All the computationally expensive stuff is in the libraries, not the
package itself.
Saves several kilobytes.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit a5e7d0a904)
- Fixes CVEs:
CVE-2019-12519
CVE-2019-12520
CVE-2019-12521
CVE-2019-12523
CVE-2019-12524
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12528
CVE-2019-12529
CVE-2019-12824
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2020-8449
CVE-2020-8450
CVE-2020-11945
CVE-2020-14058
CVE-2020-15049
- Remove patch for cross-compilation
The patch should not be included in the OpenWrt at all without any
commit message/description.
Is not needed and there should be used HOST variables instead of BUILD variables (e.g.
HOSTCXX)
However, the BUILDCXX is set in Makefile to HOSTCXX
- Renumber glibc patch and refresh it
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 3401e29aa7)
Two patches were backported to fix issue openwrt/packages#12737
0002-compat-Fix-ipv6_dst_lookup-build-error.patch
0003-compat-Backport-ipv6_stub-change.patch
One was deleted as it is now part of 2.11.3
0005-datapath-conntrack-fix-include-for-IP6_DEFRAG_CONNTR.patch
Other patches refreshed
Reported-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
If the status file is not found then set then return the value unknown.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit e30f16beef)
Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address. With this change, the any family will work
again.
I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
(cherry picked from commit 5147dfc73a)
An interface can have both a /64 and a /128 from a provider.
In such a case, use the address from the /64 to do the ping check, not
the /128.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
(cherry picked from commit 49cf5eac5c)
Add alternative to busybox nslookup. Busybox throws an error when
the host does not have an AAAA record.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
(cherry picked from commit 4cb5aa57fd)
As miniupnpd is running as root, libcap can be used to limit its
capabilities.
libcap is very small, so this isn't a problem.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ba49c96808)
(switched to use libcap as -ng is not available)
Use the newly introduced configure script.
Use PKG_INSTALL for consistency between packages.
Use PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2b5028458e)
If miniupnpd is installed but disabled or not running, the hotplug
script will query uci for keys that don't exist and grep a temporary
config file that doesn't exist, resulting in the following errors:
uci: Entry not found
grep: /var/etc/miniupnd.conf: No such file or directory
These would arise when an interface is brought up or down, and are
more confusing than helpful, especially when miniupnpd is disabled.
Suppress these errors.
Signed-off-by: David Ehrmann <ehrmann@gmail.com>
(cherry picked from commit 6ef2b5400b)
The existing interface selection/detection code was incomprehensible at
worst and convoluted at best. The uci config file suggested it
understood an external ipv6 interface but in reality the init script
took no notice. Re-work it so it is at least comprehendible and takes
notice of ipv6 interface details if specified.
Update the hotplug script to use the same interface selection/detection
code as the init script and take note of ipv6 interface selection, only
restarting miniupnpd on interface up events and only if that interface
isn't already known (for that ip class) by miniupnpd.
For me this has solved numerous 'flaky' startup problems, especially
with regard to ipv6.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 295d77943c)
Error was:
The domain 'example.com' seems to have a ECC cert already, please add '--ecc' parameter if you want to use that cert.
Signed-off-by: David Yang <mmyangfl@gmail.com>
