aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
...
* samba: Update smb.conf.templateneheb2016-07-051-8/+2
| | | | | | | | Removed some options which are default anyway and added bind interfaces only which causes the interfaces line to actually have an effect. Can be verified with netstat. Signed-off by: Rosen Penev <rosenp@gmail.com>
* dnsmasq: Add broken realtime clock build switch in full variantHans Dedecker2016-06-301-3/+8
| | | | | | | | | | | | | By default dnsmasq uses the time function; which returns the time since Epoch; to retrieve the current time. On boards which have no realtime clock this can lead to side effects when the time is synced via ntp as the "time wrap" forces dhcp leases to be considered as expired. By enabling the broken realtime clock build switch dnsmasq uses the times utility which returns the number of clock tick. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: fix missing cipher list for polarssl in v2.3.11Jo-Philipp Wich2016-06-282-1/+43
| | | | | | | | | | | Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lldpd: Use /etc/os-release instead of /etc/openwrt_*Daniel Dickinson2016-06-272-43/+4
| | | | | | | | | With the addition of /etc/os-release patching lldpd to use /etc/openwrt_release and to have the initscript use /etc/openwrt_release and/or /etc/openwrt_version becomes unnecessary. Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* dnsmasq: dnssec time handling uses ntpd hotplugKevin Darbyshire-Bryant2016-06-244-25/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change dnsmasq's dnssec time check handling to use time validity indicated by ntpd rather than maintaining a cross boot/upgrade /etc/dnsmasq.time timestamp file. This saves flash device wear. If ntpd client is configured in uci and you're using dnssec, then dnsmasq will not check dnssec timestamp validity until ntpd hotplug indicates sync via a stratum change. The ntpd hotplug leaves a status flag file to indicate to dnsmasq.init that time is valid and that it should now start in 'check dnssec timestamp valid' mode. If ntpd client is not configured and you're using dnssec, then it is presumed you're using an alternate time sync mechanism and that time is correct, thus dnsmasq checks dnssec timestamps are valid from 1st start. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> V2 - stratum & step ntp changes indicate time is valid V3 - on initial flag file step signal dnsmasq with SIGHUP if running V4 - only accept step ntp changes. Accepting both stratum & step could result in unpleasant script race conditions V5 - Actually only accepting stratum is the correct thing to do after further testing V6 - improve handling of non busybox ntpd if sysntpd not executable dnsmasq checks dnssec timestamps else sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file sysntp script enabled & uci ntp enabled - look for timestamp file sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec timestamps fi
* packages: prefer http over git for git protocolHauke Mehrtens2016-06-223-3/+3
| | | | | | | | | In company networks everything except the http and https protocol is often causes problems, because the network administrators try to block everything else. To make it easier to use LEDE in company networks use the https/http protocol for git access when possible. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: update to the latest version, adds some extensions to handler script ↵Felix Fietkau2016-06-161-2/+2
| | | | | | support Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix breakage with non-nl80211 driversFelix Fietkau2016-06-152-15/+18
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix compilation error in wext backendJo-Philipp Wich2016-06-151-0/+10
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: implement fallback for incomplete survey dataFelix Fietkau2016-06-151-0/+45
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: update to version 2016-06-15Felix Fietkau2016-06-1523-115/+115
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: Update to version 2016-05-05Michal Hrusecky2016-06-158-103/+180
| | | | | | Fixes CVE-2016-4476 and few possible memory leaks. Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
* openvpn: update to 2.3.11Magnus Kroken2016-06-133-4/+25
| | | | | | | | | | Security fixes: * Fixed port-share bug with DoS potential * Fix buffer overflow by user supplied data Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* package/*: update git urls for project reposJohn Crispin2016-06-133-3/+3
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: support hostid ipv6 address suffix optionKevin Darbyshire-Bryant2016-06-101-1/+29
| | | | | | | | | | | | | | | | | | | | | | Add support for hostid dhcp config entry to dnsmasq. This allows specification of dhcpv6 hostid suffix and works in the same way as odhcpd. Entries in auto generated dnsmasq.conf should conform to: dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname example based on sample config/dhcp entry: config host option name 'Kermit' option mac 'E0:3F:49:A1:D4:AA' option ip '192.168.235.4' option hostid '4' dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dnsmasq: Add option --max-portHans Dedecker2016-06-101-0/+1
| | | | | | | | | By default dnsmasq uses random ports for outbound dns queries; when the maxport UCI option is specified the ports used will always be smaller than the specified value. This is usefull for systems behind firewalls. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn: add support for tls-version-minMatteo Panella2016-06-072-2/+2
| | | | | | | | | | | | | Currently, the uci data model does not provide support for specifying the minimum TLS version supported in an OpenVPN instance (be it server or client). This patch adds support for writing the relevant option to the openvpn configuration file at service startup. Signed-off-by: Matteo Panella <morpheus@level28.org> [Jo-Philipp Wich: shorten commit title, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace jow@openwrt.org with jo@mein.ioJo-Philipp Wich2016-06-0729-29/+29
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-0716-17/+17
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* openvpn: remove unrecognized optionDirk Neukirchen2016-06-011-1/+0
| | | | | | | | removed upstream in https://github.com/OpenVPN/openvpn/commit/9ffd00e7541d83571b9eec087c6b3545ff68441f now its always on Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
* dropbear: Fix incorrect CONFIG_TARGET_INIT_PATH.Dario Ernst2016-05-241-2/+2
| | | | | | | Fix a „semantic typo“ introduced in b78aae793e20e06defa1e75ab4d30dbb6807c139, where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH. Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
* dnsmasq: Set the default dhcp lease file and resolv fileDaniel Dickinson2016-05-241-4/+12
| | | | | | | | Instead of making assumptions about the leasefile and resolv file make sure we use what the user configures, but fall back to defaults if no configuration is specified Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
* dnsmasq: update to dnsmasq v2.76Kevin Darbyshire-Bryant2016-05-244-10/+28
| | | | | | | Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl 'poll.h' location warning. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* mdns: update to latest git HEADJohn Crispin2016-05-231-2/+2
| | | | | | * fixes loopback handling Signed-off-by: John Crispin <john@phrozen.org>
* uhttpd: use configured distribution name for SSL certificate CNFelix Fietkau2016-05-212-1/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.timeKevin Darbyshire-Bryant2016-05-192-0/+18
| | | | | | | | | | | | conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* Revert "dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time"Jo-Philipp Wich2016-05-192-18/+0
| | | | | | | | This reverts commit d830cb08826dc593406d9003d061016061b6c3c4. Reverting this commit due to a missing Signed-off-by. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.timeKevin Darbyshire-Bryant2016-05-182-0/+18
| | | | | | | | | | conditionally save dnsmasq.time across sysupgrade dnsmasq uses /etc/dnsmasq.time as record of the last known good system time to aid its validation of dnssec timestamps. dnsmasq updates the timestamp on process start/stop once it considers the system time as valid. The timestamp file should be preserved across system upgrade but should not be included as part of normal configuration backups to prevent restores corrupting the current timestamp.
* dropbear: update to 2016.73Jo-Philipp Wich2016-05-136-28/+18
| | | | | | | | | | | | | Update the dropbear package to version 2016.73, refresh patches. The measured .ipk sizes on an x86_64 build are: 94588 dropbear_2015.71-3_x86_64.ipk 95316 dropbear_2016.73-1_x86_64.ipk This is an increase of roughly 700 bytes after compression. Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* global: change my email addressJohn Crispin2016-05-121-1/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* dropbear: Add --disable-utmpx againHans Dedecker2016-05-121-0/+1
| | | | | | | The option --disable-utmpx was deleted by accident in commit 7545c1d; add it again to the CONFIGURE_ARGS list Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: Add ppp-mod-passwordfd subpackage to pppHans Dedecker2016-04-281-1/+19
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: Add conntrack support in the full variantHans Dedecker2016-04-281-6/+12
| | | | | | | | | | Conntrack support reads the connection track mark associated with incoming DNS queries and sets the same mark value on the upstream forwarded DNS query. This can be usefull to track traffic generated by dnsmasq to associate it with the clients who generate the queries, usefull for bandwidth accouting and firewall. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: Add procd interface triggers when interface config is specifiedHans Dedecker2016-04-282-2/+22
| | | | | | | | | A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: Make utmp and putuline support configurable via seperate config ↵Hans Dedecker2016-04-282-3/+17
| | | | | | | | | options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* branding: add LEDE brandingJohn Crispin2016-03-249-15/+15
| | | | Signed-off-by: John Crispin <blogic@openwrt.org>
* dnsmasq: run as dedicated UID/GIDJohn Crispin2016-04-262-2/+5
| | | | | | | | | | | Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49252
* dnsmasq: Add enable parameter in the UCI DHCP host sectionHauke Mehrtens2016-04-171-0/+3
| | | | | | | | | | Parameter allows to enable/disable static leases; by default the value is 1 to keep backwards compatibility Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49187
* hostapd.sh: Add support for "anonymous_identity" config fieldHauke Mehrtens2016-04-171-2/+3
| | | | | | | | | | | | | | | | | | The wpa_supplicant supports an "anonymous_identity" field, which some EAP networks require. From the documentation: anonymous_identity: Anonymous identity string for EAP (to be used as the unencrypted identity with EAP types that support different tunnelled identity, e.g., EAP-TTLS). This change modifies the hostapd.sh script to propagate this field from the UCI config to the wpa_supplicant.conf file. Signed-off-by: Kevin O'Connor <kevin@koconnor.net> Reviewed-by: Manuel Munz <freifunk@somakoma.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49181
* samba: fix some security problemsHauke Mehrtens2016-04-1621-46/+20105
| | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2015-7560 * CVE-2015-5370 * CVE-2016-2110 * CVE-2016-2111 * CVE-2016-2112 * CVE-2016-2115 * CVE-2016-2118 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> SVN-Revision: 49175
* openvpn: add support for X.509 name optionsJohn Crispin2016-03-081-0/+1
| | | | | | | | | x509-username-field was added in OpenVPN 2.2, and verify-x509-name was added in 2.3. This fixes ticket #18807. Signed-off-by: Jeffery To <jeffery.to@gmail.com> SVN-Revision: 48969
* dnsmasq: add host-specific lease time option for static hostsJohn Crispin2016-02-262-3/+5
| | | | | | | | | | | | | | | | | | | | | | | Enable setting a host-specific lease time for static hosts. The new option is called "leasetime" and the format is similar as for the default lease time: e.g. 12h, 3d, infinite Default lease time is used for all hosts for which there is no host-specific definition. The option is added to /etc/config/dhcp for the selected hosts: config host option name 'Nexus' option mac 'd8:50:66:55:59:7c' option ip '192.168.1.245' option leasetime '2h' It gets appended to /var/etc/dnsmasq.conf like this: dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 48801
* dnsmasq: add dhcp relay optionJohn Crispin2016-02-261-0/+19
| | | | | | Signed-off-by: dbugnar <dnbugnar@ocedo.com> SVN-Revision: 48800
* dnsmasq: export tftp root to the procd jailFelix Fietkau2016-02-251-11/+17
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48761
* dnsmasq: only enable tftp if the tftp root existsFelix Fietkau2016-02-251-1/+2
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48760
* lldp: Upgrade to 0.9.0John Crispin2016-02-181-2/+2
| | | | | | Signed-off-by: Ben Kelly <ben@benjii.net> SVN-Revision: 48738
* dropbear: honor CONFIG_TARGET_INIT_PATHJo-Philipp Wich2016-02-082-6/+17
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48679
* relayd: update to the latest version, fixes some more connectivity issues ↵Felix Fietkau2016-02-081-2/+2
| | | | | | | | (#21817) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48655
* relayd: update to the latest version, fixes route table issues when ↵Felix Fietkau2016-02-051-2/+2
| | | | | | | | connecting to the router Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48635
* hostapd: remove useless TLS provider selection override for ↵Felix Fietkau2016-01-281-2/+1
| | | | | | | | wpad-mesh/wpa_supplicant-mesh Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48537