aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* umbim: update to latest git HEADZoltan HERPAI2016-07-111-2/+2
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* ebtables: fix segmentation fault due to uninitialized extension dataJo-Philipp Wich2016-07-072-1/+250
| | | | | | | | | | | | | | | | | | | The ebtables code relies on the `-nostartfiles` linker argument to execute the extension modules' `_init()` functions automatically which is not working reliably across all supported targets and gcc versions. Running an ebtables executable linked this way just crashes with a segmentation fault at runtime on program startup, e.g. on ARM architectures. In order to fix the issue ... - remove the use of the -nostartfiles linker flag - rename the init procedures to a generic name without implicit semantics - explicitely annotate those init procedures as constructors The patch has been taken from the Alpine Linux distribution at http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcp6c: Upstep to latest versionHans Dedecker2016-07-071-2/+2
| | | | | | | | | Following fixes are included in the latest version: -Script is launched with incorrect action -Possible buffer overflows -Lots of minor bugfixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* swconfig: improve failure reportingJo-Philipp Wich2016-07-042-7/+7
| | | | | | Report the translated error to the user if a get/set netlink operation failed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* package/lantiq: make lantiq kernel modules work with xway_legacyJohn Crispin2016-06-241-2/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* lantiq: fix segfault inside ltq-adsl-appDaniel Gimpelevich2016-06-241-0/+65
| | | | Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* hostapd: fix breakage with non-nl80211 driversFelix Fietkau2016-06-242-15/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix compilation error in wext backendJo-Philipp Wich2016-06-241-0/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: implement fallback for incomplete survey dataFelix Fietkau2016-06-241-0/+45
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-06-15Felix Fietkau2016-06-2423-115/+115
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Update to version 2016-05-05Michal Hrusecky2016-06-248-103/+180
| | | | | | Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
* iw: refresh patchesFelix Fietkau2016-06-224-25/+11
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: update to wireless-testing 2016-05-12Felix Fietkau2016-06-221-6/+267
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mdns: update to latest git HEADJohn Crispin2016-06-211-1/+1
| | | | | | * fixes loopback handling Signed-off-by: John Crispin <john@phrozen.org>
* package: flag further target specific packages as nonsharedJo-Philipp Wich2016-06-211-0/+2
| | | | | | | | | | Add nonshared flag to package depending on specific targets or subtargets as there's no guarantee otherwise that they'll be available in the shared repo. [Edit: files modified in previous commit were removed from the list.] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* openvpn: update to 2.3.11Magnus Kroken2016-06-213-4/+25
| | | | | | | | | | Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: add support for tls-version-minMatteo Panella2016-06-212-2/+2
| | | | | | | | | | | | | Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella <morpheus@level28.org> [Jo-Philipp Wich: shorten commit title, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: remove unrecognized optionDirk Neukirchen2016-06-211-1/+0
| | | | | | | | removed upstream in https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f now its always on Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* iperf: Drop single-threaded variantBert Vermeulen2016-06-212-50/+4
| | | | Signed-off-by: Bert Vermeulen <bert@biot.com>
* iperf: Upgrade to version 2.0.8Bert Vermeulen2016-06-212-104/+5
| | | | | | | | | | | | | | The original iperf package is unmaintained. This switches to the "iperf2" project on sourceforge, a fork that started where the previous iperf left off. Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped. Due to a faulty check in configure.ac, this version needs _GNU_SOURCE defined to build properly against musl. Various other obsolete build options were also removed. Signed-off-by: Bert Vermeulen <bert@biot.com>
* dnsmasq: update to dnsmasq v2.76Kevin Darbyshire-Bryant2016-06-214-10/+28
| | | | | | | Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl 'poll.h' location warning. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* curl: update to 7.49Dirk Neukirchen2016-06-214-40/+14
| | | | | | | | | | | | | | | | fixes: CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL - remove crypto auth compile fix curl changelog of 7.46 states its fixed - fix mbedtls and cyassl usability #19621 : add path to certificate file (from Mozilla via curl) and provide this in a new package tested on ar71xx w. curl/mbedtls/wolfssl Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* dropbear: update to 2016.73Jo-Philipp Wich2016-06-206-28/+18
| | | | | | | | | | | | | Update the dropbear package to version 2016.73, refresh patches. The measured .ipk sizes on an x86_64 build are: 94588 dropbear_2015.71-3_x86_64.ipk 95316 dropbear_2016.73-1_x86_64.ipk This is an increase of roughly 700 bytes after compression. Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iw: backport support for "channels" commandRafał Miłecki2016-06-191-0/+234
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49388 3c298f89-4303-0410-b956-a3cf2f4a3e73
* treewide: fix replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-1929-30/+30
| | | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49379 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iftop: Update to latest version, and drop patchLuka Perkov2016-06-192-14/+2
| | | | | | | | | The patch made sure the ncursesw library was not selected to save space, but that library doesn't exist in this distribution at all. Signed-off-by: Bert Vermeulen <bert@biot.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49359 3c298f89-4303-0410-b956-a3cf2f4a3e73
* xtables-addons: Avoid redefinition of SHRT_MAX in lua packet scriptLuka Perkov2016-06-191-3/+6
| | | | | | | | | | Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure on systems which treat macro redefinition as an error Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49338 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: Make utmp and putuline support configurable via seperate config ↵Luka Perkov2016-06-192-3/+17
| | | | | | | | | | | options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49333 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: Add configurable DHCP release behaviorLuka Perkov2016-06-191-3/+5
| | | | | | | | | Make sending a DHCP release configurable when the client exits allowing to clean up IP/mac state info in intermediate devices. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49332 3c298f89-4303-0410-b956-a3cf2f4a3e73
* xtables-addons: Fix Lua packet script implementationLuka Perkov2016-06-191-0/+15
| | | | | | | | | | | | lua_packet_segment parameter start has type char pointer; in function lua_tg it's assigned an uint16 value generating compiler warnings obviously indicating posssible seg fault problems. Fix the issue by using the correct skb functions so the parameter points to the position inside the sk_buff Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49331 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: Send DHCP release when client exitsLuka Perkov2016-06-191-1/+1
| | | | | | | | | | Let DHCP client send a release when it exists so the DHCP server is informed the IP address is released and allowing to clean up IP/mac state info in intermediate devices. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49321 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: fix default ip rulesLuka Perkov2016-06-191-2/+2
| | | | | | | | | Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading to unexpected policy rule precedence. Signed-off-by: Jo-Philipp Wich <jo@mein.io> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49320 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: Add ppp-mod-passwordfd subpackage to pppJohn Crispin2016-06-191-1/+19
| | | | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49274 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add conntrack support in the full variantJohn Crispin2016-06-191-6/+12
| | | | | | | | | | | | Conntrack support reads the connection track mark associated with incoming DNS queries and sets the same mark value on the upstream forwarded DNS query. This can be usefull to track traffic generated by dnsmasq to associate it with the clients who generate the queries, usefull for bandwidth accouting and firewall. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49273 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: Add procd interface triggers when interface config is specifiedJohn Crispin2016-06-192-2/+22
| | | | | | | | | | | A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49272 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iproute2: Add package for nstat utilityJohn Crispin2016-06-191-0/+11
| | | | | | | | Add support for the command line utility nstat displaying network statistics Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49271 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: run as dedicated UID/GIDJohn Crispin2016-04-262-2/+5
| | | | | | | | | | | Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49252 3c298f89-4303-0410-b956-a3cf2f4a3e73
* xtables-addons: build: fix configure compatiblity with POSIX shellsJohn Crispin2016-04-212-6/+57
| | | | | | | | | Fixes build with /bin/sh pointing to certain versions of dash (for example on Void Linux). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49218 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: remove file accidentally committed in r49197Hauke Mehrtens2016-04-191-162/+0
| | | | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49199 3c298f89-4303-0410-b956-a3cf2f4a3e73
* oxnas: add support for Akitio MyCloud miniHauke Mehrtens2016-04-191-0/+162
| | | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49197 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: fix deprecated 'depends' syntaxHauke Mehrtens2016-04-171-1/+1
| | | | | | | | | | This was introduced in r49183 Reported-by: swalker Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49192 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Add enable parameter in the UCI DHCP host sectionHauke Mehrtens2016-04-171-0/+3
| | | | | | | | | | | Parameter allows to enable/disable static leases; by default the value is 1 to keep backwards compatibility Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49187 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: add flags to allow gc-sections to strip out unused codeHauke Mehrtens2016-04-171-1/+2
| | | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49184 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: add config option for NTLM supportHauke Mehrtens2016-04-172-1/+8
| | | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49183 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: upstep to latest version 7.48.0Hauke Mehrtens2016-04-174-7/+7
| | | | | | | | Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49182 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49181 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba: fix some security problemsHauke Mehrtens2016-04-1621-46/+20105
| | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49175 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c : Silence mtu write error warningsJohn Crispin2016-03-201-1/+1
| | | | | | | | | | Silence warning "daemon.notice netifd: wan6 (1139): sh: write error: Invalid argument" when an invalid MTU is received via RA as kernel refuses to accept IPv6 mtu values which are smaller than 1280 and bigger than the device mtu. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49054 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: add support for X.509 name optionsJohn Crispin2016-03-081-0/+1
| | | | | | | | | x509-username-field was added in OpenVPN 2.2, and verify-x509-name was added in 2.3. This fixes ticket #18807. Signed-off-by: Jeffery To <jeffery.to@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48969 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ltq-vdsl-app: do not set the reserved bit 4 in the xTSE 8Felix Fietkau2016-03-071-3/+3
| | | | | | | | | | I do not know if this causes any problems now, but we should not set it, because it is reserved. Some more recent versions of the Lantiq DSL API driver and Control is checking if only valid bits are set. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48948 3c298f89-4303-0410-b956-a3cf2f4a3e73