summaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* netifd: update to the latest version, adds various fixesFelix Fietkau2016-09-281-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iwinfo: fix WPA cipher reportingJo-Philipp Wich2016-09-271-2/+2
| | | | | | | | | | | Within the Lua binding, use the same logic as the command line interface for reporting the used WPA ciphers. Instead of printing the intersection of pairwise and group ciphers, report both group and pairwise ciphers. This fixes a case where a connection which uses CCMP for pairwise and TKIP as groupwise cipher is getting reported as using the NONE cipher. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* 6in4: fix invalid local variable declaration (FS#188)Jo-Philipp Wich2016-09-272-3/+3
| | | | | | | | Remove an invalid local variable declaration in the tunnel update subshell invocation. Local declarations outside of function scopes are illegal since the Busybox update to version 1.25.0 . Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* config: enable shadow passwords unconditionallyMatthias Schiffer2016-09-261-1/+0
| | | | | | | | | | | | | Configurations without shadow passwords have been broken since the removal of telnet: as the default entry in /etc/passwd is not empty (but rather unset), there will be no way to log onto such a system by default. As disabling shadow passwords is not useful anyways, remove this configuration option. The config symbol is kept (for a while), as packages from feeds depend on it. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* curl: update to version 7.50.3Hauke Mehrtens2016-09-242-3/+3
| | | | | | | | | | | | | | This fixes the following security problems: 7.50.1: CVE-2016-5419 TLS session resumption client cert bypass CVE-2016-5420 Re-using connections with wrong client cert CVE-2016-5421 use of connection struct after free 7.50.2: CVE-2016-7141 Incorrect reuse of client certificates 7.50.3: CVE-2016-7167 curl escape and unescape integer overflows Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ltq-vdsl-app: update to version 4.17.18.6Hauke Mehrtens2016-09-203-28/+5
| | | | Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* dnsmasq: Add match section supportHans Dedecker2016-09-191-0/+17
| | | | | | | | | | | | | | | Match sections allow to set a tag specified by the option networkid if the client sends an option and optionally the option value specified by the match option. The force option will convert the dhcp-option to force-dhcp-option if set to 1 in the dnsmasq config if options are specified in the dhcp_option option. config match option networkid tag option match 12,myhost option force 1 list dhcp_option '3,192.168.1.1' Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: Bump to 2016-07-29Florian Fainelli2016-09-191-2/+2
| | | | Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* hostapd: fix regression breaking brcmfmacRafał Miłecki2016-09-134-7/+46
| | | | | | The latest update of hostapd broke brcmfmac due to upstream regression. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: make NO_ID optional in full variantKevin Darbyshire-Bryant2016-09-101-5/+10
| | | | | | | | | Permit users of the full variant to disable the NO_ID *.bind pseudo domain masking. Defaulted 'on' in all variants. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dropbear: hide dropbear versionKevin Darbyshire-Bryant2016-09-101-0/+4
| | | | | | | | | | | | As security precaution and to limit the attack surface based on the version reported by tools like nmap mask out the dropbear version so the version is not visible anymore by snooping on the wire. Version is still visible by 'dropbear -V' Based on a patch by Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
* dnsmasq: Don't expose *.bind data incl versionKevin Darbyshire-Bryant2016-09-082-1/+150
| | | | | | | | | | | | | Don't expose dnsmasq version & other data to clients via the *.bind pseudo domain. This uses a new 'NO_ID' compile time option which has been discussed and submitted upstream. This is an alternate to replacing version with 'unknown' which affects the version reported to syslog and 'dnsmasq --version' Run time tested with & without NO_ID on Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: update to version 2016-09-05Felix Fietkau2016-09-0823-198/+98
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: fix remove pidfile on shutdown regressionKevin Darbyshire-Bryant2016-09-061-0/+1
| | | | | | | | | | | | | | Regression introduced by 3481d0d dnsmasq: run as dedicated UID/GID dnsmasq is unable to remove its own pidfile as /var/run/dnsmasq is owned by root and now dnsmasq runs as dnsmasq:dnsmasq. Change directory ownership to match. dnsmasq initially starts as root, creates the pidfile, then drops to requested non-root user. Until this fix dnsmasq had insufficient privilege to remove its own pidfile. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: fix typo and indentation in ap_sta_support.patchJohannes Römer2016-09-051-2/+2
| | | | Signed-off-by: Johannes Römer <jroemer@posteo.net>
* dropbear: mdns flag is a bool, not integerKarl Palsson2016-09-051-1/+1
| | | | | | Effectively the same for most purposes, but more accurate. Signed-off-by: Karl Palsson <karlp@etactica.com>
* ebtables: fix build with glibcFelix Fietkau2016-08-301-2/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dante: remove -D_GNU_SOURCE to fix build errors with current glibcFelix Fietkau2016-08-301-2/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iperf: add -lm to fix build with newer glibcFelix Fietkau2016-08-301-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iperf: drop PKG_BUILD_DIR overrideFelix Fietkau2016-08-301-1/+0
| | | | | | No longer necessary since the removal of build variants Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iwinfo: mark as nonsharedJo-Philipp Wich2016-08-251-0/+2
| | | | | | | | | The iwinfo library might get compiled with different backends, depending on the driver selection of the current target, so mark it as nonshared to avoid broken libiwinfo support on other targets with same cpu architecture but different wireless driver types. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uqmi: update to the latest version, adds QMI-in-MBIM supportFelix Fietkau2016-08-241-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: update to 2.3.12Magnus Kroken2016-08-245-67/+37
| | | | | | | | | 300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream. Replaced 101-remove_polarssl_debug_call.patch with upstream backport. Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* hostapd: use printf to improve portability.Ash Benz2016-08-231-4/+4
| | | | Signed-off-by: Ash Benz <ash.benz@bk.ru>
* netifd: update to the latest versionFelix Fietkau2016-08-231-2/+2
| | | | | | | Adds fixes for wireless device error handling Adds link state fixes for shell proto handlers Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: Extend uci datamodel with persistency sypportHans Dedecker2016-08-182-3/+13
| | | | | | | | | | | | | | | | | | | | PPP daemon can be put into persist mode meaning the daemon will not exit after a connection gets terminated but will instead try to reopen the connection. The re-initiation after the link has been terminated can be controlled via holdoff; this is helpfull in scenarios where a BRAS is in denial of service mode due to link setup requests after a BRAS has gone down Following uci parameters have been added : persist (boolean) : Puts the ppp daemon in persist mode maxfail (integer) : Number of consecutive fail attempts which puts the PPP daemon in exit mode holdoff (interget) : Specifies how many seconds to wait before re-initiating link setup after it has been terminated Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* swconfig: revert the portmapping patches, they seem to cause a segfaultJohn Crispin2016-08-163-0/+104
| | | | | | | | | | | | Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig" This reverts commit 675407baa44a8700de20b6b2857009a552a807ba. Revert "swconfig: remove obsolete portmapping feature" This reverts commit fca1eb349ef31b133a62880cbd562d6bf17500aa. Signed-off-by: John Crispin <john@phrozen.org>
* swconfig: remove obsolete portmapping featureJohn Crispin2016-08-153-104/+0
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* samba: add file/interface reload triggers & filter interfacesConn O'Griofa2016-08-151-9/+10
| | | | | | | | | | | | | | | | * Only parse interfaces that are up during init_config (as the script depends on this to determine the proper IP/subnet range) * Add reload interface triggers for samba-designated interfaces * Force full service restart upon config change to ensure Samba binds to new interfaces (sending HUP signal doesn't work) * Rename "interface" variable to "samba_iface" and move into global scope Needed to fix Samba connectivity for clients connecting from a different LAN subnet (e.g. pseudobridge configurations) due to the 'bind interfaces only' setting. Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
* dropbear: security update to 2016.74Jo-Philipp Wich2016-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: Allow RADIUS accounting without 802.1xPetko Bordjukov2016-08-111-10/+9
| | | | | | | | RADIUS accounting can be used even when RADIUS authentication is not used. Move the accounting configuration outside of the EAP-exclusive sections. Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
* hostapd: remove unused hostapd-common-old packageFelix Fietkau2016-08-053-606/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: remove esfq qdiscFelix Fietkau2016-08-042-251/+2
| | | | | | It has been obsolete for years now Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: add metric option to interface configFlorian Eckert2016-07-261-2/+7
| | | | | | It is now possible to add an metric option for the qmi proto in dhcp mode. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* uqmi: fix option ipv6Florian Eckert2016-07-261-5/+1
| | | | | | | If option ist not set then ipv6 is still enabled on this Interface. Check if variable is zero will fix this issue. Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* kernel: remove hostap driverFelix Fietkau2016-07-316-7/+5
| | | | | | | It has been marked as broken for well over a month now and nobody has complained. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: drop --interface and --except-interface options when the interface ↵Felix Fietkau2016-07-291-2/+2
| | | | | | cannot be found Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: update to the latest version, adds an event handling fixFelix Fietkau2016-07-291-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: remove use of uci state for getting network ifnameFelix Fietkau2016-07-291-2/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: replace the iface hotplug script with a procd triggerFelix Fietkau2016-07-293-11/+8
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: make the check for existing DHCP servers more reliableFelix Fietkau2016-07-291-0/+6
| | | | | | If there is no carrier yet, wait for 2 seconds (STP forwarding delay) Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: write atomic config fileUlrich Weber2016-07-291-8/+10
| | | | | | | | | multiple invocation of dnsmasq script (e.g. by procd and hotplugd) might cause procd to restart dnsmasq with an incomplete config file. Config file generation might take quite a long time on larger configs due ubus calls for each listening interface... Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
* netifd: update to the latest versionFelix Fietkau2016-07-291-2/+2
| | | | | | | | Emits an initial event after the first link-up of a force_link interface. This is needed for making the dnsmasq dhcp check more reliable Signed-off-by: Felix Fietkau <nbd@nbd.name>
* igmpproxy: remove procd_open_trigger/procd_close_trigger callsFelix Fietkau2016-07-291-3/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: remove procd_open_trigger/procd_close_trigger callsFelix Fietkau2016-07-291-2/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: Use -x hostname:$hostname instead of -HMerlijn Wajer2016-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | Passing the hostname is currently broken in since the shipped busybox includes this commit: https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21 Before: Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150' After: Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz... Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600 Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
* firewall3: update to latest git HEADJohn Crispin2016-07-241-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: backport mesh/ibss HT20/HT40 related fixFelix Fietkau2016-07-276-8/+69
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iperf3: update to version 3.1.3Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | old size: iperf3_3.0.11-1_mips_34kc_dsp.ipk 30147 new size: iperf3_3.1.3-1_mips_34kc_dsp.ipk 33640 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iperf: update to version 2.0.9Hauke Mehrtens2016-07-241-2/+2
| | | | | | | | | | old size: iperf_2.0.8-1_mips_34kc_dsp.ipk 27911 new size: iperf_2.0.9-1_mips_34kc_dsp.ipk 28681 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 01:45:20 +0000