| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Build/Prepare rule in favor of default one
This more of a demo for the previous commit that comes with
this one, where I added support for copying source from 'src' to
the build dir(s).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
|
|
| |
Updates lldpd to 0.9.5
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
| |
* Updates to 0.7
* Switches tarball to xz
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
| |
Updates to 6.29
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
|
|
| |
Adds per-host leasetime support
Various bugfixes :
-Prioritize ifname resolving via ubus
-Free interface if ifindex cannot be resolved
-...
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [update mirror sha256]
|
|
|
|
|
|
|
| |
Fixes a regression in commit 8f24ee638275:
"uqmi: Add proper IPv6 support"
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 8f24ee638275 ("uqmi: Add proper IPv6 support") changed the code
to fetch the IPv4 address via QMI by default instead of using DHCP to
make it consistent with the IPv6 codepath.
This breaks on at least some Sierra Wireless cards, where data exchanges
fail to work until the host has fetched a DHCP lease.
Leave v6 as it is, but always use DHCP for v4.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
| |
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
|
|
|
|
|
|
|
|
|
| |
Quote resolveip hostname argument to avoid bad shell injections.
While at it fix pattern match logic in case multiple IPv6 addresses
are returned for a hostname as they're seperated by newline by
resolveip and not a white space
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
Avoids build failures when the nl80211 driver is disabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.
uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.
Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.
This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
|
|
|
|
| |
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Add cake nat de-masquerading mode: nat, nonat.
Also docsis & ptm overhead related keywords: nat, nonat,
ptm, docsis-downstream-ip, docsis-downstream, docsis-upstream-ip
& docsis-upstream.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
| |
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.
Solves FS #194
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
| |
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
7.50.1:
CVE-2016-5419 TLS session resumption client cert bypass
CVE-2016-5420 Re-using connections with wrong client cert
CVE-2016-5421 use of connection struct after free
7.50.2:
CVE-2016-7141 Incorrect reuse of client certificates
7.50.3:
CVE-2016-7167 curl escape and unescape integer overflows
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Match sections allow to set a tag specified by the option networkid if the client
sends an option and optionally the option value specified by the match option.
The force option will convert the dhcp-option to force-dhcp-option if set to 1 in
the dnsmasq config if options are specified in the dhcp_option option.
config match
option networkid tag
option match 12,myhost
option force 1
list dhcp_option '3,192.168.1.1'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
| |
The latest update of hostapd broke brcmfmac due to upstream regression.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
| |
Permit users of the full variant to disable the NO_ID *.bind pseudo
domain masking.
Defaulted 'on' in all variants.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'
Based on a patch by Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't expose dnsmasq version & other data to clients via the *.bind
pseudo domain. This uses a new 'NO_ID' compile time option which has been
discussed and submitted upstream.
This is an alternate to replacing version with 'unknown' which affects
the version reported to syslog and 'dnsmasq --version'
Run time tested with & without NO_ID on Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Regression introduced by 3481d0d dnsmasq: run as dedicated UID/GID
dnsmasq is unable to remove its own pidfile as /var/run/dnsmasq is owned
by root and now dnsmasq runs as dnsmasq:dnsmasq. Change directory
ownership to match.
dnsmasq initially starts as root, creates the pidfile, then drops to
requested non-root user. Until this fix dnsmasq had insufficient
privilege to remove its own pidfile.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
|
|
|
|
| |
Signed-off-by: Johannes Römer <jroemer@posteo.net>
|
|
|
|
|
|
| |
Effectively the same for most purposes, but more accurate.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
| |
No longer necessary since the removal of build variants
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
The iwinfo library might get compiled with different backends, depending on
the driver selection of the current target, so mark it as nonshared to avoid
broken libiwinfo support on other targets with same cpu architecture but
different wireless driver types.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
| |
300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream.
Replaced 101-remove_polarssl_debug_call.patch with upstream backport.
Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
| |
Signed-off-by: Ash Benz <ash.benz@bk.ru>
|
|
|
|
|
|
|
| |
Adds fixes for wireless device error handling
Adds link state fixes for shell proto handlers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|