| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
CVE-2016-0754: remote file name path traversal in curl tool for Windows
http://curl.haxx.se/docs/adv_20160127A.html
CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use
http://curl.haxx.se/docs/adv_20160127B.html
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48614 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48613 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
Update iproute2 to latest version 4.4 with full MPLS support.
Signed-off-by: André Valentin <avalentin@marcant.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48612 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
| |
UCI paramater multicast is added which allows to toggle multicast support on gre interfaces.
By default multicast support is enabled as gre tunnels are often used in combination with
routing protocols using multicast.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Nick Podolak <nicholas.podolak@dtechlabs.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48596 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48595 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
| |
flags (#21738)
* Enable drop_invalid by default to catch unnatted packets (#21738)
* Fix processing of inversions for -i, -o, -s, -d and -p flags
* Remove delegate_* chain indirection but rely on xt_id to identify own rules
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48551 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
wpad-mesh/wpa_supplicant-mesh
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48537 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48529 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48528 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48527 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 6a7e56b adds support for adding local hostname for own lan ula adress
but if ula prefix is not specified results into an invalid config (address=/OpenWrt.lan/1)
causing dnsmasq not to start up.
Use lanaddr6 when adding local hostname as the lan ula address is constructed based on the
UCI parameters ip6hint and ip6ifaceid and thus not always ula prefix suffixed with 1
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48495 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
| |
RSA keys should be generated with sufficient length.
Using 1024 bits is considered unsafe.
In other packages the used key length is 2048 bits.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48494 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
Update to Git HEAD in order to include VHT rate support in the Lua binding.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48488 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
Update to upstream Git HEAD to include VHT rate support and a number of
coverity scan fixes.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48487 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48478 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48458 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
issues with some DSLAMs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48457 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48455 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds IPv6 support to qos-scripts for both tc/qdisc and the
iptables classification rules. The tc/qdisc part is accomplished
by removing "protocol ip" from the tc command line, causing the
rule to be applied to all protocols. The iptables part is
accomplished by adding each rule using both iptables and ip6tables.
This patch is based on previous work by Ilkka Ollakka and
Dominique Martinet.
Signed-off-by: Michael Marley <michael@michaelmarley.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48452 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a "srciface" option that can be used on classification
rules in /etc/config/qos. This is useful to allow prioritization
based on the local network from which the traffic originates, for
example to deprioritize traffic from a guest network.
Signed-off-by: Michael Marley <michael@michaelmarley.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48446 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48445 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
variable
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48397 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48391 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
| |
Set the save-mark mask for the qos_${cg} chain to 0xff instead of
0xf0. With the old value, the nibble that was saved would be
masked during the restore, preventing ingress traffic from being
classified. Thanks to nbd for recommending the fix.
Signed-off-by: Michael Marley <michael@michaelmarley.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48388 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48385 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
The auth change appears to break the endpoint update for most users and with
my local tests the old update url works just fine.
This reverts commit 99c03a88cb6fed0519efdfaac305794653a12542.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48384 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
Introduce config options client_cert2, priv_key2 and priv_key2_pwd
used for EAP-TLS phase2 authentication in WPA-EAP client mode.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48345 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48344 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48343 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
explicit notification when init is done
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48321 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48320 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48315 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48314 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
WPA-EAP supports several phase2 (=inner) authentication methods when
using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first
step towards the UCI model supporting EAP-FAST by this commit)
The value of the auth config variable was previously expected to be
directly parseable as the content of the 'phase2' option of
wpa_supplicant.
This exposed wpa_supplicant's internals, leaving it to view-level to
set the value properly. Unfortunately, this is currently not the case,
as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'.
Users thus probably diverged and set auth to values like
'auth=MSCHAPV2' as a work-around.
This behaviour isn't explicitely documented anywhere and is not quite
intuitive...
The phase2-string is now generated according to $eap_type and $auth,
following the scheme also found in hostap's test-cases:
http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py
The old behaviour is also still supported for the sake of not breaking
existing, working configurations.
Examples:
eap_type auth
'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2"
'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2"
'peap' 'EAP-GTC' -> phase2="auth=GTC"
Deprecated syntax supported for compatibility:
'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2"
I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to
the list of Authentication methods available.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48309 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
This was generating a conffiles list that included the binary
and CONTROL/ files.
Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48296 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48280 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for configuring VTI interfaces within /etc/config/network.
VTI interfaces are used to create IPsec tunnel interfaces. These interfaces
may be used for routing and other purposes.
Example config:
config interface 'vti1'
option proto 'vti'
option mtu '1500'
option tunlink 'wan'
option peeraddr '192.168.5.16'
option zone 'VPN'
option ikey 2
option okey 2
config interface 'vti1_static'
option proto 'static'
option ifname '@vti1'
option ipaddr '192.168.7.2/24'
The options ikey and okey correspond to the fwmark value of a ipsec policy.
The may be null if you do not want fwmarks.
Also peeraddr may be 0.0.0 if you want all ESP packets go through the
interface.
Example strongswan config:
conn vti
left=%any
leftcert=peer2.test.der
leftid=@peer2.test
right=192.168.5.16
rightid=@peer3.test
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
mark=2
auto=route
Signed-off-by: André Valentin <avalentin@marcant.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48274 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48273 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
| |
By default dnsmasq uses random ports for outbound dns queries;
when the minport UCI option is specified the ports used will
always be larger than the specified value.
This is usefull for systems behind firewalls.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48244 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
Update dropbear to version 2015.71, released on 3 Dec 2015.
Refresh patches.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48243 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48214 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48202 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48201 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
size by ~5 kb
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48196 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48195 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141)
- EAP-pwd peer: Fix payload length validation for Commit and Confirm
(CVE-2015-4143)
- EAP-pwd server: Fix payload length validation for Commit and Confirm
(CVE-2015-4143)
- EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
(CVE-2015-4144, CVE-2015-4145)
- EAP-pwd server: Fix Total-Length parsing for fragment reassembly
(CVE-2015-4144, CVE-2015-4145)
- EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146)
- NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041)
- WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
(CVE-2015-5310)
- EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315)
- EAP-pwd server: Fix last fragment length validation (CVE-2015-5314)
- EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316)
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48185 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
Follow up of #21469
This patch enables autoreloading openvpn via procd.
Signed-off-by: Federico Capoano <nemesis@ninux.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48150 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48141 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A
patchset for these vulnerabilities was published on 16th December 2015.
Signed-off-by: Jan Čermák <jan.cermak@nic.cz>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48133 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48129 3c298f89-4303-0410-b956-a3cf2f4a3e73
|