Add a new variable TARGET_INIT_PATH which holds the default $PATH variable
value configured in menuconfig.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
While technically required by the RFC, they are usually completely
unused (DSA), or have security issues (3DES, CBC)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.
Signed-off-by: Steven Barth <steven@midlink.org>
The dm9601 driver expects to receive a single encapsulated ethernet
frame from the device in one URB transfer, and it provides an URB
buffer of length 1,522 to receive it. This is not a round multiple
of USB transfer packets.
The device in question [1] provides a stream of such frames and it
does not conveniently slice them up as the dm9601 driver expects. We
can end up with 1,536 (0x600) bytes returned by the device in response
to the URB request. This may include several encapsulated ethernet
frames, and/or fragments thereof.
It seems to me that the kernel 'Oops' arises because the dwc_otg driver
does not notice that the destination buffer is too small to receive the
full 1,536 bytes. Comparing dwc_otg's update_urb_state_xfer_comp with
dwc2's dwc2_update_urb_state is suggestive.
More details: https://github.com/raspberrypi/linux/issues/1045
All Credits to: https://github.com/mw9
Signed-off-by: Marian Hello <marian.hello@gmail.com>
Reviewed-by: Zoltan HERPAI <wigyori@uid0.hu>
Patch 610- is updated as check_entry helper was killed in 3.18.37
Fixes CVE-2016-5195 (dirtycow)
Compile-tested on ar71xx, mxs, sunxi, imx6
Runtime-tested on ar71xx (PB42)
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
This change also reflect relocation of upstream project which has been
moved to OpenWrt GitHub organization.
Signed-off-by: Hrvoje Varga <hrvoje.varga@sartura.hr>
This fixes memory leaks, some possible crashes and bug that could cause
WARNING on every add_key/del_key call. It also replaces WARNING with
a simple message. They may still occur e.g. on station going out of
range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
To work correctly hostapd requires wireless driver to allow interfaces
removal. It was working with brcmfmac only partially. Firmware for
BCM43602 got some special hack (feature?) that allowed removing all
interfaces by disabling mbss mode. It wasn't working with BCM4366
firmware and remaining interfaces were preventing hostapd from starting
again.
Those patches add support for "interface_remove" firmware method which
works with BCM4366 firmware and they make it finally possible to use
BCM4366 & brcmfmac & multiple interfaces.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
- Expose supported HT rate information in info call
- Zero out ccode buffer when listing countries
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Jo-Philipp Wich
Hans Dedecker
Hannu Nyman
Felix Fietkau
Alexandru Ardelean
Steven Barth
Zoltan HERPAI
Marian Hello
Gad Krumholz
Matthias Schiffer
Shaleen Jain
Jing Lin
Imre Kaloz
Luka Perkov
Hrvoje Varga
Jo-Philipp Wich
Rafał Miłecki
John Crispin
Hauke Mehrtens