aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* procd: procd_send_signal use signal namesKevin Darbyshire-Bryant2018-12-112-1/+5
| | | | | | | | | | | | Usage documentation for 'procd_send_signal' states "The signal is SIGHUP by default, and must be specified by NAME." Make actual behaviour match the stated documented behaviour. https://wiki.openwrt.org/inbox/procd-init-scripts Suggested-by: Jo-Philip Wich <jow@mein.io> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 37bb463daa21e2c97365c6543b2bfdfe673c5baa)
* rules.mk: fix syntax errorJo-Philipp Wich2018-11-291-1/+1
| | | | | | | | Fix broken assignment operator added in a previous commit. Fixes db73ec9f51 ("rules.mk: add INSTALL_SUID macro") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 1416b63dcbadbb5c11c2591b4513f5276b6dc744)
* rules.mk: add INSTALL_SUID macroJo-Philipp Wich2018-11-291-0/+1
| | | | | | | This is useful for packages that want to stage SUID executables. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit b0261ee5e9bcbc743960727b5aad1829250d1add)
* base-files: fix prerm return value, align with postinst codeTony Ambardar2018-11-291-5/+10
| | | | | | | | | | | | | | | | The return value of a package prerm script is discarded and not returned correctly by default_prerm(). This allows other operations like service shutdown to "leak" their return value, prompting workarounds like commit 48cfc826 which do not address the root cause. Preserve a package prerm script return value for use by default_prerm(), sharing the corresponding code from default_postinst() for consistency. Also use consistent code for handling of /etc/init.d/ scripts. Run Tested on: LEDE 17.01.4 running ar71xx. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 8806da86f5da3b1b1e4d24259d168e2219c01a26)
* sdk: find kernel modules when KDIR is a symlinkKarl Vogel2018-11-291-1/+1
| | | | | | | | | | | | The find statement would not return any results if the KDIR_BASE pointed to a symlink. Ran into this issue due to a custom Kernel/Prepare that was installing a symlink to the kernel directory. The extra slash at the end fixes this scenario and does no harm for targets that have a proper KDIR. Signed-off-by: Karl Vogel <karl.vogel@gmail.com> (cherry picked from commit ae980458abf8299d614f4b34add32e18d054378d)
* uhttpd: update to latest Git headJo-Philipp Wich2018-11-281-3/+3
| | | | | | | | | | | | | | | | | | cdfc902 cgi: escape url in 403 error output 0bba1ce uhttpd: fix building without TLS and Lua support 2ed3341 help: document -A option fa5fd45 file: fix CPP syntax error 77b774b build: avoid redefining _DEFAULT_SOURCE b741dec lua: support multiple Lua prefixes 952bf9d build: use _DEFAULT_SOURCE 30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods 796d42b client: flush buffered SSL output when tearing down client ustream 393b59e proc: expose HTTP Origin header in process environment 8109b95 file: escape strings in HTML output d3b9560 utils: add uh_htmlescape() helper db86175 lua: honour size argument in recv() Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uclient: update to latest Git headJo-Philipp Wich2018-11-241-3/+3
| | | | | | | 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)
* base-files: fix unkillable processes after restartLinus Kardell2018-11-221-0/+1
| | | | | | | | | | | | | | | | When restart is run on an init script, the script traps SIGTERM. This is done as a workaround for scripts named the same name as the program they start. In that case, the init script process will have the same name as the program process, and so when the init script runs killall, it will kill itself. So SIGTERM is trapped to make the init script unkillable. However, the trap is retained when the init script runs start, and thus processes started by restart will not respond to SIGTERM, and will thus be unkillable unless you use SIGKILL. This fixes that by removing the trap before running start. Signed-off-by: Linus Kardell <linus@telliq.com> (cherry picked from commit 2ac1a57677ce4e21513dca2a8efab1eb6e0a9c58)
* libubox: update to latest git HEADRafał Miłecki2018-11-161-3/+3
| | | | | | 4382c76 switch from typeof to the more portable __typeof__ Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: add 2 more recent changesRafał Miłecki2018-11-093-0/+112
| | | | | | | | | | First one is a fix for reporting channels to the user space. Important for users as they could try setting invalid channel and fail to start an interface. Later is a support for newer FullMAC chipset firmwares. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmutil: backport chanspec debugging patchRafał Miłecki2018-11-071-0/+83
| | | | | | It helps debugging possible WARN-ings. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport the latest 4.20 changesRafał Miłecki2018-11-073-0/+187
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b50f162b3cce3d95874e4394f4765413f58765f1)
* mac80211: brcmfmac: rename 4.20 backport patchesRafał Miłecki2018-11-073-0/+0
| | | | | | Include kernel version to help tracking changes. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: add iw command wrapper with error loggingRafał Miłecki2018-11-071-0/+4
| | | | | | | | | | | | | | | | | | | | | | Currently it's close to impossible to tell what part of mac80211 setup went wrong. Errors logged into system log look like this: radio0 (6155): command failed: No error information (-524) radio0 (6155): command failed: Not supported (-95) radio0 (6155): command failed: I/O error (-5) radio0 (6155): command failed: Too many open files in system (-23) With this commit change it's getting clear: command failed: No error information (-524) Failed command: iw dev wlan0 del command failed: Not supported (-95) Failed command: iw phy phy0 set antenna_gain 0 command failed: I/O error (-5) Failed command: iw phy phy0 set distance 0 command failed: Too many open files in system (-23) Failed command: iw phy phy0 interface add wlan0 type __ap Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit ffa80bf5a784a34b81e32144669f30560780bdb6)
* mac80211: brcmfmac: backport first important changes from the 4.20Rafał Miłecki2018-09-123-0/+170
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* LEDE v17.01.6: revert to branch defaultsHauke Mehrtens2018-09-025-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* LEDE v17.01.6: adjust config defaultsv17.01.6Hauke Mehrtens2018-09-025-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* grub2: rebase patchesJo-Philipp Wich2018-08-301-8/+4
| | | | | | | | | | Patch 300-CVE-2015-8370.patch was added without proper rebasing on the version used by OpenWrt, make it apply and refresh the patch to fix compilation. Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 9ffbe84ea49fc643f41bfdf687de99aee17c9154)
* bzip2: Fix CVE-2016-3189Rosen Penev2018-08-302-1/+12
| | | | | | | | | | | Issue causes a crash with specially crafted bzip2 files. More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)
* grub2: Fix CVE-2015-8370Rosen Penev2018-08-302-1/+45
| | | | | | | | | | | | This CVE is a culmination of multiple integer overflow issues that cause multiple issues like Denial of Service and authentication bypass. More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 7e73e9128f6a63b9198c88eea97c267810447be4)
* scripts: bundle-libraries: fix logic flawJo-Philipp Wich2018-08-301-7/+6
| | | | | | | | | | | | Previous refactoring of the script moved the LDSO detection into a file-not-exists condition, causing onyl the very first executable to get bundled. Solve the problem by unconditionally checking for LDSO again. Fixes: 9030a78a71 ("scripts: bundle-libraries: prevent loading host locales") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5ebcd32997b6d10abcd29c8795a598fdcaf4521d)
* scripts: bundle-libraries: prevent loading host locales (FS#1803)Jo-Philipp Wich2018-08-301-5/+21
| | | | | | | | | | | | | | Binary patch the bundled glibc library to inhibit loading of host locale archives in order to avoid triggering internal libc assertions when invoking shipped, bundled executables. The problem has been solved with upstream Glibc commit 0062ace229 ("Gracefully handle incompatible locale data") but we still need to deal with older Glibc binaries for some time to come. Fixes FS#1803 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 9030a78a716b0a2eeed4510d4a314393262255c2)
* kernel: bump kernel 4.4 to version 4.4.153Hauke Mehrtens2018-08-308-25/+25
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mt76: Fix mirror hashHauke Mehrtens2018-08-301-1/+1
| | | | | | | | | The mirror hash added in this commit was wrong. The file on the mirror server and the newly generated file from git have a different hash value, use that one. Fixes: 4b5861c47 ("mt76: update to the latest version") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dropbear: backport upstream fix for CVE-2018-15599Hans Dedecker2018-08-273-3/+224
| | | | | | | | | | CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: bump kernel 4.4 to version 4.4.151Hauke Mehrtens2018-08-221-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.4 to version 4.4.150Hauke Mehrtens2018-08-213-4/+4
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/e2fsprogs: update to 1.44.1Paul Wassi2018-08-211-2/+2
| | | | | | | Update e2fsprogs to upstream 1.44.1 (feature and bugfix release) Signed-off-by: Paul Wassi <p.wassi@gmx.at> (cherry picked from commit 8262179f4a007035a531bb913261f5f91115fad8)
* e2fsprogs: bump to 1.44.0Ansuel Smith2018-08-211-2/+2
| | | | | | | Fix compilation error Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (cherry picked from commit a9c00578b5c55357117db9dbbbd4e5652b9b4648)
* tools/e2fsprogs: Update to 1.43.7Rosen Penev2018-08-211-2/+2
| | | | | | | Compile tested on Fedora 27. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 08cc9a2ca8536e9808b60145cd0e10bdcfc98aca)
* tools/e2fsprogs: Update to 1.43.6Daniel Engberg2018-08-214-39/+2
| | | | | | | | | | | Update e2fsprogs to 1.43.6 * Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this is compiling on FreeBSD 11.1. * Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since March 31, 2017. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit ed617fd8f2f39e18ad435883db5b4100e6f7f977)
* tools/e2fsprogs: Update to 1.43.5Daniel Engberg2018-08-211-2/+2
| | | | | | | Update e2fsprogs to 1.43.5 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 8477d5454531a35306d57c123c89602fee71a07f)
* tools/e2fsprogs: Update to 1.43.4Daniel Engberg2018-08-212-5/+5
| | | | | | | | | | | | | | | * Update to 1.43.4 * Refresh patches * xz tarball which saves about 2M in size Changelog: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4 Tested by Etienne Haarsma (ar71xx), Daniel Engberg (kirkwood) Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com> Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Felix Fietkau <nbd@nbd.name> [use @KERNEL instead of harcoded URL] (cherry picked from commit 34ba64fe708e45b7c042e2d273e66d4ce03df4e3)
* Revert "tools/e2fsprogs: fix building on a glibc 2.27 host"Matthias Schiffer2018-08-212-54/+1
| | | | | | This reverts commit 58a95f0f8ff768b43d68eed2b6a786e0f40f723b. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* tools/bison: Update to 3.0.5Daniel Engberg2018-08-213-32/+10
| | | | | | | | Update bison to 3.0.5 Bugfix release Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mac80211: brcmfmac: fix compilation with SDIO supportRafał Miłecki2018-08-171-2/+12
| | | | | | | | | This fixes following error when compiling with CONFIG_BRCMFMAC_SDIO=y: drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c:1100:23: error: 'sdiod' undeclared (first use in this function) brcmf_dev_coredump(&sdiod->func1->dev); Fixes: 9d8940c5b92f ("mac80211: brcmfmac: backport important changes from the 4.18") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport patch setting WIPHY_FLAG_HAVE_AP_SMERafał Miłecki2018-08-168-2/+36
| | | | | | | It's an important hint for authenticator (e.g. hostapd) about hardware capabilities. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.19Rafał Miłecki2018-08-168-2/+472
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.18Rafał Miłecki2018-08-169-2/+393
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.16Rafał Miłecki2018-08-163-1/+74
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.15Rafał Miłecki2018-08-165-1/+100
| | | | | | | | Two more patches that may be worth backporting in the future: fdd0bd88ceae brcmfmac: add CLM download support cc124d5cc8d8 brcmfmac: fix CLM load error for legacy chips when user helper is enabled Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.14Rafał Miłecki2018-08-167-5/+250
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.13Rafał Miłecki2018-08-169-4/+259
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.12Rafał Miłecki2018-08-1614-5/+613
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport use-after-free fix from 4.11Rafał Miłecki2018-08-162-1/+62
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: group 4.11 backport patchesRafał Miłecki2018-08-166-0/+0
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.4 to version 4.4.148Hauke Mehrtens2018-08-154-73/+5
| | | | | | | | | | | The following patch was integrated upstream: * target/linux/generic/patches-4.4/005-ext4-fix-check-to-prevent-initializing-reserved-inod.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.5Hauke Mehrtens2018-08-102-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: fix some security problemsHauke Mehrtens2018-08-1012-45/+385
| | | | | | | | | | | | | | This fixes the following security problems: * CVE-2017-1000254: FTP PWD response parser out of bounds read * CVE-2017-1000257: IMAP FETCH response out of bounds read * CVE-2018-1000005: HTTP/2 trailer out-of-bounds read * CVE-2018-1000007: HTTP authentication leak in redirects * CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write * CVE-2018-1000121: LDAP NULL pointer dereference * CVE-2018-1000122: RTSP RTP buffer over-read * CVE-2018-1000301: RTSP bad headers buffer over-read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 04:20:02 +0000