librecmc/librecmc.git
6 years agoBump libreCMC version #
RISCi_ATOM [Thu, 23 Aug 2018 10:43:13 +0000 (06:43 -0400)]
Bump libreCMC version #

6 years agoThis commit adds support for the GL-AR750 (2.4G radio only)
RISCi_ATOM [Thu, 23 Aug 2018 09:32:40 +0000 (05:32 -0400)]
This commit adds support for the GL-AR750 (2.4G radio only)

While this router does have an 802.11ac chipset (QCA9887) which
requires non-free firmware (loadable firmware blobs), the main raido in the SoC
can still be used and does not require non-free firmware / blobs since it
is an ath9k chipset...

As it stands, it is not possible to use the 802.11ac radio due to lack of
drivers, the firmware loading mech. has been removed (linux-libre kernel)
and libreCMC does not include or pull needed firmware. The libreCMC project is
not endorsing the usage of the non-free chpset and the barriers are sufficient
that no one can use libreCMC with the non-free components.

TLDR; It is not possible to use the non-free chipset with libreCMC but the device
can still be used as a wireless router without non-free blobs.

Specification:

- 650/597/216 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3x 10/100 Mbps Ethernet
- 2T2R 2.4 GHz (QCA9531)
- 1T1R 5 GHz (QCA9887)
- 1x USB 2.0 (power controlled by GPIO)
- 1x microSD (GL857L)
- 3x LED (all driven by GPIO)
- 1x button (reset)
- 1x 2-pos switch
- header for optional PoE module
- 1x micro USB for main power input
- UART + I2C header on PCB

Based upon upstream commit : 2e5252d346e2ec832a203af778b5c1d949f0ae5f

6 years agoBump hostapd package revision
RISCi_ATOM [Mon, 20 Aug 2018 18:31:49 +0000 (14:31 -0400)]
Bump hostapd package revision

6 years agowpa_supplicant: fix CVE-2018-14526
RISCi_ATOM [Mon, 20 Aug 2018 16:32:33 +0000 (12:32 -0400)]
wpa_supplicant: fix CVE-2018-14526

Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Pulled from upstream commit : b3983323a1f25c936ddfcc129c454b282e90eeed

6 years agoupdate cjdns
RISCi_ATOM [Mon, 20 Aug 2018 03:33:50 +0000 (23:33 -0400)]
update cjdns

6 years agoBump kernel to 4.4.150
RISCi_ATOM [Sun, 19 Aug 2018 20:31:13 +0000 (16:31 -0400)]
Bump kernel to 4.4.150

6 years ago openssl: update to version 1.0.2p
RISCi_ATOM [Thu, 16 Aug 2018 05:27:14 +0000 (01:27 -0400)]
openssl: update to version 1.0.2p

    This fixes the following security problems:
     * CVE-2018-0732: Client DoS due to large DH parameter
     * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Cherry pick'ed from upstream commit : e11df1eac62f23263e90c54d87bc69a7021e72b7

6 years agoBump kernel to 4.4.146
RISCi_ATOM [Tue, 7 Aug 2018 16:51:30 +0000 (12:51 -0400)]
Bump kernel to 4.4.146

6 years agowireguard: bump to 0.0.20180802
RISCi_ATOM [Mon, 6 Aug 2018 17:17:42 +0000 (13:17 -0400)]
wireguard: bump to 0.0.20180802

Changelog taken from the version announcement
>
> == Changes ==
>
>   * chacha20poly1305: selftest: split up test vector constants
>
>   The test vectors are encoded as long strings -- really long strings -- and
>   apparently RFC821 doesn't like lines longer than 998.
>   https://cr.yp.to/smtp/message.html
>
>   * queueing: keep reference to peer after setting atomic state bit
>
>   This fixes a regression introduced when preparing the LKML submission.
>
>   * allowedips: prevent double read in kref
>   * allowedips: avoid window of disappeared peer
>   * hashtables: document immediate zeroing semantics
>   * peer: ensure resources are freed when creation fails
>   * queueing: document double-adding and reference conditions
>   * queueing: ensure strictly ordered loads and stores
>   * cookie: returned keypair might disappear if rcu lock not held
>   * noise: free peer references on failure
>   * peer: ensure destruction doesn't race
>
>   Various fixes, as well as lots of code comment documentation, for a
>   small variety of the less obvious aspects of object lifecycles,
>   focused on correctness.
>
>   * allowedips: free root inside of RCU callback
>   * allowedips: use different macro names so as to avoid confusion
>
>   These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.

Taken from upstream commit : 68e2ebe64a0f27eb25c0e56ef1125ce1318e2279

6 years agoBump kernel up to 4.4.145 and fix usb.ids hash
RISCi_ATOM [Wed, 1 Aug 2018 19:39:41 +0000 (15:39 -0400)]
Bump kernel up to 4.4.145 and fix usb.ids hash

6 years agoRevert kernel (vanilla) commit b699d0035836f6712917a41e7ae58d84359b8ff9 : see vanilla...
RISCi_ATOM [Wed, 25 Jul 2018 19:26:20 +0000 (15:26 -0400)]
Revert kernel (vanilla) commit b699d0035836f6712917a41e7ae58d84359b8ff9 : see vanilla kernel commit f4eb17e1efe538d4da7d574bedb00a8dafcc26b7

6 years agoUpdate odhcpd to fix verbose logging bug v1.4.4
RISCi_ATOM [Sun, 1 Jul 2018 03:51:10 +0000 (23:51 -0400)]
Update odhcpd to fix verbose logging bug

6 years agoUpdate OpenVPN, ustream-ssl, add wolfssl and remove cyassl
RISCi_ATOM [Fri, 29 Jun 2018 18:49:08 +0000 (14:49 -0400)]
Update OpenVPN, ustream-ssl, add wolfssl and remove cyassl

6 years agoUpdate rpcd
RISCi_ATOM [Thu, 28 Jun 2018 21:03:41 +0000 (17:03 -0400)]
Update rpcd

6 years agoBump kernel to 4.4.138
RISCi_ATOM [Thu, 28 Jun 2018 20:04:31 +0000 (16:04 -0400)]
Bump kernel to 4.4.138

6 years agoUpdate tor and add tinc to core
RISCi_ATOM [Thu, 28 Jun 2018 18:06:04 +0000 (14:06 -0400)]
Update tor and add tinc to core

6 years agoBump wireguard version to 20180625
RISCi_ATOM [Thu, 28 Jun 2018 17:10:39 +0000 (13:10 -0400)]
Bump wireguard version to 20180625

6 years agoPull in openssl from upstream master
RISCi_ATOM [Thu, 28 Jun 2018 17:08:04 +0000 (13:08 -0400)]
Pull in openssl from upstream master

6 years agoUpdate mbedtls hash
RISCi_ATOM [Thu, 21 Jun 2018 15:15:02 +0000 (11:15 -0400)]
Update mbedtls hash

6 years ago(tmp) update usbutils usb.ids hash
RISCi_ATOM [Fri, 8 Jun 2018 00:41:12 +0000 (20:41 -0400)]
(tmp) update usbutils usb.ids hash

6 years agoSwitch to using git mirror controlled by the libreCMC project
RISCi_ATOM [Thu, 7 Jun 2018 23:43:22 +0000 (19:43 -0400)]
Switch to using git mirror controlled by the libreCMC project

6 years agoRemove @GITHUB from include/download.mk, fix up PROJECT_GIT and package/utils/usbutils
RISCi_ATOM [Thu, 7 Jun 2018 23:18:40 +0000 (19:18 -0400)]
Remove @GITHUB from include/download.mk, fix up PROJECT_GIT and package/utils/usbutils

6 years agoRemove GitHub from download.pl and add libreCMC's GNU mirror
RISCi_ATOM [Thu, 7 Jun 2018 23:01:50 +0000 (19:01 -0400)]
Remove GitHub from download.pl and add libreCMC's GNU mirror

Note: Not all ref. have been removed from the project.

6 years agoAdd Archer C7 V2 support (still needs replacement wifi card). Use at own riskgit...
RISCi_ATOM [Tue, 5 Jun 2018 00:16:18 +0000 (20:16 -0400)]
Add Archer C7 V2 support (still needs replacement wifi card). Use at own riskgit status!

6 years agoUpdate mbedtls and ustream-ssl
RISCi_ATOM [Sat, 2 Jun 2018 18:45:08 +0000 (14:45 -0400)]
Update mbedtls and ustream-ssl

- mbedtls was bumped to 2.9.0 to fix various security issues :
https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.12-released

- upstream-ssl was bumped to reflect proposed changes in upstream lede-17.01 branch.

6 years agoMerge branch 'v1.4' of pi31415/libreCMC-cmh into v1.4
RISCI_ATOM [Thu, 31 May 2018 16:39:57 +0000 (12:39 -0400)]
Merge branch 'v1.4' of pi31415/libreCMC-cmh into v1.4

6 years agoshellinabox: alters zlib dependency type 65/head
Christopher Howard [Thu, 31 May 2018 15:52:20 +0000 (07:52 -0800)]
shellinabox: alters zlib dependency type

Without this patch, shellinabox is invisible in menuconfig until
zlib is first selected, which likely is not what was intended.

6 years agoMerge branch 'doc1' of iank/libreCMC into v1.4
RISCI_ATOM [Sun, 27 May 2018 03:08:26 +0000 (23:08 -0400)]
Merge branch 'doc1' of iank/libreCMC into v1.4

6 years agofix releases link 61/head
Ian Kelling [Sat, 26 May 2018 22:36:57 +0000 (18:36 -0400)]
fix releases link

6 years agowireguard: bump to 20180519 from upstream lede-17.01
RISCi_ATOM [Sat, 26 May 2018 07:46:14 +0000 (03:46 -0400)]
wireguard: bump to 20180519 from upstream lede-17.01

6 years agoBump kernel to 4.4.132
RISCi_ATOM [Sat, 26 May 2018 07:40:20 +0000 (03:40 -0400)]
Bump kernel to 4.4.132

6 years agoMerge branch 'v1.4' of systema/libreCMC into v1.4
RISCI_ATOM [Sat, 28 Apr 2018 18:17:53 +0000 (14:17 -0400)]
Merge branch 'v1.4' of systema/libreCMC into v1.4

6 years agoUpdate 'docs/How_To_Build_libreCMC.md' 59/head
systema [Fri, 27 Apr 2018 14:30:11 +0000 (10:30 -0400)]
Update 'docs/How_To_Build_libreCMC.md'

Add a note about building with multiple cores

6 years agoMerge branch 'v1.4' of pi31415/libreCMC-cmh into v1.4
RISCI_ATOM [Tue, 10 Apr 2018 16:55:26 +0000 (12:55 -0400)]
Merge branch 'v1.4' of pi31415/libreCMC-cmh into v1.4

6 years agoClarification in Bridge mode doc 55/head
Christopher Howard [Tue, 10 Apr 2018 16:32:29 +0000 (08:32 -0800)]
Clarification in Bridge mode doc

6 years agoAdvanced section in bridge mode doc
Christopher Howard [Tue, 10 Apr 2018 16:20:17 +0000 (08:20 -0800)]
Advanced section in bridge mode doc

6 years agoMerge branch 'ar300m' of somenut/libreCMC into v1.4
RISCI_ATOM [Mon, 9 Apr 2018 19:48:41 +0000 (15:48 -0400)]
Merge branch 'ar300m' of somenut/libreCMC into v1.4

6 years agofix the company name and added nand update information 53/head
hungrymonkey [Mon, 9 Apr 2018 19:34:51 +0000 (12:34 -0700)]
fix the company name and added nand update information

6 years agoUpdate src. package hash v1.4.3a
RISCi_ATOM [Mon, 2 Apr 2018 08:08:56 +0000 (04:08 -0400)]
Update src. package hash

6 years agoRevert procd to fix issue #50
RISCi_ATOM [Mon, 2 Apr 2018 07:13:47 +0000 (03:13 -0400)]
Revert procd to fix issue #50

6 years agoBump OpenSSL to 1.0.2o
RISCi_ATOM [Mon, 2 Apr 2018 05:45:22 +0000 (01:45 -0400)]
Bump OpenSSL to 1.0.2o

6 years agoAdd flock to procd dep v1.4.3
RISCi_ATOM [Sun, 1 Apr 2018 09:04:24 +0000 (05:04 -0400)]
Add flock to procd dep

6 years agoRevert opkg
RISCi_ATOM [Sun, 1 Apr 2018 06:10:32 +0000 (02:10 -0400)]
Revert opkg

6 years agoBump mbedtls to 2.8.0 with upstream patch
RISCi_ATOM [Fri, 30 Mar 2018 18:00:32 +0000 (14:00 -0400)]
Bump mbedtls to 2.8.0 with upstream patch

6 years agoAdds Soft Brick Recovery doc
Christopher Howard [Wed, 28 Mar 2018 23:28:47 +0000 (15:28 -0800)]
Adds Soft Brick Recovery doc

6 years agoAdd Shell-in-a-box support to libreCMC
RISCi_ATOM [Thu, 29 Mar 2018 16:16:06 +0000 (12:16 -0400)]
Add Shell-in-a-box support to libreCMC

6 years agoBump OpenVPN to 4.4.5 (fix)
RISCi_ATOM [Wed, 28 Mar 2018 20:25:13 +0000 (16:25 -0400)]
Bump OpenVPN to 4.4.5 (fix)

6 years agoRevert "Bump OpenVPN to 4.4.5"
RISCi_ATOM [Wed, 28 Mar 2018 19:38:22 +0000 (15:38 -0400)]
Revert "Bump OpenVPN to 4.4.5"

This reverts commit 3a07a7db1c019cf1405117fd5787382b1317e0f5.

6 years agoBump OpenVPN to 4.4.5
RISCi_ATOM [Wed, 28 Mar 2018 18:05:54 +0000 (14:05 -0400)]
Bump OpenVPN to 4.4.5

6 years ago mbedtls: update to version 2.7.0
RISCi_ATOM [Tue, 20 Mar 2018 19:45:16 +0000 (15:45 -0400)]
mbedtls: update to version 2.7.0

    This fixes the following security problems:
    * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
    * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

    This release is also ABI incompatible with the previous one, but it is
    API compatible.

    Some functions used by a lot of other software was renamed and the old
    function names are provided as a static inline now, but they are only
    active when deprecated functions are allowed, deactivate the removal of
    deprecated functions for now.

    Also increase the PKG_RELEASE version to force a rebuild and update of
    packages depending on mbedtls to handle the changed ABI.

    Picked from upstream commit : f609913b5c60f7c65c462730993cd1c752083fd6

6 years agoBump x86 config
RISCi_ATOM [Fri, 16 Mar 2018 16:21:03 +0000 (12:21 -0400)]
Bump x86 config

6 years agoRemove 4.4.115 ref. and bump libreCMC version to v1.4.3
RISCi_ATOM [Thu, 15 Mar 2018 21:25:08 +0000 (17:25 -0400)]
Remove 4.4.115 ref. and bump libreCMC version to v1.4.3

6 years agoBump kernel to 4.4.120 and update e2fsprogs
RISCi_ATOM [Thu, 15 Mar 2018 21:23:16 +0000 (17:23 -0400)]
Bump kernel to 4.4.120 and update e2fsprogs

6 years agoChange the ref to libreCMC wiki since all docs have been moved to /docs folder.
RISCI_ATOM [Fri, 9 Mar 2018 19:09:42 +0000 (14:09 -0500)]
Change the ref to libreCMC wiki since all docs have been moved to /docs folder.

6 years agoRevert OpenVPN version bump (broken wait patch)...
RISCi_ATOM [Fri, 9 Mar 2018 02:02:24 +0000 (21:02 -0500)]
Revert OpenVPN version bump (broken wait patch)...

This reverts commit 536c73f53360577cd7a6481ca8091198f120cb0e.

6 years agoBump OpenVPN to 2.4.5 (testing)
RISCi_ATOM [Thu, 8 Mar 2018 18:25:39 +0000 (13:25 -0500)]
Bump OpenVPN to 2.4.5 (testing)

6 years agoFix TL-WR1043ND link
RISCI_ATOM [Thu, 1 Mar 2018 17:30:15 +0000 (12:30 -0500)]
Fix TL-WR1043ND link

6 years agoAdds server interface setup details
Christopher Howard [Tue, 27 Feb 2018 17:10:29 +0000 (08:10 -0900)]
Adds server interface setup details

6 years agoMerge branch 'v1.4' of pi31415/libreCMC-cmh into v1.4
RISCI_ATOM [Fri, 23 Feb 2018 03:23:35 +0000 (22:23 -0500)]
Merge branch 'v1.4' of pi31415/libreCMC-cmh into v1.4

6 years agoTweaks to server config of L2 VPN guide 41/head
Christopher Howard [Thu, 22 Feb 2018 20:52:45 +0000 (11:52 -0900)]
Tweaks to server config of L2 VPN guide

6 years agoPull in updated system / network components from upstream (stage 1)
RISCi_ATOM [Wed, 21 Feb 2018 21:21:52 +0000 (16:21 -0500)]
Pull in updated system / network components from upstream (stage 1)

6 years agoPull nfs-server support into core
RISCi_ATOM [Wed, 21 Feb 2018 20:22:56 +0000 (15:22 -0500)]
Pull nfs-server support into core

6 years agoFix grammar issue
RISCi_ATOM [Fri, 16 Feb 2018 20:41:28 +0000 (15:41 -0500)]
Fix grammar issue

6 years agoAdd libreCMC banner / shell prompt with a few corrections
RISCi_ATOM [Fri, 16 Feb 2018 20:39:59 +0000 (15:39 -0500)]
Add libreCMC banner / shell prompt with a few corrections

6 years agoFix typo : dialup vs dialout group
RISCi_ATOM [Fri, 16 Feb 2018 20:26:17 +0000 (15:26 -0500)]
Fix typo : dialup vs dialout group

6 years agoAdd basic serial console documentation (still needs work).
RISCi_ATOM [Fri, 16 Feb 2018 20:23:58 +0000 (15:23 -0500)]
Add basic serial console documentation (still needs work).

6 years agoAdd experimental Tor support to base libreCMC
RISCi_ATOM [Fri, 16 Feb 2018 17:21:02 +0000 (12:21 -0500)]
Add experimental Tor support to base libreCMC

Pulled in libcap and tor from upstream master.

6 years agoMinor edits to System Log doc for consistency
Christopher Howard [Mon, 12 Feb 2018 19:01:16 +0000 (10:01 -0900)]
Minor edits to System Log doc for consistency

6 years agoSystem Log doc: Changes prompt for MD readability
Christopher Howard [Mon, 12 Feb 2018 18:58:27 +0000 (09:58 -0900)]
System Log doc: Changes prompt for MD readability

6 years agoTests markup keywords
Christopher Howard [Mon, 12 Feb 2018 18:55:40 +0000 (09:55 -0900)]
Tests markup keywords

6 years agoFixes type in System Log documentation
Christopher Howard [Mon, 12 Feb 2018 18:54:40 +0000 (09:54 -0900)]
Fixes type in System Log documentation

6 years agoFixes broken image links in System Log documentation
Christopher Howard [Mon, 12 Feb 2018 18:51:57 +0000 (09:51 -0900)]
Fixes broken image links in System Log documentation

6 years agoAdds System Log documentation
Christopher Howard [Mon, 12 Feb 2018 18:48:10 +0000 (09:48 -0900)]
Adds System Log documentation

6 years agoAdd / fix carl9170 firmware
RISCi_ATOM [Mon, 12 Feb 2018 17:48:04 +0000 (12:48 -0500)]
Add / fix carl9170 firmware

6 years agoBump kernel to 4.4.115
RISCi_ATOM [Mon, 5 Feb 2018 02:09:55 +0000 (21:09 -0500)]
Bump kernel to 4.4.115

6 years agoFix CVE 2018-5332
RISCi_ATOM [Tue, 30 Jan 2018 11:28:54 +0000 (06:28 -0500)]
Fix CVE 2018-5332

The Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not
validate a value that is used during DMA page allocation, leading to a heap-based
out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

Patch based upon:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c095508770aebf1b9218e77026e48345d719b17c

6 years agoMerge branch 'fix_ar300m_flashing' of somenut/libreCMC into v1.4
RISCI_ATOM [Tue, 23 Jan 2018 19:51:53 +0000 (14:51 -0500)]
Merge branch 'fix_ar300m_flashing' of somenut/libreCMC into v1.4

6 years agoFix flash as RISC_ATOM's sugguestions 37/head
hungrymonkey [Tue, 23 Jan 2018 17:39:54 +0000 (09:39 -0800)]
Fix flash as RISC_ATOM's sugguestions

change the last step to reflect the two buttons

6 years agoMerge branch 'v1.4' of somenut/libreCMC into v1.4
RISCI_ATOM [Tue, 23 Jan 2018 17:21:00 +0000 (12:21 -0500)]
Merge branch 'v1.4' of somenut/libreCMC into v1.4

6 years agoAdded GL-AR300M documentation. 36/head
hungrymonkey [Tue, 23 Jan 2018 07:04:53 +0000 (23:04 -0800)]
Added GL-AR300M documentation.
The router is currently unsupported by Librecmc at the moment

6 years agoMerge branch 'v1.4' of https://gogs.librecmc.org/libreCMC/libreCMC into v1.4
RISCi_ATOM [Tue, 23 Jan 2018 00:25:31 +0000 (19:25 -0500)]
Merge branch 'v1.4' of https://gogs.librecmc.org/libreCMC/libreCMC into v1.4

6 years agoFix broken link
RISCI_ATOM [Sun, 21 Jan 2018 07:20:39 +0000 (02:20 -0500)]
Fix broken link

6 years agodnsmasq: backport validation fix in dnssec security fix
Kevin Darbyshire-Bryant [Sat, 20 Jan 2018 08:46:28 +0000 (08:46 +0000)]
dnsmasq: backport validation fix in dnssec security fix

A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf)

6 years agodnsmasq: backport dnssec security fix for 17.01
Kevin Darbyshire-Bryant [Fri, 19 Jan 2018 17:15:41 +0000 (17:15 +0000)]
dnsmasq: backport dnssec security fix for 17.01

CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoMerge branch 'port-forwarding-doc' of pi31415/libreCMC-cmh into v1.4
RISCI_ATOM [Thu, 18 Jan 2018 01:06:08 +0000 (20:06 -0500)]
Merge branch 'port-forwarding-doc' of pi31415/libreCMC-cmh into v1.4

6 years agoMinor edits to Port Forwards doc 33/head
Christopher Howard [Wed, 17 Jan 2018 19:03:17 +0000 (10:03 -0900)]
Minor edits to Port Forwards doc

6 years agoAdds images and corrections to Port Forwards doc
Christopher Howard [Wed, 17 Jan 2018 18:51:29 +0000 (09:51 -0900)]
Adds images and corrections to Port Forwards doc

6 years agoAdds initial Port Forwarding doc
Christopher Howard [Mon, 15 Jan 2018 17:32:41 +0000 (08:32 -0900)]
Adds initial Port Forwarding doc

6 years agoUpdate 'docs/unbrick_with_uboot_mod.md'
RISCI_ATOM [Sun, 14 Jan 2018 17:21:27 +0000 (12:21 -0500)]
Update 'docs/unbrick_with_uboot_mod.md'

Fix missing .1

6 years agoFix table
RISCI_ATOM [Thu, 11 Jan 2018 19:47:15 +0000 (14:47 -0500)]
Fix table

6 years agoTesting Image_support.md page...
RISCi_ATOM [Thu, 11 Jan 2018 19:38:44 +0000 (14:38 -0500)]
Testing Image_support.md page...

6 years agoMerge branch 'basic-wifi-settings' of pi31415/libreCMC-cmh into v1.4
RISCI_ATOM [Wed, 10 Jan 2018 19:03:51 +0000 (14:03 -0500)]
Merge branch 'basic-wifi-settings' of pi31415/libreCMC-cmh into v1.4

6 years agoAdds images plus several edits to Basic Wireless Settings doc 32/head
Christopher Howard [Wed, 10 Jan 2018 17:38:00 +0000 (08:38 -0900)]
Adds images plus several edits to Basic Wireless Settings doc

6 years agoFixes typo in Basic Wireless Settings doc
Christopher Howard [Wed, 10 Jan 2018 17:07:04 +0000 (08:07 -0900)]
Fixes typo in Basic Wireless Settings doc

6 years agoAdds core content for Basic Wireless Settings doc
Christopher Howard [Wed, 10 Jan 2018 16:59:29 +0000 (07:59 -0900)]
Adds core content for Basic Wireless Settings doc

6 years agoMerge branch 'bridge-mode-doc' of pi31415/libreCMC-cmh into v1.4
RISCI_ATOM [Fri, 5 Jan 2018 21:36:48 +0000 (16:36 -0500)]
Merge branch 'bridge-mode-doc' of pi31415/libreCMC-cmh into v1.4

6 years agoFixes a small typo in Bridge Mode doc 30/head
Christopher Howard [Fri, 5 Jan 2018 17:22:14 +0000 (08:22 -0900)]
Fixes a small typo in Bridge Mode doc

6 years agoA correction to the last edit in Bridge Mode doc
Christopher Howard [Fri, 5 Jan 2018 17:14:50 +0000 (08:14 -0900)]
A correction to the last edit in Bridge Mode doc

6 years agoMoves a misplaced image in Bridge Mode doc
Christopher Howard [Fri, 5 Jan 2018 17:12:05 +0000 (08:12 -0900)]
Moves a misplaced image in Bridge Mode doc

6 years agoAdds edits and more material for Bridge Mod doc
Christopher Howard [Fri, 5 Jan 2018 17:08:07 +0000 (08:08 -0900)]
Adds edits and more material for Bridge Mod doc