aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: enable PMKSA and OK caching for WPA3-PersonalDavid Bauer2019-11-051-1/+8
| | | | | | | | | | | | | | | This enables PMKSA and opportunistic key caching by default for WPA2/WPA3-Personal, WPA3-Personal and OWE auth types. Otherwise, Apple devices won't connect to the WPA3 network. This should not degrade security, as there's no external authentication provider. Tested with OCEDO Koala and iPhone 7 (iOS 13.1). Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8) Signed-off-by: David Bauer <mail@david-bauer.net>
* tcpdump: update to 4.9.3DENG Qingfang2019-10-194-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 394273c066b8f4317b77f3ede216cfcdd45250c1)
* hostapd: adjust to removal of WOLFSSL_HAS_AES_GCMEneas U de Queiroz2019-10-191-1/+0
| | | | | | | WolfSSL is always built with AES-GCM support now. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit ee5a3f6d605602bbff57cde337235088cf9c3ffa)
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-161-3/+3
| | | | | | | | 07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results 3ac846e lua: fix string description of mixed WPA3 modes Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit bc61458b73c04f900c358be8b7ed37c84298472a)
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-151-3/+3
| | | | | | | a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 57b834281b586839b5e2cb00d7907de50c68ebcc)
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-111-3/+3
| | | | | | | | | | | | | | | | Contains following updates squashed from 3 bump commits in master: 02112f9 cli: fix reporting of mixed WPA2/WPA3 versions 7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results 629b5ff nl80211: do not confuse open connections with WEP ones 3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing 313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results f096bfd utils: support parsing SAE and OWE key management suites from IEs 2a95086 nl80211: recognize SAE encrypted mesh Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* firewall: update to latest Git HEADJo-Philipp Wich2019-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | 383eb58 ubus: do not overwrite ipset name attribute c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type 487bd0d utils: Fix string format message 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Petr Štetiar <ynezz@true.cz> [cherry picked and squashed from commits 7db655991443a98f84e4c39e733232d41d2d6137, 359bff605244c2cf2bff75bce0f0b16b496a6a77, 2cf209ce9166575d8259b5b4176ee91d8b48d2ff, 5ef9e4f107a94c502908403fdf56cf6bcdc08dd2] Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: retry failed PD assignments on addrlist changeHans Dedecker2019-09-151-3/+3
| | | | | | 88d9ab6 dhcpv6: retry failed PD assignments on addrlist change Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: update to latest Git HEADDavid Bauer2019-09-151-3/+3
| | | | | | | | a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886 1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887 Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 7db2f1a71f202023154e80758079193fc47352eb)
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* hostapd: Fix security problem in EAP-pwdHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This should not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)
* odhcp6c: update to latest git HEADHans Dedecker2019-09-071-2/+2
| | | | | | | e199804 dhcpv6: sanitize oro options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1855c237948e211849d79765ca749cdea6a79987)
* iwinfo: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | | f599a8d iwinfo: Fix rate buffer size 71ec9be iwinfo: Fix buffer size f8ef450 iwinfo: Add support for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6658447534152b72a3341b369f1eb545618fa7cf)
* nftables: bump to version 0.9.2Konstantin Demin2019-09-042-31/+4
| | | | | | | | | | | | | | | - exclude Python-related stuff from build - drop patches: * 010-uclibc-ng.patch, applied upstream ipkg size decrease by 2.8%: old: 194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk new: 189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit b74f1f335a792a15feb0fd839a69486050d3531f)
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-043-2/+14
| | | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
* firewall: update to latest git HEADKevin Darbyshire-Bryant2019-09-041-3/+3
| | | | | | | bf29c1e firewall3: ipset: Handle reload_set properly Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit bd01346bb463d371627739fad539310ef5bd4146)
* iftop: update to HEAD of 2018-10-03 - 77901cChristian Lamparter2019-09-041-3/+3
| | | | | | | | | | | | | Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183 git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c 77901c8 Support scales beyond 1Gbps Created with the help of the make-package-update-commit.sh script. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit cfd0748497c5c27c6d0f80b0ad3698ffe4428352)
* hostapd: Allow CONFIG_IEEE80211W for all but mini variantHauke Mehrtens2019-09-041-6/+2
| | | | | | | | | | This commit will activate CONFIG_IEEE80211W for all, but the mini variant when at least one driver supports it. This will add ieee80211w support for the mesh variant for example. Fixes: FS#2397 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 1d4df52c215874a5238ddef7bccf0139f7758c24)
* hostapd: Remove ROBO switch supportHauke Mehrtens2019-09-041-2/+0
| | | | | | | The driver was removed from OpenWrt a long time ago. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f34e8258340f5994a2506bd087fc6e6d4a3d5d5e)
* firewall: improve ipset supportKevin Darbyshire-Bryant2019-09-041-4/+4
| | | | | | | | | | | | | | | | | | | | | Bump to latest git HEAD 509e673 firewall3: Improve ipset support The enabled option did not work properly for ipsets, as it was not checked on create/destroy of a set. After this commit, sets are only created/destroyed if enabled is set to true. Add support for reloading, or recreating, ipsets on firewall reload. By setting "reload_set" to true, the set will be destroyed and then re-created when the firewall is reloaded. Add support for the counters and comment extensions. By setting "counters" or "comment" to true, then counters or comments are added to the set. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 51ffce069424f86e894369cee5cd327dd503db5f)
* dnsmasq: use nettle ecc_curve access functionsHans Dedecker2019-09-042-1/+36
| | | | | | | Fixes compile issues with nettle 3.5.1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 63ced140484e072dddbba39bb729adc98d94d522)
* comgt-ncm: add driver dependencies againVincent Wiemann2019-09-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In the commit 623716dd4318 ("comgt-ncm: Fix NCM protocol") the dependencies to vendor NCM drivers were removed, because: > comgt-ncm should not depend on the USB-serial-related kernel modules, > as the cdc-wdm control device works without them. There is also no need > to depend on kmod-huawei-cdc-ncm, since other manufacturers (like > Ericsson and Samsung) which use other kernel modules should also be > supported. From a user-perspective this does not make sense, as installing comgt-ncm (or luci-proto-ncm) should install all needed dependencies for using such a device. Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson and Samsung devices can't be supported. By the way it seems that Ericsson and Samsung devices never used NCM, but act as serial modems. Thus this commit adds the dependencies again. Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com> [fixed title capitalization, formatted commit message, renamed Sony-Ericsson to Ericsson] Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit ccb4b96b8a4990178512c7a785f998a5e6f74cc3)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 5e02f94 system-linux: fix resource leak Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit d70a35c365ae607671f8698fee10f29fd9023161)
* linux-atm: Add missing headersRosen Penev2019-09-042-1/+31
| | | | | | | This fixes compilation with -Werror=implicit-function-declaration. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 1b1c47577bac99bdd8ab9ecde928ab0398f78799)
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-09-047-11/+0
| | | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit e545fac8d968864a965edb9e50c6f90940b0a6c9)
* ethtool: bump to 5.2Hans Dedecker2019-09-041-2/+2
| | | | | | | | | | 379c096 Release version 5.2. 2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes 67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019 687152b ethtool.spec: Use standard file location macros Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 018395392c2608698201042bbaa180b82eb7120f)
* firewall: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | de94097 utils: coverity resource leak warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit efb7b7a12af55758458cdb945a0833af411289f7)
* ipset: update to 7.3DENG Qingfang2019-09-041-3/+3
| | | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit edd9b39fab46a7231b8662697ba8c10de42d5a66)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 899f168 system-linux: Coverity fixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 11617bcb3be6778d5427723a09922aae50956a8c)
* curl: update to 7.65.3Hans Dedecker2019-09-041-2/+2
| | | | | | | For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit fc2df4f7050adae3ca6284a499fa914e07cba70b)
* openvpn: add new list option tls_ciphersuitesMartin Schiller2019-09-041-1/+2
| | | | | | | | To configure the list of allowable TLS 1.3 ciphersuites, the option tls_ciphersuites is used instead of tls_ciphers. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit 261df949faad6dda43454868628f79265e9cc5e7)
* iperf3: update to 3.7DENG Qingfang2019-09-041-2/+2
| | | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 42b3a3a89b6d60e10c6c266d29ebc779b7fee718)
* comgt: add delay option for 3g protoFlorian Eckert2019-09-041-0/+4
| | | | | | | | All protos for wwan (ncm,qmi,mbim) do have a delay option. To standardize that add also the missing delay option to the 3g proto. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 313444a79e9d1ced42223a9c92cb677b6e6e286e)
* uqmi: fix indentation style and boundaryFlorian Eckert2019-09-041-5/+9
| | | | | | | Fix indentation style and boundary. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit c06f2a2dcb2350d00cc6bd8300ec3861353d96ae)
* uqmi: add mtu config option possibilityFlorian Eckert2019-09-041-2/+8
| | | | | | | | | There are mobile carrier who have different MTU size in their network. With this change it is now possible to configure this with the qmi proto handler. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 8eb63cb7df4db3c92a9a010accc9b8444d06d4a2)
* wireguard: bump to 0.0.20190702Jason A. Donenfeld2019-09-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * curve25519: not all linkers support bmi2 and adx This should allow WireGuard to build on older toolchains. * global: switch to coarse ktime Our prior use of fast ktime before meant that sometimes, depending on how broken the motherboard was, we'd wind up calling into the HPET slow path. Here we move to coarse ktime which is always super speedy. In the process we had to fix the resolution of the clock, as well as introduce a new interface for it, landing in 5.3. Older kernels fall back to a fast-enough mechanism based on jiffies. https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/ https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/ * netlink: cast struct over cb->args for type safety This follow recent upstream changes such as: https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/ * peer: use LIST_HEAD macro Style nit. * receive: queue dead packets to napi queue instead of empty rx_queue This mitigates a WARN_ON being triggered by the workqueue code. It was quite hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind enough to mail me. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 7c23f741e97f6645bb5cd662a4943796a344b26a)
* rssileds: change rssileds.init STOP indexJoseph Tingiris2019-09-042-2/+2
| | | | | | | | | | This patch is in a series to allow additional STOP indexes after umount, so that other block devices may stop cleanly. rssileds.init is now STOP=89 Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com> (cherry picked from commit 8a5a01a67769f3822e365342d706b3cb57ef97f3)
* package/network: add PKGARCH:=all to non-binary packagesDeng Qingfang2019-09-045-0/+5
| | | | | | | Packages such as xfrm contain only script files, add PKGARCH:=all Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 6762e72524075c37928ad4ae9a979257759b2703)
* hostapd: remove stale WPA_SUPPLICANT_NO_TIMESTAMP_CHECK optionChristian Lamparter2019-09-042-26/+0
| | | | | | | | | | | Support to disable the timestamp check for certificates in wpa_supplicant (Useful for devices without RTC that cannot reliably get the real date/time) has been accepted in the upstream hostapd. It's implemented in wpa_supplicant as a per-AP flag tls_disable_time_checks=[0|1]. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 99bf9a1ac2b754e708ec845059689b293d1abab0)
* netifd: xfrm fixesHans Dedecker2019-09-041-3/+3
| | | | | | | 9932ed0 netifd: fix xfrm interface deletion and standardize netlink call Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1fd900ddc2d10cde8e86d8059bfd112f3d0aae65)
* network/config/xfrm: add host-dependency for xfrm interface parentAndré Valentin2019-09-042-8/+12
| | | | | | | | Add proto_add_host_dependency to add a dependency to the tunlink interface Signed-off-by: André Valentin <avalentin@marcant.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit f6dab9804413139c3bd2647a81652d04baa1e59d)
* netifd: update to latest git HEADHans Dedecker2019-09-041-4/+4
| | | | | | | | 42a3878 interface-ip: fix possible null pointer dereference c1964d8 system-linux: remove superfluous dev check Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 55fcc77072c9ca0baee8e79c00d2342be26fce47)
* odhcpd: various fixesHans Dedecker2019-09-031-3/+3
| | | | | | | 8f1347b odhcpd: router: Fix out of scope memory access d37736e dhcpv6-ia: free assignment when validity timer expires Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iproute2: add libcap support, enabled in ip-fullAlin Nastac2019-08-302-9/+22
| | | | | | | | | | Preserve optionality of libcap by having configuration script follow the HAVE_CAP environment variable, used similarly to the HAVE_ELF variable. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches] (backported from commit a6da3f9ef746101b84a6f530f5a40de28341b69a) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-08-281-3/+3
| | | | | | | | | a9f9557 nl80211: support reading hardware id from phy directly c586cd3 iwinfo: add device id for MediaTek MT7612E d4382dd iwinfo: add device id for Atheros AR9390 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit b13f3300d5a370305d6ecbd71620a4c1c40a166e)
* odhcpd: remove socket from uloop upon NETEV_IFINDEX_CHANGEHans Dedecker2019-08-191-3/+3
| | | | | | 949476e router: close socket upon NETEV_IFINDEX_CHANGE fixed Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-08-181-3/+3
| | | | | | | 6b03f96 ubus: increase maximum ubus request size to 64KB Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit d1f207ecc9f045e091d7008d86f0449bcf0b35bc)
* uhttpd: add direct dependency on libjson-cJo-Philipp Wich2019-08-181-1/+1
| | | | | | | | | | | | The OpenWrt buildroot ABI version rebuild tracker does not handle transient dependencies, therefor add all libraries linked by uhttpd as direct dependencies to the corresponding binary package definition. This ensures that uhttpd is automatically rebuilt and relinked if any of these libraries has its ABI_VERSION updated in the future. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit a95ddaba0272f254a3aeade3aa0c086e1625d672)
* uhttpd: Fix format string build problemsHauke Mehrtens2019-08-181-3/+3
| | | | | | | | | 91fcac34ac uhttpd: Fix multiple format string problems Fixes: fc454ca15305 libubox: update to latest git HEAD Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3c401f45c988aa6333a03efea1b1ac0318a8c11d)