Commit Graph

1932 Commits

Author SHA1 Message Date
Hans Dedecker
53b84e4e2b odhcp6c: update to git HEAD version
7e0d8b8 CMakeLists: don't enable libubox md5 implementation by default

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-16 21:42:15 +01:00
Daniel Engberg
902590e175 curl: Adjust URLs
Update mirror list, add main site as last resort
Source: https://github.com/curl/curl-www/blob/master/latest.pl

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-15 22:49:09 +01:00
Felix Fietkau
2f09a1e3c9 iwcap: fix handling kill signal during dump
Do not run another loop iteration before checking the stop flag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-14 13:29:03 +01:00
Rafał Miłecki
8eac991899 umdns: update to the version 2017-03-14
This includes 3 cleanups:
fd5a160 Don't cache hosts as services
80dd246 Refresh DNS records A and AAAA directly
6515101 Access cached records (instead of services) to read list of hosts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-14 12:00:25 +01:00
Hauke Mehrtens
c481774298 curl: update to version 7.53.1
This fixes the following security problem:
* CVE-2017-2629 SSL_VERIFYSTATUS ignored

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 21:03:07 +01:00
Felix Fietkau
055e9dfb58 xtables-addons: fix build error on ARC
The kernel unconditionally pulls in a header file that defines
'current', which conflicts with the lua extension code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-12 15:06:50 +01:00
Rafał Miłecki
0ebc681fe2 umdns: update to the 2017-03-10 version
This fixes crash in interface_start caused by freeing interface in
interface_free without stopping a timeout.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-10 11:59:29 +01:00
Matthias Schiffer
452f5446b8
vxlan: add new package for netifd VXLAN proto
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-03-10 01:23:50 +01:00
Matthias Schiffer
732645b075
netifd: update to git HEAD version
91810ec system-linux: add VXLAN support

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-03-10 00:38:12 +01:00
Kevin Darbyshire-Bryant
3a06dd60eb dnsmasq: do not forward rfc6761 excluded domains
RFC 6761 defines a number of top level domains should not be forwarded
to the Internet's domain servers since they are not responsible for
those domains.

This change adds a list of domains that will be blocked when 'boguspriv'
is used and augments that which is already blocked by dnsmasq's notion
of 'local service' using '--bogus-priv' i.e. RFC 1918 private addresses
and IPv6 prefixes as defined in RFC 6303.

To make this configurable rather than hard coded in dnsmasq's init
script, a new file /usr/share/dnsmasq/rfc6761.conf is conditionally
included.

The default file matches the RFC 6761 recommendation along with a few
other top level domains that should not be forwarded to the Internet.

Compile & run tested Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-03-09 10:42:27 +01:00
Yousong Zhou
78f14c099d openvpn: move list of params and bools to a separate file
So that future patches for addition/removal of them can be more
readable

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-07 21:31:59 +08:00
Jo-Philipp Wich
64de1cb1fd ppp: propagate master peerdns setting to dynamic slave interface
Honour the parent interfaces peerdns option when spawning a virtual DHCPv6
interface in order to avoid pulling in IPv6 DNS servers when the user opted
to inhibit peer DNS servers in the configuration.

Fixes #597.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-03-07 11:26:39 +01:00
Hans Dedecker
a8e0816490 odhcpd: add loglevel uci option in odhcpd defaults
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-06 17:38:33 +01:00
Hans Dedecker
28509d6809 odhcp6c: update to git HEAD version
c69555c dhcpv6: use PRIu64 print macro

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-06 17:37:01 +01:00
Florian Fainelli
cbfaba8f3f odhcpd: Bump to latest HEAD
Brings in the following change:

9eac2a896341 dhcpv6-ia: Check lockf return value

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-05 14:03:27 -08:00
Florian Fainelli
30159b3886 rssileds: Fix build with external toolchains
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:52 -08:00
Florian Fainelli
fe8618a8fe swconfig: Link with libubox
Fixes linking failures observed with external toolchains:

/home/florian/dev/toolchains/stbgcc-4.8-1.5/bin/../lib/gcc/mipsel-linux-gnu/4.8.5/../../../../mipsel-linux-gnu/bin/ld:
warning: libubox.so, needed by
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so,
not found (try using -rpath or -rpath-link)
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_open_nested'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_parse'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blob_nest_end'
/home/florian/dev/openwrt/trunk/staging_dir/target-mipsel-unknown-linux-gnu_glibc/usr/lib/libuci.so:
undefined reference to `blobmsg_add_field'

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:51 -08:00
Florian Fainelli
4c02435b9b omcproxy: Update to latest HEAD
Brings the following change:
1fe6f48f8a50 Cmake: Find libubox/list.h

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:51 -08:00
Florian Fainelli
9b2321f42d thc-ipv6: Allow overriding CFLAGS
thc-ipv6 did not allow an external environment to override CFLAGS, which
would lead to our CFLAGS not being passed properly (relro,
optimizations, etc...)

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:50 -08:00
Hsing-Wang Liao
a29163faab wireless-tools: Change download url to github
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-02-28 20:22:10 +01:00
Kevin Darbyshire-Bryant
c8ac9c09f9 iftop: bump to latest upstream
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-26 08:41:08 +01:00
Yousong Zhou
699eedace0 relayd: fix making incomplete instance json data
Defer procd_open_instance only after validity check passed.

Fixes FS#541

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-25 20:16:59 +08:00
Yousong Zhou
699976e61d relayd: remove old start-stop-service related code
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-25 20:16:59 +08:00
Yousong Zhou
9063544c30 ppp: ppp6-up: add executable permission bit
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-24 21:35:32 +08:00
Felix Fietkau
3e41afda56 iw: sync nl80211.h with mac80211 package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:17:45 +01:00
Hans Dedecker
ea24d87e7b odhcpd: update to git HEAD version (FS#397) (FS#481)
1b630f8 router: don't announce prefixes with valid lifetime equal to 0
ba0cac0 router: fix arithmetic exception fault
3495f17 router: allow RA prefix lifetime being set to leasetime value (FS#397)
e437ce9 treewide: simplify dhcp leasetime checking
942fb33 router: support ra_mininterval and ra_lifetime uci parameters (FS#397)
f913337 router.h: fix alignment style
4dc7edb Revert "odhcpd.h: fix alignment style"
62ea54f odhcpd.h: fix alignment style
a898ee5 config: make loglevel configurable via uci (FS#481)
51c756c odhcpd: display correct default log level in usage text
68ee0b5 treewide: define and use macro IN6_IS_ADDR_ULA
fa57225 ndp: deregister netlink event socket for non recoverable errors
ac70d28 odhcpd: fix white space errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-23 22:02:33 +01:00
Ben Kelly
df9e7b1b26 swconfig: Bugfix switch_port uci option parsing
When not defining 'device' or 'vlan' in relevant switch_port uci
sections, behaviour is inconsistent due to *devn, *port and *vlan
pointers not being zero initialized.

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-02-23 16:52:17 +01:00
Felix Fietkau
942ac18c8a netifd: fix stopping netifd + interfaces
stop() is overwritten by rc.common, so implement stop_service instead.
While at it, remove the now unnecessary restart() override

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-23 16:26:23 +01:00
Kevin Darbyshire-Bryant
2c8cb0c572 dnsmasq: bump to dnsmasq v2.77test4
--bogus-priv now applies to IPv6 prefixes as specified in RFC6303 - this
is significantly friendlier to upstream servers.

CNAME fix in auth mode - A domain can only have a CNAME if it has no
other records

Drop 2 patches now included upstream.

Compile & run tested Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-22 22:38:12 +01:00
Jo-Philipp Wich
aff2d5c856 hostapd: fix feature indication
- Fix eap test to work with standalone hostapd builds
 - Fix 11n test to check the correct define
 - Add 11ac, 11r and 11w tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-20 12:06:18 +01:00
Kevin Darbyshire-Bryant
0247314f7d dnsmasq: bump to dnsmasq v2.77test3
New test release (since test1) includes 2 LEDE patches that are
upstream and may be dropped, along with many spelling fixes.

Add forthcoming 2017 root zone trust anchor to trust-anchors.conf.

Backport 2 patches that just missed test3:

Reduce logspam of those domains handled locally 'local addresses only'
Implement RFC-6842 (Client-ids in DHCP replies)

Compile & run tested Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-20 10:21:42 +01:00
Jo-Philipp Wich
08f9eb7954 firewall3: update to Git head to support xtables API level > 11
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-19 19:08:46 +01:00
Hans Dedecker
157b78779f odhcp6c: fix PKG_MIRROR_HASH
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-17 16:04:28 +01:00
Felix Fietkau
7df998bb6d uhttpd: use sha256 when generating certificates with openssl (FS#512)
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-17 14:42:13 +01:00
Stijn Tintel
27040dbf89 dropbear: bump PKG_RELEASE
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-17 12:18:58 +01:00
Felix Fietkau
40374454f9 qos-scripts: fix module load commands (FS#438)
fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark
module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 14:01:15 +01:00
Rafał Miłecki
2a6fbce121 mdns: update and rename package to the umdns
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).

This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-15 11:52:57 +01:00
Ansuel Smith
d1a75c5161 ebtables: update to last commit
Refreshed patches

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-15 11:28:57 +01:00
Daniel Albers
cb801b052c hostapd: mv netifd.sh hostapd.sh
same name for the file on the host and target

Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
2017-02-15 09:38:57 +01:00
Ulrich Weber
d5221d5a41 ppp: honor ip6table for IPv6 PPP interfaces
as we do for IPv4 PPP interfaces. When we create the
dynamic IPv6 interface we should inherit ip6table from
main interface.

Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
2017-02-13 18:48:33 +01:00
Florian Eckert
bb9d2aa868 ppp: add pppoe-discovery to an independent package
pppoe-discovery performs the same discovery process as pppoe, but does
not initiate a session

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-13 18:45:34 +01:00
Hans Dedecker
4c09f99605 netifd: update to git HEAD version
f107656 netifd: Add option to configure locktime for each device
cdc0e80 interface: add prefix assignment priority support
6397f5e device: add veth support
6228d0f wireless: fix _wireless_add_process
7cc2f10 treewide: fix white space errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-12 18:12:47 +01:00
Felix Fietkau
dc4844b18b pppd: fix compile issues with glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 19:33:35 +01:00
Felix Fietkau
c22255e50e tcpdump: fix tcpdump-mini build on glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:24 +01:00
Joseph C. Sible
0bf85ef048 dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
2017-02-10 11:05:57 +01:00
Hans Dedecker
be4842f5de odhcpd: update to git HEAD version (FS#396)
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:20:44 +01:00
Daniel Engberg
2faa1edd91 iperf3: Update to 3.1.6
Update to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-02-09 12:26:36 +01:00
Hans Dedecker
b516b38f2f odhcp6c: update to GIT head version
cfd986c odhcp6c: fix possible stack corruption when parsing proc if_inet6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-08 11:12:39 +01:00
Hauke Mehrtens
985c90d102 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:33:58 +01:00
Kevin Darbyshire-Bryant
3bef96ef18 dnsmasq: update to dnsmasq 2.77test1
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.

Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.

A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included.  This mean dnsmasq tries all
configured servers before giving up.

A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature 9525743c

I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 22:26:23 +01:00