aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* BB: samba36: add three CVE patches from 2015-12-16Jo-Philipp Wich2016-01-114-1/+253
| | | | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> Backport of r48133 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@48199 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: check for banned client on association eventRafał Miłecki2015-09-281-0/+26
| | | | | | | | | | | | | When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so check for banned client in probe request handler won't ever be used. Since cfg80211 provides us info about STA associating let's put a check there. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Backport of r47064 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@47068 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: backport CVE-2015-3294 security fixRafał Miłecki2015-09-082-1/+38
| | | | | | | | | | | Upstream release 2.73 included CVE-2015-3294 fix, let's backport patch fixing this security issue. This avoids bumping version to 2.73 which introduced many new features. This way we keep dnsmasq safe and don't risk new problems. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46817 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: hostapd: Fix RADIUS connection recovery after initial failure (#18197)Jo-Philipp Wich2015-07-272-2/+43
| | | | | | | | | | | | | | | | If the initial attempt at opening the socket connection to the RADIUS server failed due to missing IP connectivity during startup, e.g., with "connect[radius]: Network is unreachable", hostapd did not try to reconnect when RADIUS messages were sent. Instead, it only reported "No authentication server configured" even if the configuration did have a server entry. Backport of upstream commit 94b39e5927e570e6b0fe41d455dde0a361c71c36 ("RADIUS client: Fix server connection recovery after initial failure") Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46512 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix remote denial of service vulnerability in WMM action frame parsingFelix Fietkau2015-05-062-1/+37
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r45619 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45620 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: update to 3.6.25, fixes remote code execution bug (CVE-2015-0240)Felix Fietkau2015-02-241-2/+2
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r44515 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44516 3c298f89-4303-0410-b956-a3cf2f4a3e73
* map: backport fixes from trunkSteven Barth2015-01-133-5/+11
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43962 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: qos-scripts: bump PKG_REVISION and copyright yearJo-Philipp Wich2015-01-061-2/+2
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r43860 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43862 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: openvpn: bump PKG_REVISION and copyright yearJo-Philipp Wich2015-01-061-2/+2
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r43859 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43861 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: backport an upstream fix for a regression in using --cipher none ↵Felix Fietkau2015-01-041-0/+57
| | | | | | | | | | (fixes #18676) Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r43823 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43824 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: correctly handle renew-replies with short lease timesSteven Barth2014-12-101-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43593 3c298f89-4303-0410-b956-a3cf2f4a3e73
* qos-scripts: fix insmod commandsFelix Fietkau2014-12-081-11/+11
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r43562 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43566 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: update to 2.3.6, fixes CVE-2014-8104Felix Fietkau2014-12-012-25/+46
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r43482 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43483 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: backport from trunk to fix busyloopSteven Barth2014-11-281-3/+4
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43416 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: fix default ORO for 6rdSteven Barth2014-11-082-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43215 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: uhttpd: fix HTTP incompatibilities in file handlerJo-Philipp Wich2014-10-271-2/+2
| | | | | | | | | | | | | * Fixes sending an extraneous message body for 204 and 304 resoponses which breaks Chrome in keep-alive mode. * Adds mimetypes for JSON and JSONP. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r43078 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43082 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: avoid some unnecessary big mallocsSteven Barth2014-10-251-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43057 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: CVE-2014-3686 fixesSteven Barth2014-10-179-11/+229
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42943 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: fix parse errors with some dhcpv6 serversSteven Barth2014-10-121-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42870 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: fix typo in last commitSteven Barth2014-10-081-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42853 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: don't assign addresses or prefixes prematurelySteven Barth2014-10-082-2/+5
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42851 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: ensure signal-safety of signal handlersSteven Barth2014-10-081-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42843 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: add route-workaround for broken IPv6-ISPsSteven Barth2014-10-083-5/+21
| | | | | | | | | | | | | | Some ISP seem to only do stateful DHCPv6 and not sending RAs. This is technically broken because plain DHCPv6 doesn't carry routes. We work around here by faking a default route to the DHCPv6 server if we do not receive a useful RA from the ISP. This workaround can be turned off with: option fakeroutes 0 Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42842 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: merge an upstream patch for pmksa cacheFelix Fietkau2014-10-051-0/+32
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r42762 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42763 3c298f89-4303-0410-b956-a3cf2f4a3e73
* map: fix portsets starting with 0 and use regular NAT for 1:1 MAPSteven Barth2014-10-023-19/+31
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42742 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: work around weird ISP RS behaviourSteven Barth2014-09-271-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42675 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: fix segfault when parsing domain options in UCISteven Barth2014-09-251-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42664 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: firewall: allow '*' as synonym for any / all in family and proto optionsJo-Philipp Wich2014-09-191-2/+2
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42620 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42623 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: firewall: fix heap corruption in fw3_bitlen2netmask() with IPv6 addressesJo-Philipp Wich2014-09-191-2/+2
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42610 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42622 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: firewall: fix invalid memory access when processing /128 IPv6 addresses ↵Jo-Philipp Wich2014-09-191-2/+2
| | | | | | | | | | from ubus, properly emit REDIRECT rules for local port forwards Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42604 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42621 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: update to version 2.4.7John Crispin2014-09-1815-53/+40
| | | | | | | | | | This fixes: CVE-2014-3158 and some other bugs. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Backport of r42525 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42613 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: 7.36.0 -> 7.38.0John Crispin2014-09-185-65/+7
| | | | | | | | | | | | | | | | | | | | Main changes: - URL parser: IPv6 zone identifiers are now supported - cyassl: Use error-ssl.h when available (drop local patch) - polarssl: support CURLOPT_CAPATH / --capath - mkhelp: generate code for --disable-manual as well (drop local patch) Full release notes: http://curl.haxx.se/changes.html MIPS 34kc binary size: - 7.36.0 before: 82,539 bytes - 7.38.0 after: 83,321 bytes Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> Backport of r42517 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42612 3c298f89-4303-0410-b956-a3cf2f4a3e73
* mdns: update to latest git HEADJohn Crispin2014-09-171-2/+2
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42593 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: do not remove foreign wpa_supplicant socketsJohn Crispin2014-09-171-1/+1
| | | | | | | | | | https://dev.openwrt.org/ticket/17886 Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r42586 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42591 3c298f89-4303-0410-b956-a3cf2f4a3e73
* comgt: add directip protoJohn Crispin2014-09-164-1/+167
| | | | | | | | | | add a proto handler for sierra wireless directip modems Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r42465 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42577 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: remove bogus default setting for wps_pin (#17873)Felix Fietkau2014-09-152-4/+3
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r42553 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42554 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: work-around kernel IPv6 on-link route issueSteven Barth2014-09-081-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42440 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Make the --dhcp-host logic easier to understandJohn Crispin2014-09-011-6/+8
| | | | | | | | | | | | | Use an if/else statement to cover the two different syntaxes. Add comments explaining what the end results should look like. This patch should not change the script's output. Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Backport of r42320 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42390 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Fix hosts file format when MAC address is not specifiedJohn Crispin2014-09-011-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | An entry like this in /etc/config/dhcp: config 'host' option 'name' 'pc2' option 'ip' '192.168.100.56' option 'dns' '1' results in a /tmp/hosts/dhcp entry that looks like this: 192.168.100.56 .lan Obviously it should say "pc2.lan". This happens because $name is set to "" in order to support the MAC-less syntax: "--dhcp-host=lap,192.168.0.199". Fix this by reordering the operations. Also, refuse to add a DNS entry if the hostname or IP is missing. Fixes #17683 Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr> Signed-off-by: Kevin Cernekee <cernekee@gmail.com> Backport of r42319 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42389 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dnsmasq: Create rDNS records for LuCI "Hostnames"John Crispin2014-09-011-6/+3
| | | | | | | | | | | | | | | LuCI creates "domain" UCI config sections, which the dnsmasq init file then, currently, translates into "address" config lines. This is not the correct usage of "address" (see r36943), and also causes rDNS records to not be created. This patches dnsmasq.init to utilize the additional hosts file introduced in r40799 for such domain names, resolving both issues. Signed-off-by: Tyler Fenby <tylerf@securecominc.com> Backport of r42318 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42388 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/*: remove useless explicit set of function returncodeJohn Crispin2014-09-014-21/+0
| | | | | | | | | | | | | | | | | | | | | | | | somebody started to set a function returncode in the validation stuff and everybody copies it, e.g. myfunction() { fire_command return $? } a function automatically returns with the last returncode, so we can safely remove the command 'return $?'. reference: http://tldp.org/LDP/abs/html/exit-status.html "The last command executed in the function or script determines the exit status." Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com> Backport of r42278 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42379 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: the firewall did not start properly on bootJohn Crispin2014-09-011-1/+1
| | | | | | | | | | https://dev.openwrt.org/ticket/17593 Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r42233 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42374 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: enable IPv6CP by defaultJohn Crispin2014-09-012-2/+6
| | | | | | | | Signed-off-by: Steven Barth <steven@midlink.org> Backport of r42158 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42355 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: fix potential NULL pointer accessJohn Crispin2014-09-011-2/+2
| | | | | | | | | | Properly skip struct ifaddr entries with NULL ifa_addr, thanks Kostas Papadopoulos for reporting. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42138 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42354 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: implement selective conntrack flushing (#10225)John Crispin2014-09-011-2/+2
| | | | | | | | | | | | Utilize the new selective conntrack flushing facility to clear out active conntrack entries referring to old IP addresses after a firewall reload. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42114 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42353 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix some whitespacesJohn Crispin2014-09-011-3/+3
| | | | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> Backport of r42111 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42351 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: update to the latest version, adds interface cleanup fixesFelix Fietkau2014-08-311-1/+1
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r42345 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42347 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: update to the latest version, fixes proto-shell teardown after renewFelix Fietkau2014-08-311-2/+2
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r42344 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42346 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: uhttpd: do not configure TLS parameters if libustream-ssl is not presentJo-Philipp Wich2014-08-252-3/+3
| | | | | | | | | | | | | | A quite frequent problem after sysupgrading from an older, SSL enabled build is that ustream-ssl is not installed so uhttpd fails to come up again due to https listening directives in the preserved configuration. Skip key/cert and ssl listen options when libustream-ssl.so is not present. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42284 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42286 3c298f89-4303-0410-b956-a3cf2f4a3e73
* BB: iwinfo: properly decode SSIDs when scanning through wpa_supplicantJo-Philipp Wich2014-08-252-4/+63
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r42273 git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42285 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 02:36:29 +0000