aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: do not register ubus objects for mesh interfacesFelix Fietkau2018-02-241-0/+5
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* samba36: fix build (issue #5574)Jakub Tymejczyk2018-02-241-0/+1
| | | | | | | | | | | | As indicated in #5574 samba fails to build with linker error due to lack of talloc_* functions when the packet libtalloc also gets build. According to Makefile it is compiled with "--without-libtalloc" option. Running ./configure --help shows that there is another option connected to libtalloc: --enable/disable-external-libtalloc. Adding this option fixes build. Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
* hostapd: add support for sending 802.11v disassoc imminent notifications to ↵Felix Fietkau2018-02-211-0/+97
| | | | | | clients via ubus Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for issuing 802.11k beacon measurement requests via ubusFelix Fietkau2018-02-211-0/+90
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: expose client 802.11k capabilities via ubusFelix Fietkau2018-02-211-0/+6
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: return with 80211 codes in handle event functionNick Hainke2018-02-212-23/+36
| | | | | | | | | | | If the auth or assoc request was denied the reason was always WLAN_STATUS_UNSPECIFIED_FAILURE. That's why for example the wpa supplicant was always trying to reconnect to the AP. Now it's possible to give reasoncodes why the auth or assoc was denied. Signed-off-by: Nick Hainke <vincent@systemli.org>
* hostapd: add IEEE 802.11v supportLorenzo Santina2018-02-213-2/+21
| | | | | | | | | | | | | | | | | | Add Wireless Network Management (IEEE 802.11v) support to: - hostapd-full - wpa_supplicant-full It must be enabled at runtime via UCI with: - option ieee80211v '1' Add UCI support for: - time_advertisement - time_zone - wnm_sleep_mode - bss_transition Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
* hostapd: add support for turning on 802.11k/v features via ubusFelix Fietkau2018-02-212-7/+125
| | | | | | | Neighbor reports are enabled implicitly on use, beacon reports and BSS transition management need to be enabled explicitly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix build with kernel 4.14.9+Mathias Kresin2018-02-201-1/+6
| | | | | | | | With a9772285a724 ("linux/compiler.h: Split into compiler.h and compiler_types.h") compiler.h was refactored and most its content was moved to compiler_types.h. Both files are required to build ppp-mod-pppoa. Signed-off-by: Mathias Kresin <dev@kresin.me>
* odhcpd: fix interop with wide DHCPv6 client (FS#1377)Hans Dedecker2018-02-201-4/+4
| | | | | | 96033e9 dhcpv6-ia: don't always send reconf accept option (FS#1377) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to 2.79rc1Kevin Darbyshire-Bryant2018-02-186-376/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1721453 Remove special handling of A-for-A queries. 499d8dd Fix boundary for test introduced in 3e3f1029c9ec6c63e430ff51063a6301d4b2262 6f1cbfd Fix debian/readme typo. 55ecde7 Inotify: Ignore backup files created by editors 6b54d69 Make failure to chown() pidfile a warning. 246a31c Change ownership of pid file, to keep systemd happy. 83e4b73 Remove confusion between --user and --script-user. 6340ca7 Tweak heuristic for initial DNSSEC memory allocation. baf553d Default min-port to 1024 to avoid reserved ports. 486bcd5 Simplify and correct bindtodevice(). be9a74d Close Debian bug for CVE-2017-15107. ffcbc0f Example config typo fixes. a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS. f178172 Add homepage to Debian control file. cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6 c1a4e25 Try to be a little more clever at falling back to smaller DNS packet sizes. 4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies. 3bd4c47 Remove limit on length of command-line options. 98196c4 Typo fix. 22cd860 Allow more than one --bridge-interface option to refer to an interface. 3c973ad Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation. faaf306 Spelling fixes. c7e6aea Change references to gPXE to iPXE. Development of EtherBoot gPXE was always development of iPXE core developer Michael Brown. e541245 Handle duplicate RRs in DNSSEC validation. 84a01be Bump year in Debian copyright notice. d1ced3a Update copyrights to 2018. a6cee69 Fix exit code from dhcp_release6. 0039920 Severely fix code formating of contrib/lease-tools/dhcp_release6.c 39d8550 Run Debian startup regex in "C" locale. ef3d137 Fix infinite retries in strict-order mode. 8c707e1 Make 373e91738929a3d416e6292e65824184ba8428a6 compile without DNSSEC. 373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section. 74f0f9a Commment language tweaks. ed6bdb0 Man page typos. c88af04 Modify doc.html to mention git-over-http is now available. ae0187d Fix trust-anchor regexp in Debian init script. 0c50e3d Bump version in Debian package. 075366a Open inotify socket only when used. 8e8b2d6 Release notes update. 087eb76 Always return a SERVFAIL response to DNS queries with RD=0. ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104 0954a97 Remove RSA/MD5 DNSSEC algorithm. b77efc1 Tidy DNSSEC algorithm table use. 3b0cb34 Fix manpage which said ZSK but meant KSK. aa6f832 Add a few DNS RRs to the table. ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm. a6004d7 Fix caching logic for validated answers. c366717 Tidy up add_resource_record() buffer size checks. 22dee51 Log DNS server max packet size reduction. 6fd5d79 Fix logic on EDNS0 headers. 9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS. a49c5c2 Fix search_servers() segfault with DNSSEC. 30858e3 Spaces in CNAME options break parsing. Refresh patches. Remove upstreamed patches: 250-Fix-infinite-retries-in-strict-order-mode.patch 260-dnssec-SIGINT.patch 270-dnssec-wildcards.patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dropbear: add option to set receive window sizeStijn Tintel2018-02-181-1/+4
| | | | | | | | | | | | | | | | | The default receive window size in dropbear is hardcoded to 24576 byte to limit memory usage. This value was chosen for 100Mbps networks, and limits the throughput of scp on faster networks. It also severely limits scp throughput on high-latency links. Add an option to set the receive window size so that people can improve performance without having to recompile dropbear. Setting the window size to the highest value supported by dropbear improves throughput from my build machine to an APU2 on the same LAN from 7MB/s to 7.9MB/s, and to an APU2 over a link with ~65ms latency from 320KB/s to 7.5MB/s. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* openvpn: fix interface with mbedtls_sha256Russell Senior2018-02-171-0/+11
| | | | | | | | | Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions were deprecated in favor of functions returning an int error code. Use the new function mbedtls_sha256_ret(). Signed-off-by: Russell Senior <russell@personaltelco.net> Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wireguard: bump to 20180202Kevin Darbyshire-Bryant2018-02-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest wireguard release snapshot: 2675814 version: bump snapshot 381d703 qemu: update base versions c3fbd9d curve25519: break more things with more test cases 93fa0d9 curve25519: replace fiat64 with faster hacl64 6177bdd curve25519: replace hacl64 with fiat64 b9bf37d curve25519: verify that specialized basepoint implementations are correct bd3f0d8 tools: dedup secret normalization 1f87434 chacha20poly1305: better buffer alignment 78959ed chacha20poly1305: use existing rol32 function 494cdea tools: fread doesn't change errno ab89bdc device: let udev know what kind of device we are 62e8720 qemu: disable AVX-512 in userland 6342bf7 qemu: disable PIE for compilation e23e451 contrib: keygen-html: share curve25519 implementation with kernel 6b28fa6 tools: share curve25519 implementations with kernel c80cbfa poly1305: add poly-specific self-tests 10a2edf curve25519-fiat32: uninline certain functions No patch refresh required. Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: add support for hostapd's radius_client_addrStephan Brunner2018-01-271-1/+3
| | | | | | | | Add support for hostapd's radius_client_addr in order to force hostapd to send RADIUS packets from the correct source interface rather than letting linux select the most appropriate. Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
* wireguard: bump to 20180118Kevin Darbyshire-Bryant2018-01-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest wireguard release snapshot: 9a93a3d version: bump snapshot 7bc0579 contrib: keygen-html: update curve25519 implementation ffc13a3 tools: import new curve25519 implementations 0ae7356 curve25519: wire up new impls and remove donna f90e36b curve25519: resolve symbol clash between fe types 505bc05 curve25519: import 64-bit hacl-star implementation 8c02050 curve25519: import 32-bit fiat-crypto implementation 96157fd curve25519: modularize implementation 4830fc7 poly1305: remove indirect calls bfd1a5e tools: plug memleak in config error path 09bf49b external-tests: add python implementation b4d5801 wg-quick: ifnames have max len of 15 6fcd86c socket: check for null socket before fishing out sport ddb8270 global: year bump 399d766 receive: treat packet checking as irrelevant for timers No patch refresh required. Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport validation fix in dnssec security fixKevin Darbyshire-Bryant2018-01-202-2/+2
| | | | | | | | A DNSSEC validation error was introduced in the fix for CVE-2017-15107 Backport the upstream fix to the fix (a simple typo) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport dnssec security fixKevin Darbyshire-Bryant2018-01-192-1/+203
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2017-15107 An interesting problem has turned up in DNSSEC validation. It turns out that NSEC records expanded from wildcards are allowed, so a domain can include an NSEC record for *.example.org and an actual query reply could expand that to anything in example.org and still have it signed by the signature for the wildcard. So, for example !.example.org NSEC zz.example.org is fine. The problem is that most implementers (your author included, but also the Google public DNS people, powerdns and Unbound) then took that record to prove the nothing exists between !.example.org and zz.example.org, whereas in fact it only provides that proof between *.example.org and zz.example.org. This gives an attacker a way to prove that anything between !.example.org and *.example.org doesn't exists, when it may well do so. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* authsae: remove packageFelix Fietkau2018-01-173-131/+0
| | | | | | | It is no longer actively maintained and does not work well in many configurations. Fully replaced by wpad-mesh Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: use SIGINT for dnssec time validKevin Darbyshire-Bryant2018-01-153-2/+122
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dnsmasq used SIGHUP to do too many things: 1) set dnssec time validation enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts files, 5) reload resolvers/servers files. Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug (to indicate time is valid for dnssec) 2) odhcpd (to indicate a new/removed host - typically DHCPv6 leases) 3) procd on interface state changes 4) procd on system config state changes, 5) service reload. If dnssec time validation is enabled before the system clock has been set to a sensible time, name resolution will fail. Because name resolution fails, ntpd is unable to resolve time server names to addresses, so is unable to set time. Classic chicken/egg. Since commits 23bba9cb330cd298739a16e350b0029ed9429eef (service reload) & 4f02285d8b4a66359a8fa46f22a3efde391b5419 (system config) make it more likely a SIGHUP will be sent for events other than 'ntpd has set time' it is more likely that an errant 'name resolution is failing for everything' situation will be encountered. Fortunately the upstream dnsmasq people agree and have moved 'check dnssec timestamp enable' from SIGHUP handler to SIGINT. Backport the upstream patch to use SIGINT. ntpd hotplug script updated to use SIGINT. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* omcproxy: silence fw3 warningsHans Dedecker2018-01-102-3/+3
| | | | | | Silence fw3 warnings in omcproxy init script in case fw3 is not enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: replace LEDE_GIT with PROJECT_GITJo-Philipp Wich2018-01-104-4/+4
| | | | | | | Remove LEDE_GIT references in favor to the new name-agnostic PROJECT_GIT variable. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: bump PKG_RELEASE after 802.11w changesJo-Philipp Wich2018-01-071-1/+1
| | | | | Fixes: 8a57531855 "hostapd: set group_mgmt_cipher when ieee80211w is enabled" Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: set group_mgmt_cipher when ieee80211w is enabledJo-Philipp Wich2018-01-071-1/+3
| | | | | | | | | | | | In order to properly support 802.11w, hostapd needs to advertise a group management cipher when negotiating associations. Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which defaults to the standard AES-128-CMAC cipher and always emit a "group_mgmt_cipher" setting in native hostapd config when 802.11w is enabled. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* umdns: update to latest git HEADJohn Crispin2018-01-021-3/+3
| | | | | | 7897441 umdnsd: Replace strerror(errno) with %m. Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: send procd signal on service reloadFlorian Eckert2017-12-262-2/+2
| | | | | | | Send a SIGHUP signal via procd to the dnsmasq service so the instance(s) re-read(s) the /tmp/hosts/dhcp config. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* dnsmasq: rewrite config on host name modificationFlorian Eckert2017-12-261-1/+1
| | | | | | | If the hostname in /etc/config/system is modified the dnsmasq should also get triggered to rewrite/reload the config. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* wireguard: bump to 20171221Kevin Darbyshire-Bryant2017-12-231-2/+2
| | | | | | | | | | | | | | | | 7e945a8 version: bump snapshot f2168aa compat: kernels < 3.13 modified genl_ops 52004fd crypto: compile on UML 6b69b65 wg-quick: dumber matching for default routes aa35d9d wg-quick: add the "Table" config option 037c389 keygen-html: remove prebuilt file No patch refresh required. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* odhcpd: update to latest git HEADHans Dedecker2017-12-221-4/+4
| | | | | | | 7aa2594 odhcpd: Replace strerror(errno) with %m format 750e457 Support muliple RAs on single interface Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: fix PKG_CONFIG_DEPENDS (FS#1189)Hans Dedecker2017-12-151-3/+1
| | | | | | | Remove PACKAGE_uhttpd_debug config as this is an unused leftover Add CONFIG_uhttpd_lua to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 20171211Kevin Darbyshire-Bryant2017-12-122-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest WireGuard snapshot release: 44f8e4d version: bump snapshot bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x 679e53a chacha20: avx512vl implementation 10b1232 poly1305: fix avx512f alignment bug 5fce163 chacha20poly1305: cleaner generic code 63a0031 blake2s-x86_64: fix spacing d2e13a8 global: add SPDX tags to all files d94f3dc chacha20-arm: fix with clang -fno-integrated-as. 3004f6b poly1305: update x86-64 kernel to AVX512F only d452d86 tools: no need to put this on the stack 0ff098f tools: remove undocumented unused syntax b1aa43c contrib: keygen-html for generating keys in the browser e35e45a kernel-tree: jury rig is the more common spelling 210845c netlink: rename symbol to avoid clashes fcf568e device: clear last handshake timer on ifdown d698467 compat: fix 3.10 backport 5342867 device: do not clear keys during sleep on Android 88624d4 curve25519: explictly depend on AS_AVX c45ed55 compat: support RAP in assembly 7f29cf9 curve25519: modularize dispatch Refresh patches. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dropbear: disable MD5 HMAC and switch to sha1 fingerprintsMartin Schiller2017-12-122-3/+5
| | | | | | | | | | | | As MD5 is known weak for many years and more and more penetration test tools complain about enabled MD5 HMAC I think it's time to drop it. By disabling the MD5 HMAC support dropbear will also automatically use SHA1 for fingerprints. This shouldn't be a problem too. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* dnsmasq: add DHCP build switch support in full variantHans Dedecker2017-12-101-5/+10
| | | | | | | | Add config option which allows to enable/disable DHCP support at compile time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support implies having DHCP support. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* merge: uhttpd: update cert generation to match system defaultsZoltan HERPAI2017-12-081-1/+1
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: packages: update branding in core packagesZoltan HERPAI2017-12-085-8/+8
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* merge: ssid: update default ssidZoltan HERPAI2017-12-081-2/+2
| | | | Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* odhcpd: fix faulty PKG_SOURCE_DATE in 711a816Hans Dedecker2017-12-071-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: write atomic host fileHans Dedecker2017-12-072-4/+6
| | | | | | | | | | | Different invocations of the dnsmasq init script (e.g. at startup by procd) will rewrite the dhcp host file which might result into dnsmasq reading an empty dhcp host file as it is being rewritten by the dnsmasq init script. Let the dnsmasq init script first write to a temp dhcp host file so it does not overwrite the contents of the existing dhcp host file. Reported-by: Hartmut Birr <e9hack@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: backport fix for wnm_sleep_mode=0Timo Sigurdsson2017-12-072-1/+36
| | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Wireless Network Management (WNM) Sleep Mode handshake. Currently, hostapd processes WNM Sleep Mode requests from clients regardless of the setting wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in order to ignore such requests by clients when wnm_sleep_mode is disabled (which is the default). Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> [rewrite commit subject (<= 50 characters), bump PKG_RELEASE] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: Expose the tdls_prohibit option to UCITimo Sigurdsson2017-12-071-1/+6
| | | | | | | | | | | | | | | | wpa_disable_eapol_key_retries can't prevent attacks against the Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested that the existing hostapd option tdls_prohibit can be used to further complicate this possibility at the AP side. tdls_prohibit=1 makes hostapd advertise that use of TDLS is not allowed in the BSS. Note: If an attacker manages to lure both TDLS peers into a fake AP, hiding the tdls_prohibit advertisement from them, it might be possible to bypass this protection. Make this option configurable via UCI, but disabled by default. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
* odhcpd: update to latest git HEADHans Dedecker2017-12-061-4/+4
| | | | | | c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport infinite dns retries fixHans Dedecker2017-12-063-3/+48
| | | | | | | | | | If all configured dns servers return refused in response to a query in strict mode; dnsmasq will end up in an infinite loop retransmitting the dns query resulting into high CPU load. Problem is fixed by checking for the end of a dns server list iteration in strict mode. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* samba36: backport an upstream fix for an information leak (CVE-2017-15275)Felix Fietkau2017-12-042-1/+41
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* packages: dnsmasq: remove unused stamp fileRoman Yeryomin2017-12-022-5/+1
| | | | | Signed-off-by: Roman Yeryomin <roman@advem.lv> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dnsmasq: add interface to ubus notificationBorja Salazar2017-11-291-5/+7
| | | | Signed-off-by: Borja Salazar <borja.salazar@fon.com>
* dnsmasq: fix dhcp-host entries with empty macsJo-Philipp Wich2017-11-281-3/+1
| | | | | | | | | | | | | | Due to improper localization of helper variables, "config host" entries without a given mac address may inherit the mac address of a preceeding, leading to invalid generated netive configuration. Fix the issue by marking the "macs" and "tags" helper variables in dhcp_host_add() local, avoiding the need for explicitely resetting them with each invocation. Reported-by: Russell Senior <russell@personaltelco.net> Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to snapshot 20171127Kevin Darbyshire-Bryant2017-11-271-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | == Changes == * compat: support timespec64 on old kernels * compat: support AVX512BW+VL by lying * compat: fix typo and ranges * compat: support 4.15's netlink and barrier changes * poly1305-avx512: requires AVX512F+VL+BW Numerous compat fixes which should keep us supporting 3.10-4.15-rc1. * blake2s: AVX512F+VL implementation * blake2s: tweak avx512 code * blake2s: hmac space optimization Another terrific submission from Samuel Neves: we now have an implementation of Blake2s using AVX512, which is extremely fast. * allowedips: optimize * allowedips: simplify * chacha20: directly assign constant and initial state Small performance tweaks. * tools: fix removing preshared keys * qemu: use netfilter.org https site * qemu: take shared lock for untarring Small bug fixes. Remove myself from the maintainers list: we have enough and I'm happy to carry on doing package bumps on ad-hoc basis without the 'official' title. Run-tested: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* lldpd: bump to 0.9.9Stijn Tintel2017-11-271-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* odhcpd: update to latest git HEADHans Dedecker2017-11-251-3/+3
| | | | | | 92e205d dhcpv6: fix compile issues when CER-ID extension is enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: add a full and ipv6only variant (FS#1188)Hans Dedecker2017-11-251-27/+58
| | | | | | | | | Add an ipv6only variant providing server services for RA, stateful and stateless DHCPv6, prefix delegation and relay support for DHCPv6, NDP and RA. The full variant called odhcpd supports DHCPv4 server as before. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>