openwrt/upstream - upstream openwrt

	Commit message (Collapse)	Author	Age	Files	Lines
*	dropbear: bump to 2019.77	Konstantin Demin	2019-03-25	1	-23/+22
\| \| \| \| \| \| \| \| \| \| \| \| \|	- drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
*	dropbear: backport upstream fix for CVE-2018-15599	Hans Dedecker	2018-08-24	1	-2/+2
\| \| \| \| \| \| \| \| \| \|	CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
*	dropbear: bump to 2017.75	Kevin Darbyshire-Bryant	2017-05-21	1	-14/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
*	dropbear: bump to 2015.68	Steven Barth	2015-09-02	1	-2/+2
\| \| \| \| \| \|	Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 46769
*	dropbear: update to 2014.63	Felix Fietkau	2014-03-29	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Upstream changelog: https://matt.ucc.asn.au/dropbear/CHANGES This adds elliptic curve cryptography (ECC) support as an option, disabled by default. dropbear mips 34kc uClibc binary size: before: 161,672 bytes after, without ECC (default): 164,968 after, with ECC: 198,008 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> SVN-Revision: 40297
*	packages: sort network related packages into package/network/	Felix Fietkau	2012-10-10	1	-0/+91
	SVN-Revision: 33688