| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
|
|
| |
(static)linking errors with current openssl-1.0.*
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
|
| |
|
|
| |
Signed-off-by: George Giannou <giannoug@gmail.com>
|
| |
|
|
|
|
|
| |
This reverts commit d932a867e9445a54e49ecbff4e07bb2d1d0197be as this
changes has not been reviewed and must be reverted.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
Includes refreshed patches.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
|
| |\
| |
| | |
net-tools: add netstat utiltiy
|
| | |
| |
| |
| |
| |
| | |
Some user may want or need the full fuctionality of the netstat tool.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |\ \
| | |
| | | |
stunnel: update to version 5.72
|
| | |/
| |
| |
| | |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| | |
| |
| |
| | |
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`EVP_CIPHER_CTX_cipher()` function was deprecated in OpenSSL 3.0.
As per OpenSSL's recommendation (https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_CTX_get0_cipher.html)
switch to using `EVP_CIPHER_CTX_get0_cipher()` instead.
With this change and recent commit to nginx-util #23935. We should now
be able to build nginx + modules with fully compliant calls to OpenSSL
3.0+ with legacy features disabled.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/packages/pull/24005
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |\ \
| | |
| | | |
ocserv: set ipcalc explicitly
|
| |/ /
| |
| |
| |
| |
| |
| | |
This is a mandatory tool for the test suite, but we do not run it.
Fixes compilation.
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DropBear's dropbearkey tool is compatible with OpenSSH
ssh-keygen.
It was set by default as the /usr/bin/ssh-keygen program since
the PR https://github.com/openwrt/openwrt/pull/14174
Now if a user need for a full ssh-keygen the openssh-keygen package
should substitute it gracefully as an alternative.
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
Link: https://github.com/openwrt/packages/pull/22861
[ wrap to 80 columns ]
Link: https://github.com/openwrt/packages/pull/22861
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
|
| |
|
|
|
|
| |
Update speedtest-go version to 1.7.0
Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>
|
| |
|
|
|
|
|
| |
* fix a processing race condition
* it's now possible to disable the icmp/syn/udp safeguards in pre-routing - set the threshold to '0'.
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For the InstallDev target, the pkg-config should point to the glib2 host
tools for glib_compile_resources, gdbus_codegen, glib_genmarshal and
glib_mkenums instead of pointing to the targets ones as they are
unusable by the host machine (due to crosscompiling)
Fix the pkg-config to reference the host tools by replaying the entry
and use the prefix_hostpkg variable provided by our pkg-config.
Link: https://github.com/openwrt/packages/pull/23881
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |\
| |
| | |
gensio: add patch with workaround for buildbots (refs #24047)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This should solve the issue found on the buildbots:
-snip-
...
checking consistency of all components of python development environment... yes
./configure: line 24172: test: =: unary operator expected
checking for pam_start in -lpam... (cached) no
...
-snap-
For still unknown reason, AX_PYTHON_DEVEL from the included
m4 file is not used which would set the variable the correct way.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
| |/
|
|
|
|
|
| |
- Switch back to .gz tarball
- Replace local bootstrap cache hack with upstreamed option
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
| |
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| |
|
|
|
|
|
| |
MQTT code refactoring has been done since 3.5.0 that
mqtt.so no longer exists.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
| |
|
|
|
|
| |
Newer version of meson do not allow empty arguments.
Signed-off-by: Federico Capoano <f.capoano@openwisp.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
5e2d15a110bb treewide: remove tip_mode
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
ef0f5291365b uspot/uspotfilter: implement disconnect_delay
92d3356d3fb3 update README
Update the package Makefile to reflect the changes from the following
above-listed commit:
e2dbdef4cf1e treewide: rename spotfilter -> uspotfilter
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
|
| |
|
|
|
|
| |
Update nano editor to version 8.0
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
|
|
| |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
| |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
| |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
|
| |
This is a Command Line Interface (CLI) and pure Go API to
test internet speed using speedtest.net. Its upstream is
https://github.com/showwin/speedtest-go
Signed-off-by: TeleostNaCl Dai <teleostnacl@gmail.com>
|
| |\
| |
| | |
Docker: Update to 26.1.0
|
| | |
| |
| |
| |
| |
| | |
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | |
| |
| |
| |
| |
| | |
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| | |
* Explicitly list GO_PKG_INSTALL_EXTRA
* Removed unnecessary GO lang variables
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |/
|
|
| |
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All patches automatically refreshed.
The most important changes are two "medium" CVEs fixed in GnuTLS 3.8.4:
- CVE-2024-28834 / GNUTLS-SA-2023-12-04
A vulnerability was found that the deterministic ECDSA code leaks
bit-length of random nonce which allows for full recovery of the
private key used after observing a few hundreds to a few thousands of
signatures on known messages, due to the application of lattice
techniques.
The issue was reported in the issue tracker as [#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516).
- CVE-2024-28835 / GNUTLS-SA-2024-01-23
When validating a certificate chain with more then 16 certificates
GnuTLS applications crash with an assertion failure.
The issue was reported in the issue tracker as [#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527) and [#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525).
Augmented copy/extract from upstream's NEWS file since GnuTLS 3.8.3:
- Version 3.8.5 (released 2024-04-04)
- libgnutls: Due to majority of usages and implementations of
RSA decryption with PKCS#1 v1.5 padding being incorrect,
leaving them vulnerable to Marvin attack, the RSAES-PKCS1-v1_5
is being deprecated (encryption and decryption) and will be
disabled in the future. A new option `allow-rsa-pkcs1-encrypt`
has been added into the system-wide library configuration which
allows to enable/disable the RSAES-PKCS1-v1_5. Currently, the
RSAES-PKCS1-v1_5 is enabled by default.
- libgnutls: Added support for RIPEMD160 and PBES1-DES-SHA1 for
backward compatibility with GCR.
- libgnutls: A couple of memory related issues have been fixed in RSA PKCS#1
v1.5 decryption error handling and deterministic ECDSA with earlier
versions of GMP. These were a regression introduced in the 3.8.4
release. See [#1535](https://gitlab.com/gnutls/gnutls/-/issues/1535) and [!1827](https://gitlab.com/gnutls/gnutls/-/merge_requests/1827).
- build: Fixed a bug where building gnutls statically failed due
to a duplicate definition of `nettle_rsa_compute_root_tr()`.
- API and ABI modifications:
- `GNUTLS_PKCS_PBES1_DES_SHA1`: New enum member of `gnutls_pkcs_encrypt_flags_t`.
- Version 3.8.4 (released 2024-03-18)
- libgnutls: RSA-OAEP encryption scheme is now supported
To use it with an unrestricted RSA private key, one would need to
initialize a `gnutls_x509_spki_t` object with necessary parameters
for RSA-OAEP and attach it to the private key. It is also possible
to import restricted private keys if they are stored in PKCS#8
format.
- libgnutls: Fix side-channel in the deterministic ECDSA.
Reported by George Pantelakis ([#1516](https://gitlab.com/gnutls/gnutls/-/issues/1516)).
[GNUTLS-SA-2023-12-04, CVSS: medium] [CVE-2024-28834]
- libgnutls: Fixed a bug where certtool crashed when verifying a certificate
chain with more than 16 certificates. Reported by William Woodruff ([#1525](https://gitlab.com/gnutls/gnutls/-/issues/1525))
and yixiangzhike ([#1527](https://gitlab.com/gnutls/gnutls/-/issues/1527)).
[GNUTLS-SA-2024-01-23, CVSS: medium] [CVE-2024-28835]
- libgnutls: Compression libraries are now loaded dynamically as needed
instead of all being loaded during gnutls library initialization.
As a result, the library initialization should be faster.
- build: The gnutls library can now be linked with the static library
of GMP. Note that in order for this to work libgmp.a needs to be
compiled with -fPIC and libhogweed in Nettle also has to be linked
to the static library of GMP. This can be used to prevent custom
memory allocators from being overriden by other applications.
- API and ABI modifications:
- `gnutls_x509_spki_get_rsa_oaep_params`: New function.
- `gnutls_x509_spki_set_rsa_oaep_params`: New function.
- `GNUTLS_PK_RSA_OAEP`: New enum member of `gnutls_pk_algorithm_t`.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
|
| |
|
|
| |
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
|
| |
|
|
|
|
|
| |
* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If building with the project external toolchain, the gcc check
fails to set the correct value for TUNE_FLAG to allow the min
supported SSSE3 compiler support test to pass. This patch hacks
the file to set to the correct value.
Links to upstream bug reports:
https://github.com/openwrt/openwrt/issues/15216
https://github.com/intel/hyperscan/issues/431
Build system: x86/64 (build system toolchain and x86/64 w/ external toolchain (18-Apr-2024 snapshot)
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne
Signed-off-by: John Audia <therealgraysky@proton.me>
|