aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-181-1/+1
| | | | | | | | | | The previous commit did not adjust PKG_RELEASE, therefore the hostapd/wpad/wpa_supplicant packages containing the AP-side workaround for KRACK do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* wireguard: version bump to 0.0.20171017Jason A. Donenfeld2017-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a simple version bump. Changes: * noise: handshake constants can be read-only after init * noise: no need to take the RCU lock if we're not dereferencing * send: improve dead packet control flow * receive: improve control flow * socket: eliminate dead code * device: our use of queues means this check is worthless * device: no need to take lock for integer comparison * blake2s: modernize API and have faster _final * compat: support READ_ONCE * compat: just make ro_after_init read_mostly Assorted cleanups to the module, including nice things like marking our precomputations as const. * Makefile: even prettier output * Makefile: do not clean before cloc * selftest: better test index for rate limiter * netns: disable accept_dad for all interfaces Fixes in our testing and build infrastructure. Now works on the 4.14 rc series. * qemu: add build-only target * qemu: work on ubuntu toolchain * qemu: add more debugging options to main makefile * qemu: simplify shutdown * qemu: open /dev/console if we're started early * qemu: phase out bitbanging * qemu: always create directory before untarring * qemu: newer packages * qemu: put hvc directive into configuration This is the beginning of working out a cross building test suite, so we do several tricks to be less platform independent. * tools: encoding: be more paranoid * tools: retry resolution except when fatal * tools: don't insist on having a private key * tools: add pass example to wg-quick man page * tools: style * tools: newline after warning * tools: account for padding being in zero attribute Several important tools fixes, one of which suppresses a needless warning. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: add wpa_disable_eapol_key_retries optionStijn Tintel2017-10-171-0/+5
| | | | | | | | | | | | | | Commit 2127425434046ae2b9f02fdbbdd37cac447af19c introduced an AP-side workaround for key reinstallation attacks. This option can be used to mitigate KRACK on the station side, in case those stations cannot be updated. Since many devices are out there will not receive an update anytime soon (if at all), it makes sense to include this workaround. Unfortunately this can cause interoperability issues and reduced robustness of key negotiation, so disable the workaround by default, and add an option to allow the user to enable it if he deems necessary. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: backport extra changes related to KRACKStijn Tintel2017-10-179-9/+442
| | | | | | | | While these changes are not included in the advisory, upstream encourages users to merge them. See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: bump PKG_RELEASEStijn Tintel2017-10-171-1/+1
| | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ppp: make the patches apply correctly againHauke Mehrtens2017-10-161-1/+1
| | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard: add wireguard to base packagesJason A. Donenfeld2017-10-162-0/+308
| | | | | | | | | | | | | | | | | | | | | | | Move wireguard from openwrt/packages to base a package. This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving experimental kernel module that many find essential and useful. The other is a VPN client. Both are inside of core. When you combine the two characteristics, you get WireGuard. Generally speaking, because of the extremely lightweight nature and "stateless" configuration of WireGuard, many view it as a core and essential utility, initiated at boot time and immediately configured by netifd, much like the use of things like GRE tunnels. WireGuard has a backwards and forwards compatible Netlink API, which means the userspace tools should work with both newer and older kernels as things change. There should be no versioning requirements, therefore, between kernel bumps and userspace package bumps. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Acked-by: Jo-Philipp Wich <jo@mein.io> Acked-by: Felix Fietkau <nbd@nbd.name>
* hostapd: merge fixes for WPA packet number reuse with replayed messages and ↵Felix Fietkau2017-10-1614-29/+965
| | | | | | | | | | | | | | | | | | | | | key reinstallation Fixes: - CERT case ID: VU#228519 - CVE-2017-13077 - CVE-2017-13078 - CVE-2017-13079 - CVE-2017-13080 - CVE-2017-13081 - CVE-2017-13082 - CVE-2017-13086 - CVE-2017-13087 - CVE-2017-13088 For more information see: https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ppp: fix compile warningHauke Mehrtens2017-10-151-0/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: xrx200: rename nas0/ptm0 to dsl0Martin Schiller2017-10-152-2/+10
| | | | | | | | | | | | | This change makes it possible to configure the wan/dsl ppp interface settings independantly from the used TC-Layer (ATM/PTM). Now you can move a device from an ADSL/ATM port to an VDSL/PTM port without any configuration changes for example. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [use the dsl0 interface name for the default netdev trigger in 01_led, add ip dependency] Signed-off-by: Mathias Kresin <dev@kresin.me>
* libs/libnl: Update to 3.3.0Daniel Engberg2017-10-151-0/+44
| | | | | | | | | | Update libnl to 3.3.0 Import patches to fix compilation Source: https://git.busybox.net/buildroot/tree/package/libnl Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287 Use more automatic toolchain logic Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* wpan-tools: add the wpan-ping to test the 6LoWPAN networkYunhui Fu2017-10-151-0/+1
| | | | | | | This patch adds the help tool wpan-ping to test the 6LoWPAN network to help the user debug network problem. Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
* iproute2: bump to 4.13Hans Dedecker2017-10-1311-38/+51
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add listen_address parameterChristian Lamparter2017-10-132-1/+6
| | | | | | | | | | | | | | | | | | | | | | | This patch adds a parser for the uci representation of dnsmasq's "-a | --listen-address" option. In summary, this option forces dnsmasq to listen on the given IP address(es). Both interface and listen-address options may be given, in which case the set of both interfaces and addresses is used. Note that if no interface option is given, but listen_address is, dnsmasq will not automatically listen on the loopback interface. To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1 must be explicitly added. This option is useful for ujailed dnsmasq instances, that would otherwise fail to work properly, because listening to the "This host on this network" address (aka 0.0.0.0 see rfc1700 page 4) may not be allowed. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* net: uqmi: fix blocking in endless loops when unplugging deviceAlexandru Ardelean2017-10-091-0/+2
| | | | | | | | | | | If you unplug a QMI device, the /dev/cdc-wdmX device disappears but uqmi will continue to poll it endlessly. Then, when you plug it back, you have 2 uqmi processes, and that's bad, because 2 processes talking QMI to the same device [and the same time] doesn't seem to work well. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* conntrack-tools: switch to gitStijn Tintel2017-10-091-7/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There have been a number of interesting fixes in conntrack-tools since the current latest release. Most notable is that this fixes IPv6 conntrack table syncing when cross-compiling conntrack-tools. 7e7748d src/main: refresh help message fe32043 conntrackd.8: refresh file 47a4dda conntrackd.8: add reference to systemd 0cfe7ff doc/manual: include some bits about init systems 74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling d833bed conntrackd: cthelper: ftp: Fix debug print dd4b5a1 conntrackd: cthelper: Add new mdns helper 498d698 Link nfct and helper modules with `-z lazy` 9e94e85 sync-mode: print errno message on failure ab81c35 log: print messages to stdout/sderr if running in console mode 631d92b log: introduce a mechanism to know if log was initialized ccb1c8b conntrackd: replace error reporting in the config parser with dlog() bee121e conntrackd: replace fprintf calls with dlog() 5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address abb9984 helper: remove copy and paste from uapi kernel header a91a004 src: add log message when resync is requested by other node c2d8be1 systemd: fix missing log.h include f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options 8b83771 conntrack: send mark filter to kernel iff set 1ba5e76 conntrackd: cthelper: Don't leak nat_tuple 832166d conntrackd: cthelper: Free pktb after use ff843bc conntrackd: config: Do not strdup() tokens b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing 8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option 39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On 29b390a conntrack: Support IPv6 NAT 381827a conntrackd: factorice tx_queue functions 131df89 conntrackd: factorize resync operations d31bacc conntrackd: consolidate more code to use resync_send() 3d98496 conntrackd: request resync at startup ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6 9d38445 conntrackd: evaluate configuration earlier 6feded7 conntrackd: cleanup if failed forking dbfdea7 conntrackd: deprecate unix backlog configuration 210f542 conntrackd: make the daemon run in RT mode by default 37cc7f0 conntrackd: remove warning for -S d2849d1 conntrack: Show multiple CPUs stats from proc bc0b49a conntrackd: cthelper: ssdp: fix build with musl 0c77a25 tests: don't fail on modprobe since the driver might be built-in eefe649 conntrack.8: refresh manpage Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* treewide: switch git.netfilter.org to HTTPSStijn Tintel2017-10-083-3/+3
| | | | | | | As git.netfilter.org seems to support HTTPS, use that instead of HTTP which is insecure, or GIT which is blocked on many corporate networks. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset-dns: bump to git HEADStijn Tintel2017-10-082-60/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: add nghttp2 supportHans Dedecker2017-10-072-2/+9
| | | | | | Add config option support for nghttp2 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: escape double quoutes in wpad CFLAGSStijn Tintel2017-10-071-0/+1
| | | | | | | | | | | | | | | | | | A recent commit in hostapd added a build option to specify the default TLS ciphers. This build option is passed via CFLAGS. Due to the way CFLAGS are handled when building wpad, the compiler tries to recursively expand TLS_DEFAULT_CIPHERS, resulting in the following error: ../src/crypto/tls_openssl.c: In function 'tls_init': <command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function) ../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS' ciphers = TLS_DEFAULT_CIPHERS; ^ Escape double quotes in the .cflags file to avoid this. Fixes: 2f78034c3ef ("hostapd: update to version 2017-08-24") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update to version 2017-08-24Koen Vandeputte2017-10-0725-478/+145
| | | | | | | | | | | | - Deleted upstreamed patches & parts - Refreshed all Compile tested: full-option package + tools (hostapd + wpa_supplicant) Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link Targets: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* netifd: update to latest git HEAD version (FS#1030)Hans Dedecker2017-10-061-3/+3
| | | | | | | 5df3f01 config: suppress error if no wireless config present (FS#1030) 3429bd8 system-linux: add support for hotplug event 'move' Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: fix PKG_CONFIG_DEPENDSHans Dedecker2017-10-061-1/+4
| | | | | | Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to v2.78Kevin Darbyshire-Bryant2017-10-028-248/+18
| | | | | | Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mac80211: update to backports-4.14-rc2Hauke Mehrtens2017-10-011-25/+382
| | | | | | | | | | | | | | | | | | | | This updates mac80211 to backprots-4.14-rc2. This was compile and runtime tested with ath9k, ath10k and b43 with multiple stations and ieee80211w and in different scenarios by many other people. To create the backports-4.14-rc2-1.tar.xz use this repository: https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git from tag v4.14-rc2-1 Then run this: ./gentree.py --git-revision v4.14-rc2 --clean <path to linux repo> ../backports-4.14-rc2-1 This also adapts the ath10k-ct and mt76 driver to the changed cfg80211 APIs and syncs the nl80211.h file in iw with the new version from backports-4.14-rc2. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iw: fix build on musl hostStijn Tintel2017-09-291-2/+1
| | | | | | | | | | | The empty version.sh script causes a problem when run by make: make[3]: /usr/bin/env bash: Shell program not found Adding a shebang line in version.sh seems to solve it. Fixes FS#977. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add support for accessing 802.11k neighbor report elements via ubusFelix Fietkau2017-09-281-0/+169
| | | | | | | This API can be used to distribute neighbor report entries across multiple APs on the same LAN. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for specifying device config options directly in uciFelix Fietkau2017-09-281-0/+6
| | | | | | | This is useful for tuning some more exotic parameters where it doesn't make sense to attempt to cover everything in uci directly Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: make ssh compression support configurableMarcin Jurkowski2017-09-282-3/+13
| | | | | | | | | Adds config option to enable compression support which is usefull when using a terminal sessions over a slow link. Impact on binary size is negligible but additional 60 kB (uncompressed) is needed for a shared zlib library. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* umdns: update to latest git HEADJohn Crispin2017-09-281-3/+3
| | | | | | | | b84fdac Add debug output for service_timeout 8f7e3bc Remove incorrect comma in http service json config 9f40133 Remove ttl==255 restriction for queries Signed-off-by: John Crispin <john@phrozen.org>
* openvpn: update to 2.4.4Magnus Kroken2017-09-282-34/+58
| | | | | | | | | Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* hostapd: update wpa_supplicant p2p configLorenzo Santina2017-09-281-91/+278
| | | | | | | | | | | | | | | | Update the config file to the latest version. Added CONFIG_EAP_FAST=y because it was the only missing flag about EAP compared to full config. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Other flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant mini configLorenzo Santina2017-09-281-100/+292
| | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant full configLorenzo Santina2017-09-281-93/+280
| | | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Commented CONFIG_IEEE80211W=y flag because it is set in the Makefile, only if the driver supports it. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd mini configLorenzo Santina2017-09-281-19/+237
| | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd full configLorenzo Santina2017-09-281-27/+235
| | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed flag CONFIG_WPS2 because it is no more needed due to this changelog (2014-06-04 - v2.2): "remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set". Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: fix disable threaded resolverHans Dedecker2017-09-271-0/+36
| | | | | | | | | | | Bump to 7.55.1 broke the disable threaded resolver feature as reported in https://github.com/curl/curl/issues/1784. As a result curl is always compiled with the threaded resolver feature enabled which causes a dependency issue on pthread for uclibc. Fix this issue by backporting the upstream curl commit which fixes disable threaded resolver. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipset: replace patch that was reverted upstreamStijn Tintel2017-09-262-31/+25
| | | | | | Use the correct prefix for backports while at it. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: add Package/samba/DefaultStijn Tintel2017-09-251-12/+12
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset: bump to 6.34Stijn Tintel2017-09-252-3/+34
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: bump to 7.55.1Stijn Tintel2017-09-253-11/+11
| | | | | | | | | | | | Update 200-no_docs_tests.patch. Refresh patches. Fixes the following CVEs: - CVE-2017-1000099 - CVE-2017-1000100 - CVE-2017-1000101 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iperf: bump to 2.0.10Stijn Tintel2017-09-251-9/+4
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uhttp: update to latest versionAdrian Panella2017-09-211-4/+4
| | | | | | | | | | | | | | 3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* openvpn: add "extra-certs" optionSven Roederer2017-09-192-1/+2
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* hostapd: ft_over_ds supportLorenzo Santina2017-09-181-2/+4
| | | | | | Add support for ft_over_ds flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
* hostapd: ft_psk_generate_local supportLorenzo Santina2017-09-181-2/+4
| | | | | | | | Add support for ft_psk_generate_local flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [original author] Signed-off-by: Sergio <mailbox@sergio.spb.ru>
* dnsmasq: fix dhcp "ignore" option on wwan interfacesMarcin Jurkowski2017-09-182-3/+4
| | | | | | | | | | | | | | Init script won't append --no-dhcp-interface option if interface protocol is one of: ncm, directip, qmi, mbim. This is caused by IP address assigned to dynamically created netifd interfaces. As a result there's no netmask assigned to the main interface and dhcp_add() function returns prematurely. By moving network subnet check we can ensure that --no-dhcp-interface is properly generated for wwan interfaces. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: Pass TARGET_CPPFLAGS to MakefileFlorian Fainelli2017-09-161-1/+1
| | | | | | | | | With the introduction of the ubus notifications, we would now fail building dnsmasq with external toolchains that don't automatically search for headers. Pass TARGET_CPPFLAGS to the Makefile to resolve that. Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-172-5/+5
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>