Skip to content
Snippets Groups Projects
  1. Feb 15, 2017
  2. Feb 13, 2017
  3. Feb 12, 2017
  4. Feb 11, 2017
  5. Feb 10, 2017
  6. Feb 09, 2017
  7. Feb 08, 2017
  8. Feb 06, 2017
    • Hauke Mehrtens's avatar
      tcpdump: update to version 4.9.0 · 985c90d1
      Hauke Mehrtens authored
      
      This fixes the following 41 security problems:
       + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
       + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
       + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
       + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
       + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
       + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
       + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
       + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
       + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
       + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
       + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
       + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
       + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
       + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
       + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
       + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
       + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
       + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
       + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
       + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
       + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
       + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
       + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
       + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
       + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
       + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
       + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
       + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
            buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
            lightweight resolver protocol, PIM).
       + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
       + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
       + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
       + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
       + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
       + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
       + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
       + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
            OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
            print-ether.c:ether_print().
       + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
       + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
       + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
       + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
       + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
      
      The size of the package is only incread very little:
      new size:
      306430 tcpdump_4.9.0-1_mips_24kc.ipk
      130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk
      
      old size:
      302782 tcpdump_4.8.1-1_mips_24kc.ipk
      129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk
      
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      985c90d1
  9. Feb 05, 2017
  10. Feb 03, 2017
  11. Feb 01, 2017
    • Hannu Nyman's avatar
      ccache, samba36: fix samba.org addresses to use https · eaf3fef9
      Hannu Nyman authored
      
      samba.org has started to enforce https and
      currently plain http downloads with curl/wget fail,
      so convert samba.org download links to use https.
      
      Modernise links at the same time.
      
      Also convert samba.org URL fields to have https.
      
      Signed-off-by: default avatarHannu Nyman <hannu.nyman@iki.fi>
      eaf3fef9
    • Eric Luehrsen's avatar
      dnsmasq: make DHCPv6 viable for standalone dnsmasq install · 9525743c
      Eric Luehrsen authored
      
      dnsmasq has sufficient services to meet the needs of DHCP
      and RA with IP6 for single router router users. This is
      the most common use for consumer routers. Its reenforced
      as most ISP tend to only DHCP-PD /64. dnsmasq has year
      over year demonstrated great flexibility in its option
      set, and support for off-standard DHCP clients.
      
      odhcpd has enhanced capabilities focused on IP6 such
      as DHCP/RA relay and NDP proxy. However, it is not as
      flexible in its option set. odhcpd is not as forgiving
      with off-standard DHCP clients. Some points may represent
      a long term TODO list, but it is the state currently.
      
      These changes make any such combination possible. Already
      odhcpd can be set as the main dhcp server. Now odhcpd
      can be removed or disabled and dnsmasq will take over
      if DHCPv6 compiled in. The existing DHCPv6 and RA UCI
      are translated into dnsmasq.conf. The changes focus on
      '--dhcp-range', '--dhcp-host', and '--dhcp-options'.
      
      DHCP host ID is least 16 bits [::1000-::FFFF], but
      leaves low range for typical infrastructure assignments.
      dnsmasq accepts DHCPv6 options in the tranditional
      '--dhcp-option' put they must be prefixed 'option6:'.
      dnsmasq will also discover SLAAC DNS entries from DHCPv4
      clients MAC, and confirm with a ping at least renew.
      
      Long term TODO include improving use of dnsmasq relay
      options for DHCPv4 and DHCPv6 in parallel. It would also
      be possible to preconfigure DHCP-PD in host-with-options
      records for fixed infrastructure.
      
      Signed-off-by: default avatarEric Luehrsen <ericluehrsen@hotmail.com>
      [Jo-Philipp Wich: emit proper IPv6 hostid format in dhcp-host directive]
      Signed-off-by: default avatarJo-Philipp Wich <jo@mein.io>
      9525743c
    • Eric Luehrsen's avatar
      dnsmasq: expand 'add_local_hostname' fexibility including FQDN · 1b4e3eda
      Eric Luehrsen authored
      
      ref commit 612e2276
      ref commit ec63e3bf
      
      'option add_local_hostname' scripted implementation statically assigns
      this host in auto generated host file at init. If IFUP or other signals
      do not occur, then address changes are not tracked. The script doesn't
      apply all the addresses at an interface. This may make logs obscure.
      The script only puts the bare host name (maybe not FQDN) in host file,
      but if '--exapandhosts' is enabled, then /etc/hosts entries will be
      suffixed, and "127.0.0.1 localhost" becomes "localhost.lan".
      
      dnsmasq provides an option to perform this function, but it is rather
      greedy. '--interface-name=<name>,<iface>' will assign the name to all
      IP on the specified interface (except link local). This is a useful
      feature, but some setups depend on the original restrictive behavior.
      
      'option add_local_fqdn' is added to enhance the feature set, but
      if not entered or empty string, then it will default to original
      option and behavior. This new option has a few settings. At each
      increased setting the most detailed name becomes the PTR record:
      0 - same as add_local_hostname 0 or disabled
      1 - same as add_local_hostname 1
      2 - assigns the bare host name to all IP w/ --dnsmasq-interface
      3 - assigns the FQDN and host to all IP w/ --dnsmasq-interface
      4 - assigns <iface>.<host>.<domain> and above w/ --dnsmasq-nterface
      
      'option add_wan_fqdn' is added to run the same procedure on
      inferred WAN intefaces. If an interface has 'config dhcp' and
      'option ignore 1' set, then it is considered WAN. The original
      option would only run on DHCP serving interfaces.
      
      Signed-off-by: default avatarEric Luehrsen <ericluehrsen@hotmail.com>
      1b4e3eda
    • Hans Dedecker's avatar
      odhcp6c: fix PKG_SOURCE_URL · 26923ab1
      Hans Dedecker authored
      
      Signed-off-by: default avatarHans Dedecker <dedeckeh@gmail.com>
      26923ab1
    • Hans Dedecker's avatar
      odhcpd: update to git HEAD version · 88173676
      Hans Dedecker authored
      
      3317c86 dhcpv6-ia: apply lease delete based on assignment bound state
      df50429 odhcpd: properly handle netlink messages (FS#388)
      83d72cf odhcpd: fix coding style
      
      Signed-off-by: default avatarHans Dedecker <dedeckeh@gmail.com>
      88173676
    • Felix Fietkau's avatar
      xtables-addons: update to version 2.12 · a112786a
      Felix Fietkau authored
      
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      a112786a
  12. Jan 31, 2017
  13. Jan 30, 2017
  14. Jan 27, 2017
  15. Jan 26, 2017
  16. Jan 24, 2017
  17. Jan 23, 2017
    • Hans Dedecker's avatar
      odhcpd: update to git HEAD version · fa66900e
      Hans Dedecker authored
      
      237f1f4 router: convert syslog lifetime traces into LOG_INFO prio
      da660c7 treewide: rework prio of syslog messages
      0485580 ndp: code cleanup
      c5040fe router: add syslog debug tracing for trouble shooting
      df023ad treewide: use RELAYD_MAX_ADDRS as address array size
      c8ac572 ndp: don't scan netlink attributes in case of netlink route
      event
      
      Signed-off-by: default avatarHans Dedecker <dedeckeh@gmail.com>
      fa66900e
Loading