aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services
Commit message (Collapse)AuthorAgeFilesLines
...
* ppp: propagate master firewall zone to dynamic slave interfaceHans Dedecker2017-05-312-1/+4
| | | | | | | | | | Assign the virtual DHCPv6 interface the firewall zone of the parent interface so fw3 knows the zone to which the virtual DHCPv6 interface belongs. This guarantees the firewall settings are applied correctly for the virtual DHCPv6 interface and allows to query the zone to which the virtual DHCPv6 interface belongs via the fw3 network option. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openvpn-easy-rsa: update to 3.0.1Luiz Angelo Daros de Luca2017-05-315-169/+26
| | | | | | | | | | | | | | | | | | | | | | easy-rsa v3 is now a single script. It expects a 'vars' configuration file which path can be set using easy-rsa options, environment variables or just looking in the current directory. The default usage would be: # cd /etc/easy-rsa # easy-rsa COMMAND [command-options] Following upstream changes, /etc/easy-rsa/pki replaces /etc/easy-rsa/keys directory. The default /etc/easy-rsa/pki dir is marked to be kept during upgrade (WARN: priv keys are saved in the system backup) /etc/easy-rsa/openssl.1.0.cnf is now marked as config file while index and serial got removed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* samba: bump PKG_RELEASEJo-Philipp Wich2017-05-271-1/+1
| | | | | | | | | | | The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the fixed samba package does not appear as opkg update. Bump the PKG_RELEASE to signify upgrades to downstream users. Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: add dhcp-script hook for other packagesNick Brassel2017-05-263-5/+59
| | | | | | | | | | | | | Adds a script which acts as a hook for when dnsmasq creates/destroys a lease, or completes a TFTP file transfer. The hook loops through scripts in appropriate directories inside '/etc/hotplug.d', executing each one with the same arguments supplied by dnsmasq. In case dnsmasq is jailed by ujail the dhcp-script hook will not work as expected as ujail does not yet support executing a script within a jail. Signed-off-by: Nick Brassel <nick@tzarc.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* lldpd: bump to 0.9.7Stijn Tintel2017-05-241-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* samba: fix CVE-2017-7494Stijn Tintel2017-05-242-4/+33
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dnsmasq: bump to 2.77rc5Hans Dedecker2017-05-221-3/+3
| | | | | | | | | | | | | Some small tweaks and improvements : 9828ab1 Fix compiler warning. f77700a Fix compiler warning. 0fbd980 Fix compiler warning. 43cdf1c Remove automatic IDN support when building i18n. ff19b1a Fix &/&& confusion. 2aaea18 Add .gitattributes to substitute VERSION on export. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* umdns: update to the version 2017-05-22Rafał Miłecki2017-05-221-3/+3
| | | | | | | | | | | | | | | | This includes following changes: 0e8b948 Support specifying instance name in JSON file 49fdb9f Support PTR queries for a specific service 26ce7dc Allow filtering with instance name in service_reply 920c62a Store instance name in the struct service ff09d9a Rename service_name function to the service_instance_name 64f78f1 Rename mdns_hostname variable to the umdns_host_label Previous package update pulled commit 70c66fbbcde86 ("Fix sending replies to PTR questions") which introduced a regression which this update fixes. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dropbear: bump to 2017.75Kevin Darbyshire-Bryant2017-05-212-17/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* lldpd: drop specific respawn params [use system-wide]Alexandru Ardelean2017-05-181-3/+0
| | | | | | | I think I added these respawn params [a while back], when I did the conversion to procd init script format. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* dnsmasq: add IPv6 nameserver configuration in server modeArjen de Korte2017-05-162-1/+11
| | | | | | | | | | | When in ra server mode, configure nameservers passed in router announcements from the dns value (which is already used by odhcpd). This also fixes FS#677 by using the global IPv6 address of the router instead of the link local address (if no nameservers are configured). Signed-off-by: Arjen de Korte <build+lede@de-korte.org> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* uhttpd: Enable integrated Lua by defaultAnsuel Smith2017-05-162-4/+17
| | | | | | We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-05-151-3/+3
| | | | | | | | | | | | | | | | | | 93abe6f config: fix invalid hoplimit in RA message 2ae08d1 config: fix invalid retranstime in RA message 0005cb4 config: fix invalid reachabletime in RA message 5683dd2 config: limit ra_mtu to 65535 f8d40a5 router: fix interface mtu read error f8f4b87 config: limit ra_retranstime to 60000 a2d8bf6 dhcpv4: display two hex digits per octet in syslog a9e9bc4 config: make RA retransTime configurable via uci 2cb6b48 config: make RA reachableTime configurable via uci e4504db config: make RA curHopLimit configurable via uci 9dd5316 config: make RA mtu configurable via UCI 29cb2ff config: fix dhcpv4 server being started 0ef74ec ndp.c: add switch/case fallthrough comments Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211, hostapd: always explicitly set beacon intervalMatthias Schiffer2017-05-132-4/+3
| | | | | | | | | | | | | | | | One of the latest mac80211 updates added sanity checks, requiring the beacon intervals of all VIFs of the same radio to match. This often broke AP+11s setups, as these modes use different default intervals, at least in some configurations (observed on ath9k). Instead of relying on driver or hostapd defaults, change the scripts to always explicitly set the beacon interval, defaulting to 100. This also applies the beacon interval to 11s interfaces, which had been forgotten before. VIF-specific beacon_int setting is removed from hostapd.sh. Fixes FS#619. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: remove unused variable declarations in hostapd.shMatthias Schiffer2017-05-131-1/+0
| | | | | | | None of the variables in this "local" declaration are actually set in wpa_supplicant_add_network(). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: bump to 2.77rc3Kevin Darbyshire-Bryant2017-05-122-10/+10
| | | | | | Fix [FS#766] Intermittent SIGSEGV crash of dnsmasq-full Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* openvpn: update to v2.4.2Jo-Philipp Wich2017-05-121-2/+2
| | | | | | | | | | | | | Update to version 2.4.2 in order to address two potential Denial-of-Service vectors in OpenVPN. CVE-2017-7478 - Don't assert out on receiving too-large control packets CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2 Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: don't propagate DUID from one host to anotherArjen de Korte2017-05-111-1/+1
| | | | | | If no DUID is set for a host, it should be empty, not the last one set for a previous host. Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
* dnsmasq: use append_interface_name when using option --interface-nameHans Dedecker2017-05-092-4/+4
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: add interface-name uci list.Daniel Danzberger2017-05-092-1/+7
| | | | | | | | | | | | | | | | | | This patch adds the interface-name option for each dhcp config in /etc/config/dhcp. With the interface_name option users can define a DNS name for each dhcp section that will be resolved by dnsmasq with the underlaying interface address. For example: config dhcp 'lan' option interface 'lan' ... list interface_name 'home.lan' ... Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* dnsmasq: make tftp root if not existingAlberto Bursi2017-05-041-1/+1
| | | | | | | | | | If there's a TFTP root directory configured, create it with mkdir -p (which does not throw an error if the folder exists already) before starting dnsmasq. This is useful for TFTP roots in /tmp, for example. Originally submitted by nfw user aka Nathaniel Wesley Filardo Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* dnsmasq: fix dhcp_option usage warningHans Dedecker2017-05-041-1/+2
| | | | | | | Don't display unnecessary dhcp_option usage warning in case dhcp_option is empty Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* hostapd: add legacy_rates option to disable 802.11b data rates.Nick Lowe2017-05-031-8/+20
| | | | | | | | | | | | | | | | | | Setting legacy_rates to 0 disables 802.11b data rates. Setting legacy_rates to 1 enables 802.11b data rates. (Default) The basic_rate option and supported_rates option are filtered based on this. The rationale for the change, stronger now than in 2014, can be found in: https://mentor.ieee.org/802.11/dcn/14/11-14-0099-00-000m-renewing-2-4ghz-band.pptx The balance of equities between compatibility with b clients and the detriment to the 2.4 GHz ecosystem as a whole strongly favors disabling b rates by default. Signed-off-by: Nick Lowe <nick.lowe@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, defaults change]
* hostapd: fix reload frequency change patchAbhilash Tuse2017-05-032-7/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When sta is configured, hostapd receives 'stop' and 'update' command from wpa_supplicant. In the update command, hostapd gets sta parameters with which it configures ap. Problem is, with the default wireless configuration: mode:11g freq:2.4GHz channel:1 If sta is connected to 5GHz network, then ap does not work. Ideally with 340-reload_freq_change.patch hostapd should reload the frequency changes and start ap in 5GHz, but ap becomes invisible in the network. This issue can be reproduced with following /etc/config/wireless: config wifi-device radio0 option type mac80211 option channel 1 option hwmode 11g option path 'virtual/uccp420/uccwlan' option htmode 'none' config wifi-iface 'ap' option device 'radio0' option encryption 'none' option mode 'ap' option network 'ap' option ssid 'MyTestNet' option encryption none config wifi-iface 'sta' option device radio0 option network sta option mode sta option ssid TestNet-5G option encryption psk2 option key 12345 This change updates current_mode structure based on configured hw_mode received from wpa_supplicant. Also prepare rates table after frequency selection. Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
* dnsmasq: bump to 2.77test5Kevin Darbyshire-Bryant2017-05-021-2/+2
| | | | | | | | | | | A number of small tweaks & improvements on the way to a final release. Most notable: Improve DHCPv4 address-in-use check. Remove the recently introduced RFC-6842 (Client-ids in DHCP replies) support as it turns out some clients are getting upset. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* odhcpd: update to git HEAD version (FS#656,FS#595)Hans Dedecker2017-04-281-3/+3
| | | | | | | | | | 9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid 2b3355f ndp: fix adding proxy neighbor entries 7dff5b4 ndp: fix wrong interface name in syslog message a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file c0e9dbf ubus: don't segfault when there're no leases Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: support dhcp_option config as a listHans Dedecker2017-04-271-4/+21
| | | | | | | | | | Configuring dhcp_option as an option does not allow the usage of white spaces in the option value; fix this by supporting dhcp_option as a list config while still supporting the option config to maintain backwards compatibility Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: fix procd interface trigger installHans Dedecker2017-04-261-1/+3
| | | | | | | | Install procd interface triggers only for interfaces which are enabled so dropbear instances running on (an) enabled interface(s) are not restarted due to an interface trigger of an interface which is disabled. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-04-241-3/+3
| | | | | | | 570069d ubus: rework dumping IPv6 and IPv4 leases 4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: fix uninitialized varname in init-scriptBastian Bittorf2017-04-171-1/+1
| | | | | | | | | minor/cosmetic: fixes the following misleading message: root@box:~ /etc/init.d/dnsmasq restart sh: out of range Signed-off-by: Bastian Bittorf <bb@npl.de>
* openvpn: add myself as maintainerFelix Fietkau2017-04-121-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* OpenVPN: Update to 2.4.1Daniel Engberg2017-04-124-20/+12
| | | | | | | | | Update OpenVPN to 2.4.1 Remove 200-small_build_enable_occ.patch as it's included upstream. Refresh patches Add mirror and switch to HTTPS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* dnsmasq: peacefully coexist with ISC DHCPdDaniel Golle2017-04-081-0/+9
| | | | | | | | Similar to odhcpd, allow using ISC DHCPd instead of dnsmasq. Disable DHCP and/or DHCP6 in case ISC DHCP is present and enabled. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* odhcpd: update to git HEAD version (FS#635)Hans Dedecker2017-04-011-3/+3
| | | | | | | | | | 3d9f406 rework IPv6 dns address selection (FS#635) bc6c3ac ndp: keep an exact copy of IPv6 interface addresses 6eb1e01 ndp: code cleanup eea7d03 rework IPv6 address dump logic 24d21c7 ndp: add syslog debug tracing Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: use logical interface name for dhcp relay configKarl Vogel2017-03-291-1/+2
| | | | | | | | | The relay section should use the logical interface name and not the linux network device name directly. This to be consistent with other sections of the dnsmasq config where 'interface' means the logical interface. Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
* openvpn: add extra respawn parametersMartin Schiller2017-03-221-0/+3
| | | | | | | | | | | | | | | This change protects the openvpn instances to be marked as "in a crash loop" and thereby the connection retries will run infinitely. When the remote site of an openvpn connection goes down for some time (network failure etc.) the openvpn instance in an openwrt/lede device should not stop retrying to establish the connection. With the current limit of 5 retries, there is a user interaction required, which isn't really what you want when the device should simply do everything to keep the vpn connection up. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* umdns: update to the version 2017-03-21Rafał Miłecki2017-03-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | This includes following changes: 480d7bc Fix sending unicast questions on cache expire a0403cd Keep source sockaddr for every cached DNS record 1478293 Fix code freeing cached non-A(AAA) records too early 9f1cc22 Fix replying to "QU" questions received on unicast interface 943bedb Fix reading port of incoming packets c725494 Use MCAST_PORT define for port 5353 ce7e9e9 Use one define for DNS-Based Service Discovery service name e1bacef Drop entries cached for interface we're going to delete 496aeba Fix comment typo in cache_gc_timer f89986b Fix refreshing cached A(AAA) records that expire Previous updates made umdns work as expected on startup but there were still many bugs. They were mostly related to runtime - cache management and requests + responses. E.g. umdns was never able to send question on DNS record expire. It was also ignoring all incoming unicast questions. Since these issues are quite serious it makes sense to backport this update to the stable branch. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: don't point --resolv-file to default location unconditionallyPhilip Prindeville2017-03-181-3/+3
| | | | | | | If noresolv is set, we should not generate a --resolv-file parameter. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [minor cleanup]
* lldpd: bump to 0.9.6Stijn Tintel2017-03-181-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* umdns: update to the version 2017-03-14Rafał Miłecki2017-03-141-3/+3
| | | | | | | | | This includes 3 cleanups: fd5a160 Don't cache hosts as services 80dd246 Refresh DNS records A and AAAA directly 6515101 Access cached records (instead of services) to read list of hosts Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* umdns: update to the 2017-03-10 versionRafał Miłecki2017-03-101-3/+3
| | | | | | | This fixes crash in interface_start caused by freeing interface in interface_free without stopping a timeout. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: do not forward rfc6761 excluded domainsKevin Darbyshire-Bryant2017-03-093-2/+24
| | | | | | | | | | | | | | | | | | | | | | RFC 6761 defines a number of top level domains should not be forwarded to the Internet's domain servers since they are not responsible for those domains. This change adds a list of domains that will be blocked when 'boguspriv' is used and augments that which is already blocked by dnsmasq's notion of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses and IPv6 prefixes as defined in RFC 6303. To make this configurable rather than hard coded in dnsmasq's init script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally included. The default file matches the RFC 6761 recommendation along with a few other top level domains that should not be forwarded to the Internet. Compile & run tested Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* openvpn: move list of params and bools to a separate fileYousong Zhou2017-03-073-30/+205
| | | | | | | So that future patches for addition/removal of them can be more readable Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ppp: propagate master peerdns setting to dynamic slave interfaceJo-Philipp Wich2017-03-073-2/+4
| | | | | | | | | | Honour the parent interfaces peerdns option when spawning a virtual DHCPv6 interface in order to avoid pulling in IPv6 DNS servers when the user opted to inhibit peer DNS servers in the configuration. Fixes #597. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* odhcpd: add loglevel uci option in odhcpd defaultsHans Dedecker2017-03-061-0/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: Bump to latest HEADFlorian Fainelli2017-03-051-3/+3
| | | | | | | | Brings in the following change: 9eac2a896341 dhcpv6-ia: Check lockf return value Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* omcproxy: Update to latest HEADFlorian Fainelli2017-03-011-3/+3
| | | | | | | Brings the following change: 1fe6f48f8a50 Cmake: Find libubox/list.h Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* relayd: fix making incomplete instance json dataYousong Zhou2017-02-252-7/+14
| | | | | | | | Defer procd_open_instance only after validity check passed. Fixes FS#541 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* relayd: remove old start-stop-service related codeYousong Zhou2017-02-251-15/+0
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ppp: ppp6-up: add executable permission bitYousong Zhou2017-02-241-0/+0
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>