Maintainer: @neheb / @BKPepe / @zhanhb
Compile tested: ipq806x, generic, netgear_r7800, master
Run tested: ipq806x, generic, netgear_r7800, openwrt-19.07
Description:
Squid now only support HTTPS proxy in TCP tunnel mode (e.g. `ssl_bump splice all`):
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
ssl_bump splice all
In order to operate in SSL Bump mode, we need to compile with `--enable-ssl-crtd` for following configuration:
https_port 3128 ssl-bump tls-cert=/etc/squid/squid.pem generate-host-certificates=on
sslcrtd_program /usr/lib/squid/security_file_certgen -s /car/cache/squid/ssl_db -M 4MB
ssl_bump stare all
ssl_bump bump all
This PR switch the `SQUID_enable-ssl-crtd` into `default y`, therefore default enable SSL Bump mode.
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
Added a patch to remove BUILDCXXFLAGS. For some reason, TARGET_CXXFLAGS
are leaking.
Removed custom Build/Compile section. There's already PKG_INSTALL.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- Fixes CVEs:
CVE-2019-12519
CVE-2019-12520
CVE-2019-12521
CVE-2019-12523
CVE-2019-12524
CVE-2019-12525
CVE-2019-12526
CVE-2019-12527
CVE-2019-12528
CVE-2019-12529
CVE-2019-12824
CVE-2019-12854
CVE-2019-13345
CVE-2019-18676
CVE-2019-18677
CVE-2019-18678
CVE-2019-18679
CVE-2020-8449
CVE-2020-8450
CVE-2020-11945
CVE-2020-14058
CVE-2020-15049
- Remove patch for cross-compilation
The patch should not be included in the OpenWrt at all without any
commit message/description.
Is not needed and there should be used HOST variables instead of BUILD variables (e.g.
HOSTCXX)
However, the BUILDCXX is set in Makefile to HOSTCXX
- Renumber glibc patch and refresh it
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This replaces the use of uci_validate_section() with
uci_load_validate(), which removes the need to declare local variables
for every config option.
This also removes some unnecessary curly brackets.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
Simple bump from 4.3 to 4.4
Changelog since 4.3:
netdb not saving to disk (#311)
Fix memory leak when parsing SNMP packet (#313)
Fix several windows build issues (#309)
Certificate fields injection via %D in ERR_SECURE_CONNECT_FAIL (#306)
Allow compilation with minimal OpenSSL (#281)
Fixed %USER_CA_CERT_xx and %USER_CERT_xx crashes (#301)
Improve const correctness for hash_link (#300)
Bug #4893: Malformed %>ru URIs for CONNECT requests (#299)
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
Added some help to the choice of TLS library in menuconfig, taken from
the squid release notes.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Copy mime.conf to temporary directory so squid process can properly read the file. Without it squid cannot access mime.conf and throws a warning during startup.
Signed-off by: Adam Gensler <openwrt@a.gnslr.us>
- fix build error reported by buildbot by disabling krb5
- libcom_err from krb5 is used - configure output:
configure: WARNING: library 'com_err' is required for Heimdal Kerberos
- krb5 has its own libcom_err (see krb5 package) with its own symbols
- linking with wrong libcom_err from libext2fs produces errors during
libgssapi_krb5.so: undefined reference to `error_message@com_err_3_MIT'
libgssapi_krb5.so: undefined reference to `remove_error_table@com_err_3_MIT'
libgssapi_krb5.so: undefined reference to `add_error_table@com_err_3_MIT'
-> remove libext2fs dependency (wasnt working anyway - no PKG_BUILD_DEP)
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Change `sys/signal.h` include to just `signal.h`. The build otherwise fails
due to `-Werror` with the following message:
In file included from rfcnb-io.c:43:0:
.../staging_dir/toolchain-mipsel_mips32_gcc-4.8-linaro_musl-1.1.10/include/sys/signal.h:1:2: error: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/signal.h> to <signal.h>
^
cc1: all warnings being treated as errors
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Rosen Penev