Changed source URL to github (faster/geo-redundancy).
build: x86_64
run tested: x86_64
```
# radiusd -v
radiusd: FreeRADIUS Version 3.2.7, for host x86_64-openwrt-linux-gnu, built on Apr 18 2025 at 00:10:48
FreeRADIUS Version 3.2.7
```
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Trying to compile with GCC14 will fail on compiler sanity check with:
configure:1056:1: error: return type defaults to 'int' [-Wimplicit-int]
1056 | main(){return(0);}
| ^~~~
This is due to GCC14 not allowing implicit integer types anymore[1].
So, patch configure to avoid this and make it compile with GCC14.
Proper fix would be to use autoreconf to rebuild configure but configure.in
is completely outdated and would likely be more broken when regenerated.
[1] https://gcc.gnu.org/gcc-14/porting_to.html#implicit-int
Signed-off-by: Robert Marko <robimarko@gmail.com>
gnutls and nettle are already required for NTS. Enable their use for
authentication with non-MD5 symmetric keys as the SECHASH feature
printed by the configure script.
Also drop the --enable,nts (typo) configure option. It's enabled by
default.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
The 'snmp' extension module uses net-snmp as library, but fails
to detect whether the library uses openssl when cross-compiling.
Pass the according autoconf variables as hint - net-snmp is not
using openssl at the moment as defined in the Makefile.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
ack would always set a return code of 1 if -c was used. Now it properly
returns 1 if no files match, and 0 if any files match.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The existing config sections were anonymous, implying multiple can
coexist. Those are now named so that only one shall exist.
Added:
- smoothtime (in case of large frequency offsets)
- systemclock parameters
- logchange (increase awareness of clock drift in syslog)
- maxsources (for peers; internal default: 4)
- prefer (one server over others)
- interleave (xleave - more accurate transmit timestamps - good to have)
Refactored handle_allow() to handle 'list interface' instead of option.
Then only a single section is required.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Small issues with sample configureation caused services not to start
or flood log with errors.
Signed-off-by: Antonio Pastor <antonio.pastor@gmail.com>
In a previous commit (0b12bee) hostname was added to
snmpd.init. To track changes in system, the init file
needs to add 'system' to the trigger.
Therefore it is added in this commit.
Fixes: 0b12bee66a ("net-snmp: set hostname as sysname")
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Fix compilation with gcc 14 by applying the -std=c17 flag, as suggested
by lededev in 2d3f68cc8c (commitcomment-153860241)
(also -c23 seems to work ok with gcc14, but that seems to break gcc13)
Remove the previous autoreconf fix attempt.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* add an uci-defaults script for housekeeping and option migration from former versions
* small fixes and improvements
Signed-off-by: Dirk Brenken <dev@brenken.org>
Commit 07b6eec21f doesn't work at least
now, because package.mk initializes the variables to the default
values. You have to modify the variable after including package.mk.
Signed-off-by: Kazuhiro Ito <kzhr@d1.dion.ne.jp>
pupnp_project:pupnp is a better CPE ID than libupnp_project:libupnp as
this CPE ID has the latest CVEs from 2021 (whereas
libupnp_project:libupnp only has CVEs up to 2020):
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3🅰️pupnp_project:pupnp
Fixes: 299e5b0a9b (treewide: add PKG_CPE_ID for better cvescanner coverage)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
This is a new major release. It breaks protocol compatibility with the
0.23.x versions.
Please be aware that Git master is thus henceforth (and has been for a
while) INCOMPATIBLE with the 0.23.x GNUnet network, and interactions
between old and new peers will result in issues.
In terms of usability, users should be aware that there are still a
number of known open issues in particular with respect to ease of use,
but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny and thus unlikely to provide good
anonymity or extensive amounts of interesting information.
As a result, the 0.24.1 release is still only suitable for early
adopters with some reasonable pain tolerance.
v0.24.1:
- Fix crash in libgnunetpq when Postgresql database was restarted
- Add configure and make functionality for new meson build
(https://www.gnu.org/prep/standards/html_node/Configuration.html)
v0.24.0:
- Meson is new default build system
- JSON: split off libgnunetmhd from libgnunetjson, renaming various
GNUNET_JSON_-symbols to GNUNET_MHD_-. Removes dependency of
libgnunetjson on libmicrohttpd
OpenWrt package maintainer note:
Meson build is not yet fit for use in OpenWrt's cross build system.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This package fails to build without defining libmvme as a DEPENDS.
Package lvm2 is missing dependencies for the following libraries:
libnvme.so.1
Build system: x86/64
Build-tested: x86/64
Run-tested: x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
This commit updates boost to version 1.88.0
New libraries in this release:
* Hash2 [2]: An extensible hashing framework, from Peter Dimov and
Christian Mazakas.
* MQTT5 [3]: MQTT5 client library built on top of Boost.Asio, from Ivica
Siladić, Bruno Iljazović, and Korina Šimičević.
More info about Boost 1.88.0 can be found at the usual place [1].
[1]: https://www.boost.org/users/history/version_1_88_0.html
[2]: https://www.boost.org/libs/hash2/
[3]: https://www.boost.org/libs/mqtt5/
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Replace using the tar ball version with the actual upstream version in
PKG_VERSION for packaging, and move tar ball version to PKG_SRC_VERSION.
Suggested-by: Paul Donald <newtwen+github@gmail.com>
Suggested-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: George Sapkin <george@sapk.in>
$overtime has been used since swanctl.init was added in f9d91f1f47.
However, there's no need for it to be global. Make it local like the
other config variables to avoid polluting the global namespace and make
the code easier to reason about.
Fixes: f9d91f1f47 ("strongswan: migrate to swanctl configs")
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
When support for send_cert was added in 4b9453b9a4, the $send_cert
variable was inadvertently global. Make it local to avoid polluting the
global namespace and make the code easier to reason about.
Fixes: 4b9453b9a4 ("strongswan: Add support for send_cert option")
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC##3248)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rosen Penev