Commit graph

473 commits

Author SHA1 Message Date
Jo-Philipp Wich
531a7e469a uhttpd: use 307 for HTTPS redirections to retain request method
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45853
2015-05-30 21:14:33 +00:00
Jo-Philipp Wich
4f58248a7d uhttpd: add support for enforcing https
Also set HTTPS environment variable for CGI programs on SSL connections.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45852
2015-05-30 20:55:14 +00:00
Jo-Philipp Wich
be16b184e2 uhttpd: inhibit chunked transfer encoding for static file responses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45850
2015-05-30 14:05:40 +00:00
Jo-Philipp Wich
8df45565e9 lldpd: update to v0.7.15 and add support for parsing /etc/openwrt_release
Also drop superseded patches.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45810
2015-05-28 16:19:38 +00:00
Felix Fietkau
27aada7658 ppp: do not warn if connect() before close() on pppoe terminate fails (fixes #19651)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45755
2015-05-26 07:02:49 +00:00
Steven Barth
8304c0c04d odhcpd: fix DHCPv6 downstream PD
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45707
2015-05-21 15:07:54 +00:00
Steven Barth
51d97db185 dnsmasq: bump to dnsmasq2.73rc8 Important.
Bump dnsmasq to v2.73rc8

Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

SVN-Revision: 45693
2015-05-17 08:06:45 +00:00
Steven Barth
a11d2f1cb2 odhcpd: ignore /64 on interface when doing PD
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45679
2015-05-13 12:31:06 +00:00
Steven Barth
e9999a7168 odhcpd: remove invalid call to free()
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45675
2015-05-11 19:49:03 +00:00
Felix Fietkau
53a5647414 ppp: remove the persist option, netifd handles reconnects
Significantly reduces reconnect delay

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45654
2015-05-09 21:14:46 +00:00
Felix Fietkau
06556a8e6b hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45619
2015-05-06 09:45:39 +00:00
Felix Fietkau
a503023ec2 hostapd: enable 802.11w only for the full variants
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45616
2015-05-06 00:59:36 +00:00
Felix Fietkau
5533a67e3a openvpn: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45608
2015-05-05 10:09:16 +00:00
Jo-Philipp Wich
a28deda590 openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.

The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.

Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.

References:

 * https://dev.openwrt.org/ticket/19101
 * https://community.openvpn.net/openvpn/ticket/524
 * https://github.com/ARMmbed/mbedtls/pull/185

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45602
2015-05-04 08:49:21 +00:00
Steven Barth
fc84123c2f dnsmasq: bump to 2.73rc7
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45587
2015-04-29 07:19:24 +00:00
Steven Barth
4fb99ec22f odhcpd: Remove prefix class config option as not supported anymore by odhcpd
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45586
2015-04-28 14:58:54 +00:00
Steven Barth
62e7f07615 dnsmasq: bump to 2.73rc6
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45572
2015-04-23 13:05:15 +00:00
Felix Fietkau
eba659cbba hostapd: backport fix for CVE-2015-1863, refresh patches
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45567
2015-04-23 08:01:51 +00:00
Nicolas Thill
05d28c47e8 hostapd: mark wpa-supplicant & wpad-mesh as broken on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45561
2015-04-22 15:36:00 +00:00
Steven Barth
c6cd1f1632 odhcpd: minor fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45539
2015-04-21 07:45:49 +00:00
Felix Fietkau
ce0eddc2fb hostapd/netifd: encrypted mesh with wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45519
2015-04-20 15:00:07 +00:00
Steven Barth
af4d04ed36 dropbear: update to 2015.67
fixes dbclient login into OpenSSH 6.8p1
error: "Bad hostkey signature"

reported on irc, replicated with Arch Linux

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45493
2015-04-18 11:25:01 +00:00
John Crispin
125b2ced63 hostapd: Fix wps button hotplug script to handle multiple radios
Hostapd's control file location was changed in 2013, and that has apparently
broken the wps button hotplug script in cases where there are multiple radios
and wps is possibly configured also for the second radio. The current wps
button hotplug script always handles only the first radio.

https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh

The reason is that the button hotplug script seeks directories like
/var/run/hostapd*, as the hostapd-phy0.conf files were earlier in
per-interface subdirectories.

Currently the *.conf files are directly in /var/run and the control sockets
are in /var/run/hostapd, but there is no subdirectory for each radio.

root@OpenWrt:/# ls /var/run/hostapd*
/var/run/hostapd-phy0.conf  /var/run/hostapd-phy1.conf

/var/run/hostapd:
wlan0  wlan1

The hotplug script was attempted to be fixed after the hostapd change by
r38986 in Dec2013, but that change only unbroke the script for the first
radio, but left it broken for multiple radios.
https://dev.openwrt.org/changeset/38986/

The script fails to find subdirectories with [ -d "$dir" ], and passes just
the only found directory /var/run/hostapd, leading into activating only the
first radio, as hostapd_cli defaults to first socket found inthe passed
directory:
root@OpenWrt:/# hostapd_cli -?
...
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \
                    [-G<ping interval>] [command..]
...
    -p<path>     path to find control sockets (default: /var/run/hostapd)
...
    -i<ifname>   Interface to listen on (default: first interface found in the
                 socket path)

Below is a run with the default script and with my proposed solution.

Default script (with logging added):
==================================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         for dir in /var/run/hostapd*; do
                 [ -d "$dir" ] || continue
                 logger "WPS activated for: $dir"
                 hostapd_cli -p "$dir" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Timed-out
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd

wlan0 got WPS activated, while wlan1 remained inactive.

I have modified the script to search for sockets instead of directories and
to use the "-i" option with hostapd_cli, and now the script properly
activates wps for both radios. As "-i" needs the interface name instead of
the full path, the script first changes dir to /var/run/hostapd to get simply
the interface names.

Modified script (with logging):
===============================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         cd /var/run/hostapd
         for dir in *; do
                 [ -S "$socket" ] || continue
                 logger "WPS activated for: $socket"
                 hostapd_cli -i "$socket" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1

Both radios got their WPS activated properly.

I am not sure if my solution is optimal, but it seems to work. WPS button is
maybe not that often used functionality, but it might be fixed in any case.
Routers with multiple radios are common now, so the bug is maybe more
prominent than earlier.

The modified script has been in a slightly different format in my community
build since r42420 in September 2014.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45492
2015-04-18 10:19:37 +00:00
Steven Barth
0d1b5a1fd2 network: also shorten virtual interface names of ppp and 3g/4g connections
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45479
2015-04-17 14:47:12 +00:00
Steven Barth
6fad3d5524 odhcpd: fix accidental logic inversion
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45435
2015-04-14 14:21:52 +00:00
Steven Barth
7e5bf40cac odhcpd: avoid illegal memory access in some corner cases
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45428
2015-04-14 08:31:53 +00:00
Steven Barth
3633523ba6 dnsmasq: fix dnssec timestamp logic, backport crashfix
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45410
2015-04-13 07:49:29 +00:00
Felix Fietkau
e8a45bfc15 netifd: fix ieee80211r 'sh: bad number' in mac80211 setup (bug #19345)
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.

The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.

https://dev.openwrt.org/ticket/19345

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45380
2015-04-11 10:52:01 +00:00
Steven Barth
f9b0423836 odhcpd: send current hop-limit by default in RAs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45359
2015-04-10 11:52:42 +00:00
Steven Barth
747c33859b dnsmasq: bump to 2.73rc4
Fix crash caused by malformed DNS requests
Improved DNSSEC handling

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45354
2015-04-10 10:19:17 +00:00
John Crispin
2b95d21fdb hostapd: remove unused asprintf parameter
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45351
2015-04-10 08:31:26 +00:00
John Crispin
4b0211b547 ppp: Detailed last error support
Enables last error support for the PPP protocol handlers.
In generic teardown the PPP daemon exit code is translated into
a self explaining error string which is set as interface error
by proto_notify_error in case of failure.

Signed-off-by: Johan Peeters <johan.peeters111@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45333
2015-04-09 10:32:54 +00:00
John Crispin
88fa9a8422 dnsmasq: Add option '--servers-file'
The option '--servers-file' is available since dnsmasq v2.69.

Signed-off-by: Lars Kruse <lists@sumpfralle.de>

SVN-Revision: 45332
2015-04-09 10:32:46 +00:00
John Crispin
ff211def3e hostapd: add update_beacon to ubus binding
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45325
2015-04-09 10:31:45 +00:00
Steven Barth
6f5bbfa181 odhcpd: fix infinite lifetime handling in dhcpv6
thanks to Arjen de Korte

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45279
2015-04-06 10:50:54 +00:00
Felix Fietkau
fe8d9f59da hostapd: when running AP+STA, preserve the AP 802.11n-enabled setting
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45270
2015-04-04 17:51:46 +00:00
John Crispin
16d291e2c9 ppp: Fix missing arg argument when using option flag OPT_A2STRVAL
The arg argument is missing to the printer call in the print_option
utility when the option flag OPT_A2STRVAL is set.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45264
2015-04-03 19:06:56 +00:00
John Crispin
9ccfbb841c ppp: Fix seg fault when using pppol2tp
PPPD crashes (SEGV) when the dump or dryrun options are specified and an option
is internally defined as "o_special" with an option flag of "OPT_A2STRVAL".
As the option value is not saved when the parameter is processed, a reference
to the option will result into a crash (e.g. when printing).

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45263
2015-04-03 19:06:45 +00:00
John Crispin
4bb94e5b2d samba36: add smb.conf.template to conffiles
User might have modified/extended template direct or by LuCI application.
So do not overwrite on update/upgrade.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

SVN-Revision: 45258
2015-04-03 19:06:06 +00:00
Nicolas Thill
d1070a6330 mdns: add conffiles section
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45241
2015-04-02 14:53:07 +00:00
John Crispin
546ba7a39f samba: use INSTALL_CONF for the uci file
sorry about the broken commit earlier

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45226
2015-04-01 16:12:43 +00:00
Nicolas Thill
b7130aff21 samba36: fix typo in package/samba36-server/install
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45225
2015-04-01 15:59:14 +00:00
John Crispin
26a27231e6 samba: don't overwrite config file
fixes #19087

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45220
2015-04-01 13:39:23 +00:00
John Crispin
8acbb5783d dnsmasq: backport --tftp-no-fail to ignore missing tftp root
This patch backports the option --tftp-no-fail to dnsmasq and prevents the
service from aborting if the specified TFTP root directory is not available;
this might be the case if TFTP files are located on external media that might
occasionally not be present at startup.

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 45213
2015-04-01 08:33:10 +00:00
Steven Barth
78552c24ba odhcpd: compile fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45192
2015-03-31 17:30:56 +00:00
John Crispin
6aff392bff uhttpd: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45153
2015-03-30 12:35:13 +00:00
Steven Barth
24be294d8e odhcpd: fix default dhcpv6 behavior for non-/64
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45148
2015-03-30 08:53:22 +00:00
Steven Barth
0a0dec1c4a odhcpd: fix musl build, change default DHCPv6 behavior
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45147
2015-03-30 08:49:47 +00:00
Felix Fietkau
e0e8900edd ead: clean up, fix musl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45110
2015-03-29 04:30:05 +00:00
Felix Fietkau
9f8be0befc authsae: remove bogus #include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45107
2015-03-29 04:29:26 +00:00