aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Fix security problemHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This shouöld not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall: update to latest git HEADHauke Mehrtens2019-09-081-3/+3
| | | | | | 487bd0d utils: Fix string format message Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewal: update to latest git HEADHans Dedecker2019-09-071-3/+3
| | | | | | | | 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: update to latest git HEADHans Dedecker2019-09-071-2/+2
| | | | | | e199804 dhcpv6: sanitize oro options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: update to latest Git HEADHauke Mehrtens2019-09-011-3/+3
| | | | | | | | f599a8d iwinfo: Fix rate buffer size 71ec9be iwinfo: Fix buffer size f8ef450 iwinfo: Add support for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* nftables: bump to version 0.9.2Konstantin Demin2019-09-012-31/+4
| | | | | | | | | | | | | | - exclude Python-related stuff from build - drop patches: * 010-uclibc-ng.patch, applied upstream ipkg size decrease by 2.8%: old: 194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk new: 189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-013-2/+14
| | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-08-281-3/+3
| | | | | | | | a9f9557 nl80211: support reading hardware id from phy directly c586cd3 iwinfo: add device id for MediaTek MT7612E d4382dd iwinfo: add device id for Atheros AR9390 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: update to 5.2.0DENG Qingfang2019-08-244-725/+3
| | | | | | Remove upstream patches Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* firewall: update to latest git HEADKevin Darbyshire-Bryant2019-08-221-3/+3
| | | | | | bf29c1e firewall3: ipset: Handle reload_set properly Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iftop: update to HEAD of 2018-10-03 - 77901cChristian Lamparter2019-08-181-3/+3
| | | | | | | | | | | | Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183 git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c 77901c8 Support scales beyond 1Gbps Created with the help of the make-package-update-commit.sh script. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uhttpd: update to latest Git HEADJo-Philipp Wich2019-08-181-3/+3
| | | | | | 6b03f96 ubus: increase maximum ubus request size to 64KB Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: add libcap support, enabled in ip-fullAlin Nastac2019-08-184-27/+22
| | | | | | | | Preserve optionality of libcap by having configuration script follow the HAVE_CAP environment variable, used similarly to the HAVE_ELF variable. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
* mac80211: Update to version 5.3-rc4-1Hauke Mehrtens2019-08-171-24/+77
| | | | | | | | | The removed patches were applied upstream. The type of the RT2X00_LIB_EEPROM config option was changed to bool, because boolean is an invalid value and the new kconfig system complained about this. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Allow CONFIG_IEEE80211W for all but mini variantHauke Mehrtens2019-08-171-6/+2
| | | | | | | | | This commit will activate CONFIG_IEEE80211W for all, but the mini variant when at least one driver supports it. This will add ieee80211w support for the mesh variant for example. Fixes: FS#2397 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Remove ROBO switch supportHauke Mehrtens2019-08-171-2/+0
| | | | | | The driver was removed from OpenWrt a long time ago. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall: improve ipset supportKevin Darbyshire-Bryant2019-08-161-4/+4
| | | | | | | | | | | | | | | | | | | | Bump to latest git HEAD 509e673 firewall3: Improve ipset support The enabled option did not work properly for ipsets, as it was not checked on create/destroy of a set. After this commit, sets are only created/destroyed if enabled is set to true. Add support for reloading, or recreating, ipsets on firewall reload. By setting "reload_set" to true, the set will be destroyed and then re-created when the firewall is reloaded. Add support for the counters and comment extensions. By setting "counters" or "comment" to true, then counters or comments are added to the set. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: use nettle ecc_curve access functionsHans Dedecker2019-08-092-1/+36
| | | | | | Fixes compile issues with nettle 3.5.1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* comgt-ncm: add driver dependencies againVincent Wiemann2019-08-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | In the commit 623716dd4318 ("comgt-ncm: Fix NCM protocol") the dependencies to vendor NCM drivers were removed, because: > comgt-ncm should not depend on the USB-serial-related kernel modules, > as the cdc-wdm control device works without them. There is also no need > to depend on kmod-huawei-cdc-ncm, since other manufacturers (like > Ericsson and Samsung) which use other kernel modules should also be > supported. From a user-perspective this does not make sense, as installing comgt-ncm (or luci-proto-ncm) should install all needed dependencies for using such a device. Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson and Samsung devices can't be supported. By the way it seems that Ericsson and Samsung devices never used NCM, but act as serial modems. Thus this commit adds the dependencies again. Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com> [fixed title capitalization, formatted commit message, renamed Sony-Ericsson to Ericsson] Signed-off-by: David Bauer <mail@david-bauer.net>
* netifd: update to latest git HEADHans Dedecker2019-08-071-3/+3
| | | | | | 5e02f94 system-linux: fix resource leak Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* linux-atm: Add missing headersRosen Penev2019-08-052-1/+31
| | | | | | This fixes compilation with -Werror=implicit-function-declaration. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-057-11/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* ethtool: bump to 5.2Hans Dedecker2019-08-051-2/+2
| | | | | | | | | 379c096 Release version 5.2. 2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes 67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019 687152b ethtool.spec: Use standard file location macros Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* firewall: update to latest git HEADHans Dedecker2019-08-051-3/+3
| | | | | | de94097 utils: coverity resource leak warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipset: update to 7.3DENG Qingfang2019-08-051-3/+3
| | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* Revert "dnsmasq: backport latest patches"Kevin Darbyshire-Bryant2019-08-0352-1988/+32
| | | | | | This reverts commit e9eec39aacde450ba87598d85987b374ce6aed95. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* Revert "dnsmasq: improve insecure DS warning"Kevin Darbyshire-Bryant2019-08-032-28/+1
| | | | | | This reverts commit cd91f2327ffb06a41129a35ae7be1e7923a78d74. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iptables: fix connmark savedscp buildKevin Darbyshire-Bryant2019-07-291-16/+24
| | | | | | | Add <strings.h> for ffs() definition. Reported-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: improve insecure DS warningKevin Darbyshire-Bryant2019-07-252-1/+28
| | | | | | | | Log the failing domain in the insecure DS warning. Patch has been sent upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport latest patchesKevin Darbyshire-Bryant2019-07-2552-32/+1988
| | | | | | | | Backport upstream patches pre 2.81rc for testing purposes. Let's see what falls out! Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iptables: add connmark savedscp supportKevin Darbyshire-Bryant2019-07-252-1/+207
| | | | | | | | | | | | | | | iptables: connmark - add savedscp option Naive user space front end to xt_connmark 'savedscp' option. e.g. iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000 Will save DSCP into the top 6 bits and OR 0x01 (ie set) the least significant bit of most significant byte. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: update to latest git HEADHans Dedecker2019-07-221-3/+3
| | | | | | 899f168 system-linux: Coverity fixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* curl: update to 7.65.3Hans Dedecker2019-07-211-2/+2
| | | | | | For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211: Update to version 5.2-rc7Hauke Mehrtens2019-07-181-4/+242
| | | | | | | | | | | | | | This updates mac80211 to version 5.2-rc7, this contains all the changes to the wireless subsystem up to Linux 5.2-rc7. * The removed patches are applied upstream * b43 now uses kmod-lib-cordic * Update the nl80211.h file in iw to match backports version. * Remove the two backports from kernel 4.9, they were needed for mt76, but that can use the version from backports now, otherwise they collide and cause compile errors. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openvpn: add new list option tls_ciphersuitesMartin Schiller2019-07-171-1/+2
| | | | | | | To configure the list of allowable TLS 1.3 ciphersuites, the option tls_ciphersuites is used instead of tls_ciphers. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* iperf3: update to 3.7DENG Qingfang2019-07-081-2/+2
| | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* hostapd: adjust removed wolfssl optionsEneas U de Queiroz2019-07-071-4/+0
| | | | | | | | | This edjusts the selection of recently removed wolfssl options which have always been built into the library even in their abscence. Also remove the selection of libwolfssl itself, allowing the library to be built as a module. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* iproute2: update to 5.1.0Deng Qingfang2019-07-046-166/+64
| | | | | | | | Update iproute2 to 5.1.0 Remove upstream patch 010-cake-fwmark.patch Backport a patch to fix struct sysinfo redefinition error Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* openvpn: fix handling of list optionsMatt Merhar2019-07-032-3/+4
| | | | | | | | | | | | | | This addresses an issue where the list option specified in /etc/config/openvpn i.e. 'tls_cipher' would instead show up in the generated openvpn-<name>.conf as 'ncp-ciphers'. For context, 'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from openvpn.options. Also, the ordering of the options in the UCI config file is now preserved when generating the OpenVPN config. The two currently supported list options deal with cipher preferences. Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
* comgt: add delay option for 3g protoFlorian Eckert2019-07-031-0/+4
| | | | | | | All protos for wwan (ncm,qmi,mbim) do have a delay option. To standardize that add also the missing delay option to the 3g proto. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: fix indentation style and boundaryFlorian Eckert2019-07-031-5/+9
| | | | | | Fix indentation style and boundary. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: add mtu config option possibilityFlorian Eckert2019-07-031-2/+8
| | | | | | | | There are mobile carrier who have different MTU size in their network. With this change it is now possible to configure this with the qmi proto handler. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* wireguard: bump to 0.0.20190702Jason A. Donenfeld2019-07-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * curve25519: not all linkers support bmi2 and adx This should allow WireGuard to build on older toolchains. * global: switch to coarse ktime Our prior use of fast ktime before meant that sometimes, depending on how broken the motherboard was, we'd wind up calling into the HPET slow path. Here we move to coarse ktime which is always super speedy. In the process we had to fix the resolution of the clock, as well as introduce a new interface for it, landing in 5.3. Older kernels fall back to a fast-enough mechanism based on jiffies. https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/ https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/ * netlink: cast struct over cb->args for type safety This follow recent upstream changes such as: https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/ * peer: use LIST_HEAD macro Style nit. * receive: queue dead packets to napi queue instead of empty rx_queue This mitigates a WARN_ON being triggered by the workqueue code. It was quite hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind enough to mail me. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* iptables: update to 1.8.3Deng Qingfang2019-07-028-170/+28
| | | | | | | | | | | | | | | | | | | | | Update iptables to 1.8.3 ChangeLog: https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt Removed upstream patches: - 001-extensions_format-security_fixes_in_libip.patch - 002-include_fix_build_with_kernel_headers_before_4_2.patch - 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch Altered patches: - 200-configurable_builtin.patch - 600-shared-libext.patch No notable size changes Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix]
* uqmi: bump to latest git HEADKoen Vandeputte2019-06-271-4/+4
| | | | | | | 1965c7139374 uqmi: add explicit check for message type when expecting a response 01944dd7089b uqmi_add_command: fixed command argument assignment Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* rssileds: change rssileds.init STOP indexJoseph Tingiris2019-06-242-2/+2
| | | | | | | | | This patch is in a series to allow additional STOP indexes after umount, so that other block devices may stop cleanly. rssileds.init is now STOP=89 Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
* package/network: add PKGARCH:=all to non-binary packagesDeng Qingfang2019-06-225-0/+5
| | | | | | Packages such as xfrm contain only script files, add PKGARCH:=all Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* iproute2: update ctinfo supportKevin Darbyshire-Bryant2019-06-201-10/+5
| | | | | | | | Follow upstream changes - header file changes only no functional or executable changes, hence no package bump required Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: remove stale WPA_SUPPLICANT_NO_TIMESTAMP_CHECK optionChristian Lamparter2019-06-202-26/+0
| | | | | | | | | | Support to disable the timestamp check for certificates in wpa_supplicant (Useful for devices without RTC that cannot reliably get the real date/time) has been accepted in the upstream hostapd. It's implemented in wpa_supplicant as a per-AP flag tls_disable_time_checks=[0|1]. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>