aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* odhcp6c: update to git HEAD versionHans Dedecker2017-03-161-3/+6
| | | | | | 7e0d8b8 CMakeLists: don't enable libubox md5 implementation by default Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: Adjust URLsDaniel Engberg2017-03-151-6/+4
| | | | | | | Update mirror list, add main site as last resort Source: https://github.com/curl/curl-www/blob/master/latest.pl Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* iwcap: fix handling kill signal during dumpFelix Fietkau2017-03-141-13/+13
| | | | | | Do not run another loop iteration before checking the stop flag Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umdns: update to the version 2017-03-14Rafał Miłecki2017-03-141-3/+3
| | | | | | | | | This includes 3 cleanups: fd5a160 Don't cache hosts as services 80dd246 Refresh DNS records A and AAAA directly 6515101 Access cached records (instead of services) to read list of hosts Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* curl: update to version 7.53.1Hauke Mehrtens2017-03-134-42/+6
| | | | | | | This fixes the following security problem: * CVE-2017-2629 SSL_VERIFYSTATUS ignored Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* xtables-addons: fix build error on ARCFelix Fietkau2017-03-121-0/+11
| | | | | | | The kernel unconditionally pulls in a header file that defines 'current', which conflicts with the lua extension code. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* umdns: update to the 2017-03-10 versionRafał Miłecki2017-03-101-3/+3
| | | | | | | This fixes crash in interface_start caused by freeing interface in interface_free without stopping a timeout. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* vxlan: add new package for netifd VXLAN protoMatthias Schiffer2017-03-102-0/+180
| | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* netifd: update to git HEAD versionMatthias Schiffer2017-03-101-3/+3
| | | | | | 91810ec system-linux: add VXLAN support Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: do not forward rfc6761 excluded domainsKevin Darbyshire-Bryant2017-03-093-2/+24
| | | | | | | | | | | | | | | | | | | | | | RFC 6761 defines a number of top level domains should not be forwarded to the Internet's domain servers since they are not responsible for those domains. This change adds a list of domains that will be blocked when 'boguspriv' is used and augments that which is already blocked by dnsmasq's notion of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses and IPv6 prefixes as defined in RFC 6303. To make this configurable rather than hard coded in dnsmasq's init script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally included. The default file matches the RFC 6761 recommendation along with a few other top level domains that should not be forwarded to the Internet. Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* openvpn: move list of params and bools to a separate fileYousong Zhou2017-03-073-30/+205
| | | | | | | So that future patches for addition/removal of them can be more readable Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ppp: propagate master peerdns setting to dynamic slave interfaceJo-Philipp Wich2017-03-073-2/+4
| | | | | | | | | | Honour the parent interfaces peerdns option when spawning a virtual DHCPv6 interface in order to avoid pulling in IPv6 DNS servers when the user opted to inhibit peer DNS servers in the configuration. Fixes #597. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: add loglevel uci option in odhcpd defaultsHans Dedecker2017-03-061-0/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to git HEAD versionHans Dedecker2017-03-061-3/+3
| | | | | | c69555c dhcpv6: use PRIu64 print macro Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: Bump to latest HEADFlorian Fainelli2017-03-051-3/+3
| | | | | | | | Brings in the following change: 9eac2a896341 dhcpv6-ia: Check lockf return value Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rssileds: Fix build with external toolchainsFlorian Fainelli2017-03-011-2/+4
| | | | | | | | Pass down TARGET_CPPFLAGS for path to header files, and append the libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end of the command line as is required by modern GCC/binutils. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* swconfig: Link with libuboxFlorian Fainelli2017-03-011-1/+1
| | | | | | | | | | | | | | | | | | | Fixes linking failures observed with external toolchains: /home/florian/dev/toolchains/stbgcc-4.8-1.5/bin/../lib/gcc/mipsel-linux-gnu/4.8.5/../../../../mipsel-linux-gnu/bin/ld: warning: libubox.so, needed by /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so, not found (try using -rpath or -rpath-link) /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blobmsg_open_nested' /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blobmsg_parse' /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blob_nest_end' /home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so: undefined reference to `blobmsg_add_field' Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* omcproxy: Update to latest HEADFlorian Fainelli2017-03-011-3/+3
| | | | | | | Brings the following change: 1fe6f48f8a50 Cmake: Find libubox/list.h Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* thc-ipv6: Allow overriding CFLAGSFlorian Fainelli2017-03-011-0/+12
| | | | | | | | thc-ipv6 did not allow an external environment to override CFLAGS, which would lead to our CFLAGS not being passed properly (relro, optimizations, etc...) Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* wireless-tools: Change download url to githubHsing-Wang Liao2017-02-281-1/+1
| | | | Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
* iftop: bump to latest upstreamKevin Darbyshire-Bryant2017-02-262-73/+8
| | | | | | | | | Drops a LEDE carried patch now upstream. Convert to autotools. A number of nits fixed upstream (dns & short packet handling most notable) Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* relayd: fix making incomplete instance json dataYousong Zhou2017-02-252-7/+14
| | | | | | | | Defer procd_open_instance only after validity check passed. Fixes FS#541 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* relayd: remove old start-stop-service related codeYousong Zhou2017-02-251-15/+0
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ppp: ppp6-up: add executable permission bitYousong Zhou2017-02-241-0/+0
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iw: sync nl80211.h with mac80211 packageFelix Fietkau2017-02-241-5/+289
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: update to git HEAD version (FS#397) (FS#481)Hans Dedecker2017-02-231-3/+3
| | | | | | | | | | | | | | | | | | 1b630f8 router: don't announce prefixes with valid lifetime equal to 0 ba0cac0 router: fix arithmetic exception fault 3495f17 router: allow RA prefix lifetime being set to leasetime value (FS#397) e437ce9 treewide: simplify dhcp leasetime checking 942fb33 router: support ra_mininterval and ra_lifetime uci parameters (FS#397) f913337 router.h: fix alignment style 4dc7edb Revert "odhcpd.h: fix alignment style" 62ea54f odhcpd.h: fix alignment style a898ee5 config: make loglevel configurable via uci (FS#481) 51c756c odhcpd: display correct default log level in usage text 68ee0b5 treewide: define and use macro IN6_IS_ADDR_ULA fa57225 ndp: deregister netlink event socket for non recoverable errors ac70d28 odhcpd: fix white space errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* swconfig: Bugfix switch_port uci option parsingBen Kelly2017-02-231-2/+2
| | | | | | | | When not defining 'device' or 'vlan' in relevant switch_port uci sections, behaviour is inconsistent due to *devn, *port and *vlan pointers not being zero initialized. Signed-off-by: Ben Kelly <ben@benjii.net>
* netifd: fix stopping netifd + interfacesFelix Fietkau2017-02-231-10/+3
| | | | | | | stop() is overwritten by rc.common, so implement stop_service instead. While at it, remove the now unnecessary restart() override Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: bump to dnsmasq v2.77test4Kevin Darbyshire-Bryant2017-02-223-217/+2
| | | | | | | | | | | | | | --bogus-priv now applies to IPv6 prefixes as specified in RFC6303 - this is significantly friendlier to upstream servers. CNAME fix in auth mode - A domain can only have a CNAME if it has no other records Drop 2 patches now included upstream. Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: fix feature indicationJo-Philipp Wich2017-02-201-2/+14
| | | | | | | | - Fix eap test to work with standalone hostapd builds - Fix 11n test to check the correct define - Add 11ac, 11r and 11w tests Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: bump to dnsmasq v2.77test3Kevin Darbyshire-Bryant2017-02-205-131/+217
| | | | | | | | | | | | | | | | New test release (since test1) includes 2 LEDE patches that are upstream and may be dropped, along with many spelling fixes. Add forthcoming 2017 root zone trust anchor to trust-anchors.conf. Backport 2 patches that just missed test3: Reduce logspam of those domains handled locally 'local addresses only' Implement RFC-6842 (Client-ids in DHCP replies) Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* firewall3: update to Git head to support xtables API level > 11Jo-Philipp Wich2017-02-191-3/+3
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcp6c: fix PKG_MIRROR_HASHHans Dedecker2017-02-171-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: use sha256 when generating certificates with openssl (FS#512)Felix Fietkau2017-02-171-1/+1
| | | | | | Patch from attachment to FS#512 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: bump PKG_RELEASEStijn Tintel2017-02-171-1/+1
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* qos-scripts: fix module load commands (FS#438)Felix Fietkau2017-02-151-2/+1
| | | | | | | fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark module Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mdns: update and rename package to the umdnsRafał Miłecki2017-02-154-24/+24
| | | | | | | | | | | | | | This update includes numerous small fixes for: 1) Interfaces setup 2) Packets parsing 3) Sending replies Without this there were multiple problems with exchanging information between (u)mdns and other implementations (including (u)mdns as well). This also follows project rename to umdns which was required to avoid confusion with Apple's mdnsd from mDNSResponder project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ebtables: update to last commitAnsuel Smith2017-02-153-183/+12
| | | | | | Refreshed patches Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* hostapd: mv netifd.sh hostapd.shDaniel Albers2017-02-152-1/+1
| | | | | | same name for the file on the host and target Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
* ppp: honor ip6table for IPv6 PPP interfacesUlrich Weber2017-02-132-1/+3
| | | | | | | | as we do for IPv4 PPP interfaces. When we create the dynamic IPv6 interface we should inherit ip6table from main interface. Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
* ppp: add pppoe-discovery to an independent packageFlorian Eckert2017-02-131-0/+17
| | | | | | | | pppoe-discovery performs the same discovery process as pppoe, but does not initiate a session Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEAD versionHans Dedecker2017-02-121-3/+3
| | | | | | | | | | f107656 netifd: Add option to configure locktime for each device cdc0e80 interface: add prefix assignment priority support 6397f5e device: add veth support 6228d0f wireless: fix _wireless_add_process 7cc2f10 treewide: fix white space errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* pppd: fix compile issues with glibc 2.25Felix Fietkau2017-02-112-46/+28
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tcpdump: fix tcpdump-mini build on glibc 2.25Felix Fietkau2017-02-111-30/+7
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: enable SHA256 HMACsJoseph C. Sible2017-02-101-3/+2
| | | | | | | The only HMACs currently available use MD5 and SHA1, both of which have known weaknesses. We already compile in the SHA256 code since we use Curve25519 by default, so there's no significant size penalty to enabling this. Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
* odhcpd: update to git HEAD version (FS#396)Hans Dedecker2017-02-091-3/+3
| | | | | | | | | 8df4253 ndp: harden netlink event socket error handling b02f3e6 ndp: close proc file descriptor also during error handling 8a615ad npd: rework IPv6 relay logic (FS#396) 0129f79 config: restore interface defaults when cleaning interface Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iperf3: Update to 3.1.6Daniel Engberg2017-02-091-2/+2
| | | | | | Update to 3.1.6 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* odhcp6c: update to GIT head versionHans Dedecker2017-02-081-3/+3
| | | | | | cfd986c odhcp6c: fix possible stack corruption when parsing proc if_inet6 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tcpdump: update to version 4.9.0Hauke Mehrtens2017-02-064-81/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: update to dnsmasq 2.77test1Kevin Darbyshire-Bryant2017-02-056-257/+145
| | | | | | | | | | | | | | | | | | | | | | | Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76 and allows dropping of 2 LEDE carried patches. Notable fix in rrfilter code when talking to Nominum's DNS servers especially with DNSSEC. A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses from dns servers is also included. This mean dnsmasq tries all configured servers before giving up. A 'localise queries' enhancement has also been backported (it will appear in test2/rc'n') this is especially important if using the recently imported to LEDE 'use dnsmasq standalone' feature 9525743c I have been following dnsmasq HEAD ever since 2.76 release. Compile & Run tested: ar71xx, Archer C7 v2 Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>