aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: remove some bashismsSven Roederer2020-01-261-3/+3
| | | | | | | | | "[[" is a bash extension for test. As the ash-implementation is not fully compatible we drop its usage. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> [remove shebang, slightly facelift commit title/message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* 6in4/6in4.sh: remove some bashism (usage of [[)Sven Roederer2020-01-261-1/+1
| | | | | | | "[[" is a bash extension for test. As the ash-implementation is not fully compatible we drop its usage. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* netifd/config.sh: remove some bashism (usage of [[)Sven Roederer2020-01-261-1/+1
| | | | | | | "[[" is a bash extension for test. As the ash-implementation is not fully compatible we drop its usage. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* wireguard-tools: bump to 1.0.20200121Jason A. Donenfeld2020-01-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Makefile: remove pwd from compile output * Makefile: add standard 'all' target * Makefile: evaluate git version lazily Quality of life improvements for packagers. * ipc: simplify inflatable buffer and add fuzzer * fuzz: add generic command argument fuzzer * fuzz: add set and setconf fuzzers More fuzzers and a slicker string list implementation. These fuzzers now find themselves configuring wireguard interfaces from scratch after several million mutations, which is fun to watch. * netlink: make sure to clear return value when trying again Prior, if a dump was interrupted by a concurrent set operation, we'd try again, but forget to reset an error flag, so we'd keep trying again forever. Now we do the right thing and succeed when we succeed. * Makefile: sort inputs to linker so that build is reproducible Earlier versions of make(1) passed GLOB_NOSORT to glob(3), resulting in the linker receiving its inputs in a filesystem-dependent order. This screwed up reproducible builds. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 0.0.20200121Jason A. Donenfeld2020-01-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Makefile: strip prefixed v from version.h This fixes a mistake in dmesg output and when parsing the sysfs entry in the filesystem. * device: skb_list_walk_safe moved upstream This is a 5.6 change, which we won't support here, but it does make the code cleaner, so we make this change to keep things in sync. * curve25519: x86_64: replace with formally verified implementation This comes from INRIA's HACL*/Vale. It implements the same algorithm and implementation strategy as the code it replaces, only this code has been formally verified, sans the base point multiplication, which uses code similar to prior, only it uses the formally verified field arithmetic alongside reproducable ladder generation steps. This doesn't have a pure-bmi2 version, which means haswell no longer benefits, but the increased (doubled) code complexity is not worth it for a single generation of chips that's already old. Performance-wise, this is around 1% slower on older microarchitectures, and slightly faster on newer microarchitectures, mainly 10nm ones or backports of 10nm to 14nm. This implementation is "everest" below: Xeon E5-2680 v4 (Broadwell) armfazh: 133340 cycles per call everest: 133436 cycles per call Xeon Gold 5120 (Sky Lake Server) armfazh: 112636 cycles per call everest: 113906 cycles per call Core i5-6300U (Sky Lake Client) armfazh: 116810 cycles per call everest: 117916 cycles per call Core i7-7600U (Kaby Lake) armfazh: 119523 cycles per call everest: 119040 cycles per call Core i7-8750H (Coffee Lake) armfazh: 113914 cycles per call everest: 113650 cycles per call Core i9-9880H (Coffee Lake Refresh) armfazh: 112616 cycles per call everest: 114082 cycles per call Core i3-8121U (Cannon Lake) armfazh: 113202 cycles per call everest: 111382 cycles per call Core i7-8265U (Whiskey Lake) armfazh: 127307 cycles per call everest: 127697 cycles per call Core i7-8550U (Kaby Lake Refresh) armfazh: 127522 cycles per call everest: 127083 cycles per call Xeon Platinum 8275CL (Cascade Lake) armfazh: 114380 cycles per call everest: 114656 cycles per call Achieving these kind of results with formally verified code is quite remarkable, especialy considering that performance is favorable for newer chips. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: fix faulty WMM IE parameters with ETSI regulatory domainsFelix Fietkau2020-01-232-0/+88
| | | | | | | | hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP. The code for applying those values had a few bugs leading to bogus values, which caused significant latency and packet loss. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* curl: update to version 7.68.0 (security fix)Jan Pavlinec2020-01-211-3/+3
| | | | | | | Fixes CVE-2019-15601 Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* netifd: add basic support for jail network namespacesDaniel Golle2020-01-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prepare netifd for handling procd service jails having their own network namespace. Intefaces having the jail attribute will only be brought up inside the jail's network namespace by procd calling the newly introduced ubus method 'netns_updown'. Currently proto 'static' is supported and configuration changes are not yet being handled (ie. you'll have to restart the jailed service for changes to take effect). Example /etc/config/network snippet: config device 'veth0' option type 'veth' option name 'vhost0' option peer_name 'virt0' config interface 'virt' option type 'bridge' list ifname 'vhost0' option proto 'static' option ipaddr '10.0.0.1' option netmask '255.255.255.0' config interface 'virt0' option ifname 'virt0' option proto 'static' option ipaddr '10.0.0.2' option netmask '255.255.255.0' option gateway '10.0.0.1' option dns '10.0.0.1' option jail 'transmission' Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcpd: update to version 2020-01-14Hans Dedecker2020-01-161-3/+3
| | | | | | | | | 6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes 2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags b413d8a dhcpv6-ia: cleanup prefix delegation routes b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add support for system cert bundle validationDavid Lam2020-01-162-6/+15
| | | | | | | | | | | | | | Currently, it is very cumbersome for a user to connect to a WPA-Enterprise based network securely because the RADIUS server's CA certificate must first be extracted from the EAPOL handshake using tcpdump or other methods before it can be pinned using the ca_cert(2) fields. To make this process easier and more secure (combined with changes in openwrt/openwrt#2654), this commit adds support for validating against the built-in CA bundle when the ca-bundle package is installed. Related LuCI changes in openwrt/luci#3513. Signed-off-by: David Lam <david@thedavid.net> [bump PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: cleanup IBSS-RSNDaniel Golle2020-01-162-6/+2
| | | | | | set noscan also for IBSS and remove redundant/obsolete variable. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dropbear: fix compile errorJohn Crispin2020-01-151-1/+2
| | | | | Fixes: 0da193ee6943 ("dropbear: move failsafe code out of base-files") Signed-off-by: John Crispin <john@phrozen.org>
* wireguard: skip peer config if public key of the peer is not definedFlorian Eckert2020-01-151-0/+5
| | | | | | | | | | | | | | | If a config section of a peer does not have a public key defined, the whole interface does not start. The following log is shown daemon.notice netifd: test (21071): Line unrecognized: `PublicKey=' daemon.notice netifd: test (21071): Configuration parsing erro The command 'wg show' does only show the interface name. With this change we skip the peer for this interface and emit a log message. So the other peers get configured. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uhttpd: add enable instance optionFlorian Eckert2020-01-152-1/+5
| | | | | | | | With this change it is now possible to switch off single instances of the uhttpd config. Until now it was only possible to switch all instances of uhttpd on or off. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* hostapd: add wpa_strict_rekey supportKyle Copperfield2020-01-151-1/+3
| | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Rekey GTK on STA disassociate Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_requiredKyle Copperfield2020-01-152-3/+12
| | | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Allows dtim_period to be configurable, the default is from hostapd. Adds additional regulatory tunables for power constraint and spectrum managment. Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* dropbear: move failsafe code out of base-filesKyle Copperfield2020-01-152-1/+10
| | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Failsafe code of dropbear should be in the dropbear package not the base-files package. Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
* hostapd: add support for subject validationDavid Lam2020-01-142-1/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The wpa_supplicant supports certificate subject validation via the subject match(2) and altsubject_match(2) fields. domain_match(2) and domain_suffix_match(2) fields are also supported for advanced matches. This validation is especially important when connecting to access points that use PAP as the Phase 2 authentication type. Without proper validation, the user's password can be transmitted to a rogue access point in plaintext without the user's knowledge. Most organizations already require these attributes to be included to ensure that the connection from the STA and the AP is secure. Includes LuCI changes via openwrt/luci#3444. From the documentation: subject_match - Constraint for server certificate subject. This substring is matched against the subject of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains this string in the subject. The subject string is in following format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as .example.com subject_match2 - Constraint for server certificate subject. This field is like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. altsubject_match - Constraint for server certificate alt. subject. Semicolon separated string of entries to be matched against the alternative subject name of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains one of the entries in an alternative subject name extension. altSubjectName string is in following format: TYPE:VALUE Example: EMAIL:server@example.com Example: DNS:server.example.com;DNS:server2.example.com Following types are supported: EMAIL, DNS, URI altsubject_match2 - Constraint for server certificate alt. subject. This field is like altsubject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_match - Constraint for server domain name. If set, this FQDN is used as a full match requirement for the server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same full match comparison. This behavior is similar to domain_suffix_match, but has the requirement of a full match, i.e., no subdomains or wildcard matches are allowed. Case-insensitive comparison is used, so "Example.com" matches "example.com", but would not match "test.Example.com". More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. domain_match2 - Constraint for server domain name. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match - Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAA server certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met. If no dNSName values are present, this constraint is matched against SubjectName CN using same suffix match comparison. Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels. More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed together. For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. This field is like domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. domain_suffix_match2 - Constraint for server domain name. This field is like domain_suffix_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Signed-off-by: David Lam <david@thedavid.net>
* odhcpd: activate PIE ASLR by defaultPetr Štetiar2020-01-141-0/+1
| | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. Size increase on x86/64: odhcpd-ipv6only Installed-Size: 36821 -> 38216 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uhttpd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 39% uncompressed and 21% compressed on MIPS BE. old: 33,189 /usr/sbin/uhttpd 23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk new: 46,212 /usr/sbin/uhttpd 27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* hostapd: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 26% uncompressed and 16% compressed on MIPS BE. old: 460,933 /usr/sbin/wpad 283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk new: 584,508 /usr/sbin/wpad 330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dropbear: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 18% uncompressed and 17% compressed on MIPS BE. old: 164,261 /usr/sbin/dropbear 85,648 dropbear_2019.78-2_mips_24kc.ipk new: 194,492 /usr/sbin/dropbear 100,309 dropbear_2019.78-2_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: Activate PIE by defaultHauke Mehrtens2020-01-131-0/+1
| | | | | | | | | | | | | | | | | | | This activates PIE ASLR support by default when the regular option is selected. This increases the binary size by 37% uncompressed and 18% compressed on MIPS BE. old: 146,933 /usr/sbin/dnsmasq 101,837 dnsmasq_2.80-14_mips_24kc.ipk new: 202,020 /usr/sbin/dnsmasq 120,577 dnsmasq_2.80-14_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Petr Štetiar <ynezz@true.cz>
* ethtool: bump to 5.4Hans Dedecker2020-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7dc0af7 Release version 5.4. 914912e ethtool: add 0x16 and 0x1c extended compliance codes 600b779 ethtool: mark 10G Base-ER as SFF-8472 revision 10.4 onwards 696565d ethtool: correctly interpret bitrate of 255 2941970 fix unused parameter warning in e1000_get_mac_type() 5e814f2 fix unused parameter warning in fjes_dump_regs() b1a5279 fix unused parameter warning in ixgb_dump_regs() 6608751 fix unused parameter warning in ibm_emac_dump_regs() 1c30119 fix unused parameter warning in et131x_dump_regs() a56aba4 fix unused parameter warning in amd8111e_dump_regs() f40d32d fix unused parameter warning in fec_dump_regs() 8b84f1a fix unused parameter warning in at76c50x_usb_dump_regs() f725f5a fix unused parameter warning in smsc911x_dump_regs() a12cd66 fix unused parameter warning in e1000_dump_regs() e058656 fix unused parameter warning in igb_dump_regs() debac02 fix unused parameter warning in de2104[01]_dump_regs() d434eea fix unused parameter warning in e100_dump_regs() 8df12f3 fix unused parameter warning in vioc_dump_regs() 92d716b fix unused parameter warning in tg3_dump_{eeprom, regs}() 211c99e fix unused parameter warning in fec_8xx_dump_regs() 362fb8b fix unused parameter warning in ixgbevf_dump_regs() 87903c2 fix unused parameter warning in st_{mac100, gmac}_dump_regs() c1eaddf fix unused parameter warning in vmxnet3_dump_regs() 313c9f8 fix unused parameter warning in dsa_dump_regs() 183e8a2 fix unused parameter warning in {skge, sky2}_dump_regs() 7f84c13 fix unused parameter warning in lan78xx_dump_regs() 02d0aaa fix unused parameter warning in realtek_dump_regs() 726d607 fix unused parameter warning in ixgbe_dump_regs() 967177c fix unused parameter warning in netsemi_dump_eeprom() 710a414 fix unused parameter warning in natsemi_dump_regs() 283398a fix unused parameter warning in print_simple_table() 0404267 fix unused parameter warning in sfc_dump_regs() 57c7298 fix unused parameter warning in altera_tse_dump_regs() 302e91a fix unused parameter warning in dump_eeprom() 2054a8c fix unused parameter warning in find_option() d5432a9 fix unused parameter warnings in do_version() and show_usage() c430e75 fix arithmetic on pointer to void is a GNU extension warning e568431 ethtool: implement support for Energy Detect Power Down e391f4c ethtool: sync ethtool-copy.h: adds support for EDPD Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard-tools: bump to 1.0.20200102Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * systemd: update documentation URL * global: bump copyright Usual house keeping. * Makefile: DEBUG_TOOLS -> DEBUG and document * Makefile: port static analysis check * dns-hatchet: adjust path for new repo layout * Makefile: rework automatic version.h mangling These are some important-ish cleanups for downstream package maintainers that should make packaging this a lot smoother. * man: add documentation about removing explicit listen-port Documentation improvement. * wg-quick: linux: quote ifname for nft This should fix issues with weirdly named ifnames and odd versions of nft(8). * fuzz: find bugs in the config syntax parser * fuzz: find bugs when parsing uapi input These are two fuzzers that have been laying around without a repo for a while. Perhaps somebody with enough compute power will find bugs with them. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 0.0.20200105Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | * socket: mark skbs as not on list when receiving via gro Certain drivers will pass gro skbs to udp, at which point the udp driver simply iterates through them and passes them off to encap_rcv, which is where we pick up. At the moment, we're not attempting to coalesce these into bundles, but we also don't want to wind up having cascaded lists of skbs treated separately. The right behavior here, then, is to just mark each incoming one as not on a list. This can be seen in practice, for example, with Qualcomm's rmnet_perf driver. This lead to crashes on OnePlus devices and possibly other Qualcomm 4.14 devices. But I fear that it could lead to issues on other drivers on weird OpenWRT routers. This commit is upstream in net-next as: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=736775d06bac60d7a353e405398b48b2bd8b1e54 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: add uci-defaults script for config migrationDaniel Golle2020-01-092-1/+9
| | | | | | | | | When running sysupgrade from an existing configuration, UCI option dhcp.@dnsmasq[0].resolvfile needs to be modified in case it has not been changed from it's original value. Accomplish that using a uci-defaults script. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: disable ft_psk_generate_local for non-PSK networksDavid Bauer2020-01-091-1/+9
| | | | | | | | | | | | Without this commit, ft_psk_generate_local is enabled for non-PSK networks by default. This breaks 802.11r for EAP networks. Disable ft_psk_generate_local by default for non-PSK networks resolves this misbehavior. Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net> Signed-off-by: David Bauer <mail@david-bauer.net> Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
* ethtool: fix PKG_CONFIG_DEPENDSMatthias Schiffer2020-01-071-1/+1
| | | | | | Add missing CONFIG_ prefix. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* iperf: fix PKG_CONFIG_DEPENDSMatthias Schiffer2020-01-071-1/+1
| | | | | | | Fix typo in PKG_CONFIG_DEPENDS and missing CONFIG_ prefix. Fixes: e98e046f06f3 ("iperf: Allow enabling multicast support") Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: bump PKG_RELEASEDaniel Golle2020-01-071-1/+1
| | | | | | | | Previous commit should have bumped PKG_RELEASE, but git add was forgotten... Add it now. Fixes: cd48d8d342 ("dnsmasq: switch to /tmp/resolv.conf.d/resolv.conf.auto") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: switch to /tmp/resolv.conf.d/resolv.conf.autoDaniel Golle2020-01-072-7/+8
| | | | | | | Mount-bind directory instead of resolv.conf.auto file in jail to avoid problems when the file is deleted/replaced. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* netifd: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/Daniel Golle2020-01-071-4/+4
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/Daniel Golle2020-01-071-1/+1
| | | | | | Having it in a directory it more friendly for mount-bind. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: Fix potential dnsmasq crash with TCPHauke Mehrtens2020-01-062-1/+36
| | | | | | | | | | | | | | | This is a backport from the dnsmasq master which should fix a bug which could cause a crash in dnsmasq. I saw the following crashes in my log: [522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450 [522413.124464] epc = 004197f1 in dnsmasq[400000+23000] [522413.129459] ra = 004197ef in dnsmasq[400000+23000] This is happening in blockdata_write() when block->next is dereferenced, but I am not sure if this is related to this problem or if this is a different problem. I am unable to reproduce this problem. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iwinfo: Update to version 2020-01-05Hauke Mehrtens2020-01-051-4/+4
| | | | | | bf2c106 nl80211: add htmode to iwinfo_ops Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ead: fix resource leak in tinysrpAndrea Dalla Costa2020-01-051-1/+3
| | | | | | | Add call to fclose for file pointer fp in function t_openpw. The resource leak could happen during an error handling. Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
* pppd: update to 2.4.8DENG Qingfang2020-01-0521-68/+67
| | | | | | | | | | | | | | | | | | | | 78cd384 Update README and patchlevel.h for 2.4.8 release 5d03403 pppd: Avoid use of strnlen (and strlen) in vslprintf a1e950a pppd: Fix IPv6 default route code for Solaris ca5e61b plugins/rp-pppoe: Make tag parsing loop condition more accurate c10c3c7 pppd: Make sure word read from options file is null-terminated b311e98 pppd: Limit memory accessed by string formats with max length specified 3ea9de9 pppd: Eliminate some more compiler warnings 57edb1a pppd: Include time.h header before using time_t 09f695f pppd: Don't free static string 03104ba pppd.h: Add missing headers 388597e pppd: Add defaultroute6 and related options 66ce4ba pppd: Avoid declarations within statements in main.c 5637180 pppd: Fix `ifname` option in case of multilink (#105) d00f8a0 pppd: Fix variable reference syntax in Makefile.linux b6b4d28 pppd: Check tdb pointer before closing Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* dropbear: add missing zlib dependency for dropbearconvertMatt Merhar2020-01-051-0/+1
| | | | | | | | | | If CONFIG_DROPBEAR_ZLIB is set, building fails at the packaging stage due to an undeclared dependency on libz.so.1. As is already done for the main dropbear package, conditionally add a dependency on zlib. Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
* lldpd: Fix compilation without fortify-headersRosen Penev2020-01-053-4/+23
| | | | | | Upstream backport. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* iperf: Allow enabling multicast supportFlorian Fainelli2020-01-031-0/+13
| | | | | | | iperf2 is useful for testing UDP over multicast, add an option to permit the enabling/disabling of multicast support. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* Revert "iptables: update to 1.8.4"Jo-Philipp Wich2019-12-303-14/+14
| | | | | | | | | | | | | | | This reverts commit 10cbc896c0a26aecff37261450c21f29fb5b99db. The updated iptables package does not build due to the following error encountered on the buildbots: cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so it appears as if further packaging changes are needed beyond a simple version bump. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iptables: update to 1.8.4DENG Qingfang2019-12-303-14/+14
| | | | | | | | | Update iptables to 1.8.4 ChangeLog: https://netfilter.org/projects/iptables/files/changes-iptables-1.8.4.txt Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* iwinfo: update to 2019-12-27David Bauer2019-12-301-3/+3
| | | | | | | a6f6c05 nl80211: properly handle netdev names starting with "radio" 31dcef3 iwinfo: add several QC/A device ids Signed-off-by: David Bauer <mail@david-bauer.net>
* wireguard: bump to 20191226Jason A. Donenfeld2019-12-274-34/+61
| | | | | | | | | | | | | | | | As announced on the mailing list, WireGuard will be in Linux 5.6. As a result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is moving to its own wireguard-tools repo. Meanwhile, the out-of-tree kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux- compat repo. Yesterday, releases were cut out of these repos, so this commit bumps packages to match. Since wg(8) and the compat kernel module are versioned and released separately, we create a wireguard-tools Makefile to contain the source for the new tools repo. Later, when OpenWRT moves permanently to Linux 5.6, we'll drop the original module package, leaving only the tools. So this commit shuffles the build definition around a bit but is basically the same idea as before. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* curl: rename cyassl->wolfsslEneas U de Queiroz2019-12-261-2/+2
| | | | | | The old name was dropped and no longer works. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wireguard: bump to 20191219Kevin Darbyshire-Bryant2019-12-241-4/+3
| | | | | | | | | | edad0d6 version: bump snapshot 0e38a3c compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4 2e52c41 wg-quick: linux: use already configured addresses instead of in-memory 3721521 tools: adjust wg.8 syntax for consistency in COMMANDS section 21a1498 wg-quick: linux: try both iptables(8) and nft(8) on teardown Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iperf: Fix compilation with libcxxRosen Penev2019-12-232-1/+13
| | | | | | Avoids redefining bool. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* uhttpd: reset PKG_RELEASEJo-Philipp Wich2019-12-221-1/+1
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-12-221-3/+3
| | | | | | 5f9ae57 client: fix invalid data access through invalid content-length values Signed-off-by: Jo-Philipp Wich <jo@mein.io>