Hi,
> -Original Message-
> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> On Behalf Of Rui Salvaterra
> Sent: Dienstag, 13. Oktober 2020 18:45
> To: Adrian Schmutzler
> Cc: openwrt-devel@lists.openwrt.org
> Subject: Re: [PATCH 1/3] dropbear: create a submenu for
Hi,
Over the last month I suggested two different approaches to improve the
ImageBuilder security. The amount of feedback was fairly low, maybe
partly because it's not trivial to understand the issue. I wrote a
summary of the two approaches and the current problem, please spend the
5 minutes to
Hi
On 2020-10-13, Alexander Pyattaev wrote:
> I am trying to figure out if any version of openWRT can in principle
> support the Intel's AX200 chips. I am quite willing to build a kernel
> from source, but I have absolutely no idea whether I actually need to do
> so. Some info on the internet
Fixes Makefile warning:
WARNING: skipping argp-standalone -- package has no install section
Signed-off-by: Rosen Penev
---
package/libs/argp-standalone/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/libs/argp-standalone/Makefile
b/package/libs/argp-standalone/Makefile
On 13/10/20 16:36, Alexander Pyattaev wrote:
Hello!
I am trying to figure out if any version of openWRT can in principle
support the Intel's AX200 chips. I am quite willing to build a kernel
from source, but I have absolutely no idea whether I actually need to do
so. Some info on the
20. 10. 13. 오후 9:54에 Rui Salvaterra 이(가) 쓴 글:
This allows the user to select only the encryption algorithms (s)he requires
(e.g., disabling AES and keeping only ChaCha20-Poly1305). The default selection
maintains the current functionality.
Additionally, make sure at least one encryption
Hi, Adrian,
On Tue, 13 Oct 2020 at 16:52, Adrian Schmutzler
wrote:
>
> > package/network/services/dropbear/files/dropbear.failsafe.ecc
> > create mode 100755
> > package/network/services/dropbear/files/dropbear.failsafe.ed25519
> > rename
Hi,
> -Original Message-
> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> On Behalf Of Yousong Zhou
> Sent: Dienstag, 13. Oktober 2020 14:31
> To: openwrt-devel@lists.openwrt.org; Tony Ambardar
>
> Cc: Yousong Zhou
> Subject: [PATCH 5/7] netfilter.mk: add version
Hi,
> -Original Message-
> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org]
> On Behalf Of Rui Salvaterra
> Sent: Dienstag, 13. Oktober 2020 14:54
> To: openwrt-devel@lists.openwrt.org
> Cc: Rui Salvaterra
> Subject: [PATCH 1/3] dropbear: create a submenu for public
Hello!
I am trying to figure out if any version of openWRT can in principle
support the Intel's AX200 chips. I am quite willing to build a kernel
from source, but I have absolutely no idea whether I actually need to do
so. Some info on the internet points to there existing a backported
version of
Fixes following buffer overflow:
ERROR: AddressSanitizer: global-buffer-overflow on address 0x007338b8 at
pc 0x004db339 bp 0x7ffe370e6140 sp 0x7ffe370e6138
READ of size 8 at 0x007338b8 thread T0
#0 0x4db338 in cache_record_find mdnsd/cache.c:197:17
#1 0x4d74b4 in
Hi,
this patch series adds the basic building blocks of automatic CI fuzzing and
fixes all discovered issues.
Cheers,
Petr
Petr Štetiar (10):
cmake: fix include dirs and libs lookup
Add initial GitLab CI support
interface: fix value stored to 'fd' is never read
interface: fix possible
LibFuzzer is in-process, coverage-guided, evolutionary fuzzing engine.
LibFuzzer is linked with the library under test, and feeds fuzzed inputs
to the library via a specific fuzzing entrypoint (aka "target
function"); the fuzzer then tracks which areas of the code are reached,
and generates
In order to make it compile properly in more environments.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a52e5bd015be..8be878dd2cd8 100644
--- a/CMakeLists.txt
+++
Fixes following issue found by the AFL fuzzer which was then confirmed
by the libFuzzer as well:
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604072fa at pc
0x0051f647 bp 0x7ffe95787cd0 sp 0x7ffe95787498
READ of size 16 at 0x604072fa thread T0
#0 0x51f646 in
So it can read packets from file, which is handy when using for example
AFL or hongfuzz fuzzers.
Signed-off-by: Petr Štetiar
---
tests/CMakeLists.txt | 10 ++
tests/dns_handle_packet_file.c | 64 ++
2 files changed, 74 insertions(+)
create mode
Fixes following issue reported by clang-12 static analyzer:
mdnsd/interface.c:250:6: warning: Access to field 'ipi_ifindex' results in a
dereference of a null pointer (loaded from variable 'inp')
if (inp->ipi_ifindex != iface->ifindex)
^~~~
So it could be reused in other binaries for fuzzing etc.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8be878dd2cd8..e08720327b7c 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
Fixes following issue reported by clang-12 static analyzer:
mdnsd/interface.c:360:3: warning: Value stored to 'fd' is never read
fd = -1;
^~~
mdnsd/interface.c:394:3: warning: Value stored to 'fd' is never read
fd = -1;
^
Uses currently proof-of-concept openwrt-ci[1] in order to:
* improve the quality of the codebase in various areas
* decrease code review time and help merging contributions faster
* get automagic feedback loop on various platforms and tools
- out of tree build with OpenWrt SDK on following
Which is compiled with clang UB, address and leak sanitizers which is
handy for example with fuzzing directly over network.
Signed-off-by: Petr Štetiar
---
CMakeLists.txt | 13 +
1 file changed, 13 insertions(+)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index
Hello Nick,
sorry, i was quite busy the last days.
On 10/8/20 10:24 AM, Nick Lowe wrote:
> Thank you very much for the review. Do you think this specific patch
> could be merged in its present state? If yes, please could you do so?
I've merged your commit to my staging tree and will push it in
This patch series enables a much more fine-grained configuration of the public
key, encryption and key exchange algorithms in Dropbear.
Rui Salvaterra (3):
dropbear: create a submenu for public key algorithms
dropbear: create a submenu for encryption algorithms
dropbear: create a submenu
This allows the user to select only the key exchange algorithms (s)he requires
(e.g., disabling group 14 SHA-{1,256} and keeping only Curve25519). The default
selection maintains the current functionality.
Additionally, make sure at least one key exchange algorithm is selected, lest
the build
This allows the user to select only the public key algorithms (s)he requires
(e.g., disabling RSA and keeping only Ed25519). The default selection maintains
the current functionality.
Additionally, make sure at least one public key algorithm is selected, lest the
build would fail.
Dropbear
This allows the user to select only the encryption algorithms (s)he requires
(e.g., disabling AES and keeping only ChaCha20-Poly1305). The default selection
maintains the current functionality.
Additionally, make sure at least one encryption algorithm is selected, lest the
build would fail.
The series was based work by Tony Ambardar in GitHub pull request [1].
Many investigations were done by Tony. And many changes were done by me
and all errors are mine of course.
[1] https://github.com/openwrt/openwrt/pull/3257
The work foucused on the following aspects.
- Use current config
Upstream linux 5.1 commit d1aca8ab ("netfilter: nat: merge ipv4 and ipv6
masquerade functionality") replaces the following 2 options
- CONFIG_NF_NAT_MASQUERADE_IPV4
- CONFIG_NF_NAT_MASQUERADE_IPV6
with CONFIG_NF_NAT_MASQUERADE. The new option is one without prompt and
will be selected by
CONFIG_IP_NF_TARGET_MASQUERADE and its counterpart
CONFIG_IP6_NF_TARGET_MASQUERADE are "backwards-compat option for the
user's convenience"
Related commit d22c1755 ("netfilter: fix NAT packaging with kernels
5.2+")
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1
CONFIG_IP_NF_TARGET_REDIRECT is a compat option since upstream commit
2cbc78a2 ("netfilter: combine ipt_REDIRECT and ip6t_REDIRECT"). That
happened since linux 3.10
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
It was removed in upstream linux commit faec18db ("netfilter: nat:
remove l4proto->manip_pkt"). This happened since linux 5.1
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
From: Tony Ambardar
Kernel commit 22fc4c4c9fd6 ("netfilter: conntrack: gre: switch module to
be built-in") moved the CT GRE code into the core nf_conntrack.ko module
and changed the CONFIG_NF_CT_PROTO_GRE option to boolean for kernel 5.1
and onwards.
CONFIG_NF_CT_PROTO_GRE at the moment has no
Kernel commit 1ac89d20150e ("netfilter: nat: merge nf_nat_redirect into
nf_nat") made the redirect module part of the nat core and changed the
CONFIG_NF_NAT_REDIRECT option to a boolean, without prompt, affecting
kernel 4.18 onwards. CONFIG_NF_NAT_REDIRECT now can only be selected by
The upstream linux commit is 3bf195ae ("netfilter: nat: merge
nf_nat_ipv4,6 into nat core"). It was included since linux 5.1
Signed-off-by: Yousong Zhou
---
include/netfilter.mk | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
Hello Daniel,
thanks for your feedback :+1:
Or where do I have to start?
This could be done by introducing a new type of UCI section,
'wifi-credential' which can be listed in the 'wifi-iface' section of a
station interface.
The way I see it, we have to hook into here [1] for the sta mode.
35 matches
Mail list logo
