| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2211ee0037764e1c6b1576fe7a0975722cd4acdc)
|
| |
|
|
|
|
|
|
|
|
|
| |
Allows discovery without having to use NetBIOS. Useful for mobile devices.
Could eventually throw nbmd away. But that requires Windows 10...
Tested on Fedora 28 with avahi-discover.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 499773f8efe3357a2076c75c503ebcb42e41dbe6)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.
It will generate an extra /etc/ethers-opkg when it has changed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d810d44e5a88e7ed5a72f8cd39fc57639aa6dbd0)
|
| |
|
|
|
|
|
| |
Update mwlwifi to 10.3.8.0-20180810
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e1a1add5178b6a943c6272776ba3af06b3f953a8)
|
| |
|
|
|
|
|
|
|
| |
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(backported from 03e5dcbf10b1f67a463735efd8db3386f91473fd)
|
| |
|
|
|
|
|
|
|
|
| |
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from dfee452713e6b3c10aafc6174f8087a920b54402)
|
| |
|
|
|
|
|
|
|
| |
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from ec28d2797c1bff4a3a97e54fee648cc56185839a)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.
Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(backported from 78b5764fd8a3c133f0caf170238242b32a97105b)
|
| |
|
|
|
|
|
|
|
|
|
| |
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2e02fdb3637c7a0320d230a3232d61e874c1e4d1)
|
| |
|
|
|
|
|
|
|
| |
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from 33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)
|
| |
|
|
|
|
|
|
|
| |
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from fdd6c556ab42d040efcc92a53149e3f8ec357f69)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.
Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.
Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a27de701b0250b06302350d25dc514e1b488dc59)
|
| |
|
|
|
|
|
|
| |
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(backported from 20346a63f69bbb919ffdf29bc2e77496d01719e3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.
Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.
Move easyrsa from /usr/sbin to /usr/bin as root is not needed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from f1bef0596fd2a983386c778a94486782bd272e27)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko
Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(backported from c762817c9211f439c5da6ea30b6ed828c9861c4f)
|
| |
|
|
|
|
|
| |
support in kernel
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2b637e5ab8ae24ff4176930f259dce195983d7ea)
|
| |
|
|
|
|
|
|
| |
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.
Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(backported from 72489ebeb65fd1e1d77e8d9fbe105827a98dbf03)
|
| |
|
|
|
| |
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from b4d4e4ceb56825033dd4c8e401e9250ae5042a99)
|
| |
|
|
|
| |
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)
|
| |
|
|
|
|
|
|
| |
It is insecure to let this type of packets inside
They can e.g. open ports on some other routers with UPnP, etc
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from c128371124ce4d197a5fbc00e42b58e9d82c571e)
|
| |
|
|
|
|
|
|
|
| |
[0-3](none, minimal[default], more, maximum)
It is not 100% backward compatible, because now 0 disables logging
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from 7a6b2badfa56cfd833d64f113398198f71fd896e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!
How Raspberry Pi boots Actualy?
When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
a) display Rainbow splash.
b) read firmware configuration file config.txt and
split the RAM using fixup.dat.
c) loads a cmdline.txt
d) enables the CPU.
e) loads the kernel image configurable via config.txt
In your target/linux/brcm2708/image/config.txt
493 ## kernel (string)
494 ## Alternative name to use when loading kernel.
495 ##
496 #kernel=""
it is not configured!
But in your target/linux/brcm2708/image/Makefile
75 KERNEL_IMG := kernel8.img
76 DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img
GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode
But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.
Оbviously the kernel has been found.
But something goes wrong and the device is restarted.
In your package/kernel/brcm2708-gpu-fw/Makefile
11 PKG_NAME:=brcm2708-gpu-fw
12 PKG_VERSION:=2017-08-08
13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.
In conclusion, the best way to solve the problem is
to update the boot loader!
Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!
cheers
Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
(backported from c335649629e641209a3539209defffeea090ad8f)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from f0ac9afe695ed297caf093f02144b2adf04bca87)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Restarting service sysctl echos multiple errors like:
sysctl: -e: No such file or directory
After the first filename, all remaining arguments are treated
as files.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from 4c4288728611d334efb777b74e737e1f98e0dc1b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add each variant to the matching PROVIDERS variables after evaluating
the respective hostapd*, wpad* and wpa* variant.
Each package providing the same feature will automatically conflict with
all prior packages providing the same feature.
This way we can handle the conflicts automatically without introducing
recursive dependencies.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 3838b16943c6021e3ff06d5733df890408ad7158)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Move common variables and/or values to the package (variant) default.
Add additional values in variant packages if necessary. Remove further
duplicates by introducing new templates.
Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the
same as the variables without the any prefix. No need to maintain both
variables.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 8af8ceb1c8558a6f25c50cb68b87a3a3425f3417)
|
| |
|
|
|
|
|
|
|
|
| |
Increase the termination timeout to 15s to let OpenVPN properly tear down
its connections, especially when weak links or complex down scripts are
involved.
Fixes FS#859.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 28d3a1b54b6726a0a93477d75d09a25f74ee361f)
|
| |
|
|
|
|
|
| |
get compiled
Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from d8d2133c35c9c9b410e16cdebe878acd0da6382f)
|
| |
|
|
|
|
|
|
|
|
| |
48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from afac2a2dd67502ef8bd9799f328fa2e3b39292b1)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
The Gentoo GitHub mirror went down. One benefit of Fedora's usb.ids file
is that it's versioned.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from f23271f3b4f54d1e5ddf7b85786f9a30f38409ad)
|
| |
|
|
|
|
|
|
| |
This was causing issues recently as samba36 is not API compatible with the
libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 1f2612a4ddbb83af0c6daf3719ab74c3b7db6590)
|
| |
|
|
|
|
|
|
|
| |
The return value of the function isn't used anywhere.
Fixes missing return value, CID 1329717.
Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from b06c447c5f66fd13078327bda3d885d48e2c0e42)
|
| |
|
|
|
|
|
|
| |
Fix CID 1330844
Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from e37ad4e5ca2e70387656da81704ee4d4589c6d70)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.
Fixes: FS#1123
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 52a9edb1bfaf51c250a33303beacba95dd1dbc05)
|
| |
|
|
|
|
|
|
|
|
| |
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.
Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(backported from ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4)
|
| |
|
|
|
| |
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from c4aadbdaf69bad3fbb3ef54601a3629ba24a6e9b)
|
| |
|
|
|
|
|
|
|
| |
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from c6e50075f245b076b57f3f87b5401764a2e11b92)
|
| |
|
|
|
| |
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(backported from ccc728a0e2a7c9717d3d1bcc59f0462e9dbed01e)
|
| |
|
|
|
| |
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 1ee98fdef3d6d71c1b0b3b120a9e24ac4b93c94f)
|
| |
|
|
|
| |
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)
|
| |
|
|
|
|
|
|
|
|
|
| |
It avoids confusing situations like:
> Could not get image magic
> Image check failed.
> Upgrade completed
> Rebooting system...
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from 5b2e20807d2b38de1cc4185d15bb4320b8bd743a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.
_newselect(4, [3], NULL, NULL, ...)
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
Signed-off-by: Denton Gentry <denny@geekhold.com>
(backported from a84962ea35e4e97f1c4a42f2eac0242cc2cbd879)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1bbe813db0bb8dc65b8ed7740cf7f35a81b8ba0e)
|
| |
|
|
|
|
|
|
|
|
|
| |
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from 91b5b2e20d531584918c62a6c6cd046f0580f50a)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
3.4 is mainly a bug fix/maintenance release.
3KB increase in ipk lib size on mips.
Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 1ee5051f202f600d854bcf939ba4ee37f057ace2)
|
| |
|
|
|
|
|
|
|
|
|
| |
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation
Fixes openwrt/packages#6152
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 191078e83d127f5ed9a38366d2edaac49f9333c5)
|
| |
|
|
|
|
|
|
|
| |
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 7a20c7a05d52f9bb3c82742098457bfbed869a8a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.
It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.
This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c49680a5fe713d0e2caaf072789f70e68d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.
The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.
3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported and squashed from
27eab4fa578d696ab55b6264a1b35fad6488b664,
d0fbe1956b3b9f07b6dcb54a8ed43a4904581e1d,
e191c7ee797c8b3458eb9791212a56b16febeeb4)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 987900f2de76e6d292e55aa068c39b03f79c8812)
|
