Add missing syscalls found using `/etc/init.d/transmission trace`.
fix crash on adding torrent on x86_64 platform
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
zerotier as default has executable stack.
[ 11.343143] process '/usr/bin/zerotier-one' started with executable stack
executable stacks are not recommend, possibly provide a threat and there
seems to be no advantage of executable stack with zerotier-one - so let's
build it without instead.
Stack is executable on x86_64, but not on all archs, such as ramips.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit 56f30520f2)
This release breaks the noexit patch, because the code for removing old
now returns an error when no interfaces are configured. As it is run on
startup, the daemon exits in this case. To avoid this, add an additional
check so an error is only returned in an actual error case.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
(cherry picked from commit 9871979707)
* fix dns resolution not working on boot
* add hotplug-online script
* reorganizes files/ and Makefile to reflect files destinations
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 9a2c5ae18c)
Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 379946951c)
Removed 010-no-gtest.patch as upstream no longer detects it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 394cc366b3)
After OpenWrt base updated WolfSSL to version 5.6.3, the strongswan wolfssl
plugin fails to compile due to a header conflict.
The error reported by the builders is:
In file included from .../usr/include/wolfssl/openssl/asn1.h:27,
from .../usr/include/wolfssl/ssl.h:4123,
from wolfssl_common.h:64,
from wolfssl_ec_private_key.c:23:
../../../../src/libstrongswan/asn1/asn1.h:43:9: error: 'WOLFSSL_ASN1_STRING' redeclared as different kind of symbol
43 | ASN1_UTF8STRING = 0x0C,
| ^~~~~~~~~~~~~~~
In file included from wolfssl_common.h:64,
from wolfssl_ec_private_key.c:23:
.../usr/include/wolfssl/ssl.h:212:41: note: previous declaration of 'WOLFSSL_ASN1_STRING' with type 'WOLFSSL_ASN1_STRING'
212 | typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
| ^~~~~~~~~~~~~~~~~~~
make[9]: *** [Makefile:621: wolfssl_ec_private_key.lo] Error 1
Solve this issue by adding a local path that remaps `ASN1_UTF8STRING`
during wolfssl header inclusion, like it is done already for other
conflicting defines.
Ref: https://forum.openwrt.org/t/x/169580
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes#2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes#2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Add new option to a config bridge section to indicate
if a bridge port added to the bridge should be isolated
or not. The default is 0 (no isolation).
example
config bridge
option interface 'br-mybridge1446'
option mtu '1446'
option isolate '1' # default '0'
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit 49cdf15da4)
* fix validation for force_dns_port when missing in config
* fix validation for dns_instance when * or - are used
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit ad8aa084c1)
Update to v16.20.2
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 14th July.
* OpenSSL security advisory 19th July.
* OpenSSL security advisory 31st July
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
