1. 21 Sep, 2018 3 commits
  2. 20 Sep, 2018 2 commits
  3. 19 Sep, 2018 11 commits
    • Rosen Penev's avatar
      mdadm: Install /etc/config file as 600 · 5efd080e
      Rosen Penev authored
      
      
      /etc/config/mdadm is only used by the init script which is ran as root.
      There is no need for it to be readable by anything else.
      
      Added PKG_CPE_ID for proper CVE tracking.
      
      Small reorganization for consistency between Makefiles.
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      5efd080e
    • Rosen Penev's avatar
      fstools: Install mount.hotplug and 10-fstab.defaults as 600 · 4ad87744
      Rosen Penev authored
      
      
      Both of these are used by programs that run as root and nothing else.
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      4ad87744
    • Rosen Penev's avatar
      usbmode: Update modeswitch data to 20170806 · 873801a6
      Rosen Penev authored
      
      
      Changed hotplug file to 600 as it is only read by procd, which runs as
      root.
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      873801a6
    • Rosen Penev's avatar
      trelay: Install hotplug and config files as 600 · 39d8b2cf
      Rosen Penev authored
      
      
      The hotplug file is ran by procd, which runs as root. The config file is
      used by the init script, which also runs as root.
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      39d8b2cf
    • Rosen Penev's avatar
      dropbear: Install /etc/config as 600 · 7651e254
      Rosen Penev authored
      
      
      /etc/config/dropbear is used by the init script which only runs as root.
      
      Small whitespace change.
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      7651e254
    • Rosen Penev's avatar
      lldpd: Install /etc/config file as 600 · add48715
      Rosen Penev authored
      
      
      /etc/config/lldpd is only used by the init script, which only runs as root
      
      Adjusted homepage and download URLs to use HTTPS.
      
      -std=c99 is useful for GCC versions less than 6. Current OpenWrt uses 7.
      Signed-off-by: default avatarRosen Penev <rosenp@gmail.com>
      add48715
    • Hans Dedecker's avatar
      netifd: update to latest git HEAD · 6cd41ca6
      Hans Dedecker authored
      
      
      23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels
      Signed-off-by: default avatarHans Dedecker <dedeckeh@gmail.com>
      6cd41ca6
    • Hans Dedecker's avatar
      map: drop default encaplimit value · d9691b66
      Hans Dedecker authored
      
      
      Setting encaplimit to a numerical value results into the value being
      included as tunnel encapsulation limit in the destination option header
      for tunneled packets.
      Several users have reported interop issues as not all ISPs support the
      destination option header containing the tunnel encapsulation limit
      resulting into broken map connectivity.
      Therefore drop the default encaplimit value for map tunnels so
      no destination option header is included by default.
      Signed-off-by: default avatarHans Dedecker <dedeckeh@gmail.com>
      d9691b66
    • Hans Dedecker's avatar
      ds-lite: drop default encaplimit value · 1241707b
      Hans Dedecker authored
      
      
      Setting encaplimit to a numerical value results into the value being
      included as tunnel encapsulation limit in the destination option header
      for tunneled packets.
      Several users have reported interop issues as not all ISPs support the
      destination option header containing the tunnel encapsulation limit
      resulting into broken ds-lite connectivity.
      Therefore drop the default encaplimit value for ds-lite tunnels so
      no destination option header is included by default.
      Signed-off-by: default avatarHans Dedecker <dedeckeh@gmail.com>
      1241707b
    • Jason A. Donenfeld's avatar
      wireguard: bump to 0.0.20180918 · f07a94da
      Jason A. Donenfeld authored
      
      
      * blake2s-x86_64: fix whitespace errors
      * crypto: do not use compound literals in selftests
      * crypto: make sure UML is properly disabled
      * kconfig: make NEON depend on CPU_V7
      * poly1305: rename finish to final
      * chacha20: add constant for words in block
      * curve25519-x86_64: remove useless define
      * poly1305: precompute 5*r in init instead of blocks
      * chacha20-arm: swap scalar and neon functions
      * simd: add __must_check annotation
      * poly1305: do not require simd context for arch
      * chacha20-x86_64: cascade down implementations
      * crypto: pass simd by reference
      * chacha20-x86_64: don't activate simd for small blocks
      * poly1305-x86_64: don't activate simd for small blocks
      * crypto: do not use -include trick
      * crypto: turn Zinc into individual modules
      * chacha20poly1305: relax simd between sg chunks
      * chacha20-x86_64: more limited cascade
      * crypto: allow for disabling simd in zinc modules
      * poly1305-x86_64: show full struct for state
      * chacha20-x86_64: use correct cut off for avx512-vl
      * curve25519-arm: only compile if symbols will be used
      * chacha20poly1305: add __init to selftest helper functions
      * chacha20: add independent self test
      
      Tons of improvements all around the board to our cryptography library,
      including some performance boosts with how we handle SIMD for small packets.
      
      * send/receive: reduce number of sg entries
      
      This quells a powerpc stack usage warning.
      
      * global: remove non-essential inline annotations
      
      We now allow the compiler to determine whether or not to inline certain
      functions, while still manually choosing so for a few performance-critical
      sections.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      f07a94da
    • Kevin Darbyshire-Bryant's avatar
      dnsmasq: Handle memory allocation failure in make_non_terminals() · 687168cc
      Kevin Darbyshire-Bryant authored
      
      
      Backport upstream commit:
      
      ea6cc33 Handle memory allocation failure in make_non_terminals()
      Signed-off-by: default avatarKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
      687168cc
  4. 18 Sep, 2018 1 commit
  5. 17 Sep, 2018 3 commits
  6. 15 Sep, 2018 4 commits
  7. 13 Sep, 2018 1 commit
  8. 12 Sep, 2018 5 commits
  9. 11 Sep, 2018 2 commits
    • Marko Ratkaj's avatar
      tools/expat: fix docbook2man error on some systems · 6e80dd58
      Marko Ratkaj authored
      
      
      On some systems (Gentoo) configure stage fails because of docbook2man
      working with SGML rather than with XML. We don't need xmlwf man pages so
      we disable this.
      Signed-off-by: default avatarMarko Ratkaj <marko.ratkaj@sartura.hr>
      6e80dd58
    • Jason A. Donenfeld's avatar
      wireguard: bump to 0.0.20180910 · a54f492d
      Jason A. Donenfeld authored
      
      
      * curve25519: arm: do not modify sp directly
      * compat: support neon.h on old kernels
      * compat: arch-namespace certain includes
      * compat: move simd.h from crypto to compat since it's going upstream
      
      This fixes a decent amount of compat breakage and thumb2-mode breakage
      introduced by our move to Zinc.
      
      * crypto: use CRYPTOGAMS license
      
      Rather than using code from OpenSSL, use code directly from AndyP.
      
      * poly1305: rewrite self tests from scratch
      * poly1305: switch to donna
      
      This makes our C Poly1305 implementation a bit more intensely tested and also
      faster, especially on 64-bit systems. It also sets the stage for moving to a
      HACL* implementation when that's ready.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      a54f492d
  10. 10 Sep, 2018 8 commits