staging/xback, branch v17.01.3

LEDE v17.01.3: adjust config defaults

2017-10-03T12:10:53Z

Signed-off-by: Stijn Tintel

uhttp: update to latest version

2017-10-03T11:03:27Z

3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella

odhcpd: don't enable server mode on non-static lan port

2017-10-02T16:51:17Z

Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker

odhcpd: backport fixes from master branch (FS#402, FS#524)

2017-10-02T16:46:24Z

336212c config: fix dhcpv4 server being started 336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) Signed-off-by: Hans Dedecker

dnsmasq: bump to v2.78

2017-10-02T16:36:21Z

Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496 Signed-off-by: Kevin Darbyshire-Bryant

base-files: create /etc/config/ directory

2017-10-01T08:52:14Z

The /bin/config_generate script and some other scripts are assuming the /etc/config directory exists in the image. This is true in case for example the package firewall, dropbear or dnsmasq are included, which are adding the files under /etc/config/. Without any of these package the system will not boot up fully because the /etc/config/ directory is missing and some init scripts just fail. Make sure all images with the base-files contain a /etc/config/ directory. Signed-off-by: Hauke Mehrtens Acked-by: John Crispin

sunxi: clean up modules definitions

2017-10-01T08:04:12Z

Module definitions for kmod-wdt-sunxi and kmod-eeprom-sunxi are removed (wdt-sunxi was builtin anyways; nvmem-sunxi, which is the new name of eeprom-sunxi is changed to builtin). As kmod-eeprom-sunxi was specified in DEFAULT_PACKAGES, but not available on kernel 4.4, it was breaking the image builder. Support for kmod-sunxi-ir is added for kernel 4.4 (it is unclear why it was disable before, it builds fine with with kernel 4.4). Condtionals only relevant for pre-4.4 kernels are removed from modules.mk, as sunxi does't support older kernels anymore. Fixes FS#755. Signed-off-by: Matthias Schiffer

ltq-vdsl-mei: revert disable optimized firmware download

2017-09-30T18:37:33Z

This reverts commit b428f45c062dc8ca8c2f35f491fa467dc5b85519. If the optimized firmware download is disabled, the xdsl subsystem hangs in the "idle request" state after physically disconnecting and reconnecting the xdsl modem from the line. It might fix the failing line init on boot as well. Signed-off-by: Mathias Kresin

curl: fix security problems

2017-09-30T13:27:29Z

This fixes the following security problems: * CVE-2017-1000100 TFTP sends more than buffer size * CVE-2017-1000101 URL globbing out of bounds read Signed-off-by: Hauke Mehrtens

mbedtls: update to 2.6.0 CVE-2017-14032

2017-09-30T13:24:52Z

Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant Tested-by: Magnus Kroken