Add a new variable TARGET_INIT_PATH which holds the default $PATH variable
value configured in menuconfig.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
While technically required by the RFC, they are usually completely
unused (DSA), or have security issues (3DES, CBC)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.
Signed-off-by: Steven Barth <steven@midlink.org>
kernel.org now suggests a different mirror address. this one also
support IPv6 connections and was faster for me.
Backport from trunk's 1f9e25d.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
A copy paste error that got fixed in Linux 4.6 and backported to stable
kernels. As armada-385-linksys.dtsi wasn't upstreamed yet for 3.18 fix
the local copy to enable the usb2 portion of the combo port for
armada-385 based Linksys devices.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Fix Chaos Calmer revision numbering. CC has been stuck at r49389 since
the final move to Github as revision number evaluation has still been
based on git-svn-id that is not found in the new original Github commits.
So the revision has been stuck at last svn commit in June.
This patch
* copies the git revision logic from master and uses v15.05.1 tag
as the base. As the last commit with a known svn revision 49389 was
cb4f071 with tag+135, use 49254 as the adjustment. That produces
r49461 for the current 8a1f7c9
* removes the useless svn evaluation (similarly as in master).
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The dm9601 driver expects to receive a single encapsulated ethernet
frame from the device in one URB transfer, and it provides an URB
buffer of length 1,522 to receive it. This is not a round multiple
of USB transfer packets.
The device in question [1] provides a stream of such frames and it
does not conveniently slice them up as the dm9601 driver expects. We
can end up with 1,536 (0x600) bytes returned by the device in response
to the URB request. This may include several encapsulated ethernet
frames, and/or fragments thereof.
It seems to me that the kernel 'Oops' arises because the dwc_otg driver
does not notice that the destination buffer is too small to receive the
full 1,536 bytes. Comparing dwc_otg's update_urb_state_xfer_comp with
dwc2's dwc2_update_urb_state is suggestive.
More details: https://github.com/raspberrypi/linux/issues/1045
All Credits to: https://github.com/mw9
Signed-off-by: Marian Hello <marian.hello@gmail.com>
Reviewed-by: Zoltan HERPAI <wigyori@uid0.hu>
Patch 610- is updated as check_entry helper was killed in 3.18.37
Fixes CVE-2016-5195 (dirtycow)
Compile-tested on ar71xx, mxs, sunxi, imx6
Runtime-tested on ar71xx (PB42)
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Steven Barth
Jo-Philipp Wich
Hans Dedecker
Hannu Nyman
Felix Fietkau
Alexandru Ardelean
Steven Barth
Hauke Mehrtens
Zoltan Herpai
Matthew McClintock
Ralph Sennhauser
Marian Hello
Gad Krumholz
Matthias Schiffer
Shaleen Jain
Jing Lin
Imre Kaloz
Luka Perkov
Hrvoje Varga
Jo-Philipp Wich
Rafał Miłecki