aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* CC: samba: fix some security problemsHauke Mehrtens2016-04-1721-46/+20105
| | | | | | | | | | | | | | | | | | Backport of r49175. This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@49177 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: curl: detect the library as renamed wolfsslHauke Mehrtens2016-03-032-1/+102
| | | | | | | | | | Without this patch curl does not detect the new cyassl/wolfssl version and would be build without ssl support instead when cyassl was selected. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48900 3c298f89-4303-0410-b956-a3cf2f4a3e73
* mac80211/hostapd: rework 802.11w driver support selection, do not hardcode ↵Felix Fietkau2016-03-022-1/+5
| | | | | | | | | | drivers in hostapd makefile Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r46903 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48878 3c298f89-4303-0410-b956-a3cf2f4a3e73
* curl: bump pkg revisionJo-Philipp Wich2016-03-021-2/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48875 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: curl: fix CVE-2016-0755Hauke Mehrtens2016-03-011-0/+126
| | | | | | | | | | | | | This fixes the following security problem: CVE-2016-0755: NTLM credentials not-checked for proxy connection re-use http://curl.haxx.se/docs/adv_20160127B.html backport of r48614. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48872 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iw: update to version 4.3, sync with trunk r47782Felix Fietkau2016-03-018-672/+603
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48870 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: minor fixesJohn Crispin2016-03-012-2/+9
| | | | | | | | | | | | Better synchronize RA & DHCPv6 events Accumulate some events to avoid flooding Restart softwires for address and prefix changes Signed-off-by: Steven Barth <steven@midlink.org> Backport of r46518 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48839 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: add option "sourcefilter" to disable source filterJohn Crispin2016-03-013-4/+6
| | | | | | | | Signed-off-by: Steven Barth <steven@midlink.org> Backport of r46408 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48837 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix disassociation with FullMAC drivers and multi-BSSRafał Miłecki2016-01-111-0/+67
| | | | | | | | Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Backport of r48202 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48205 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: fix post v2.4 security issuesFelix Fietkau2016-01-1011-0/+554
| | | | | | | | | | | | | | | | | | | | | | | | | - WPS: Fix HTTP chunked transfer encoding parser (CVE-2015-4141) - EAP-pwd peer: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd server: Fix payload length validation for Commit and Confirm (CVE-2015-4143) - EAP-pwd peer: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd server: Fix Total-Length parsing for fragment reassembly (CVE-2015-4144, CVE-2015-4145) - EAP-pwd peer: Fix asymmetric fragmentation behavior (CVE-2015-4146) - NFC: Fix payload length validation in NDEF record parser (CVE-2015-8041) - WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use (CVE-2015-5310) - EAP-pwd peer: Fix last fragment length validation (CVE-2015-5315) - EAP-pwd server: Fix last fragment length validation (CVE-2015-5314) - EAP-pwd peer: Fix error path for unexpected Confirm message (CVE-2015-5316) Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> Backport of r48185 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48186 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: add three CVE patches from 2015-12-16Felix Fietkau2016-01-054-1/+253
| | | | | | | | | | | This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cermak@nic.cz> Backport of r48133 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48134 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: update to the latest version (trunk r47897), fixes route table ↵Felix Fietkau2015-12-291-2/+2
| | | | | | | | handling issues (among other things) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@48015 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcpd: backport trunk fixesSteven Barth2015-11-191-3/+3
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47515 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to the latest version, adds support for redirect helper scriptsFelix Fietkau2015-11-182-3/+7
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47419 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47499 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba: convert init script to procd, add reload supportFelix Fietkau2015-11-181-6/+24
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47292 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47495 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: add support for configuration option ubus_corsLuka Perkov2015-11-131-0/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47462 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to latest git HEADJohn Crispin2015-10-201-2/+2
| | | | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r47240 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47241 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to latest git revisionJohn Crispin2015-10-192-2/+7
| | | | | | | | | | adds URL alias support Signed-off-by: John Crispin <blogic@openwrt.org> BAckport of r47206 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47231 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: uhttpd: fix keep-alive bug (#20607, #20661)Jo-Philipp Wich2015-10-072-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r47161 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47162 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: wait longer for inactive client probe (empty data frame)Felix Fietkau2015-10-061-0/+11
| | | | | | | | | | | | | One second is not enough for some devices to ackowledge null data frame which is sent at the end of ap_max_inactivity interval. In particular, this causes severe Wi-Fi instability with Apple iPhone which may take up to 3 seconds to respond. Signed-off-by: Dmitry Ivanov <dima@ubnt.com> Backport of r47149 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47150 3c298f89-4303-0410-b956-a3cf2f4a3e73
* hostapd: check for banned client on association eventRafał Miłecki2015-09-281-0/+26
| | | | | | | | | | | | | When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so check for banned client in probe request handler won't ever be used. Since cfg80211 provides us info about STA associating let's put a check there. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> Backport of r47064 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47065 3c298f89-4303-0410-b956-a3cf2f4a3e73
* igmpproxy: fix spurious restarts on interface events, pass used netdevs to ↵Felix Fietkau2015-09-271-1/+5
| | | | | | | | | | procd instead Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47055 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47060 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: update to the latest version, fixes spurious client isolation in ↵Felix Fietkau2015-09-261-2/+2
| | | | | | | | | | unbridged AP configurations (#20574) Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r47053 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47054 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netifd: update to the latest version (as of trunk r46841)Felix Fietkau2015-09-181-2/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46999 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: firewall: depend on kmod-ipt-conntrack (#20542)Jo-Philipp Wich2015-09-171-1/+1
| | | | | | | | | | | Our ruleset requires kernel support for conntrack state matching, therfore depend on the require kmod. Fixes #20542. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r46990 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46991 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: backport use a more reliable way to set script environmentSteven Barth2015-09-151-1/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46943 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: update to the latest version, fixes deferred cgi script processing ↵Felix Fietkau2015-09-071-2/+2
| | | | | | | | | | (#20458) Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r46807 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46808 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: hostapd: properly enable 802.11w supportHauke Mehrtens2015-08-291-1/+1
| | | | | | | | | | | | | | backport of r46737 Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w support is properly compiled in full variant. This fixes #20179 Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46751 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uhttpd: we don't know where the device is located, so reflect that in the certImre Kaloz2015-08-191-3/+3
| | | | | | | | | | backport of r46688 Signed-off-by: Imre Kaloz <kaloz@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46689 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: uhttpd: pass X-HTTP-Method-Override header to cgi scriptsJo-Philipp Wich2015-08-171-2/+2
| | | | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> Backport of r46677 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46678 3c298f89-4303-0410-b956-a3cf2f4a3e73
* buttons: make all button handler scripts return 0Rafał Miłecki2015-08-101-0/+2
| | | | | | | | | | this is required by the new button timeout feature Signed-off-by: John Crispin <blogic@openwrt.org> Backport of r46471 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46581 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: dnsmasq: add some missing files to the jailJo-Philipp Wich2015-07-271-1/+1
| | | | | | | | | | found with strace, not sure we got all of them though Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com> Backport of r46467 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46511 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: fix typo in ESP ruleSteven Barth2015-07-272-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46508 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: comply with REC-22, REC-24 of RFC 6092Steven Barth2015-07-272-13/+12
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46507 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: fix some more compatibility issuesSteven Barth2015-07-131-5/+10
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46337 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: work-around more ISP DHCPv6-PD issuesSteven Barth2015-07-131-2/+2
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46336 3c298f89-4303-0410-b956-a3cf2f4a3e73
* CC: curl: fix some security vulnerabilitiesHauke Mehrtens2015-07-128-2/+324
| | | | | | | | | | | | | | | | | | This fixes the following security vulnerabilities in curl: * CVE-2015-3143 * CVE-2015-3144 * CVE-2015-3145 * CVE-2015-3148 * CVE-2015-3153 * CVE-2015-3236 * CVE-2015-3237 This was fixed in trunk with update to version 7.43.0 in r46169. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46312 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ebtables: remove partially broken musl fixFelix Fietkau2015-07-101-50/+0
| | | | | | | | See http://patchwork.ozlabs.org/patch/493573/ for more information Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46293 3c298f89-4303-0410-b956-a3cf2f4a3e73
* mdns: fix ubus wait_for commandFelix Fietkau2015-07-021-1/+1
| | | | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> Backport of r46156 git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46157 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Update dnsmasq to v2.73.Steven Barth2015-06-151-3/+3
| | | | | | Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@45987 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: bump PKG_RELEASE.Felix Fietkau2015-06-141-1/+1
| | | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45962 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: let instances drop to nobody in default config.Felix Fietkau2015-06-141-0/+2
| | | | | | | | | This is for security precautions. As persist_tun and persist_key are already there, this should not cause compatibility issue. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45961 3c298f89-4303-0410-b956-a3cf2f4a3e73
* openvpn: fix handling option auth_retry.Felix Fietkau2015-06-141-2/+2
| | | | | | | | | As reported in ticket #19104, auth_retry takes a <type> argument with 3 choices: none, nointeract, interact. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45960 3c298f89-4303-0410-b956-a3cf2f4a3e73
* samba36: remove host build pathsFelix Fietkau2015-06-141-3/+6
| | | | | | | | | | | | | - fix iconv detection because it adds host paths - disable python detection (host python-config is found) iconv issue is reported by buildbot config.log + replicated locally see config.log in logs.tar.gz python issue observed locally on Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45953 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp: bump PKG_RELEASESteven Barth2015-06-121-1/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45949 3c298f89-4303-0410-b956-a3cf2f4a3e73
* ppp : Unnumbered supportSteven Barth2015-06-121-1/+39
| | | | | | | | | | | | | | | | | Adds PPP unnumbered support via the parameter unnumbered which points to a logical OpenWRT interface. The PPP proto shell handler will "borrow" an IP address from the unnumbered interface (if multiple IP addresses are present the longest prefix different from 32 will be "borrowed") for which a host interface dependency will be created. Due to the host interface dependency the PPP unnumbered interface will only "borrow" an IP address from an interface which is up. The borrowed IP address will be shared as local IP address by the PPP daemon and no other local IP will be accepted from the peer in the IPCP negotiation. A typical use case is the usage of a public IP subnet on the Lan interface which will be shared by the PPP interface as local IP address. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45948 3c298f89-4303-0410-b956-a3cf2f4a3e73
* odhcp6c: work around RIOs matching PIOs as sent by some apple routersSteven Barth2015-06-102-1/+5
| | | | | | | | Thanks to Mikael Abrahamsson for reporting. Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45941 3c298f89-4303-0410-b956-a3cf2f4a3e73
* 6to4: Remove sourcerouting parameter registrationSteven Barth2015-06-101-1/+0
| | | | | | | | | Commit 31214c38c8dd0f70366b523f9b0335145b9386bd removes IPv6 unneeded source-dest-routing workarounds; as a result sourcerouting parameter is unused and can be removed. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45940 3c298f89-4303-0410-b956-a3cf2f4a3e73
* 6rd: Remove sourcerouting parameter registrationSteven Barth2015-06-101-1/+0
| | | | | | | | | Commit 31214c38c8dd0f70366b523f9b0335145b9386bd removes IPv6 unneeded source-dest-routing workarounds; as a result sourcerouting parameter is unused and can be removed. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45939 3c298f89-4303-0410-b956-a3cf2f4a3e73
* map: add sleep work-around for lw4o6 race-conditionSteven Barth2015-06-092-1/+4
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45936 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 11:57:27 +0000