aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: update to 2.3.11Magnus Kroken2016-06-133-4/+25
| | | | | | | | | | Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* package/*: update git urls for project reposJohn Crispin2016-06-133-3/+3
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: support hostid ipv6 address suffix optionKevin Darbyshire-Bryant2016-06-101-1/+29
| | | | | | | | | | | | | | | | | | | | | | Add support for hostid dhcp config entry to dnsmasq. This allows specification of dhcpv6 hostid suffix and works in the same way as odhcpd. Entries in auto generated dnsmasq.conf should conform to: dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname example based on sample config/dhcp entry: config host option name 'Kermit' option mac 'E0:3F:49:A1:D4:AA' option ip '192.168.235.4' option hostid '4' dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: Add option --max-portHans Dedecker2016-06-101-0/+1
| | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the maxport UCI option is specified the ports used will always be smaller than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: add support for tls-version-minMatteo Panella2016-06-072-2/+2
| | | | | | | | | | | | | Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella <morpheus@level28.org> [Jo-Philipp Wich: shorten commit title, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace jow@openwrt.org with jo@mein.ioJo-Philipp Wich2016-06-0729-29/+29
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-0716-17/+17
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: remove unrecognized optionDirk Neukirchen2016-06-011-1/+0
| | | | | | | | removed upstream in https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f now its always on Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* dropbear: Fix incorrect CONFIG_TARGET_INIT_PATH.Dario Ernst2016-05-241-2/+2
| | | | | | | Fix a „semantic typo“ introduced in b78aae793e20e06defa1e75ab4d30dbb6807c139, where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH. Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
* dnsmasq: Set the default dhcp lease file and resolv fileDaniel Dickinson2016-05-241-4/+12
| | | | | | | | Instead of making assumptions about the leasefile and resolv file make sure we use what the user configures, but fall back to defaults if no configuration is specified Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
* dnsmasq: update to dnsmasq v2.76Kevin Darbyshire-Bryant2016-05-244-10/+28
| | | | | | | Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl 'poll.h' location warning. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mdns: update to latest git HEADJohn Crispin2016-05-231-2/+2
| | | | | | * fixes loopback handling Signed-off-by: John Crispin <john@phrozen.org>
* uhttpd: use configured distribution name for SSL certificate CNFelix Fietkau2016-05-212-1/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.timeKevin Darbyshire-Bryant2016-05-192-0/+18
| | | | | | | | | | | | conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* Revert "dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time"Jo-Philipp Wich2016-05-192-18/+0
| | | | | | | | This reverts commit d830cb08826dc593406d9003d061016061b6c3c4. Reverting this commit due to a missing Signed-off-by. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.timeKevin Darbyshire-Bryant2016-05-182-0/+18
| | | | | | | | | | conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp.
* dropbear: update to 2016.73Jo-Philipp Wich2016-05-136-28/+18
| | | | | | | | | | | | | Update the dropbear package to version 2016.73, refresh patches. The measured .ipk sizes on an x86_64 build are: 94588 dropbear_2015.71-3_x86_64.ipk 95316 dropbear_2016.73-1_x86_64.ipk This is an increase of roughly 700 bytes after compression. Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* global: change my email addressJohn Crispin2016-05-121-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* dropbear: Add --disable-utmpx againHans Dedecker2016-05-121-0/+1
| | | | | | | The option --disable-utmpx was deleted by accident in commit 7545c1d; add it again to the CONFIGURE_ARGS list Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: Add ppp-mod-passwordfd subpackage to pppHans Dedecker2016-04-281-1/+19
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: Add conntrack support in the full variantHans Dedecker2016-04-281-6/+12
| | | | | | | | | | Conntrack support reads the connection track mark associated with incoming DNS queries and sets the same mark value on the upstream forwarded DNS query. This can be usefull to track traffic generated by dnsmasq to associate it with the clients who generate the queries, usefull for bandwidth accouting and firewall. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: Add procd interface triggers when interface config is specifiedHans Dedecker2016-04-282-2/+22
| | | | | | | | | A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: Make utmp and putuline support configurable via seperate config ↵Hans Dedecker2016-04-282-3/+17
| | | | | | | | | options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* branding: add LEDE brandingJohn Crispin2016-03-249-15/+15
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* dnsmasq: run as dedicated UID/GIDJohn Crispin2016-04-262-2/+5
| | | | | | | | | | | Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49252
* dnsmasq: Add enable parameter in the UCI DHCP host sectionHauke Mehrtens2016-04-171-0/+3
| | | | | | | | | | Parameter allows to enable/disable static leases; by default the value is 1 to keep backwards compatibility Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49187
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49181
* samba: fix some security problemsHauke Mehrtens2016-04-1621-46/+20105
| | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49175
* openvpn: add support for X.509 name optionsJohn Crispin2016-03-081-0/+1
| | | | | | | | | x509-username-field was added in OpenVPN 2.2, and verify-x509-name was added in 2.3. This fixes ticket #18807. Signed-off-by: Jeffery To <jeffery.to@gmail.com> SVN-Revision: 48969
* dnsmasq: add host-specific lease time option for static hostsJohn Crispin2016-02-262-3/+5
| | | | | | | | | | | | | | | | | | | | | | | Enable setting a host-specific lease time for static hosts. The new option is called "leasetime" and the format is similar as for the default lease time: e.g. 12h, 3d, infinite Default lease time is used for all hosts for which there is no host-specific definition. The option is added to /etc/config/dhcp for the selected hosts: config host option name 'Nexus' option mac 'd8:50:66:55:59:7c' option ip '192.168.1.245' option leasetime '2h' It gets appended to /var/etc/dnsmasq.conf like this: dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 48801
* dnsmasq: add dhcp relay optionJohn Crispin2016-02-261-0/+19
| | | | | | Signed-off-by: dbugnar <dnbugnar@ocedo.com> SVN-Revision: 48800
* dnsmasq: export tftp root to the procd jailFelix Fietkau2016-02-251-11/+17
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48761
* dnsmasq: only enable tftp if the tftp root existsFelix Fietkau2016-02-251-1/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48760
* lldp: Upgrade to 0.9.0John Crispin2016-02-181-2/+2
| | | | | | Signed-off-by: Ben Kelly <ben@benjii.net> SVN-Revision: 48738
* dropbear: honor CONFIG_TARGET_INIT_PATHJo-Philipp Wich2016-02-082-6/+17
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48679
* relayd: update to the latest version, fixes some more connectivity issues ↵Felix Fietkau2016-02-081-2/+2
| | | | | | | | (#21817) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48655
* relayd: update to the latest version, fixes route table issues when ↵Felix Fietkau2016-02-051-2/+2
| | | | | | | | connecting to the router Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48635
* hostapd: remove useless TLS provider selection override for ↵Felix Fietkau2016-01-281-2/+1
| | | | | | | | wpad-mesh/wpa_supplicant-mesh Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48537
* hostapd: fix mesh interface bridge handlingFelix Fietkau2016-01-285-10/+22
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48529
* hostapd: fix wpad-mesh and wpa-supplicant-mesh configuration issuesFelix Fietkau2016-01-282-417/+9
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48528
* hostapd: update to version 2016-01-15Felix Fietkau2016-01-2842-945/+243
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48527
* dnsmasq: Don't add local hostname if ula prefix is not specifiedJo-Philipp Wich2016-01-252-3/+3
| | | | | | | | | | | | Commit 6a7e56b adds support for adding local hostname for own lan ula adress but if ula prefix is not specified results into an invalid config (address=/OpenWrt.lan/1) causing dnsmasq not to start up. Use lanaddr6 when adding local hostname as the lan ula address is constructed based on the UCI parameters ip6hint and ip6ifaceid and thus not always ula prefix suffixed with 1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 48495
* package/uhttpd: generate 2048 bit RSA keyFelix Fietkau2016-01-252-2/+2
| | | | | | | | | | RSA keys should be generated with sufficient length. Using 1024 bits is considered unsafe. In other packages the used key length is 2048 bits. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> SVN-Revision: 48494
* uhttpd: fix typo in default config for px5gFelix Fietkau2016-01-191-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48385
* wpa_supplicant: add support for EAP-TLS phase2Felix Fietkau2016-01-191-2/+12
| | | | | | | | | Introduce config options client_cert2, priv_key2 and priv_key2_pwd used for EAP-TLS phase2 authentication in WPA-EAP client mode. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48345
* hostap/wpa_supplicant: enable EAP-FAST in -full buildsFelix Fietkau2016-01-192-0/+6
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48344
* uhttpd: add option for mbedtlsFelix Fietkau2016-01-191-0/+4
| | | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48343
* wpa_supplicant: improve generating phase2 config line for WPA-EAPFelix Fietkau2016-01-181-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA-EAP supports several phase2 (=inner) authentication methods when using EAP-TTLS, EAP-PEAP or EAP-FAST (the latter is added as a first step towards the UCI model supporting EAP-FAST by this commit) The value of the auth config variable was previously expected to be directly parseable as the content of the 'phase2' option of wpa_supplicant. This exposed wpa_supplicant's internals, leaving it to view-level to set the value properly. Unfortunately, this is currently not the case, as LuCI currently allows values like 'PAP', 'CHAP', 'MSCHAPV2'. Users thus probably diverged and set auth to values like 'auth=MSCHAPV2' as a work-around. This behaviour isn't explicitely documented anywhere and is not quite intuitive... The phase2-string is now generated according to $eap_type and $auth, following the scheme also found in hostap's test-cases: http://w1.fi/cgit/hostap/tree/tests/hwsim/test_ap_eap.py The old behaviour is also still supported for the sake of not breaking existing, working configurations. Examples: eap_type auth 'ttls' 'EAP-MSCHAPV2' -> phase2="autheap=MSCHAPV2" 'ttls' 'MSCHAPV2' -> phase2="auth=MSCHAPV2" 'peap' 'EAP-GTC' -> phase2="auth=GTC" Deprecated syntax supported for compatibility: 'ttls' 'autheap=MSCHAPV2' -> phase2="autheap=MSCHAPV2" I will suggest a patch to LuCI adding EAP-MSCHAPV2, EAP-GTC, ... to the list of Authentication methods available. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 48309
* dnsmasq: Add option --min-portFelix Fietkau2016-01-152-1/+2
| | | | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the minport UCI option is specified the ports used will always be larger than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> SVN-Revision: 48244
* dropbear: update version to 2015.71Felix Fietkau2016-01-155-10/+10
| | | | | | | | | Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 48243
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 13:41:26 +0000