| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
| |
old size:
iperf3_3.0.11-1_mips_34kc_dsp.ipk 30147
new size:
iperf3_3.1.3-1_mips_34kc_dsp.ipk 33640
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
old size:
iperf_2.0.8-1_mips_34kc_dsp.ipk 27911
new size:
iperf_2.0.9-1_mips_34kc_dsp.ipk 28681
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://curl.haxx.se/changes.html
old sizes:
libcurl_7.49.0-1_mips_34kc_dsp.ipk 97569
curl_7.49.0-1_mips_34kc_dsp.ipk 37925
new sizes:
libcurl_7.50.0-1_mips_34kc_dsp.ipk 97578
curl_7.50.0-1_mips_34kc_dsp.ipk 38017
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add an 'httpauth' section type that contains the options:
prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue
httpauth section names are given included as list
items to the instances to which they are to be applied.
Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf
Signed-off-by: Daniel Dickinson <openwrt@cshore.thecshore.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Quote hostname and vendorid variables in dhcp script so they can
hold strings having white spaces
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
| |
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
Move logging command line option to uci:
option verbose [0]/1/2 - mono-syllabic/verbose/noisy
Previously handled as 'OPTIONS' in .init script however variable
was ignored so never worked.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.
Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.
In order to fix the issue ...
- remove the use of the -nostartfiles linker flag
- rename the init procedures to a generic name without implicit semantics
- explicitely annotate those init procedures as constructors
The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
| |
Following fixes are included in the latest version:
-Script is launched with incorrect action
-Possible buffer overflows
-Lots of minor bugfixes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
| |
Report the translated error to the user if a get/set netlink operation failed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
| |
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
Fixes CVE-2016-4476 and few possible memory leaks.
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
* fixes loopback handling
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.
[Edit: files modified in previous commit were removed from the list.]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
|
| |
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data
Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
removed upstream in
https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f
now its always on
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
|
|
| |
Signed-off-by: Bert Vermeulen <bert@biot.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.
Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.
Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.
Signed-off-by: Bert Vermeulen <bert@biot.com>
|
| |
|
|
|
|
|
| |
Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl
'poll.h' location warning.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
- remove crypto auth compile fix
curl changelog of 7.46 states its fixed
- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package
tested on ar71xx w. curl/mbedtls/wolfssl
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49388 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49379 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
| |
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.
Signed-off-by: Bert Vermeulen <bert@biot.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49359 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
| |
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49338 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
| |
options
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49333 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
| |
Make sending a DHCP release configurable when the client exits allowing to clean up
IP/mac state info in intermediate devices.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49332 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
|
| |
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49331 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
| |
Let DHCP client send a release when it exists so the DHCP server is
informed the IP address is released and allowing to clean up IP/mac
state info in intermediate devices.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49321 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
| |
Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading
to unexpected policy rule precedence.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49320 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49274 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49273 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
| |
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49272 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
| |
Add support for the command line utility nstat displaying network statistics
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49271 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
| |
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49252 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
| |
Fixes build with /bin/sh pointing to certain versions of dash (for example
on Void Linux).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49218 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49199 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49197 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
