The newly added $(COMMITCOUNT) variable was wrongly increased by plus
one. The addition should have been only added to $(AUTORELEASE) as
OpenWrt traditionally starts counting at one rather than zero.
$(AUTORELEASE) counts the commits since the last bump, which is zero on
the version bump commit itself.
This commit increases $(AUTORELEASE) by one while leaving $(COMMITCOUNT)
as is.
The base-files package is the only package using $(COMMITCOUNT) so far
and requires a pseudo commit to keep the PKG_RELEASE correct. A non
functional change (Copyright bump) is done in the next commit.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Certificate signature algorithm was being set after call to
`wc_MakeCert`, resulting in a mismatch between specified signature in
certificate and the actual signature type.
Signed-off-by: Jeffrey Elms <jeff@wolfssl.com>
[fix commit subject, use COMMITCOUNT]
Signed-off-by: Paul Spooren <mail@aparcar.org>
GCC 5.1 changed the std::string ABI in order to properly support C++11.
For compatibility with libraries compiled with the older ABI, that is,
linking between old-abi.so and new-abi.bin, both ABIs are enabled. In
terms of OpenWrt, all packages are compiled with the same toolchain,
which means these issues do not need to be handled.
Most importantly, this results in a significant size reduction of
libstdpp:
Before:
450794 bytes
After:
327752 bytes
Tested with all OpenWrt packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use the latest stable kernel since the previous 5.8.x series is EOL.
Also drop the following patches recently accepted upstream:
* 001-libbpf-ensure-no-local-symbols-counted-in-ABI-check.patch
* 002-libbpf-fix-build-failure-from-uninitialized-variable.patch
* 003-bpftool-allow-passing-BPFTOOL_VERSION-to-make.patch
* 004-v5.9-bpftool-use-only-ftw-for-file-tree-parsing.patch
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The config setting was renamed to CONFIG_KPROBE_EVENTS.
Fixes: 97d3f800a8 ("config: kernel: Add KPROBE_EVENTS config option)
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
dnsmasq v2.83 has a bug in handling duplicate queries which means it may
try to reply using the incorrect network socket. This is especially
noticeable in dual stack environments where replies may be mis-directed to
IPv4 addresses on an IPv6 socket or IPv6 addresses on an IPv4 socket.
This results in system log spam such as:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol
dnsmasq v2.84test3 resolves these issues.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.
The package does not seem to have a maintainer.
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is a helpful utility, but it does not have any dependencies
in this repository. Move it to packages feed.
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Nick Hainke <vincent@systemli.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Removed restriction of displaying model name for 32 bit tasks only.
Because of this Processor details were not displayed in
"System setting -> Details" in Ubuntu model name display is generic
and can be printed for 64 bit also.
model name : ARMv8 Processor rev X (v8l)
Signed-off-by: Sumit Gupta <sumitg@nvidia.com>
Link: https://lore.kernel.org/lkml/1472461345-28219-1-git-send-email-sumitg@nvidia.com/
Reported-by: AmadeusGhost <amadeus@jmu.edu.cn>
Tested-by: AmadeusGhost <amadeus@jmu.edu.cn>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
(backport from 68692453e2)
Use `$(AUTORELEASE)` variable rather than setting a PKG_RELEASE
on every commit manually.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
The newly added `$(COMMITCOUNT)` varialbe allows automatic versioning
based on the number of Git commits of a package. Replace *tedious to
bump* and *merge conflict causing* `PKG_RELEASE` and replace it with
`$(COMMITCOUNT)`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
The lack of bumped PKG_RELEASE variables is a recurring theme on the
mailing list and in GitHub comments. This costs precious review time,
a rare good within the OpenWrt project.
Instead of relying on a manually set PKG_RELEASE this commit adds a
`commitcount` function that uses the number of Git commits to determine
the release. The function is called via the variables `$(AUTORELEASE)`
or `$(COMMITCOUNT)`. The `PKG_RELEASE` variable can be set to either of
the two.
- $(AUTORELEASE):
Release is automagically set to the number of commits since the last
commit containing either ": update to " or ": bump to ".
Example below:
$ git log packages/foobar/
foobar: fixup file location
foobar: disable docs
foobar: bump to 5.3.2
foobar: fixup copyright
Resulting package name: foobar_5.3.2-3_all.ipk, two package changes
since the last upstream version change, using a 1 based counter.
- $(COMMITCOUNT):
For non-traditional versioning (x.y.z), most prominent `base-files`,
this variable contains the total number of package commits.
The new functionality can also be used by other feeds like packages.git.
In case no build information is available, e.g. when using release
tarballs, the SOURCE_DATE_EPOCH is used to have a reproducible release
identifier.
Suggested-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This package is not needed in base. It will be imported in the packages
feed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This package is not needed in base. It will be imported in the packages
feed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This makes it a little easier to figure out which options to choose.
Signed-off-by: Rogan Dawes <rogan@dawes.za.net>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
The "cidr_contains6" functions clones the given cidr. The contains4
does not clone the cidr. Both functions do not behave the same.
I see no reason to push the cidr. I think that we get only a negligible
performance gain, but it makes ipv4 and ipv6 equal again.
Signed-off-by: Nick Hainke <vincent@systemli.org>
