kmod-br-netfilter is not only a support module, but can be useful on its
own, using the net.bridge.bridge-nf-call-* sysctls.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Non-selecting dependencies easily lead to Kconfig failures due to recursive
dependencies. We hit such an issue in Gluon; the easiest fix is to make
the dependency selecting.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
RFC6771 does not exclude the forwarding of the example domain as it
states : "Caching DNS servers SHOULD NOT recognize example names as
special and SHOULD resolve them normally."
Example domains cannot be assigned to any user or person by DNS
registrars as they're registered in perpetuity to IANA meaning
they can be resolved; therefore let's remove the example domains
from the rfc6761.conf file.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once
ace6489 switch from typeof to the more portable __typeof__
Signed-off-by: Felix Fietkau <nbd@nbd.name>
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Bug fix release. 1.28.3 has fixes for
* ash and hush (do not leave stray open file destriptors in children),
* cpio (fix for symlink extraction),
* grep ("grep -Fw a" was matching "aa").
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
74b5a3 script: fix possible negative delay
473f248 dhcpv6: always trigger script update in case of IA updates
ea18935 ra: rework route information option handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Some packages are already using $(1)/var on package install.
On multiuser systems this breaks the build when multiple
users build OpenWrt.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This reverts commit 4fb684a755.
The compile fixes are still required for host systems using GCC 5.x,
such as Ubuntu 16.04 LTS.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
It's intentional that some boards within a target don't have all LEDs
which are tried to be setup in a common script. Don't show a warning in
such cases.
Fixes: 4f4fc993db ("base-files: add more name source to get_dt_led helper function")
Signed-off-by: Mathias Kresin <dev@kresin.me>
It seems both issues (GCC5 and Musl) were fixed at some point. Thus, they can be dropped.
Did not bump version as there is no change in functionality or size.
Compile-tested on ar71xx and mvebu, both with musl.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
flash_erase utility allows to erase MTD partitions on NAND flash.
Useful when you want to clean or write an MTD partition from scratch.
e.g., before using kobs-ng to flashing SPL images it's recommended
to erase the MTD partition to ensure it's empty.
Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
Update busybox to 1.28.2, refresh patches and default config.
* modify 230-add_nslookup_lede.patch as opt_complementary was removed
Also move nslookup_longopts variable declaration to be inside
the same conditional as the function itself.
* modify 250-date-k-flag.patch to match upstream (opt_complementary)
* remove 600-cve-2017-16544.patch that is upstreamed
Notes about config changes:
* Some applet-specific LONG_OPTIONS config options were removed
* Config help text indentation changed, caused lots of
text formatting changes for convert_menuconfig.pl
* convert_defaults.pl moved lots of defaults around, summary of
actual changes below
New applets/features:
---------------------
ARCH
HEXEDIT
MINIPS
NETCAT
NUKE
RESUME
RUN_INIT
SETFATTR
New options:
------------
FEATURE_CATN
FEATURE_CROND_SPECIAL_TIMES
FEATURE_LIBBUSYBOX_STATIC
FEATURE_SETPRIV_CAPABILITIES
FEATURE_SETPRIV_CAPABILITY_NAMES
FEATURE_SETPRIV_DUMP
FEATURE_SH_READ_FRAC
FEATURE_SWAPONOFF_LABEL
FEATURE_VOLUMEID_MINIX
FEATURE_XARGS_SUPPORT_ARGS_FILE
FEATURE_XARGS_SUPPORT_PARALLEL
HUSH_GETOPTS
HUSH_READONLY
HUSH_TIMES
Removed:
--------
FEATURE_HAVE_RPC
MSH
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This Adds fixes for the following security problems based on debians patches:
CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
CVE-2017-12163: Server memory information leak over SMB1
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
CVE-2018-1050: Denial of Service Attack on external print server.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes some minor security problems.
Old size:
162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk
New size:
163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This release brings various improvements to clearfog support, such as distro-boot.
Obsoletes:
0002-clearfog-reset-usom-onboard-1512-phy.patch
0003-clearfog-enable-distro-boot-code.patch
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
CONFIG_* variables can easily be set by overriding Build/Configure.
so set NET_RANDOM_ETHADDR=y and CMD_SETEXPR=y here.
This replaces the following patches:
0001-clearfog-generate-random-MAC-address.patch
0004-clearfog-enable-setexpr-command-by-default.patch
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Wave-1 firmware has a fix for 'addba' not finding the peer. Thanks to Hauke
for finding and reporting this.
Wave-2 firmware has a fix for leaking a peer multicast key when a monitor device
is created.
And I re-ordered the '4019' firmware images in the Makefile to match the order
of the others. No functional change for that reorder.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
This reverts commit 745d0e7f4b.
It looks like upstream don't want the patch so let's revert it here too.
I hope a fix from upstream is forthcoming.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Fix psidlen becomes negative in case embedded address bit lenght is smaller than
IPv4 suffix length.
While at it improve parameter checking making the code more logical and
easier to read.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
opkg currently has some issues with Provides and this change makes the
image builder fail because of that. Revert the change for now until opkg
is fixed
This reverts commit 092d75aa3e.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Changes since last version
dfb68f8 service: initialize supplementary group ids
3db4e6d service: add func for string config change check
c3faabe procd: get rid of putenv usage.
The supplementary group id change fixes FS#988
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
replaced by commit 114f2830d
Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.
For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5d2bf09 uci: fix a potential use-after-free in uci_set()
3b3d63e list: only record ordering deltas if element position changed
4c4d343 cmake: Fix cli shared linking against ubox
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Improve portability of init script by declaring resolvfile as local
in dnsmasq_stop function.
Fixes resolvfile being set for older busybox versions in dnsmasq_start
in a multi dnsmasq instance config when doing restart; this happens when
the last instance has a resolvfile configured while the first instance
being started has noresolv set to 1.
Base on a patch by "Phil"
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Cake in kernel space now splits stats structure handling across netlink
messages to reduce stack usage issue flagged by upstream kernel checks.
Update user space (tc) qdisc handling to understand this new regime.
Cake also reports packet overheads & compensation in a different way so
add display code for this. e.g.
'tc -s qdisc show dev eth0' reports this extra detail:
min/max transport layer size: 28 / 1500
min/max overhead-adjusted size: 65 / 1550
average transport hdr offset: 14
Cake also supports output in JSON format.
Patch is bulkier than before because a (slightly out of date - see above
stats) man page is included for reference. Better than nothing!
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>