aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils
Commit message (Collapse)AuthorAgeFilesLines
* tcpdump: update to version 4.9.0Hauke Mehrtens2017-02-064-81/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: cake: update cake supportKevin Darbyshire-Bryant2017-02-012-11/+24
| | | | | | | Updated cake's tc patch to match the official cake repository formatting. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* iproute2: cake: add 'mpu' minimum packet length supportKevin Darbyshire-Bryant2017-02-012-4/+28
| | | | | | | Add 'mpu' minimum length packet size parameter for scheduling/bandwidth accounting. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* curl: fix HTTPS network timeouts with OpenSSLStijn Segers2017-01-161-0/+36
| | | | | | | | | Backport an upstream change to fix HTTPS timeouts with OpenSSL. Upstream curl bug #1174. Signed-off-by: Stijn Segers <francesco.borromini@inventati.org> [Jo-Philipp Wich: reword commit message, rename patch to 001-*] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uqmi: mark as nonshared because of the usb dependenciesFelix Fietkau2017-01-131-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umbim: mark as nonshared because of the usb dependenciesFelix Fietkau2017-01-131-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* comgt: mark as nonshared because of the usb dependenciesFelix Fietkau2017-01-131-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert the recent dependency and metadata scanning reworkFelix Fietkau2017-01-113-3/+3
| | | | | | | | | | | | | | | This reverts the following commits: fbe522d1204149b6c128d55e360bfc15fa8258e1 278ad007ee03c4455c3507322e34b0e3e6ec050d 863888e44f7a1fb1675a2e7a2eaabfec3561d2a2 96daf6352f6e04bc22789466cb5409b93fbec191 cfd83555fc4f0bab18a26f6812da18e64df46ff3 This seems to trigger some mconf bugs when built with all feeds packages, so I will try to find a less intrusive solution before the release. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* comgt: allow build without USB_SUPPORTFelix Fietkau2017-01-111-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umbim: allow build without USB_SUPPORTFelix Fietkau2017-01-111-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: allow build without USB_SUPPORTFelix Fietkau2017-01-111-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iwinfo: drop references to madwifiStijn Tintel2017-01-101-3/+1
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Jo-Philipp Wich <jo@mein.io>
* build: use mkhash to replace various quirky md5sum/openssl callsFelix Fietkau2017-01-051-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* curl: Remove PolarSSL and adjust default to mbedTLSRosen Penev2017-01-034-30/+14
| | | | | | | luci-ssl has already made the switch since mainline support for PolarSSL is almost over (2016). Signed-off-by: Rosen Penev <rosenp@gmail.com>
* curl: update to version 7.52.1Hauke Mehrtens2017-01-022-4/+4
| | | | | | | | | | | This fixes the folowing security problems: CVE-2016-9586: printf floating point buffer overflow CVE-2016-9952: Win CE schannel cert wildcard matches too much CVE-2016-9953: Win CE schannel cert name out of buffer read CVE-2016-9594: unititialized random Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* treewide: clean up and unify PKG_VERSION for git based downloadsFelix Fietkau2016-12-225-21/+11
| | | | | | Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uqmi: add plmn set functionality for netifd proto handlerFlorian Eckert2016-12-221-2/+22
| | | | | | | uqmi has the possibility to allow the modem to start a regsitration process only to this specified plmn Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
* comgt-ncm: fix typo Fix typo in ncm.sh. Resolves:Cezary Jackiewicz2016-12-221-1/+1
| | | | | | Wed Dec 21 09:55:54 2016 daemon.notice netifd: wan (4455): ./ncm.sh: eval: line 1: =IP: not found Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
* iproute2: tc - update cake supportKevin Darbyshire-Bryant2016-12-202-11/+13
| | | | | | | | | | Update tc to track upstream cake changes: diffserv3 - a simple 3 tin classifier Also make diffserv3 and triple-isolate default Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* uqmi: Prevent 'POLICY MISMATH' error.Nickolay Ledovskikh2016-12-201-0/+1
| | | | | | | Add uqmi 'sync' command call to release stalled cid when preparing to setup new connection. As a result it prevents 'POLICY MISMATCH' errors. Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
* uqmi: bump to latest git HEADJohn Crispin2016-12-201-2/+2
| | | | | | | 8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command. 1dc7be1 uqmi: Add sync command to release all cids. Signed-off-by: John Crispin <john@phrozen.org>
* uqmi: add support of using device symlinks.Nickolay Ledovskikh2016-12-201-0/+2
| | | | | | | It's useful when using multiple usb devices that should be bound to certain usb ports. Symlinks are created by hotplug handlers. Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
* comgt: add support of using device symlinks.Nickolay Ledovskikh2016-12-203-0/+5
| | | | | | | It's useful when using multiple usb devices that should be bound to certain usb ports. Symlinks are created by hotplug handlers. Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
* treewide: clean up download hashesFelix Fietkau2016-12-1623-23/+23
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* comgt-ncm: Add support for specifying profile indexMatti Laakso2016-12-144-56/+51
| | | | | | | | | | | | | | | Add support for specifying a call profile index instead of APN. A specific index different from 1 must be used for some service provider and modem combinations. In addition, change the manufacturer detection to use the standard AT+CGMI command, which produces more predictable output than ATI, remove the redundant ipv6 option, since it is less ambiguous to directly specify the PDP context type with mobile connections, and fix missing device during teardown when using ncm through the wwan proto. Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
* uqmi: Add support for specifying profile indexMatti Laakso2016-12-142-82/+93
| | | | | | | | | | | | | | Update uqmi to latest version, which brings about support for specifying a call profile index instead of APN. A specific index different from 1 must be used for some service provider and modem combinations. Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP, replace option ipv6 with pdptype, which is less ambiguous, and make autoconnect optional and default it to off for IPv6 due to it not working with statically configured IPv6. Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
* netfilter: drop proprietary xt_id matchJo-Philipp Wich2016-12-141-69/+0
| | | | | | | | The xt_id match was used by the firewall3 package to track its own rules but the approach has been changed to use xt_comment instead now, so we can drop this nonstandard extension. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: support latest cake & restore DSCP washingKevin Darbyshire-Bryant2016-12-121-55/+75
| | | | | | | Support new packet overhead passing paradigm in cake qdisc, also restore DSCP wash/nowash keywords. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* tcpdump: reduce size of -mini by removing more infrequently used protocolsFelix Fietkau2016-12-121-23/+25
| | | | | | | | | | | This removes: - BGP - CDP - SCTP MIPS binary .ipk size is reduced from ~150k to ~130k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* net/utils/tcpdump: update to 4.8.1p-wassi2016-12-124-576/+700
| | | | | | Update tcpdump to upstream release 4.8.1 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* curl: update to version 7.51.0Hauke Mehrtens2016-12-033-6/+6
| | | | | | | | | | | | | | | | | This fixes the following security problems: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xtables-addons: add CONFIG_NF_CONNTRACK_MARK=y to all kmod-* packagesFelix Fietkau2016-12-011-2/+2
| | | | | | | Not all kmod packages depends on kmod-ipt-compat-xtables, but this kernel config option is required for building the whole package Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iw: drop TX power patch that is part of upstream version nowRafał Miłecki2016-11-291-30/+0
| | | | | | | | | | | | | | | | Applying it again was resulting in duplicated TX info like: Interface wlan0 ifindex 6 wdev 0x1 addr 00:23:6a:a3:7d:00 ssid LEDE2 type AP wiphy 0 channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz txpower 31.00 dBm txpower 31.00 dBm Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ipset: Add InstallDev to provide libipset as libraryJulian Kornberger2016-11-261-1/+8
|
* arptables: bump to 2015-05-20Ralph Sennhauser2016-11-143-64/+13
| | | | | | | | | | | | | | | | | | This fixes building with musl and drops the dependency on the OpenWrt kernel-header patches: 270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch 271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch Use the new upstream location at netfilter.org and use a define instead of a patch to "optimize". See also: https://git.netfilter.org/arptables/log/ Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com> [Jo-Philipp Wich: add mirror SHA256 sum] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* conntrack-tools: update to v1.4.4Jo-Philipp Wich2016-11-141-6/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iw: fix build error caused by redeclaration of NL80211_ATTR_PADRafał Miłecki2016-11-121-6/+2
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Fixes: 7aff00ab199 ("iw: update to version 4.9")
* iw: update to version 4.9Rafał Miłecki2016-11-125-88/+24
| | | | | | | This adds support for "channels" command which displays more details about channels. It includes e.g. info about available widths. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iw: update to version 4.7Rafał Miłecki2016-11-128-634/+48
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iperf3: update to version 3.1.4Christian Lamparter2016-11-081-2/+2
| | | | | | | | | "This release fixes a few minor bugs, including a (non-security-impacting) buffer overflow fix ported from upstream cjson." <http://software.es.net/iperf/news.html#iperf-3-1-4-released> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* comgt: move to WWAN submenu, fixed linkAlberto Bursi2016-11-081-3/+4
| | | | | | | | moving comgt and its modules to WWAN submenu to join uqmi as both are tools for WWAN modems. I replaced the link with comgt's ubuntu manpage because the old link isn't working anymore. Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* uqmi: moved to WWAN submenuAlberto Bursi2016-11-081-0/+1
| | | | | | Moving uqmi to WWAN submenu Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* gcom: Fix 'mode' option for ncmCezary Jackiewicz2016-11-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Huawei devices like E3372 proper command for set lte mode is: AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,, Eval is required for proper quotation. Without this fix: Fri Nov 4 19:07:49 2016 daemon.notice netifd: Interface 'wan' is setting up now Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> AT Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> ATZ Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATQ0 Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATV1 Fri Nov 4 19:07:54 2016 daemon.notice netifd: wan (2060): sending -> ATE1 Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> ATS0=0 Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> AT+CGDCONT=1,"IP","internet" Fri Nov 4 19:07:57 2016 daemon.notice netifd: wan (2060): sending -> AT^SYSCFGEX=\"03\",3fffffff,2,4,7fffffffffffffff,, Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Error running AT-command Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Failed to set operating mode Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2092): Stopping network ... With this fix: Fri Nov 4 19:10:59 2016 daemon.notice netifd: Interface 'wan' is setting up now Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> AT Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> ATZ Fri Nov 4 19:11:02 2016 daemon.notice netifd: wan (2539): sending -> ATQ0 Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATV1 Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATE1 Fri Nov 4 19:11:04 2016 daemon.notice netifd: wan (2539): sending -> ATS0=0 Fri Nov 4 19:11:05 2016 daemon.notice netifd: wan (2539): sending -> AT+CGDCONT=1,"IP","internet" Fri Nov 4 19:11:06 2016 daemon.notice netifd: wan (2539): sending -> AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,, Fri Nov 4 19:11:07 2016 daemon.notice netifd: wan (2539): sending -> AT^NDISDUP=1,1,"internet" Fri Nov 4 19:11:08 2016 daemon.notice netifd: wan (2539): Connected, starting DHCP on wwan0 Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan' is now up Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network device 'wwan0' link is up Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network alias 'wwan0' link is up Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is enabled Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' has link connectivity Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is setting up now ... Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
* iproute2: rename ip to ip-tiny and let both ip-tiny and ip-full provide "ip"Jo-Philipp Wich2016-11-021-6/+7
| | | | | | | | | | | | | | | | | | Rename the "ip" package declaration to "ip-tiny" and let both "ip-tiny" and "ip-full" provide the virtual "ip" package. This allows users to freely choose the "ip" command variant while other packages can continue to depend on "ip" without needing to enforce a specific variant. Note that this commit does not add busybox as "ip" provider due to the following reasons: - The builtin Busybox ip applet cannot be added or removed at runtime - Both "ip-tiny" and "ip-full" are able to install without file clashes even if the busybox applet is enabled - The system is preferring full "ip-tiny" and "ip-full" at runtime, even if Busybox ip is still present. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* package/network/utils/ipset: Update to 6.30Daniel Engberg2016-10-271-2/+2
| | | | | | Updates to 6.30 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* wwan: rename data filesSimon Hailes2016-10-26348-0/+10
| | | | | | This is to ensure that git can be cloned onto a windows drive without failing. Signed-off-by: Simon Hailes <btsimonh@googlemail.com>
* qmi: add metric, defaultroute and peerdns options for qmi protocolMarcin Jurkowski2016-10-261-8/+10
| | | | | | | | | | | | | Adds generic network options for qmi protocol dynamic interfaces as suggested by Felix in https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. IPv6-related code taken from Bruno's patch https://patchwork.ozlabs.org/patch/584816. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Bruno Randolf <br1@einfach.org>
* mbim: add metric, defaultroute and peerdns options for mbim protocolMarcin Jurkowski2016-10-261-2/+5
| | | | | | | | | | Adds generic network options for mbim protocol dynamic interfaces as suggested by Felix in https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* comgt: add metric, defaultroute and peerdns options for directip protocolMarcin Jurkowski2016-10-261-2/+5
| | | | | | | | | | Adds generic network options for directip protocol dynamic interfaces as suggested by Felix in https://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* comgt: add metric, defaultroute and peerdns options for ncm protocolMarcin Jurkowski2016-10-261-2/+5
| | | | | | | | | | Adds generic network options for ncm protocol dynamic interfaces as suggested by Felix in http://lists.openwrt.org/pipermail/openwrt-devel/2016-February/039794.html. This depends on netifd patch https://patchwork.ozlabs.org/patch/686820/. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>