EljakimHerrewijnen/Openwrt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Openwrt build for Asrock G10 Router
35,758 Commits 1 Branch 0 Tags 212 MiB
4e8c6f3407
Go to file
Jo-Philipp Wich 4e8c6f3407 dropbear: security update to 2016.74 
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

  The security issues were reported by an anonymous researcher working with
  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-12 11:45:47 +02:00
config apm821xx: use lzma compression for the initramfs images 2016-07-25 10:38:11 +02:00
docs
include kernel: add plan 9 fs package 2016-08-11 10:45:33 +02:00
package dropbear: security update to 2016.74 2016-08-12 11:45:47 +02:00
scripts kernel: add plan 9 fs package 2016-08-11 10:45:33 +02:00
target oxnas: set preinit network interface 2016-08-11 17:16:03 +02:00
toolchain gcc: optionally build gccgo compiler 2016-08-11 10:45:33 +02:00
tools tools: flock: add NFSv4 compatibility 2016-08-11 10:50:10 +02:00
.gitattributes
.gitignore
BSDmakefile
Config.in
feeds.conf.default feeds: switch from github to lede-project.org mirrors 2016-08-01 22:34:18 +02:00
LICENSE
Makefile build: move merged package directory from bin/ to staging_dir 2016-08-03 12:22:18 +02:00
README README: Update project README 2016-05-12 03:29:36 +02:00
rules.mk build: add checksum target 2016-08-01 18:11:21 +02:00

README 

This is the buildsystem for the LEDE Linux distribution.

Please use "make menuconfig" to choose your preferred
configuration for the toolchain and firmware.

You need to have installed gcc, binutils, bzip2, flex, python, perl, make,
find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers.

Run "./scripts/feeds update -a" to get all the latest package definitions
defined in feeds.conf / feeds.conf.default respectively
and "./scripts/feeds install -a" to install symlinks of all of them into
package/feeds/.

Use "make menuconfig" to configure your image.

Simply running "make" will build your firmware.
It will download all sources, build the cross-compile toolchain, 
the kernel and all choosen applications.

To build your own firmware you need to have access to a Linux, BSD or MacOSX system
(case-sensitive filesystem required). Cygwin will not be supported because of
the lack of case sensitiveness in the file system.


Sunshine!
	Your LEDE Community
	http://www.lede-project.org