| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Stanislav Izmalkov <izstas@live.ru>
|
|\
| |
| | |
nftables: version bump to 0.6
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Use release tarball instead of fetching the sources from git and drop
disable-doc-generation patch as running autoreconf is more expensive
than generating the docs should the required tools be found on the build
host.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Also use release tarballs instead of fetching the sources from git.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
|\ \
| | |
| | | |
firewall version bump to 2016-11-06 and xt_id removal
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This extension was added specifically for use by firewall3. Since
firewall-2016-11-06 no longer uses it remove it before it finds other
creative uses.
Should there already be such a use-case outside of OpenWrt I suggest to
package this extension properly a la xtables-addons instead.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This version fixes loading of extensions for users of musl as it no
longer relies on undefined behaviour wrt dlclose. There is also a fix
which allows to build firewall without patched kernel headers when using
musl.
Another major feature is support for iptables-1.6.0 and vanilla iptables
in general.
Last but not least firewall no longer depends on the "in-house" iptables
extension xt_id and uses xt_comment instead for tracking its own rules.
For other changes consult the commit log.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Commit 3a01d0ee2b991c8c267620e63a4ab47cd8c30cc4 upstream
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
|/
|
|
|
|
|
|
| |
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
|\
| |
| | |
add tpm support
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds kernel support for tpm's providing:
* kmod-tpm - tpm framework
* kmod-tpm-i2c-infineon - infineon i2c 1.2 spec tpm
* kmod-random-tpm - tpm backed rng
Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Abhijit Mahajani <Abhijit.Mahajani@imgtec.com>
|
| |
| |
| |
| | |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
|
| |
| |
| |
| | |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
|
| |
| |
| |
| | |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
|
|/
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
|
|
|
|
|
|
|
| |
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
|
|
|
|
|
|
|
| |
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
|
|
|
|
|
|
|
| |
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
|
|
|
|
| |
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
|
|\
| |
| | |
openssl: update to 1.0.2j
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* (Severity: Moderate) Missing CRL sanity check (CVE-2016-7052)
* 10 Low severity issues
Security advisories:
https://www.openssl.org/news/secadv/20160922.txt
https://www.openssl.org/news/secadv/20160926.txt
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
|\|
| |
| | |
xtables-addons update, drop sched_getcpu from perf
|
| |
| |
| |
| |
| |
| | |
Fixes broken btrfs support in 4.12
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |
| |
| |
| |
| |
| |
| | |
upstream change: 8ee4646038e47d065d35703e3e343136c4cd42aa
fixes dependency w. Kernel 4.6
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
| |
| |
| |
| |
| | |
Current musl already provides sched_getcpu
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |
| |
| |
| | |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- fix compilation w. Kernel 4.6 due to
hash->shash crypto API
- remove a patch integrated upstream
- remove unrecognized configure option
removed upstream in 2010
commit 40d0345f1ed02de183b13a6ce38847bc1f4ac48e
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
|/
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49373 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|\
| |
| | |
full Netgear Nighthawk R7800 support
|
| |
| |
| |
| |
| |
| | |
It's not clear if the error is in file naming in firmware repository or in the driver, so fix it here for now.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
|
| |
| |
| |
| | |
Signed-off-by: Roman Yeryomin <roman@advem.lv>
|
| |
| |
| |
| |
| |
| | |
add kernel package to build squashfs as module when it's not the root filesystem
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
|
| |
| |
| |
| | |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
| |
| |
| |
| |
| |
| |
| | |
tools/env/fw_env.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
|
| |
| |
| |
| |
| |
| | |
Update libgmp to 6.1.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
| |
| |
| |
| |
| | |
Fixes a long standing design issue in handling of delayed triggers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes duplicate ubiblock entries being listed and improves
find_mount_point to also match against a block device's
major:minor numbers (needed e.g. for /dev/root).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
| |
| |
| | |
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
| |
| |
| |
| |
| |
| | |
* adds support for ACL mount flags
* adds vfat fsck support
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
the recent fixes to make mount_root work during failsafe caused lots of
unwanted side effects. use the new preinit sentinel file to detect if
we are in preinit. this will also work if logged in via ssh.
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
| |
| |
| | |
Signed-off-by: John Crispin <john@phrozen.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
old size:
iperf3_3.0.11-1_mips_34kc_dsp.ipk 30147
new size:
iperf3_3.1.3-1_mips_34kc_dsp.ipk 33640
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
old size:
iperf_2.0.8-1_mips_34kc_dsp.ipk 27911
new size:
iperf_2.0.9-1_mips_34kc_dsp.ipk 28681
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changelog: https://www.wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html
old size:
libcyassl_3.9.0-1_mips_34kc_dsp.ipk 147552
new size:
libcyassl_3.9.6-1_mips_34kc_dsp.ipk 150087
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://curl.haxx.se/changes.html
old sizes:
libcurl_7.49.0-1_mips_34kc_dsp.ipk 97569
curl_7.49.0-1_mips_34kc_dsp.ipk 37925
new sizes:
libcurl_7.50.0-1_mips_34kc_dsp.ipk 97578
curl_7.50.0-1_mips_34kc_dsp.ipk 38017
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We add an 'httpauth' section type that contains the options:
prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue
httpauth section names are given included as list
items to the instances to which they are to be applied.
Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf
Signed-off-by: Daniel Dickinson <openwrt@cshore.thecshore.com>
|
|
|
|
|
|
| |
adds support for the Linksys WRT1900ACSv2 and WRT1200ACv2
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
|
|
|
|
| |
Signed-off-by: Mike Qin <Fengling.Qin@gmail.com>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|