aiden
/
freshtomato-arm
mirror of https://bitbucket.org/pedro311/freshtomato-arm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,703 Commits
4 Branches
70 Tags
1.2 GiB
arm-master
arm-sdk714
arm-sdk7
arm-ng
2025.2
2024.5
2024.4
2024.3
2024.2
2024.1
2023.5
2023.4
2023.3
2023.2
2023.1
2022.7
2022.6
2022.5
2022.4
2022.3
2022.2
2022.1
2021.8
2021.7
2021.6
2021.5
2021.4
2021.3
2021.2
2021.1
2021.1.082
2021.1.070
2021.1.044
2020.8
2020.8.164
2020.8.144
2020.8.130
2020.8.113
2020.8.083
2020.8.060
2020.8.048
2020.8.042
2020.8.029
2020.8.022
2020.8.021
2020.6
2020.6.084
2020.6.080
2020.6.076
2020.6.065
2020.6.064
2020.6.060
2020.6.055
2020.5
2020.4
2020.4.140
2020.4.100
2020.4.078
2020.3
2020.3.039
2020.3.031
2020.3.028
2020.3.027
2020.2
2020.1
2020.1.037
2020.1.001
2019.4
2019.4.095
2019.4.090
2019.4.056
2019.3
2019.3.274
2025.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'arm-ng'
${ noResults }
Commit Graph

3703 Commits (arm-ng)
 

Author SHA1 Message Date
pedro 2dd42c6520 router: rc: nginx.c: some corrections, clean-up 6 years ago
pedro f2974d3b5c php: update to 7.2.27 6 years ago
pedro 7da5255589 nginx: update to 1.17.8 6 years ago
pedro a1f3af3535 gmp: update to 6.2.0 6 years ago
pedro fc93eeb007 router: rc: services.c: add warning to syslog when dnsmasq is skipped because of WEB mode enabled 6 years ago
pedro f69c96ac82 Merge branch 'arm-master' into arm-ng 6 years ago
pedro c3be5786a1 router: mdu: Makefile: build openssl11 with pthread 6 years ago
pedro 3a61559acd GUI: Admin Access: delete the unnecessary http_root variable (Allow web login as "root") - now the username is 'root' if it's not entered, no need to check/uncheck something 6 years ago
pedro 766c05eb44 GUI: Admin Access: fix info about default web username 6 years ago
pedro 914730a960 router: httpd: misc.c: change memory format specifiers to unsigned integer, fixes #9 
- there was an overflow in displaying memory sizes above 2GB
 6 years ago
pedro d976879e0e router: others: secure adblock with lock file; cosmetic in Makefile 6 years ago
Alessandro Radicati e5447fc04c GUI: Fix Issue #15 to allow configuring remote access in router mode 6 years ago
pedro 94908faefd Merge branch 'arm-master' into arm-ng 6 years ago
pedro b30029f19d router: www: status-overview.asp: add missing 10Mb port icons, add set of half-duplex icons, code optimization/reduce size, clean-up 6 years ago
pedro 7c6d81b5be router: Makefile: transmission: fix compiler warnings (partially); don't build utils/cli; clean-up recipe 6 years ago
M_ars a38330c2c1 kernel: netfilter: nf_ct_ipv4: packets with wrong ihl are invalid It was reported that the Linux kernel sometimes logs: 
klogd: [2629147.402413] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 447!
klogd: [1072212.887368] kernel BUG at net / netfilter /
nf_conntrack_proto_tcp.c: 392

ipv4_get_l4proto() in nf_conntrack_l3proto_ipv4.c and tcp_error() in
nf_conntrack_proto_tcp.c should catch malformed packets, so the errors
at the indicated lines - TCP options parsing - should not happen.
However, tcp_error() relies on the "dataoff" offset to the TCP header,
calculated by ipv4_get_l4proto().  But ipv4_get_l4proto() does not check
bogus ihl values in IPv4 packets, which then can slip through tcp_error()
and get caught at the TCP options parsing routines.

The patch fixes ipv4_get_l4proto() by invalidating packets with bogus
ihl value.

The patch closes netfilter bugzilla id 771.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c?h=v4.10&id=07153c6ec074257ade76a461429b567cff2b3a1e
 6 years ago
M_ars b8a4d3c1fa kernel: netfilter: nf_ct_ipv4: handle invalid IPv4 and IPv6 packets consistently IPv6 conntrack marked invalid packets as INVALID and let the user drop those by an explicit rule, while IPv4 conntrack dropped such packets itself. 
IPv4 conntrack is changed so that it marks INVALID packets and let
the user to drop them.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c?h=v4.10&id=8430eac2f6a3c2adce22d490e2ab8bb50d59077a
 6 years ago
M_ars f580948651 kernel: net: don't call strlen() on the user buffer in packet_bind_spkt() KMSAN (KernelMemorySanitizer, a new error detection tool) reports use of uninitialized memory in packet_bind_spkt(): Acked-by: Eric Dumazet <edumazet@google.com> 
==================================================================
BUG: KMSAN: use of unitialized memory
CPU: 0 PID: 1074 Comm: packet Not tainted 4.8.0-rc6+ #1891
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
01/01/2011
 0000000000000000 ffff88006b6dfc08 ffffffff82559ae8 ffff88006b6dfb48
 ffffffff818a7c91 ffffffff85b9c870 0000000000000092 ffffffff85b9c550
 0000000000000000 0000000000000092 00000000ec400911 0000000000000002
Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:15
 [<ffffffff82559ae8>] dump_stack+0x238/0x290 lib/dump_stack.c:51
 [<ffffffff818a6626>] kmsan_report+0x276/0x2e0 mm/kmsan/kmsan.c:1003
 [<ffffffff818a783b>] __msan_warning+0x5b/0xb0
mm/kmsan/kmsan_instr.c:424
 [<     inline     >] strlen lib/string.c:484
 [<ffffffff8259b58d>] strlcpy+0x9d/0x200 lib/string.c:144
 [<ffffffff84b2eca4>] packet_bind_spkt+0x144/0x230
net/packet/af_packet.c:3132
 [<ffffffff84242e4d>] SYSC_bind+0x40d/0x5f0 net/socket.c:1370
 [<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356
 [<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f
arch/x86/entry/entry_64.o:?
chained origin: 00000000eba00911
 [<ffffffff810bb787>] save_stack_trace+0x27/0x50
arch/x86/kernel/stacktrace.c:67
 [<     inline     >] kmsan_save_stack_with_flags mm/kmsan/kmsan.c:322
 [<     inline     >] kmsan_save_stack mm/kmsan/kmsan.c:334
 [<ffffffff818a59f8>] kmsan_internal_chain_origin+0x118/0x1e0
mm/kmsan/kmsan.c:527
 [<ffffffff818a7773>] __msan_set_alloca_origin4+0xc3/0x130
mm/kmsan/kmsan_instr.c:380
 [<ffffffff84242b69>] SYSC_bind+0x129/0x5f0 net/socket.c:1356
 [<ffffffff84242a22>] SyS_bind+0x82/0xa0 net/socket.c:1356
 [<ffffffff8515991b>] entry_SYSCALL_64_fastpath+0x13/0x8f
arch/x86/entry/entry_64.o:?
origin description: ----address@SYSC_bind (origin=00000000eb400911)
==================================================================
(the line numbers are relative to 4.8-rc6, but the bug persists
upstream)

, when I run the following program as root:

=====================================
 #include <string.h>
 #include <sys/socket.h>
 #include <netpacket/packet.h>
 #include <net/ethernet.h>

 int main() {
   struct sockaddr addr;
   memset(&addr, 0xff, sizeof(addr));
   addr.sa_family = AF_PACKET;
   int fd = socket(PF_PACKET, SOCK_PACKET, htons(ETH_P_ALL));
   bind(fd, &addr, sizeof(addr));
   return 0;
 }
=====================================

This happens because addr.sa_data copied from the userspace is not
zero-terminated, and copying it with strlcpy() in packet_bind_spkt()
results in calling strlen() on the kernel copy of that non-terminated
buffer.

Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/packet/af_packet.c?h=v5.5&id=540e2894f7905538740aaf122bd8e0548e1c34a4
 6 years ago
M_ars c83b241387 kernel: ipv6: Allow IPv4-mapped address as next-hop Made kernel accept IPv6 routes with IPv4-mapped address as next-hop. 
It is possible to configure IP interfaces with IPv4-mapped addresses, and
one can add IPv6 routes for IPv4-mapped destinations/prefixes, yet prior
to this fix the kernel returned an EINVAL when attempting to add an IPv6
route with an IPv4-mapped address as a nexthop/gateway.

RFC 4798 (a proposed standard RFC) uses IPv4-mapped addresses as nexthops,
thus in order to support that type of address configuration the kernel
needs to allow IPv4-mapped addresses as nexthops.

Signed-off-by: Erik Nordmark <nordmark@arista.com>
Signed-off-by: Bob Gilligan <gilligan@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/route.c?h=v5.5&id=96d5822c1d812ed30da035795a4408f43fe533f3
 6 years ago
M_ars 8dc6bbcc29 kernel: ipv6: do not increment mac header when it's unset Otherwise we'll overflow the integer. This occurs when layer 3 tunneled packets are handed off to the IPv6 layer. 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv6/reassembly.c?h=v5.5&id=b678aa578c9e400429e027269e8de2783e5e73ce
 6 years ago
M_ars b4e6eb740d kernel: tcp: avoid infinite loop in tcp_splice_read() Splicing from TCP socket is vulnerable when a packet with URG flag is received and stored into receive queue. 
__tcp_splice_read() returns 0, and sk_wait_data() immediately
returns since there is the problematic skb in queue.

This is a nice way to burn cpu (aka infinite loop) and trigger
soft lockups.

Again, this gem was found by syzkaller tool.

Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov  <dvyukov@google.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/tcp.c?h=v5.5&id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82
 6 years ago
M_ars aa2f3eed6b Update README.md: add support for Asus RT-AC68U B2 (only cosmetic) 6 years ago
pedro 472623287b router: Makefile: samba3: build with libiconv if available 6 years ago
pedro 10256a7beb router: Makefile: fix xl2tpd-clean recipe 6 years ago
pedro e81323ced4 router: Makefile: fix dnsmasq-clean recipe 6 years ago
pedro 7dfa1d78ac router: Makefile: clean-up php recipe 6 years ago
pedro 9f082de8e0 router: rc: misc.c: clean-up 6 years ago
pedro 9d4d0d6b2f router: rc: nocat.c: optimize code, clean-up 6 years ago
pedro 499eac7ccb router: rc: restrict.c: clean-up 6 years ago
pedro 0149b71d0e router: rc: snmp.c: optimize code, clean-up 6 years ago
pedro 7a6643f40d router: rc: tinc.c: optimize code, clean-up 6 years ago
pedro 601d9aed3e router: rc: transmission.c: optimize code, clean-up 6 years ago
pedro 7ef479643d router: rc: mysql.c: optimize code, clean-up 6 years ago
M_ars f62c145031 Add Asus RT-AC68U B2 support (almost the same like AC1900P) 
THX to user steveineastie from linksysinfo.org

Detection Infos:
boardtype=0x072F
boardrev=0x1500
boardnum=00
boardflags=0x00000110
boardflags2=0x00000000
odmpid=RT-AC68U
model=RT-AC68U
cpurev=c0
 6 years ago
pedro 0fce047fd6 router: Makefile: always build and install zlib 6 years ago
pedro ad10bfb6fe router: Makefile: remove FULL_OPENSSL var 6 years ago
pedro d4e637f3f4 router: Makefile: there is no libyaml to install 6 years ago
pedro 5c05f552ce libcurl: update CA certificate bundle as of 2020-01-01 6 years ago
pedro e9e3e3d072 router: Makefile: fix some configure/compiler warnings, clean-up 6 years ago
pedro 81bd842541 router: mssl: add debug log, clean-up 6 years ago
pedro 071c15ad89 router: Makefile: clean-up; remove unused scsi-idle package from the tree 6 years ago
pedro a283aec7b9 GUI: TOR: add an option to resolve only .onion/.exit domains without having to configure anything else 6 years ago
pedro 6a55273ab4 router: www: vpn-tinc.asp: fix some bugs, add link to the tutorial, clean-up 6 years ago
pedro 9350fef7b2 Bump version to 2020.2 6 years ago
pedro 51f6763e96 Merge branch 'arm-master' into arm-ng 6 years ago
pedro 94cfe99369 Update CHANGELOG 6 years ago
pedro 382ae15a56 Merge branch 'arm-master' into arm-ng 6 years ago
pedro 8580341d58 libcurl: update to 7.68.0 
- remove the patch that is no longer needed
- changes in router/Makefile - avoid configure warning
 6 years ago
pedro 3d48b6ed1e dnsmasq: update to ab53883 (2020.01.11) snapshot 
- cosmetic in patch
 6 years ago
pedro a23fe7b938 e2fsprogs: update to 1.45.5 6 years ago