Pcre (1) is unmaintained and reached its end of life in 2021.
The base system provides pcre2 exclusively since May.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 379946951c)
Removed 010-no-gtest.patch as upstream no longer detects it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 394cc366b3)
After OpenWrt base updated WolfSSL to version 5.6.3, the strongswan wolfssl
plugin fails to compile due to a header conflict.
The error reported by the builders is:
In file included from .../usr/include/wolfssl/openssl/asn1.h:27,
from .../usr/include/wolfssl/ssl.h:4123,
from wolfssl_common.h:64,
from wolfssl_ec_private_key.c:23:
../../../../src/libstrongswan/asn1/asn1.h:43:9: error: 'WOLFSSL_ASN1_STRING' redeclared as different kind of symbol
43 | ASN1_UTF8STRING = 0x0C,
| ^~~~~~~~~~~~~~~
In file included from wolfssl_common.h:64,
from wolfssl_ec_private_key.c:23:
.../usr/include/wolfssl/ssl.h:212:41: note: previous declaration of 'WOLFSSL_ASN1_STRING' with type 'WOLFSSL_ASN1_STRING'
212 | typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING;
| ^~~~~~~~~~~~~~~~~~~
make[9]: *** [Makefile:621: wolfssl_ec_private_key.lo] Error 1
Solve this issue by adding a local path that remaps `ASN1_UTF8STRING`
during wolfssl header inclusion, like it is done already for other
conflicting defines.
Ref: https://forum.openwrt.org/t/x/169580
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is a security and bug fix release.
Security:
- CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2
messages with the same message ID, but then never respond to the PUBREC
commands.
- CVE-2023-0809: Fix excessive memory being allocated based on malicious
initial packets that are not CONNECT packets.
- CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a
will message that contains invalid property types.
- Broker will now reject Will messages that attempt to publish to $CONTROL/.
- Broker now validates usernames provided in a TLS certificate or TLS-PSK
identity are valid UTF-8.
- Fix potential crash when loading invalid persistence file.
- Library will no longer allow single level wildcard certificates, e.g. *.com
Bugfixes of note or relevance to OpenWrt:
- Fix bridges with non-matching cleansession/local_cleansession being expired
on start after restoring from persistence. Closes#2634.
Client library:
- Use CLOCK_BOOTTIME when available, to keep track of time. This solves the
problem of the client OS sleeping and the client hence not being able to
calculate the actual time for keepalive purposes. Closes#2760.
Full changelog available at: https://github.com/eclipse/mosquitto/blob/v2.0.16/ChangeLog.txt
plus: https://github.com/eclipse/mosquitto/blob/v2.0.17/ChangeLog.txt
(2.0.17 fixes regressions from the 2.0.16 release)
Signed-off-by: Karl Palsson <karlp@tweak.au>
Add new option to a config bridge section to indicate
if a bridge port added to the bridge should be isolated
or not. The default is 0 (no isolation).
example
config bridge
option interface 'br-mybridge1446'
option mtu '1446'
option isolate '1' # default '0'
Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit 49cdf15da4)
* fix validation for force_dns_port when missing in config
* fix validation for dns_instance when * or - are used
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit ad8aa084c1)
Update to v16.20.2
This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 14th July.
* OpenSSL security advisory 19th July.
* OpenSSL security advisory 31st July
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Includes fix for CVE-2023-29409 (crypto/tls: verifying certificate
chains containing large RSA keys is slow).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* fix permission to dnsmasq files for ad-blocking
* add pause function to pause the ad-blocking temporarily
* introduce pause_timeout option to control default pause time
* update default config and config-update file
* use $param instead of $1 in adb_start()
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit dea274cc33)
