Commit graph

1707 commits

Author SHA1 Message Date
Felix Fietkau
5cd88f4812 dnsmasq: remove use of uci state for getting network ifname
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 19:48:22 +02:00
Felix Fietkau
a1681ce39b dnsmasq: replace the iface hotplug script with a procd trigger
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
6916ca8d33 dnsmasq: make the check for existing DHCP servers more reliable
If there is no carrier yet, wait for 2 seconds (STP forwarding delay)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Ulrich Weber
712b6fdc5c dnsmasq: write atomic config file
multiple invocation of dnsmasq script (e.g. by procd and hotplugd)
might cause procd to restart dnsmasq with an incomplete config file.
Config file generation might take quite a long time on larger configs
due ubus calls for each listening interface...

Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
2016-07-29 16:41:09 +02:00
Felix Fietkau
d9ff187003 netifd: update to the latest version
Emits an initial event after the first link-up of a force_link
interface. This is needed for making the dnsmasq dhcp check more
reliable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
c02f41c1d2 igmpproxy: remove procd_open_trigger/procd_close_trigger calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
8299737428 dropbear: remove procd_open_trigger/procd_close_trigger calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:08 +02:00
Merlijn Wajer
4a0c4d8151 netifd: Use -x hostname:$hostname instead of -H
Passing the hostname is currently broken in since the shipped busybox includes this commit:
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21

Before:

    Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down
    Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now
    Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME
    Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150'

After:

    Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started
    Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover...
    Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz...
    Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600

Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
2016-07-24 06:59:55 +02:00
John Crispin
74766f4c4f firewall3: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-07-24 06:38:30 +02:00
Felix Fietkau
da328f2865 hostapd: backport mesh/ibss HT20/HT40 related fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-27 17:22:39 +02:00
Hauke Mehrtens
bafeb90745 iperf3: update to version 3.1.3
old size:
iperf3_3.0.11-1_mips_34kc_dsp.ipk       30147

new size:
iperf3_3.1.3-1_mips_34kc_dsp.ipk        33640

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-07-24 15:05:50 +02:00
Hauke Mehrtens
9cbb51ff8c iperf: update to version 2.0.9
old size:
iperf_2.0.8-1_mips_34kc_dsp.ipk 27911

new size:
iperf_2.0.9-1_mips_34kc_dsp.ipk 28681

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-07-24 15:05:33 +02:00
Hauke Mehrtens
7d38128f6a curl: update to version 7.50.0
Changelog: https://curl.haxx.se/changes.html

old sizes:
libcurl_7.49.0-1_mips_34kc_dsp.ipk      97569
curl_7.49.0-1_mips_34kc_dsp.ipk         37925

new sizes:
libcurl_7.50.0-1_mips_34kc_dsp.ipk      97578
curl_7.50.0-1_mips_34kc_dsp.ipk         38017

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-07-24 15:04:13 +02:00
Felix Fietkau
c7a5bb5a7e samba36: avoid picking up a dependency on libunwind (fixes GH #212)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-21 17:33:17 +02:00
Felix Fietkau
ca6375ac51 hostapd: fix an error on parsing radius_das_client
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-21 16:58:50 +02:00
Felix Fietkau
56f686b710 samba36: disable local browse master by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-18 13:37:12 +02:00
Felix Fietkau
75329fc161 hostapd: fix VLAN support in full wpad builds
Suppress -DCONFIG_NO_VLAN if CONFIG_IBSS_RSN is enabled

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-18 13:37:10 +02:00
Hans Dedecker
99e5bec2c6 netifd: quote vendorid and hostname variables in dhcp script
Quote hostname and vendorid variables in dhcp script so they can
hold strings having white spaces

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-07-12 14:33:49 +02:00
Kevin Darbyshire-Bryant
17f4d3967e samba: update smb template socket options defaults
Removed socket options = TCP_NODELAY IPTOS_LOWDELAY

TCP_NODELAY (disables Nagle algorithm) is default since samba2.
IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2)
The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1)

CS1 is a scavenger class, whilst CS2 is more OAM/interactive
(SNMP,SSH,syslog)

Using CS2 is definitely an abuse of DSCP classification, CS1 less so
however even if the ISP takes note of DSCP codings having a default that
sets traffic to CS2 is wrong.  Better to use the default Best Effort
class.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-07-11 14:19:47 +02:00
Kevin Darbyshire-Bryant
3dded42f05 iftop: fix mac address display
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-07-11 14:19:47 +02:00
Kevin Darbyshire-Bryant
527696674a igmpproxy: logging options - make work & improve
Move logging command line option to uci:
option verbose [0]/1/2 - mono-syllabic/verbose/noisy

Previously handled as 'OPTIONS' in .init script however variable
was ignored so never worked.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-07-11 14:19:47 +02:00
Felix Fietkau
ad430c1080 hostapd: add a WDS AP fix for reconnecting clients
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-06 10:12:37 +02:00
neheb
a3e7d5e7ae samba: Update smb.conf.template
Removed some options which are default anyway and added bind interfaces
only which causes the interfaces line to actually have an effect. Can be
verified with netstat.

Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-07-05 22:59:14 +02:00
John Crispin
d643ee0260 umbim: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-07-05 22:59:13 +02:00
Jo-Philipp Wich
dd9afb8207 iwinfo: fix nl80211 phy lookup without platform prefix
Commit d9b20a6f35 (SVN r48426) changed the
mac80211 phy lookup logic to strip the platform/ directory component from
the phy path specification.

Fix iwinfo to follow that logic by trying to lookup phys both with and
without "platform/" prefix.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-07-04 16:26:38 +02:00
Hans Dedecker
ecbc138343 odhcp6c: Upstep to latest version
Following fixes are included in the latest version:
    -Script is launched with incorrect action
    -Possible buffer overflows
    -Lots of minor bugfixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-30 14:53:21 +02:00
Kevin Darbyshire-Bryant
6d7f54ccdb iproute2: cake AQM prepare tc for COBALT algorithm
Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead
of just using codel alone. This patch updates tc to cope with some new
stats produced by COBALT.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-30 00:43:03 +02:00
Hans Dedecker
c2bd469521 dnsmasq: Add broken realtime clock build switch in full variant
By default dnsmasq uses the time function; which returns the time since
Epoch; to retrieve the current time. On boards which have no realtime
clock this can lead to side effects when the time is synced via ntp
as the "time wrap" forces dhcp leases to be considered as expired.
By enabling the broken realtime clock build switch dnsmasq uses the
times utility which returns the number of clock tick.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
[Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-30 00:42:46 +02:00
Jo-Philipp Wich
f98f4601de openvpn: fix missing cipher list for polarssl in v2.3.11
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.

Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.

Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 10:47:22 +02:00
Daniel Dickinson
4a3b8e0596 lldpd: Use /etc/os-release instead of /etc/openwrt_*
With the addition of /etc/os-release patching lldpd to use
/etc/openwrt_release and to have the initscript use
/etc/openwrt_release and/or /etc/openwrt_version becomes
unnecessary.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-27 15:16:01 +02:00
Jo-Philipp Wich
cb7aa4b1fe ebtables: fix segmentation fault due to uninitialized extension data
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.

Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.

In order to fix the issue ...
 - remove the use of the -nostartfiles linker flag
 - rename the init procedures to a generic name without implicit semantics
 - explicitely annotate those init procedures as constructors

The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-24 15:59:36 +02:00
Kevin Darbyshire-Bryant
5acfe55d71 dnsmasq: dnssec time handling uses ntpd hotplug
Change dnsmasq's dnssec time check handling to use time validity
indicated by ntpd rather than maintaining a cross boot/upgrade
/etc/dnsmasq.time timestamp file.  This saves flash device wear.

If ntpd client is configured in uci and you're using dnssec, then
dnsmasq will not check dnssec timestamp validity until ntpd hotplug
indicates sync via a stratum change. The ntpd hotplug leaves a status
flag file to indicate to dnsmasq.init that time is valid and that it
should now start in 'check dnssec timestamp valid' mode.

If ntpd client is not configured and you're using dnssec, then it is
presumed you're using an alternate time sync mechanism and that time is
correct, thus dnsmasq checks dnssec timestamps are valid from 1st start.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

V2 - stratum & step ntp changes indicate time is valid
V3 - on initial flag file step signal dnsmasq with SIGHUP if running
V4 - only accept step ntp changes. Accepting both stratum & step could
result in unpleasant script race conditions
V5 - Actually only accepting stratum is the correct thing to do after
further testing
V6 - improve handling of non busybox ntpd
if sysntpd not executable
  dnsmasq checks dnssec timestamps
else
  sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file
  sysntp script enabled & uci ntp enabled  - look for timestamp file
  sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec
timestamps
fi
2016-06-24 13:53:39 +02:00
Hauke Mehrtens
3f38356893 packages: prefer http over git for git protocol
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-22 19:32:06 +02:00
Daniel Gimpelevich
7385f754b1 lantiq: Correct ADSL race condition
puts br2684ctl init after ADSL init instead of before, so that the ESI
is set at the right time, and for consistency with the PTM driver.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-06-22 19:32:06 +02:00
Felix Fietkau
475e94b1d2 uhttpd: update to the latest version, adds some extensions to handler script support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16 19:00:16 +02:00
Felix Fietkau
4e0a533f60 hostapd: fix breakage with non-nl80211 drivers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 19:28:55 +02:00
Jo-Philipp Wich
e2a9c638e7 hostapd: fix compilation error in wext backend
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-15 19:10:32 +02:00
Felix Fietkau
ef74d5cbf8 hostapd: implement fallback for incomplete survey data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:31:48 +02:00
Felix Fietkau
13b44abcff hostapd: update to version 2016-06-15
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:11:43 +02:00
Michal Hrusecky
b67af71181 hostapd: Update to version 2016-05-05
Fixes CVE-2016-4476 and few possible memory leaks.

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-06-15 17:11:18 +02:00
John Crispin
abc346db0e package/lantiq: make lantiq kernel modules work with xway_legacy
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Magnus Kroken
4260d11e8b openvpn: update to 2.3.11
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data

Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-06-13 22:51:43 +02:00
John Crispin
62dc9831d3 package/*: update git urls for project repos
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:41 +02:00
Jo-Philipp Wich
dd182011e1 swconfig: improve failure reporting
Report the translated error to the user if a get/set netlink operation failed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-11 00:51:22 +02:00
Kevin Darbyshire-Bryant
e815036460 dnsmasq: support hostid ipv6 address suffix option
Add support for hostid dhcp config entry to dnsmasq. This allows
specification of dhcpv6 hostid suffix and works in the same way as
odhcpd.

Entries in auto generated dnsmasq.conf should conform to:

dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname

example based on sample config/dhcp entry:

config host
        option name 'Kermit'
        option mac 'E0:3F:49:A1:D4:AA'
        option ip '192.168.235.4'
        option hostid '4'

dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-10 18:16:47 +02:00
Hans Dedecker
7eaacd4d23 dnsmasq: Add option --max-port
By default dnsmasq uses random ports for outbound dns queries;
when the maxport UCI option is specified the ports used will
always be smaller than the specified value.
This is usefull for systems behind firewalls.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-10 18:05:07 +02:00
Felix Fietkau
a88fc0db9d xtables-addons: add missing dependency
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-09 15:53:43 +02:00
Dirk Neukirchen
652ac2c6fd xtables-addons: update to 2.11
- fix compilation w. Kernel 4.6 due to
hash->shash crypto API
- remove a patch integrated upstream

- remove unrecognized configure option
removed upstream in 2010
commit 40d0345f1ed02de183b13a6ce38847bc1f4ac48e

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-06-07 23:03:11 +02:00
Matteo Panella
20c608db0a openvpn: add support for tls-version-min
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).

This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.

Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 23:02:58 +02:00
Jo-Philipp Wich
24a7ccb056 treewide: replace jow@openwrt.org with jo@mein.io
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-07 11:42:52 +02:00
Felix Fietkau
7eeb254cc4 treewide: replace nbd@openwrt.org with nbd@nbd.name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-07 08:58:42 +02:00
Hannu Nyman
23147dd43a iproute2: Add support for cake qdisc
Add cake support to 'tc' in iproute2
  - Use a patch to modify tc instead of adding a new tc-adv package.
    Patch creates q_cake.c that matches commit 3314230bc4
  - Do not include the other things from tc-adv (cake0, cake2, pie etc.).

V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
v4 - KDB Split into individual patches, tc & kmod

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-06 14:58:11 +02:00
Felix Fietkau
754565a84b netifd: update to the latest version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-06 15:46:35 +02:00
Dirk Neukirchen
04cb722e9f openvpn: remove unrecognized option
removed upstream in
9ffd00e754
now its always on

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-06-01 15:18:42 +02:00
Daniel Gimpelevich
96ad827e17 lantiq: fix segfault inside ltq-adsl-app
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-05-27 16:08:47 +02:00
Daniel Engberg
32ae0da2b7 iproute2: Use URL alias
Remove hardcoded URLs and use alias instead.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-05-24 19:42:49 +02:00
Daniel Engberg
6e7403e1e6 iw: Use URL alias
Remove hardcoded URL and use alias instead.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-05-24 19:41:52 +02:00
Dario Ernst
4d1c75c601 dropbear: Fix incorrect CONFIG_TARGET_INIT_PATH.
Fix a „semantic typo“ introduced in b78aae793e,
where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH.

Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
2016-05-24 16:31:17 +02:00
Daniel Dickinson
2ac21bd793 dnsmasq: Set the default dhcp lease file and resolv file
Instead of making assumptions about the leasefile and resolv file make sure
we use what the user configures, but fall back to defaults if no configuration
is specified

Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-05-24 13:30:58 +02:00
Kevin Darbyshire-Bryant
a6e96998fb dnsmasq: update to dnsmasq v2.76
Update to dnsmasq2.76.  Refresh patches.  Add new patch to fix musl
'poll.h' location warning.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-24 13:30:58 +02:00
John Crispin
31293752c8 mdns: update to latest git HEAD
* fixes loopback handling

Signed-off-by: John Crispin <john@phrozen.org>
2016-05-23 10:26:32 +02:00
Felix Fietkau
b570c0c88e uhttpd: use configured distribution name for SSL certificate CN
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-21 12:42:44 +02:00
Felix Fietkau
1d0d5ddb07 curl: remove axtls config option, the library does not exist in our tree
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-19 16:56:34 +02:00
Dirk Neukirchen
6aebc6b16b curl: update to 7.49
fixes:
 CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL

- remove crypto auth compile fix
curl changelog of 7.46 states its fixed

- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package

tested on ar71xx w. curl/mbedtls/wolfssl

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-19 16:56:34 +02:00
Kevin Darbyshire-Bryant
7938e8d60a dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps.  dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-05-19 10:28:18 +02:00
Jo-Philipp Wich
85a59127a7 Revert "dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time"
This reverts commit d830cb0882.

Reverting this commit due to a missing Signed-off-by.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-19 10:28:17 +02:00
Kevin Darbyshire-Bryant
d830cb0882 dnsmasq: sysupgrade hook to conditionally preserve dnsmasq.time
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps.  dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
2016-05-18 22:17:33 +02:00
Felix Fietkau
e30608b736 iw: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Felix Fietkau
df93d53a4b mac80211: update to wireless-testing 2016-05-12
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-15 20:55:39 +02:00
Jo-Philipp Wich
1c61b21489 dropbear: update to 2016.73
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:

  94588	dropbear_2015.71-3_x86_64.ipk
  95316	dropbear_2016.73-1_x86_64.ipk

This is an increase of roughly 700 bytes after compression.

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-13 10:23:52 +02:00
Bert Vermeulen
34b6c8b075 iperf: Drop single-threaded variant
Signed-off-by: Bert Vermeulen <bert@biot.com>
2016-05-12 03:29:36 +02:00
Bert Vermeulen
b4a23f83f9 iperf: Upgrade to version 2.0.8
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.

Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.

Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.

Signed-off-by: Bert Vermeulen <bert@biot.com>
2016-05-12 03:29:36 +02:00
John Crispin
b8ab6af1a9 global: change my email address
Signed-off-by: John Crispin <john@phrozen.org>
2016-05-12 03:29:36 +02:00
Hans Dedecker
861266c9ec dropbear: Add --disable-utmpx again
The option --disable-utmpx was deleted by accident in commit 7545c1d;
add it again to the CONFIGURE_ARGS list

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-12 03:29:35 +02:00
Hans Dedecker
f9a3123bbf netifd: Remove hardcoded DHCP release option
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-11 16:46:17 +02:00
Bert Vermeulen
fda951c443 iftop: Update to latest version, and drop patch
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.

Signed-off-by: Bert Vermeulen <bert@biot.com>
2016-05-10 14:06:50 +02:00
Jo-Philipp Wich
4076d863bd firewall3: fix mark rules for local traffic, fix race condition
Update to latest HEAD in order to fix MARK rule generation for local traffic,
also fix a possible race condition during firewall start.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-02 18:46:30 +01:00
Hans Dedecker
6a06cd8331 xtables-addons: Avoid redefinition of SHRT_MAX in lua packet script
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-02 18:28:01 +01:00
Hans Dedecker
ec9f6fe04d ppp: Add ppp-mod-passwordfd subpackage to ppp
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:50:41 +02:00
Hans Dedecker
ce9e5e16ff dnsmasq: Add conntrack support in the full variant
Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:50:20 +02:00
Hans Dedecker
16122117a5 dropbear: Add procd interface triggers when interface config is specified
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:49:37 +02:00
Hans Dedecker
b3f6c4b3ac iproute2: Add package for nstat utility
Add support for the command line utility nstat displaying network statistics

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:49:17 +02:00
Hans Dedecker
7545c1d96b dropbear: Make utmp and putuline support configurable via seperate config options
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:47:48 +02:00
Hans Dedecker
a83f049b5b netifd: Add configurable DHCP release behavior
Make sending a DHCP release configurable when the client exits allowing to clean up
IP/mac state info in intermediate devices.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:44:47 +02:00
Hans Dedecker
312cb987f9 xtables-addons: Fix Lua packet script implementation
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
2016-04-28 11:45:43 +02:00
Jo-Philipp Wich
b04a25491f package: flag further target specific packages as nonshared
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-26 23:26:43 +02:00
Hans Dedecker
81a5f1ac9e netifd: Send DHCP release when client exits
Let DHCP client send a release when it exists so the DHCP server is
informed the IP address is released and allowing to clean up IP/mac
state info in intermediate devices.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-03-31 12:18:29 +02:00
Jo-Philipp Wich
564330e013 netifd: fix default ip rules
Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading
to unexpected policy rule precedence.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-03-31 00:05:02 +02:00
John Crispin
fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
John Crispin
3481d0d793 dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 49252
2016-04-26 11:44:10 +00:00
John Crispin
79c67071c6 xtables-addons: build: fix configure compatiblity with POSIX shells
Fixes build with /bin/sh pointing to certain versions of dash (for example
on Void Linux).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

SVN-Revision: 49218
2016-04-21 19:47:26 +00:00
Hauke Mehrtens
a16ae0b6df curl: remove file accidentally committed in r49197
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49199
2016-04-19 20:18:50 +00:00
Hauke Mehrtens
012da658a4 oxnas: add support for Akitio MyCloud mini
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 49197
2016-04-19 20:12:41 +00:00
Hauke Mehrtens
fc7368fd82 curl: fix deprecated 'depends' syntax
This was introduced in r49183

Reported-by: swalker
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49192
2016-04-17 15:35:18 +00:00
Hauke Mehrtens
3fabbb814d dnsmasq: Add enable parameter in the UCI DHCP host section
Parameter allows to enable/disable static leases; by default the value is 1
to keep backwards compatibility

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49187
2016-04-17 12:52:54 +00:00
Hauke Mehrtens
ba97a03d7d curl: add flags to allow gc-sections to strip out unused code
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49184
2016-04-17 12:51:57 +00:00
Hauke Mehrtens
a4d646cf15 curl: add config option for NTLM support
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49183
2016-04-17 12:51:41 +00:00
Hauke Mehrtens
a2b15e6c1d curl: upstep to latest version 7.48.0
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49182
2016-04-17 12:51:19 +00:00
Hauke Mehrtens
3830200d6a hostapd.sh: Add support for "anonymous_identity" config field
The wpa_supplicant supports an "anonymous_identity" field, which some
EAP networks require.  From the documentation:

anonymous_identity: Anonymous identity string for EAP (to be used as the
    unencrypted identity with EAP types that support different tunnelled
    identity, e.g., EAP-TTLS).

This change modifies the hostapd.sh script to propagate this field
from the UCI config to the wpa_supplicant.conf file.

Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Reviewed-by: Manuel Munz <freifunk@somakoma.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49181
2016-04-17 12:50:55 +00:00
Hauke Mehrtens
1414f1647d samba: fix some security problems
This fixes the following security problems:
* CVE-2015-7560
* CVE-2015-5370
* CVE-2016-2110
* CVE-2016-2111
* CVE-2016-2112
* CVE-2016-2115
* CVE-2016-2118

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 49175
2016-04-16 20:06:34 +00:00