCH 12/14] BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value
- [PATCH 13/14] BUG/MINOR: cfgparse: fix typo in 'option httplog' error
- [PATCH 14/14] BUG/MEDIUM: cfgparse: segfault when userlist is misused
Signed-off-by: heil <heil@terminal-consulting.de>
The previous commit left an unwanted string in the options passed
to xl2tpd-control. Remove that as well.
Also set procd respawn parameter now that I'm at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Overriding DEFAULT to 'n' prevents packages being build unless
explicitely selected even if ALL is set.
Instead, set 'DEFAULT:=y if PACKAGE_gnunet' for the default
packages and otherweise don't touch DEFAULT.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Directly call /usr/lib/gnunet/libexec/gnunet-service-arm instead
of /usr/bin/gnunet-arm, so it remains attached to procd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
gnurl's README states quite excatly which CONFIGURE_ARGS to pass,
so disable lots of unneeded stuff.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The autoconf issue when detecting libmicrohttpd was fixed upstream in
SVN revision 35845. Use that and remove the dirty work-around.
See also:
https://gnunet.org/bugs/view.php?id=3805#c9201
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is definitely one of the ugliest things I ever got my
hands on. If it even did the job properly, but no, it tries
to install it's headers in /usr/include/curl collidings with
actual curl's headers. Fixed that by installing them into
/usr/include/gnurl instead. Now gnunet can use gnurl.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The single 'gnunet' package built should be further split up,
meta-packages for common use-cases should be added.
However, it's not too big to run on devices with 8MB of flash or more,
even in the current monolithic package.
Integration with procd and netifd is not yet implemented.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Building nfs-kernel-server with --enable-ipv6 requires not yet packaged
libtirpc, therfore unconditionally disable IPv6 support again for now.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
With upstream commit
https://git.kernel.org/cgit/network/ethtool/ethtool.git/commit/?id=875616dfcbe57ea0f639a20d85fcbad2172ad744
there is now an option to produce a smaller ethtool build which will
disable pretty printing (Ethernet drivers, SFP diagnostics...) for
platforms that do not need it.
Hook a menu configuration option to control that option. Build size
differences on ar71xx:
With:
-rw-r--r-- 1 florian florian 79K mai 23 10:43
bin/ar71xx/packages/packages/ethtool_3.18-1_ar71xx.ipk
Without:
-rw-r--r-- 1 florian florian 23K mai 23 10:43
bin/ar71xx/packages/packages/ethtool_3.18-1_ar71xx.ipk
Signed-off-by: Florian Fainelli <florian@openwrt.org>
* add a patch to fix a null pointer dereference in src/racoon/gssapi.c (CVE-2015-4047)
* refresh patches
* bumb release number
Signed-off-by: Nicolas Thill <nico@openwrt.org>
- Use netifd no_proto_task for notifying that xl2tpd does not have a
protocol task running.
- Use procd for xl2tpd service management.
- Refreshed 2xx patches to
- Prevent leftover regular type control result file.
- Allow xl2tpd run as foreground process while logging via syslog.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- bumped version
- removed dependency on `ip` package as routes are setup by netifd
if iproute2 is actually required, please depend on
`@(PACKAGE_ip||PACKAGE_ip-full)` instead of `ip`
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
gcc complains about atexit() being implicitely defined in
xl2tpd-control.c
Fix that by including stdlib.h in xl2tpd-control.c
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Yousong Zhou <yszhou4tech@gmail.com> made a couple of useful fixes
mostly for the xl2tpd-control tool which was broken.
imported them (patches/2*) here.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fix Makefile to force compression of tld_names.dat reported in OpenWrt Ticket 19597
* change default of retry_count to "0" (retry endless) suggested by Henning Schild
* updated tld_names.dat include changes until 07.05.2015
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
It used to require 1+ IPv4 addresses to start on Linux. Now it starts
up with 0 addresses (of any type), as netlink can provide us more
later. This way, no stupid restart loop with procd if it is racing
with netifd at startup.
Signed-off-by: Steven Barth <steven@midlink.org>
[RELEASE] Released version 1.5.12
Released version 1.5.12 with the following main changes :
- BUG/MINOR: ssl: Display correct filename in error message
- DOC: Fix L4TOUT typo in documentation
- BUG/MEDIUM: Do not consider an agent check as failed on L7 error
- BUG/MINOR: pattern: error message missing
- BUG/MEDIUM: pattern: some entries are not deleted with case insensitive match
- BUG/MEDIUM: buffer: one byte miss in buffer free space check
- BUG/MAJOR: http: don't read past buffer's end in http_replace_value
- BUG/MEDIUM: http: the function "(req|res)-replace-value" doesn't respect the HTTP syntax
- BUG/MEDIUM: peers: correctly configure the client timeout
- BUG/MINOR: compression: consider the expansion factor in init
- BUG/MEDIUM: http: hdr_cnt would not count any header when called without name
- BUG/MEDIUM: listener: don't report an error when resuming unbound listeners
- BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only
- BUG/MEDIUM: stream-int: always reset si->ops when si->end is nullified
- BUG/MEDIUM: http: remove content-length from chunked messages
- DOC: http: update the comments about the rules for determining transfer-length
- BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to HTTP/1.1
- BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad request
- BUG/MEDIUM: http: remove content-length form responses with bad transfer-encoding
- MEDIUM: http: restrict the HTTP version token to 1 digit as per RFC7230
- MEDIUM: http: add option-ignore-probes to get rid of the floods of 408
- BUG/MINOR: config: clear proxy->table.peers.p for disabled proxies
- MINOR: stick-table: don't attach to peers in stopped state
- MEDIUM: config: initialize stick-tables after peers, not before
- MEDIUM: peers: add the ability to disable a peers section
- DOC: document option http-ignore-probes
- DOC: fix the comments about the meaning of msg->sol in HTTP
- BUG/MEDIUM: http: wait for the exact amount of body bytes in wait_for_request_body
- BUG/MAJOR: http: prevent risk of reading past end with balance url_param
- DOC: update the doc on the proxy protocol
Signed-off-by: heil <heil@terminal-consulting.de>
seccomp is only supported on x86, amd64 and arm in tor.
This deactivated it currently completely which should close#935,
#1097, #1147 and #1161.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds a patch for ser2net, so that ser2net can be configured
to flash leds on serial traffic. This could -for example- be used
to have an activity indicator, like netdev trigger.
Internally, the linux kernel's 'transient' led trigger is used.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Updated the package to the latest upstream version.
Removed a patch that was merged upstream.
Bumped copyright notice to 2015.
Signed-off-by: Martin Rowe <martin.p.rowe@gmail.com>
This commit brings back Wifidog from the oldpackages
repository.
Changes:
* Wifidog version 1.2.1
* Add wifidog-tls package
* Init script uses procd
Signed-off-by: Michael Haas <haas@computerlinguist.org>
Inspired by OpenWrt Ticket System Ticket 9119
Python3 package currently marked as @BROKEN because no time for testing.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
As Hnyman noted in https://github.com/dtaht/ceropackages-3.10/issues/13
we carry a few unnecessary dependecies in sqm-scripts, so remove one of
them (iptables-mod-filter) as we neither use it nor plan to use it.
Signed-off-by: Sebastian Moeller <moeller0@gmx.de>
- update to latest version (v1.0.16)
- add license info
- add myself as maintainer
- install dev files the proper way in Build/InstallDev
- rename sctp package to libsctp
- add an sctp-tools package and an sctp transitional meta package
Signed-off-by: Nicolas Thill <nico@openwrt.org>
- [PATCH 3/9] BUG/MEDIUM: Do not consider an agent check as failed on
- [PATCH 4/9] BUG/MEDIUM: peers: correctly configure the client timeout
- [PATCH 5/9] BUG/MEDIUM: buffer: one byte miss in buffer free space
- [PATCH 6/9] BUG/MAJOR: http: don't read past buffer's end in
- [PATCH 7/9] BUG/MEDIUM: http: the function "(req|res)-replace-value"
- [PATCH 8/9] BUG/MINOR: compression: consider the expansion factor in
- [PATCH 9/9] BUG/MEDIUM: http: hdr_cnt would not count any header when
Signed-off-by: heil <heil@terminal-consulting.de>
* fix problem with lucihelper script reported in OpenWrt Ticket 19419
* rewritten split_FQDN fixing detection errors and using zcat
* updated tld_names.dat and .gz compressed to save space
* add LoopiaDNS (loopia.se) to services_ipv6
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
