[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

Hi devs, We are trying to make passwords on LEDE a tiny bit more secure by refusing weak or short (read: less than 6 characters) passwords. Please see related discussion over here, where the inconsistencies were discovered: https://github.com/openwrt/luci/pull/878 Here is what the patch change

[LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

This patches the busybox passwd source so that even root is not allowed to set a weak (too short) password. This enables us to define a minimum password length that is consistent over graphical interfaces (e.g. LuCI) and CLI. Signed-off-by: Dan Luedtke --- .../utils/busybox/patches/900-prevent-w

Re: [LEDE-DEV] LEDE v17.01.0 schedule adjusted

> "David" == David Woodhouse writes: David> On Wed, 2017-02-15 at 14:03 -0800, Russell Senior wrote: >> >> I just tried r3499 (master branch), and it works too, David> Nice. Do you want to reinstate the default configuration for it, David> which was removed in commit 9e0759ea2? See how I've

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On Fri, 17 Feb 2017, danrl wrote: Date: Fri, 17 Feb 2017 11:42:14 +0100 From: danrl To: lede-dev@lists.infradead.org Cc: Dan Luedtke Subject: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords Hi devs, We are trying to make passwords on LEDE a tiny bit more secure by refusing weak

Re: [LEDE-DEV] [PATCH] BT Home Hub 5A: configure Red Ethernet as DMZ interface (FS#490) and fix Red Ethernet switch port (FS#390)

The BT Home Hub routers described in the scenario(s) below are connected also on the LAN side. I ran further tests in the first SCENARIO (Red Ethernet as eth0.2) monitoring the red Ethernet WAN end with wireshark and I saw arp requests coming from the Red Ethernet that have both mac address an

[LEDE-DEV] Commit "luci-mod-admin-full: place 80211w options behind a check for wpad-full" causes 802.11w to be hidden with full hostapd

Hi, The patch committed here does not seem to be correct as it hides 802.11w support with the full hostapd package: https://git.lede-project.org/?p=project/luci.git;a=commit;h=07e01d094eb25e1f036e85b8cfc5aceccc56003c With the hostapd package installed, not mini, the output of hostapd -veap is:

Re: [LEDE-DEV] Commit "luci-mod-admin-full: place 80211w options behind a check for wpad-full" causes 802.11w to be hidden with full hostapd

By what does this have to do with wpad, I mean that there should be no dependency on EAP features being present for 802.11w to work. Nick ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

Hi David, thanks for the fast response! > On 17 Feb 2017, at 11:54, David Lang wrote: > But deciding that you know better than the admin of the system is not. Not that I am a fan of telling admins what to do, but do you see any chance that we can get an consistent and enforceable approach to

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On 17/02/2017 12:16, Dan Lüdtke wrote: > Hi David, > > thanks for the fast response! > >> On 17 Feb 2017, at 11:54, David Lang wrote: >> But deciding that you know better than the admin of the system is not. > > Not that I am a fan of telling admins what to do, but do you see any chance > th

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On 02/17/2017 12:26 PM, John Crispin wrote: > > > On 17/02/2017 12:16, Dan Lüdtke wrote: >> Hi David, >> >> thanks for the fast response! >> >>> On 17 Feb 2017, at 11:54, David Lang wrote: >>> But deciding that you know better than the admin of the system is not. >> >> Not that I am a fan of tel

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On Fri, 17 Feb 2017, Dan Lüdtke wrote: Hi David, thanks for the fast response! On 17 Feb 2017, at 11:54, David Lang wrote: But deciding that you know better than the admin of the system is not. Not that I am a fan of telling admins what to do, but do you see any chance that we can get an

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On 17.2.2017 12.42, danrl wrote: We are trying to make passwords on LEDE a tiny bit more secure by refusing weak or short (read: less than 6 characters) passwords. Please see related discussion over here, where the inconsistencies were discovered: https://github.com/openwrt/luci/pull/878 Not

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On Fri, 17 Feb 2017, Alberto Bursi wrote: On 02/17/2017 12:26 PM, John Crispin wrote: On 17/02/2017 12:16, Dan Lüdtke wrote: Hi David, thanks for the fast response! On 17 Feb 2017, at 11:54, David Lang wrote: But deciding that you know better than the admin of the system is not. Not th

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On 17/02/2017 12:35, Alberto Bursi wrote: > > > On 02/17/2017 12:26 PM, John Crispin wrote: >> >> >> On 17/02/2017 12:16, Dan Lüdtke wrote: >>> Hi David, >>> >>> thanks for the fast response! >>> On 17 Feb 2017, at 11:54, David Lang wrote: But deciding that you know better than the a

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On 02/17/2017 12:51 PM, John Crispin wrote: > > > regardless of you liking my use case or not its still a NAK > > John > Who cares, really. I just posted my opinion. -Alberto ___ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.i

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On 02/17/2017 12:52 PM, David Lang wrote: > On Fri, 17 Feb 2017, Alberto Bursi wrote: > > And having no password is a much bigger change than having a short > password when you are testing things. It makes a lot of sense to be > excercising the password routine when doing tests, and very little >

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

Alberto Bursi [2017-02-17 12:08:03]: > Btw, for console access (serial or TTL or whatever) there is no login > even if you have set a password afaik. BTW, it's a config option, you can enable it: $ uci set system.@system[0].ttylogin='1' -- ynezz ___

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

On Fri, 17 Feb 2017, Alberto Bursi wrote: On 02/17/2017 12:52 PM, David Lang wrote: On Fri, 17 Feb 2017, Alberto Bursi wrote: And having no password is a much bigger change than having a short password when you are testing things. It makes a lot of sense to be excercising the password routine

[LEDE-DEV] Using PROVIDES with kmod packages

I was doing some fun experiments with ssb/bcma/b43 as a research based on: [PATCH RFC] kernel: allow selecting kmod-ssb on TARGET_brcm47xx_mips74k I was trying to build 2 variants of ssb package and 2 variants of b43 package. It didn't work, most likely because of the way PROVIDES is handled. I s

Re: [LEDE-DEV] [PATCH 1/4] brcm63xx: CPVA642+: fix LEDs and buttons at DTS

Hi, On 14 February 2017 at 16:36, Daniel Gonzalez Cabanelas wrote: > Leds are wrong and a button is missing, fix them. > > Signed-off-by: Daniel Gonzalez Cabanelas > diff --git a/target/linux/brcm63xx/dts/cpva502plus.dts > b/target/linux/brcm63xx/dts/cpva502plus.dts > index 6d9b5d3..3ddc459 100

Re: [LEDE-DEV] [PATCH] This patch adds support for the Actiontec R1000H gateway to the brcm63xx targets.

Hi, Please Cc me for brcm63xx patches, this makes it easier for me to apply them (especially if they get mangled by patchwork). On 12 February 2017 at 14:48, Anthony Sepa via Lede-dev wrote: > The sender domain has a DMARC Reject/Quarantine policy which disallows > sending mailing list messages

Re: [LEDE-DEV] Using PROVIDES with kmod packages

Hi, On 17 February 2017 at 14:53, Rafał Miłecki wrote: > I was doing some fun experiments with ssb/bcma/b43 as a research based on: > [PATCH RFC] kernel: allow selecting kmod-ssb on TARGET_brcm47xx_mips74k > > I was trying to build 2 variants of ssb package and 2 variants of b43 > package. > It d

Re: [LEDE-DEV] [PATCH] Opkg: add --no-configure option patch.

Hi, On 16 February 2017 at 02:14, Daniel Danzberger wrote: > Calling opkg with --no-configure prevents opkg > from running the configuration of the package (postinstall scripts ..etc) > > This way opkg will only install the package, without restarting the service > for example. What's the use

Re: [LEDE-DEV] [PATCH 1/4] brcm63xx: CPVA642+: fix LEDs and buttons at DTS

2017-02-17 15:06 GMT+01:00 Jonas Gorski : > Hi, > > On 14 February 2017 at 16:36, Daniel Gonzalez Cabanelas > wrote: >> Leds are wrong and a button is missing, fix them. >> >> Signed-off-by: Daniel Gonzalez Cabanelas >> diff --git a/target/linux/brcm63xx/dts/cpva502plus.dts >> b/target/linux/brc

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

As much a good "debate" over password strength may be healthy, it is not for LEDE. Password enforcement is a policy decission, and not an engineering decission. LEDE should provide tools to help enforce a diversity of policies. LEDE should not create or enforce any policy. - Eric Orig

Re: [LEDE-DEV] [PATCH 1/4] brcm63xx: CPVA642+: fix LEDs and buttons at DTS

On 17 February 2017 at 15:20, Daniel wrote: > 2017-02-17 15:06 GMT+01:00 Jonas Gorski : >> Hi, >> >> On 14 February 2017 at 16:36, Daniel Gonzalez Cabanelas >> wrote: >>> Leds are wrong and a button is missing, fix them. >>> >>> Signed-off-by: Daniel Gonzalez Cabanelas >>> diff --git a/target/li

Re: [LEDE-DEV] [PATCH] brcm63xx: fix external IRQ edge type sense

On 8 February 2017 at 04:56, Florian Fainelli wrote: > Le 02/07/17 à 12:36, Daniel Gonzalez Cabanelas a écrit : >> Fix the register for configuring rising/falling edge >> >> Rising should be sense=1, and falling sense=0. >> The old driver used these values, but the new one have >> them flipped. >

Re: [LEDE-DEV] Using PROVIDES with kmod packages

On 17 February 2017 at 15:14, Jonas Gorski wrote: > On 17 February 2017 at 14:53, Rafał Miłecki wrote: >> I was doing some fun experiments with ssb/bcma/b43 as a research based on: >> [PATCH RFC] kernel: allow selecting kmod-ssb on TARGET_brcm47xx_mips74k >> >> I was trying to build 2 variants of

Re: [LEDE-DEV] QCA Dakota support

The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- On Monday, October 31, 2016 10:38:

Re: [LEDE-DEV] Using PROVIDES with kmod packages

On 17 February 2017 at 15:38, Rafał Miłecki wrote: > On 17 February 2017 at 15:14, Jonas Gorski wrote: >> On 17 February 2017 at 14:53, Rafał Miłecki wrote: >>> I was doing some fun experiments with ssb/bcma/b43 as a research based on: >>> [PATCH RFC] kernel: allow selecting kmod-ssb on TARGET_b

Re: [LEDE-DEV] [PATCH] libpcap: add optional netfilter support

On 2017-02-16 11:00, Martin Schiller wrote: > This is needed to use the nflog interface with tcpdump > > Signed-off-by: Martin Schiller > --- > package/libs/libpcap/Config.in | 5 + > package/libs/libpcap/Makefile | 7 +-- > 2 files changed, 10 insertions(+), 2 deletions(-) > > diff --

Re: [LEDE-DEV] [PATCH] toolchain/arc: update to the most recent release arc-2016.09

On 2017-02-15 15:48, Alexey Brodkin wrote: > arc-2016.09 is the most recent toolchain for ARC cores and > it is based on top of upstream Binutils 2.27 and GCC 6.2.1. > > With updated major version of GCC we copied all GCC 6.x patches > for ARC as well as Bintils 2.27 patches. > > Note that toocha

Re: [LEDE-DEV] [PATCH] utils/busybox: prevent weak root passwords

What the... This discussion has become a bit out of hand! My goal was to have consistency at LuCI and CLI. I see how enforcing passwords of a particular kind, as well as enforcing passwords at all, is not an engineering decision. I have no problem with this patch being rejected. So, since we de

Re: [LEDE-DEV] QCA Dakota support

On 17/02/2017 15:46, Christian Lamparter wrote: > On Monday, October 31, 2016 10:38:18 PM CET Christian Mehlis wrote: >> Hi, >> >> is there someone working on QCA Dakota support for lede? > Heads-up! > >

Re: [LEDE-DEV] imx6: fail to start IBSS link

On Thu, Feb 16, 2017 at 6:22 AM, Koen Vandeputte wrote: > Hi Felix, > Hi Tim, > > commit "imx6: move to Linux 4.9 kernel" introduces some regression on wlan > level. > > > When starting wpa_supplicant to initiate an IBSS link, the handshake fails. > Inspecting it reveals that no data packets are t

Re: [LEDE-DEV] QCA Dakota support

Cool, still personally missing a Dakota board myself. Maybe I'll get one soon. -M On Fri, Feb 17, 2017 at 9:29 AM, John Crispin wrote: > > > On 17/02/2017 15:46, Christian Lamparter wrote: >> On Monday, October 31, 2016 10:38:18 PM CET Christian Mehlis wrote: >>> Hi, >>> >>> is there someone wor

Re: [LEDE-DEV] QCA Dakota support

The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- On Friday, February 17, 2017 4:29:

Re: [LEDE-DEV] imx6: fail to start IBSS link

Koen, Can you try to disable MSI? I've seen issues with it in the past for IMX6 and I typically leave it disabled as it doesn't buy us anything and can instead hurt performance. If I recall, I think its now 'required' by the IMX6 PCIe driver so it may take a kernel change to disable it. Other

Re: [LEDE-DEV] Using PROVIDES with kmod packages

On 17 February 2017 at 16:06, Jonas Gorski wrote: > On 17 February 2017 at 15:38, Rafał Miłecki wrote: >> On 17 February 2017 at 15:14, Jonas Gorski wrote: >>> On 17 February 2017 at 14:53, Rafał Miłecki wrote: I was doing some fun experiments with ssb/bcma/b43 as a research based on:

Re: [LEDE-DEV] Using PROVIDES with kmod packages

On 17 February 2017 at 17:56, Rafał Miłecki wrote: > On 17 February 2017 at 16:06, Jonas Gorski wrote: >> On 17 February 2017 at 15:38, Rafał Miłecki wrote: >>> On 17 February 2017 at 15:14, Jonas Gorski wrote: If that isn't enough you could also create a KernelPackage/ssb/brcm47xx (s

Re: [LEDE-DEV] [PATCH] Opkg: add --no-configure option patch.

Hi, I am writing an auto update shell script with special install handlers for some of my packages. The auto updater is a package itself and can also be updated. Without --no-configure, opkg would kill my auto updater while it is updating itself. On 02/17/2017 06:17 AM, Jonas Gorski wrote: > Hi

Re: [LEDE-DEV] QCA Dakota support

On 17/02/2017 17:06, Matthew McClintock wrote: > Cool, still personally missing a Dakota board myself. Maybe I'll get one soon. > > -M > i used your v4.7-rc for-next tree as basis for the 4.9 support ;) John ___ Lede-dev mailing list Lede-d

Re: [LEDE-DEV] Help wanted with testing opkg improvements

Hi again, my previous change was incomplete, please use the following two changes for testing: https://git.lede-project.org/71ab6d6.patch https://git.lede-project.org/e9bd98e.patch Bye, Jo ___ Lede-dev mailing list Lede-dev@lists.infradead.org http:/

Re: [LEDE-DEV] [PATCH] Opkg: add --no-configure option patch.

And I also do not want opkg to invoke the init scripts of the just upgraded packages until I have finished all my checks and stuff. I thought it might be useful for others too, if opkg has this option that let you control the upgrade process a bit more. What do you think ? On 02/17/2017 06:17 AM,

[LEDE-DEV] [PATCH] ar71xx: fix gmac0 speed function for qca956x

From: Weijie Gao This patch fixed the problem that kernel will crash when WAN port is linked-up in QCA9561. When GMAC0 is configured as GMII, it's connected to the internal switch. In this situation, there's no need to adjust the speed of GMAC0, and the function ath79_set_speed_dummy should be u