| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
conntrack-tools: bump to 1.4.4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".
See also: https://git.netfilter.org/arptables/log/
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |\
| |
| | |
nftables: version bump to 0.6
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Use release tarball instead of fetching the sources from git and drop
disable-doc-generation patch as running autoreconf is more expensive
than generating the docs should the required tools be found on the build
host.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This extension was added specifically for use by firewall3. Since
firewall-2016-11-06 no longer uses it remove it before it finds other
creative uses.
Should there already be such a use-case outside of OpenWrt I suggest to
package this extension properly a la xtables-addons instead.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version fixes loading of extensions for users of musl as it no
longer relies on undefined behaviour wrt dlclose. There is also a fix
which allows to build firewall without patched kernel headers when using
musl.
Another major feature is support for iptables-1.6.0 and vanilla iptables
in general.
Last but not least firewall no longer depends on the "in-house" iptables
extension xt_id and uses xt_comment instead for tracking its own rules.
For other changes consult the commit log.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
|
| |
|
|
|
|
|
| |
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
|
| |
|
|
|
|
|
| |
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
|
| |
|
|
|
|
|
| |
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
|
| |
|
|
| |
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- fix compilation w. Kernel 4.6 due to
hash->shash crypto API
- remove a patch integrated upstream
- remove unrecognized configure option
removed upstream in 2010
commit 40d0345f1ed02de183b13a6ce38847bc1f4ac48e
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
| |
old size:
iperf3_3.0.11-1_mips_34kc_dsp.ipk 30147
new size:
iperf3_3.1.3-1_mips_34kc_dsp.ipk 33640
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
old size:
iperf_2.0.8-1_mips_34kc_dsp.ipk 27911
new size:
iperf_2.0.9-1_mips_34kc_dsp.ipk 28681
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://curl.haxx.se/changes.html
old sizes:
libcurl_7.49.0-1_mips_34kc_dsp.ipk 97569
curl_7.49.0-1_mips_34kc_dsp.ipk 37925
new sizes:
libcurl_7.50.0-1_mips_34kc_dsp.ipk 97578
curl_7.50.0-1_mips_34kc_dsp.ipk 38017
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add an 'httpauth' section type that contains the options:
prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue
httpauth section names are given included as list
items to the instances to which they are to be applied.
Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf
Signed-off-by: Daniel Dickinson <openwrt@cshore.thecshore.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Quote hostname and vendorid variables in dhcp script so they can
hold strings having white spaces
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
Move logging command line option to uci:
option verbose [0]/1/2 - mono-syllabic/verbose/noisy
Previously handled as 'OPTIONS' in .init script however variable
was ignored so never worked.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.
Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.
In order to fix the issue ...
- remove the use of the -nostartfiles linker flag
- rename the init procedures to a generic name without implicit semantics
- explicitely annotate those init procedures as constructors
The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
| |
Following fixes are included in the latest version:
-Script is launched with incorrect action
-Possible buffer overflows
-Lots of minor bugfixes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Report the translated error to the user if a get/set netlink operation failed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
| |
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Fixes CVE-2016-4476 and few possible memory leaks.
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
* fixes loopback handling
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.
[Edit: files modified in previous commit were removed from the list.]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
|
| |
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data
Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
removed upstream in
https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f
now its always on
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
|
|
| |
Signed-off-by: Bert Vermeulen <bert@biot.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.
Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.
Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.
Signed-off-by: Bert Vermeulen <bert@biot.com>
|
| |
|
|
|
|
|
| |
Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl
'poll.h' location warning.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
- remove crypto auth compile fix
curl changelog of 7.46 states its fixed
- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package
tested on ar71xx w. curl/mbedtls/wolfssl
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49388 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49379 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
| |
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.
Signed-off-by: Bert Vermeulen <bert@biot.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49359 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
