This includes fixes for:
* CVE-2022-23772: math/big: Rat.SetString may consume large amount of
RAM and crash
* CVE-2022-23806: crypto/elliptic: IsOnCurve returns true for invalid
field elements
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit 69c53fcb6c)
The first-run command should create a new tvheadend configuration including an admin account with no name and no password, but it aborts (-A) too early without saving the files. I reported the bug here: https://tvheadend.org/issues/6140
This workaround fixes the problem by removing the tvheadend -A switch and replacing it with a 10s delay and a kill signal. That should be enough even for slow routers to generate and save the configuration. It is meant to be a temporary fix until tvheadend bug is resolved.
Signed-off-by: Marius Dinu <m95d+git@psihoexpert.ro>
The configuration for the ksmbd service is auto-generated when
the OpenWRT configuration changes, and also during startup,
hence ksmbd.init has to reload the kernel module. It does that by
calling kill_server, which does not perform cleanup. This results
in ksmbd being killed but not restarted properly during boot.
This patch resolves the issue by using stop_service, which performs
proper cleanup.
https://forum.openwrt.org/t/ksmbd-samba3-4-alternative-ex-cifsd-smbd-package-support-thread/51695/68
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
(cherry picked from commit 4af04cdc05)
Add AUTORELEASE as 19.07 compatibility is not needed.
Add dependency hacks and add comments.
Add upstream patch to get rid of FS_POSIX_ACL requirement.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit c732305ad3)
It has been imported as core package into OpenWrt repository. Its fdtget
is required by sysupgrade on U-Boot devices so it couldn't live in an
extra feed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c8d4c89daa)
Removed outdated `alterId` in sample config.
Updated geodata to latest version while at it.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit d8d261fe2d)
* consolidate dnsmasq config manipulation into one function
* more elegant code for PROCD data processing (Thanks @jow-!)
Signed-off-by: Stan Grishin <stangri@melmac.ca>
(cherry picked from commit 88265c4fb9)
With commit 385200443554 ("babeld: add add_interface function") babeld
has a new ubus function allowing to dynamically add an interface.
Before the add_interface function, we were required to reload babeld.
The reload influenced the babeld routing. However, the remove part is
still missing and will be added at a later stage.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 40b87aac95)
crowdsec rename the binary from crowdsec-firewall-bouncer to cs-firewall-bouncer
the initd need the correct binary name to start the process
the link for github source need also to be fixed (only the information one)
fix the BuildDate
updated copyright
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit d6b116cb43)
Nano is by default built as "tiny" with most features disabled.
That is suitable for basic tasks in routers with small flash.
Add a new nano-plus variant that enables selected additional
features in the build config:
* multiple files (multibuffer)
* Unicode/utf8
* justify
* .nanorc support
* help
* also some key bindings get enabled as "tiny" configure option
is removed.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 85cb71d8d8)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 912bb2c803)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
/etc/config is the default uci folder. Also marking it as
configuration file prevents overwriting it on updates.
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit abb33331e5)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Telegraf is a plugin-driven agent for collecting and sending metrics
and events. It supports various inputs (including prometheus
endpoints) and is able to send data into InfluxDB.
https://www.influxdata.com/time-series-platform/telegraf/
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
(cherry picked from commit 0781a15c93)
Signed-off-by: Jonathan Pagel <jonny_tischbein@systemli.org>
Backported upstream pending pull request to fix following error:
CMake Error at /foo/staging_dir/host/share/cmake-3.19/Modules/FindPackageHandleStandardArgs.cmake:218 (message):
Could NOT find CURSES (missing: CURSES_LIBRARY)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit eddbb64bc9)
Update to v14.18.3
January 10th 2022 Security Releases:
Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
Prototype pollution via console.table properties (Low)(CVE-2022-21824)
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 8278998e48)
The previous one was wrong, and it did not work. It could be checked
inside compiled package in control.tar.gz that there was missing
``conffiles`` file with content `/etc/config/tvheadend`
It is also possible to verify that the config is not overwritten on the router
by running ``opkg install tvheadend --force-reinstall``
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 752d1ffc28)
depend on libpcre2 instead of libpcre
also remove patches incorporated upstream into lighttpd 1.4.62
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
(cherry picked from commit ddecac45c8)
Add flag "--lookup-default-namespace" to signal that wg-installer should
look already established wireguard sessions in the default namespace.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 94efdcf02a)
Hauke Mehrtens