aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: backport fix for AP SME drivers with monitor mode supportRafał Miłecki2016-06-191-0/+48
| | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@49299 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: samba: fix some security problemsHauke Mehrtens2016-04-1721-46/+20105
| | | | | | | | | | | | | | | | | | Backport of r49175. This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@49177 3c298f89-4303-0410-b956-a3cf2f4a3e73
* mac80211/hostapd: rework 802.11w driver support selection, do not hardcode ↵Felix Fietkau2016-03-022-1/+5
| | | | | | | | | | drivers in hostapd makefile Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r46903 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48878 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Backport of r48202 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48205 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> Backport of r48185 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48186 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> Backport of r48133 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48134 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: backport trunk fixesSteven Barth2015-11-191-3/+3
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47515 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to the latest version, adds support for redirect helper scriptsFelix Fietkau2015-11-182-3/+7
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47419 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47499 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba: convert init script to procd, add reload supportFelix Fietkau2015-11-181-6/+24
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47292 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47495 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: add support for configuration option ubus_corsLuka Perkov2015-11-131-0/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47462 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to latest git HEADJohn Crispin2015-10-201-2/+2
| | | | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r47240 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47241 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to latest git revisionJohn Crispin2015-10-192-2/+7
| | | | | | | | | | adds URL alias support Signed-off-by: John Crispin <blogic@openwrt.org> BAckport of r47206 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47231 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: uhttpd: fix keep-alive bug (#20607, #20661)Jo-Philipp Wich2015-10-072-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r47161 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47162 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: wait longer for inactive client probe (empty data frame)Felix Fietkau2015-10-061-0/+11
| | | | | | | | | | | | | One second is not enough for some devices to ackowledge null data frame which is sent at the end of ap_max_inactivity interval. In particular, this causes severe Wi-Fi instability with Apple iPhone which may take up to 3 seconds to respond. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> Backport of r47149 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47150 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: check for banned client on association eventRafał Miłecki2015-09-281-0/+26
| | | | | | | | | | | | | When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so check for banned client in probe request handler won't ever be used. Since cfg80211 provides us info about STA associating let's put a check there. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Backport of r47064 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47065 3c298f89-4303-0410-b956-a3cf2f4a3e73
* igmpproxy: fix spurious restarts on interface events, pass used netdevs to ↵Felix Fietkau2015-09-271-1/+5
| | | | | | | | | | procd instead Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47055 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47060 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: backport use a more reliable way to set script environmentSteven Barth2015-09-151-1/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46943 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to the latest version, fixes deferred cgi script processing ↵Felix Fietkau2015-09-071-2/+2
| | | | | | | | | | (#20458) Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r46807 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46808 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: hostapd: properly enable 802.11w supportHauke Mehrtens2015-08-291-1/+1
| | | | | | | | | | | | | | backport of r46737 Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w support is properly compiled in full variant. This fixes #20179 Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46751 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: we don't know where the device is located, so reflect that in the certImre Kaloz2015-08-191-3/+3
| | | | | | | | | | backport of r46688 Signed-off-by: Imre Kaloz <kaloz@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46689 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: uhttpd: pass X-HTTP-Method-Override header to cgi scriptsJo-Philipp Wich2015-08-171-2/+2
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r46677 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46678 3c298f89-4303-0410-b956-a3cf2f4a3e73
* buttons: make all button handler scripts return 0Rafał Miłecki2015-08-101-0/+2
| | | | | | | | | | this is required by the new button timeout feature Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r46471 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46581 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: dnsmasq: add some missing files to the jailJo-Philipp Wich2015-07-271-1/+1
| | | | | | | | | | found with strace, not sure we got all of them though Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com> Backport of r46467 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46511 3c298f89-4303-0410-b956-a3cf2f4a3e73
* mdns: fix ubus wait_for commandFelix Fietkau2015-07-021-1/+1
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r46156 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46157 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Update dnsmasq to v2.73.Steven Barth2015-06-151-3/+3
| | | | | | Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@45987 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: bump PKG_RELEASE.Felix Fietkau2015-06-141-1/+1
| | | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45962 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: let instances drop to nobody in default config.Felix Fietkau2015-06-141-0/+2
| | | | | | | | | This is for security precautions. As persist_tun and persist_key are already there, this should not cause compatibility issue. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45961 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: fix handling option auth_retry.Felix Fietkau2015-06-141-2/+2
| | | | | | | | | As reported in ticket #19104, auth_retry takes a <type> argument with 3 choices: none, nointeract, interact. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45960 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: remove host build pathsFelix Fietkau2015-06-141-3/+6
| | | | | | | | | | | | | - fix iconv detection because it adds host paths - disable python detection (host python-config is found) iconv issue is reported by buildbot config.log + replicated locally see config.log in logs.tar.gz python issue observed locally on Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45953 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: bump PKG_RELEASESteven Barth2015-06-121-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45949 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp : Unnumbered supportSteven Barth2015-06-121-1/+39
| | | | | | | | | | | | | | | | | Adds PPP unnumbered support via the parameter unnumbered which points to a logical OpenWRT interface. The PPP proto shell handler will "borrow" an IP address from the unnumbered interface (if multiple IP addresses are present the longest prefix different from 32 will be "borrowed") for which a host interface dependency will be created. Due to the host interface dependency the PPP unnumbered interface will only "borrow" an IP address from an interface which is up. The borrowed IP address will be shared as local IP address by the PPP daemon and no other local IP will be accepted from the peer in the IPCP negotiation. A typical use case is the usage of a public IP subnet on the Lan interface which will be shared by the PPP interface as local IP address. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45948 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: bump to 2.73rc9Steven Barth2015-06-081-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45924 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: fix config file typoSteven Barth2015-06-081-1/+1
| | | | | | | | s/loclal/local/ Signed-off-by: Jonathan McCrohan <jmccrohan@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45923 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: move ht_coex variable to mac80211.sh, guarded by 802.11n supportFelix Fietkau2015-06-061-4/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45917 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: fix download URLHauke Mehrtens2015-06-061-1/+1
| | | | | | | | | The file is not available at the older path any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45910 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: add option to disable custom TLVsJohn Crispin2015-06-032-0/+6
| | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45884 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: add a new option to control HT coexistance separate from noscanFelix Fietkau2015-06-022-6/+11
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45873 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: disable xml explicitlyJohn Crispin2015-05-311-0/+1
| | | | | | | | | | | | | | This prevents auto-detection of libxml2 and thus the error: Package lldpd is missing dependencies for the following libraries: libxml2.so.2 Preventing a dependency to libxml2 is preferred, since libxml2 would be a out-of-(core-)tree dependency. Reported-by: Buildbot Signed-off-by: Michael Heimpold <mhei@heimpold.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45859 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: use 307 for HTTPS redirections to retain request methodJo-Philipp Wich2015-05-301-1/+1
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45853 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: add support for enforcing httpsJo-Philipp Wich2015-05-303-2/+7
| | | | | | | | Also set HTTPS environment variable for CGI programs on SSL connections. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45852 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: inhibit chunked transfer encoding for static file responsesJo-Philipp Wich2015-05-301-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45850 3c298f89-4303-0410-b956-a3cf2f4a3e73
* lldpd: update to v0.7.15 and add support for parsing /etc/openwrt_releaseJo-Philipp Wich2015-05-284-88/+44
| | | | | | | | Also drop superseded patches. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45810 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: do not warn if connect() before close() on pppoe terminate fails (fixes ↵Felix Fietkau2015-05-261-0/+14
| | | | | | | | #19651) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45755 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: fix DHCPv6 downstream PDSteven Barth2015-05-211-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45707 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: bump to dnsmasq2.73rc8 Important.Steven Barth2015-05-171-2/+2
| | | | | | | | | | Bump dnsmasq to v2.73rc8 Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45693 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: ignore /64 on interface when doing PDSteven Barth2015-05-131-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45679 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: remove invalid call to free()Steven Barth2015-05-111-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45675 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: remove the persist option, netifd handles reconnectsFelix Fietkau2015-05-091-1/+1
| | | | | | | | Significantly reduces reconnect delay Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45654 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix remote denial of service vulnerability in WMM action frame parsingFelix Fietkau2015-05-061-0/+36
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45619 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: enable 802.11w only for the full variantsFelix Fietkau2015-05-061-1/+4
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45616 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 14:07:37 +0000