aboutsummaryrefslogtreecommitdiffstats
path: root/package/network
Commit message (Collapse)AuthorAgeFilesLines
* openvpn: update to 2.4.4Magnus Kroken2017-09-282-34/+58
| | | | | | | | | Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* hostapd: update wpa_supplicant p2p configLorenzo Santina2017-09-281-91/+278
| | | | | | | | | | | | | | | | Update the config file to the latest version. Added CONFIG_EAP_FAST=y because it was the only missing flag about EAP compared to full config. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Other flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant mini configLorenzo Santina2017-09-281-100/+292
| | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update wpa_supplicant full configLorenzo Santina2017-09-281-93/+280
| | | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Commented CONFIG_IEEE80211W=y flag because it is set in the Makefile, only if the driver supports it. Removed NEED_80211_COMMON flag because it is not part of config file, it is set by the hostapd upstream Makefile. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd mini configLorenzo Santina2017-09-281-19/+237
| | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: update hostapd full configLorenzo Santina2017-09-281-27/+235
| | | | | | | | | | | | | | Update the config file to the latest version. Enabled flags are the same as before. Removed flag CONFIG_WPS2 because it is no more needed due to this changelog (2014-06-04 - v2.2): "remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled whenever CONFIG_WPS=y is set". Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [add punctuation to commit msg] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: fix disable threaded resolverHans Dedecker2017-09-271-0/+36
| | | | | | | | | | | Bump to 7.55.1 broke the disable threaded resolver feature as reported in https://github.com/curl/curl/issues/1784. As a result curl is always compiled with the threaded resolver feature enabled which causes a dependency issue on pthread for uclibc. Fix this issue by backporting the upstream curl commit which fixes disable threaded resolver. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipset: replace patch that was reverted upstreamStijn Tintel2017-09-262-31/+25
| | | | | | Use the correct prefix for backports while at it. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba36: add Package/samba/DefaultStijn Tintel2017-09-251-12/+12
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ipset: bump to 6.34Stijn Tintel2017-09-252-3/+34
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: bump to 7.55.1Stijn Tintel2017-09-253-11/+11
| | | | | | | | | | | | Update 200-no_docs_tests.patch. Refresh patches. Fixes the following CVEs: - CVE-2017-1000099 - CVE-2017-1000100 - CVE-2017-1000101 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* iperf: bump to 2.0.10Stijn Tintel2017-09-251-9/+4
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uhttp: update to latest versionAdrian Panella2017-09-211-4/+4
| | | | | | | | | | | | | | 3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* openvpn: add "extra-certs" optionSven Roederer2017-09-192-1/+2
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* hostapd: ft_over_ds supportLorenzo Santina2017-09-181-2/+4
| | | | | | Add support for ft_over_ds flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
* hostapd: ft_psk_generate_local supportLorenzo Santina2017-09-181-2/+4
| | | | | | | | Add support for ft_psk_generate_local flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [original author] Signed-off-by: Sergio <mailbox@sergio.spb.ru>
* dnsmasq: fix dhcp "ignore" option on wwan interfacesMarcin Jurkowski2017-09-182-3/+4
| | | | | | | | | | | | | | Init script won't append --no-dhcp-interface option if interface protocol is one of: ncm, directip, qmi, mbim. This is caused by IP address assigned to dynamically created netifd interfaces. As a result there's no netmask assigned to the main interface and dhcp_add() function returns prematurely. By moving network subnet check we can ensure that --no-dhcp-interface is properly generated for wwan interfaces. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: Pass TARGET_CPPFLAGS to MakefileFlorian Fainelli2017-09-161-1/+1
| | | | | | | | | With the introduction of the ubus notifications, we would now fail building dnsmasq with external toolchains that don't automatically search for headers. Pass TARGET_CPPFLAGS to the Makefile to resolve that. Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-172-5/+5
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wwan: json format in some modem definitionsAlexandru Ardelean2017-09-16268-349/+349
| | | | | | | | | | | | | | | | | | | | Method used: ``` cd package/network/utils/wwan/files/data sed -e 's/}}/}/g' -i * sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i * sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i * ``` Manually adjusted commas. Validated with ``` for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done ``` Thanks to @lynxis for pointing out the commas. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-09-162-4/+19
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-09-131-3/+3
| | | | | | | | | | | | | | | | f0bce9c dhcpv4: fix memset compile issue 0ba3278 dhcpv4: rework assignment lookup e3b49f3 dhcpv4: cleanup dhcpv4_test usage 47fe122 dhcpv4: rework lease expire handling logic 028ab85 dhcpv4: force renew nonce authentication support a827fca dhcpv4: avoid segfault when there's no IPv4 prefix bea088b ndp: detect ifindex changes via interface netlink events f66103e ubus: display accept reconf status for DHCPv6 assignments f0e354b treewide: replace RELAYD prefix naming in macros 1a313f9 dhcpv4: fix possible segfault when lease is not created e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-137-8/+7
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-112-37/+41
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: bump to 0.9.8Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* dnsmasq: backport arcount edns0 fixKevin Darbyshire-Bryant2017-09-082-1/+45
| | | | | | | | | Don't return arcount=1 if EDNS0 RR won't fit in the packet. Omitting the EDNS0 RR but setting arcount gives a malformed packet. Also, don't accept UDP packet size less than 512 in received EDNS0. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport official fix for CVE-2017-13704Kevin Darbyshire-Bryant2017-09-073-38/+95
| | | | | | | | | Remove LEDE partial fix for CVE-2017-13704. Backport official fix from upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* odhcp6c: add workaround for broken extendprefix scenarioHans Dedecker2017-09-052-3/+20
| | | | | | | | | | | | Extendprefix is typically used to extend an IPv6 RA prefix from a mobile wan link to the LAN; such scenario requires correct RA prefix settings like the on link flag not being set. However some mobile manufacter set the RA prefix on link flag which breaks basic IPv6 routing. Work around this issue by filtering out the route being equal to the extended prefix. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: add ra_holdoff config option and update to git HEAD version (FS#964)Hans Dedecker2017-09-032-6/+9
| | | | | | | | | 51733a6 ra: align RA update interval with RFC4861 (FS#964) Add ra_holdoff config option which allows to configure the RA minimum update interval which is by default 3 seconds as stated in RFC4861. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"John Crispin2017-08-311-3/+3
| | | | | | This reverts commit f7528ed0a8586434e18e9007b1bf0d05a18d6418. Signed-off-by: John Crispin <john@phrozen.org>
* dropbear: Link ssh and scp command to /bin instead of /usr/binRosen Penev2017-08-311-3/+3
| | | | | | | | ssh and scp commands interfere with OpenSSH when installed in /usr/bin . One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Remove syslog and load printers lines.Rosen Penev2017-08-301-2/+0
| | | | | | printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Don't resolve interfaces.Rosen Penev2017-08-302-7/+2
| | | | | | | It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them. Signed-off-by: Rosen Penev <rosenp@gmail.com> Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* samba36: Remove guest ok since LuCI configures it.Rosen Penev2017-08-301-2/+1
| | | | | | guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dnsmasq: forward.c: fix CVE-2017-13704Kevin Darbyshire-Bryant2017-08-302-1/+38
| | | | | | | | | | | | | | | | Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: update to git HEAD versionHans Dedecker2017-08-291-3/+3
| | | | | | 7d94ede system-linux: parse map-e fmrs parameters as nested data json object Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: use nested json data object to store map-e fmrs parametersHans Dedecker2017-08-292-7/+11
| | | | | | | Replace the string array containing the fmrs parameters by a nested data json object holding an array of fmrs parameters Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: fix boolean argument passed to blobmsg_check_attr in mapcalcHans Dedecker2017-08-262-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix indentationHans Dedecker2017-08-251-3/+3
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add support for multiple tags for each host.Kuang Rufan2017-08-252-2/+7
| | | | | | | | | | | | | | | | | | | | | | | Currently, dnsmasq support assigning multiple tags to a host record (--dhcp-host), but we only support only 1 tag for a host. The commit makes the following config to be valid: config host option name 'computer' option mac '00:11:22:33:44:55' option ip '192.168.1.100' list tag 'vendor_class' list tag 'vendor_id' config tag 'vendor_class' list dhcp_option 'option:vendor-class,00:...<omitted>' config tag 'vendor_id' option force '1' list dhcp_option 'option:vendor-id-encap,00:...<omitted>' Signed-off-by: Kuang Rufan <kuangrufan@pset.suntec.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: add ealen as configurable uci parameterHans Dedecker2017-08-242-1/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* xtables-addons: update to version 2.13Koen Vandeputte2017-08-241-2/+2
| | | | | | | | | | | | | | | | | Changes: 89d1b80 xt_condition: namespace support #2 c839e87 xt_geoip: check for allocation overflow a587f95 compat_xtables: use more accurate printf format for NIPQUAD 1874fcd xt_DNETMAP: fix a buffer overflow 21ea7b7 xt_LOGMARK: resolve new gcc7 warnings ee8da2b build: support for Linux 4.12 19a4359 xt_condition: add support for namespaces 1b37966 xt_psd: resolve compiler warning Tested on cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Revert "iputils: switch to new upstream"John Crispin2017-08-248-101/+330
| | | | | | | This reverts commit 77d3ac8e3ecd7989a7cffb575c4a42bc68190b6c. This reverts commit e665b3df2a47ba5bb049d13358937ac67b860b70. Signed-off-by: John Crispin <john@phrozen.org>
* iperf3: add SSL variant for iperf_auth featurePhilip Prindeville2017-08-232-3/+74
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* iperf3: update to 3.2Philip Prindeville2017-08-232-3/+24
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* iputils: update sha256sumJohn Crispin2017-08-231-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* iputils: switch to new upstreamJohn Crispin2017-08-238-329/+100
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* samba36-net: new packageAnsuel Smith2017-08-231-1/+14
| | | | | | Samba could also be usefull for sending commands to windows pc (like shoutdown command). This new package add the bin to include this kind of command to the samba package. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>