Commit graph

570 commits

Author SHA1 Message Date
Jo-Philipp Wich
8df45565e9 lldpd: update to v0.7.15 and add support for parsing /etc/openwrt_release
Also drop superseded patches.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45810
2015-05-28 16:19:38 +00:00
Felix Fietkau
27aada7658 ppp: do not warn if connect() before close() on pppoe terminate fails (fixes #19651)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45755
2015-05-26 07:02:49 +00:00
Steven Barth
8304c0c04d odhcpd: fix DHCPv6 downstream PD
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45707
2015-05-21 15:07:54 +00:00
Steven Barth
51d97db185 dnsmasq: bump to dnsmasq2.73rc8 Important.
Bump dnsmasq to v2.73rc8

Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

SVN-Revision: 45693
2015-05-17 08:06:45 +00:00
Steven Barth
a11d2f1cb2 odhcpd: ignore /64 on interface when doing PD
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45679
2015-05-13 12:31:06 +00:00
Steven Barth
e9999a7168 odhcpd: remove invalid call to free()
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45675
2015-05-11 19:49:03 +00:00
Felix Fietkau
53a5647414 ppp: remove the persist option, netifd handles reconnects
Significantly reduces reconnect delay

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45654
2015-05-09 21:14:46 +00:00
Felix Fietkau
06556a8e6b hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45619
2015-05-06 09:45:39 +00:00
Felix Fietkau
a503023ec2 hostapd: enable 802.11w only for the full variants
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45616
2015-05-06 00:59:36 +00:00
Felix Fietkau
5533a67e3a openvpn: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45608
2015-05-05 10:09:16 +00:00
Jo-Philipp Wich
a28deda590 openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.

The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.

Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.

References:

 * https://dev.openwrt.org/ticket/19101
 * https://community.openvpn.net/openvpn/ticket/524
 * https://github.com/ARMmbed/mbedtls/pull/185

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45602
2015-05-04 08:49:21 +00:00
Steven Barth
fc84123c2f dnsmasq: bump to 2.73rc7
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45587
2015-04-29 07:19:24 +00:00
Steven Barth
4fb99ec22f odhcpd: Remove prefix class config option as not supported anymore by odhcpd
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45586
2015-04-28 14:58:54 +00:00
Steven Barth
62e7f07615 dnsmasq: bump to 2.73rc6
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45572
2015-04-23 13:05:15 +00:00
Felix Fietkau
eba659cbba hostapd: backport fix for CVE-2015-1863, refresh patches
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45567
2015-04-23 08:01:51 +00:00
Nicolas Thill
05d28c47e8 hostapd: mark wpa-supplicant & wpad-mesh as broken on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45561
2015-04-22 15:36:00 +00:00
Steven Barth
c6cd1f1632 odhcpd: minor fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45539
2015-04-21 07:45:49 +00:00
Felix Fietkau
ce0eddc2fb hostapd/netifd: encrypted mesh with wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45519
2015-04-20 15:00:07 +00:00
Steven Barth
af4d04ed36 dropbear: update to 2015.67
fixes dbclient login into OpenSSH 6.8p1
error: "Bad hostkey signature"

reported on irc, replicated with Arch Linux

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45493
2015-04-18 11:25:01 +00:00
John Crispin
125b2ced63 hostapd: Fix wps button hotplug script to handle multiple radios
Hostapd's control file location was changed in 2013, and that has apparently
broken the wps button hotplug script in cases where there are multiple radios
and wps is possibly configured also for the second radio. The current wps
button hotplug script always handles only the first radio.

https://dev.openwrt.org/browser/trunk/package/network/services/hostapd/files/wps-hotplug.sh

The reason is that the button hotplug script seeks directories like
/var/run/hostapd*, as the hostapd-phy0.conf files were earlier in
per-interface subdirectories.

Currently the *.conf files are directly in /var/run and the control sockets
are in /var/run/hostapd, but there is no subdirectory for each radio.

root@OpenWrt:/# ls /var/run/hostapd*
/var/run/hostapd-phy0.conf  /var/run/hostapd-phy1.conf

/var/run/hostapd:
wlan0  wlan1

The hotplug script was attempted to be fixed after the hostapd change by
r38986 in Dec2013, but that change only unbroke the script for the first
radio, but left it broken for multiple radios.
https://dev.openwrt.org/changeset/38986/

The script fails to find subdirectories with [ -d "$dir" ], and passes just
the only found directory /var/run/hostapd, leading into activating only the
first radio, as hostapd_cli defaults to first socket found inthe passed
directory:
root@OpenWrt:/# hostapd_cli -?
...
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hvB] [-a<path>] \
                    [-G<ping interval>] [command..]
...
    -p<path>     path to find control sockets (default: /var/run/hostapd)
...
    -i<ifname>   Interface to listen on (default: first interface found in the
                 socket path)

Below is a run with the default script and with my proposed solution.

Default script (with logging added):
==================================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         for dir in /var/run/hostapd*; do
                 [ -d "$dir" ] || continue
                 logger "WPS activated for: $dir"
                 hostapd_cli -p "$dir" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Timed-out
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:38:50 2015 user.notice root: WPS activated for: /var/run/hostapd

wlan0 got WPS activated, while wlan1 remained inactive.

I have modified the script to search for sockets instead of directories and
to use the "-i" option with hostapd_cli, and now the script properly
activates wps for both radios. As "-i" needs the interface name instead of
the full path, the script first changes dir to /var/run/hostapd to get simply
the interface names.

Modified script (with logging):
===============================
root@OpenWrt:/# cat /etc/rc.button/wps
#!/bin/sh

if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then
         cd /var/run/hostapd
         for dir in *; do
                 [ -S "$socket" ] || continue
                 logger "WPS activated for: $socket"
                 hostapd_cli -i "$socket" wps_pbc
         done
fi

 >>>> WPS BUTTON PRESSED <<<<<

root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# hostapd_cli -p /var/run/hostapd -i wlan1 wps_get_status
PBC Status: Active
Last WPS result: None
root@OpenWrt:/# logread | grep WPS
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan0
Tue Apr 14 18:53:06 2015 user.notice root: WPS activated for: wlan1

Both radios got their WPS activated properly.

I am not sure if my solution is optimal, but it seems to work. WPS button is
maybe not that often used functionality, but it might be fixed in any case.
Routers with multiple radios are common now, so the bug is maybe more
prominent than earlier.

The modified script has been in a slightly different format in my community
build since r42420 in September 2014.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45492
2015-04-18 10:19:37 +00:00
Steven Barth
0d1b5a1fd2 network: also shorten virtual interface names of ppp and 3g/4g connections
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45479
2015-04-17 14:47:12 +00:00
Steven Barth
6fad3d5524 odhcpd: fix accidental logic inversion
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45435
2015-04-14 14:21:52 +00:00
Steven Barth
7e5bf40cac odhcpd: avoid illegal memory access in some corner cases
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45428
2015-04-14 08:31:53 +00:00
Steven Barth
3633523ba6 dnsmasq: fix dnssec timestamp logic, backport crashfix
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45410
2015-04-13 07:49:29 +00:00
Felix Fietkau
e8a45bfc15 netifd: fix ieee80211r 'sh: bad number' in mac80211 setup (bug #19345)
Two errors "netifd: radio0: sh: bad number" have recently surfaced in system
log in trunk when wifi interfaces come up. I tracked the errors to checking
numerical values of some config options without ensuring that the option has
any value.

The errors I see have apparently been introduced by r45051 (ieee80211r in
hostapd) and r45326 (start_disabled in mac80211). My patches fix two
instances of "bad number", but there may be a third one, as the original
report in bug 19345 pre-dates r45326 and already has two "bad number" errors
for radio0.

https://dev.openwrt.org/ticket/19345

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 45380
2015-04-11 10:52:01 +00:00
Steven Barth
f9b0423836 odhcpd: send current hop-limit by default in RAs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45359
2015-04-10 11:52:42 +00:00
Steven Barth
747c33859b dnsmasq: bump to 2.73rc4
Fix crash caused by malformed DNS requests
Improved DNSSEC handling

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45354
2015-04-10 10:19:17 +00:00
John Crispin
2b95d21fdb hostapd: remove unused asprintf parameter
r45270 removed ieee80211n=%d from the format string but didn't remove
the parameter itself. Though this probably doesn't cause any harm, it's
quite confusing and unneeded.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45351
2015-04-10 08:31:26 +00:00
John Crispin
4b0211b547 ppp: Detailed last error support
Enables last error support for the PPP protocol handlers.
In generic teardown the PPP daemon exit code is translated into
a self explaining error string which is set as interface error
by proto_notify_error in case of failure.

Signed-off-by: Johan Peeters <johan.peeters111@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45333
2015-04-09 10:32:54 +00:00
John Crispin
88fa9a8422 dnsmasq: Add option '--servers-file'
The option '--servers-file' is available since dnsmasq v2.69.

Signed-off-by: Lars Kruse <lists@sumpfralle.de>

SVN-Revision: 45332
2015-04-09 10:32:46 +00:00
John Crispin
ff211def3e hostapd: add update_beacon to ubus binding
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45325
2015-04-09 10:31:45 +00:00
Steven Barth
6f5bbfa181 odhcpd: fix infinite lifetime handling in dhcpv6
thanks to Arjen de Korte

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45279
2015-04-06 10:50:54 +00:00
Felix Fietkau
fe8d9f59da hostapd: when running AP+STA, preserve the AP 802.11n-enabled setting
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45270
2015-04-04 17:51:46 +00:00
John Crispin
16d291e2c9 ppp: Fix missing arg argument when using option flag OPT_A2STRVAL
The arg argument is missing to the printer call in the print_option
utility when the option flag OPT_A2STRVAL is set.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45264
2015-04-03 19:06:56 +00:00
John Crispin
9ccfbb841c ppp: Fix seg fault when using pppol2tp
PPPD crashes (SEGV) when the dump or dryrun options are specified and an option
is internally defined as "o_special" with an option flag of "OPT_A2STRVAL".
As the option value is not saved when the parameter is processed, a reference
to the option will result into a crash (e.g. when printing).

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45263
2015-04-03 19:06:45 +00:00
John Crispin
4bb94e5b2d samba36: add smb.conf.template to conffiles
User might have modified/extended template direct or by LuCI application.
So do not overwrite on update/upgrade.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

SVN-Revision: 45258
2015-04-03 19:06:06 +00:00
Nicolas Thill
d1070a6330 mdns: add conffiles section
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45241
2015-04-02 14:53:07 +00:00
John Crispin
546ba7a39f samba: use INSTALL_CONF for the uci file
sorry about the broken commit earlier

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45226
2015-04-01 16:12:43 +00:00
Nicolas Thill
b7130aff21 samba36: fix typo in package/samba36-server/install
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45225
2015-04-01 15:59:14 +00:00
John Crispin
26a27231e6 samba: don't overwrite config file
fixes #19087

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45220
2015-04-01 13:39:23 +00:00
John Crispin
8acbb5783d dnsmasq: backport --tftp-no-fail to ignore missing tftp root
This patch backports the option --tftp-no-fail to dnsmasq and prevents the
service from aborting if the specified TFTP root directory is not available;
this might be the case if TFTP files are located on external media that might
occasionally not be present at startup.

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 45213
2015-04-01 08:33:10 +00:00
Steven Barth
78552c24ba odhcpd: compile fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45192
2015-03-31 17:30:56 +00:00
John Crispin
6aff392bff uhttpd: properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45153
2015-03-30 12:35:13 +00:00
Steven Barth
24be294d8e odhcpd: fix default dhcpv6 behavior for non-/64
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45148
2015-03-30 08:53:22 +00:00
Steven Barth
0a0dec1c4a odhcpd: fix musl build, change default DHCPv6 behavior
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45147
2015-03-30 08:49:47 +00:00
Felix Fietkau
e0e8900edd ead: clean up, fix musl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45110
2015-03-29 04:30:05 +00:00
Felix Fietkau
9f8be0befc authsae: remove bogus #include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45107
2015-03-29 04:29:26 +00:00
Felix Fietkau
89abb27f2c hostapd: fix compile errors with nl80211 disabled (#19325)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45063
2015-03-27 14:55:01 +00:00
Felix Fietkau
44218424f1 hostapd: fix a compiler warning in ap+station patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45062
2015-03-27 14:54:53 +00:00
Felix Fietkau
8905eb39b6 hostapd: disable the bridge packet receive workaround, it is unnecessary on openwrt and could potentially harm performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45060
2015-03-27 14:54:41 +00:00
John Crispin
d8fc4d31d0 dnsmasq: we dont want to run in debug mode
a left over from the dnsmasq jail testing

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45058
2015-03-27 09:11:56 +00:00
Felix Fietkau
23b4bf6507 hostapd: add 802.11r support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45051
2015-03-26 23:34:33 +00:00
Felix Fietkau
07b17c6b25 hostapd: allow multiple key management algorithms
To enable 802.11r, wpa_key_mgmt should contain FT-EAP or FT-PSK. Allow
multiple key management algorithms to make this possible.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45050
2015-03-26 23:34:24 +00:00
Felix Fietkau
4482d10a04 hostapd: append nasid to config for all WPA types
The 802.11r implementation in hostapd uses nas_identifier as PMK-R0 Key
Holder identifier. As 802.11r can also be used with WPA Personal, nasid
should be appended to the hostapd config for all WPA types.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 45049
2015-03-26 23:34:10 +00:00
Felix Fietkau
eedf17dc9e hostapd: add dependency to hostapd-common
'hostapd-common' is needed by all of the variants for wifi to function
correctly (a number of the target profiles simply select 'wpad-mini').

Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>

SVN-Revision: 45048
2015-03-26 23:34:01 +00:00
Felix Fietkau
cec80c7267 hostapd: package wpad-mesh and wpa_supplicant-mesh variants
These new variants include support for mesh mode and SAE crypto.
They always depend on openssl as EC operations are not provided by
the internal crypto implementation.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45047
2015-03-26 23:33:56 +00:00
Felix Fietkau
184bac2707 hostapd: add switch_chan and set_vendor_elements ubus methods
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45046
2015-03-26 23:33:52 +00:00
Felix Fietkau
9c7784e5f3 hostapd: update hostapd to 2015-03-25
madwifi was dropped upstream, can't find it anywhere in OpenWrt
either, thus finally burrying madwifi.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45045
2015-03-26 23:33:47 +00:00
John Crispin
eadb51fa98 mdns: add jail and seccomp support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45012
2015-03-26 10:58:44 +00:00
John Crispin
f5e2b62ab7 dnsmasq: add jail support
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45011
2015-03-26 10:58:30 +00:00
Jo-Philipp Wich
437d710546 lldpd: add option to disable privilege separation
Helpful to disable when debugging lldpd crashes (when working on it).
When privilege separation is on, some crashes are stack-traced to
some privilege separation code.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44967
2015-03-24 10:13:08 +00:00
Felix Fietkau
5d9eeab64a build: remove obsolete references to cris and avr32
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44965
2015-03-24 10:07:40 +00:00
John Crispin
1312cd9263 lldpd: add Build/InstallDev rule
For using liblldpctl to talk to lldpd (via unix sockets).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44924
2015-03-21 21:47:34 +00:00
Felix Fietkau
f88687aaf9 igmpproxy: add names for default config lan/wan phyint sections to make it easier to refer to them from scripts
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44896
2015-03-19 20:37:40 +00:00
John Crispin
29c3611294 igmpproxy: Multiple downlink interfaces fix.
from Erik Tews <erik@datenzone.de>

This patch has two effects. First, the quickleave feature/behaviour is
disabled for all groups that are used on more than one interface. The
idea of quickleave is to leave a group fast and later figure out whether
there is still somebody interested in that group. For groups used on
more than one interface, it is already known that there is still
somebody interested in that group.

Second, when a leave is received for a group that is used on more than
one interface, igmpproxy sends queries on all interface to discover
remeining listeners for that group. Previously these queries were only
send on the interface the leave was received on, so that listeners on
the other interfaces were not discovered and the group might be left on
the upstream router incorrectly.

This patch can be improved by sending the queries only on the interface
the leave was received on and adapting the algorithm in
internAgeRoute(...) in rttable.c in a way that only one interface is
actually processed and all other interfaces of the route are silently
assumed to be still active.

Signed-off-by: Erik Tews <erik@datenzone.de>

SVN-Revision: 44859
2015-03-17 09:43:07 +00:00
Nicolas Thill
81ff0511df packages: more (e)glibc fixes after r44701
_GNU_SOURCE has been declared "deprecated" in favor of _DEFAULT_SOURCE in glibc

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44843
2015-03-16 12:32:22 +00:00
Nicolas Thill
4b382a440b packages: some (e)glibc fixes after r44701
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44842
2015-03-16 12:25:06 +00:00
Felix Fietkau
83cdd1623c uhttpd: make generating SSL keys more reliable against interrupted boots
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44772
2015-03-15 10:32:10 +00:00
John Crispin
ba21cbae3e dnsmasq: enable pxe-prompt, pxe-service config options
DNSMASQ has the ability to provide a menu to a pxeboot system, using
the --pxe-prompt and --pxe-service configuration options.  The current
init.d script converting the "dhcp" file to "dnsmasq.conf" does not
find these options, but they are supported.  This patch thus enables
the options.

Signed-off-by: Derek LaHousse <dlahouss@mtu.edu>

SVN-Revision: 44747
2015-03-13 08:39:08 +00:00
John Crispin
f728bfdae0 relayd: bump to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44745
2015-03-13 08:38:46 +00:00
John Crispin
fb60dd2ae6 dnsmasq: Make parameters optional in dhcpboot config
The --dhcp-boot option of dnsmasq does not require servername and serveraddress
arguments if the builtin tftp server is used.

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 44744
2015-03-13 08:38:35 +00:00
John Crispin
31b8de4587 lldpd: make LLDP-MED, DOT1 and DOT3 extensions disable-able
The names for the config options were taken from lldpd's
configure.ac file.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44743
2015-03-13 08:38:25 +00:00
John Crispin
470e89f977 lldpd: add support for 'readonly_mode'
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>

SVN-Revision: 44689
2015-03-12 10:06:08 +00:00
John Crispin
e69626901e uhttp: update to latest git HEAD
this add json-c 0.12, sorry forgot to push this earlier today

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44682
2015-03-11 17:58:47 +00:00
Steven Barth
8dc388f769 odhcpd: improvements for DHCPv4 and compile fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44619
2015-03-06 14:41:07 +00:00
Jo-Philipp Wich
c20e46f792 lldpd: fix passing multiple ifnames to the daemon
Instead of multiple -I arguments, lldpd expects a comma separated list.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44585
2015-03-01 12:25:02 +00:00
Jo-Philipp Wich
b977134dc7 uhttpd: relay stderr to syslog
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44548
2015-02-26 13:44:05 +00:00
Felix Fietkau
ae9999a766 samba36: update to 3.6.25, fixes remote code execution bug (CVE-2015-0240)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44515
2015-02-24 07:21:25 +00:00
John Crispin
5e7d004633 ppp: Allow PPTP over a specified interface
In a dual-WAN setup, it's useful to specify an interface over which to
have PPTP.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>

SVN-Revision: 44507
2015-02-22 08:29:34 +00:00
Nicolas Thill
4b8ebb5d50 packages: remove uneeded PKG_BUILD_DIR overrides
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 44498
2015-02-22 01:31:21 +00:00
John Crispin
ef87acc6a5 hostapd: fix c&p typo
https://dev.openwrt.org/ticket/19010

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 44484
2015-02-17 15:59:28 +00:00
John Crispin
8f3e9c91a8 hostapd: backport BSSID black/whitelists
This change adds the configuration options "bssid_whitelist" and
"bssid_blacklist" used to limit the AP selection of a network to a
specified (finite) set or discard certain APs.

This can be useful for environments where multiple networks operate
using the same SSID and roaming between those is not desired. It is also
useful to ignore a faulty or otherwise unwanted AP.

In many applications it is useful not just to enumerate a group of well
known access points, but to use a address/mask notation to match an
entire set of addresses (ca:ff:ee:00:00:00/ff:ff:ff:00:00:00).

This is especially useful if an OpenWrt device with two radios is used to
retransmit the same network (one in AP mode for other clients, one as STA for
the uplink); the following configuration prevents the device from associating
with itself, given that the own AP to be avoided is using the bssid
'C0:FF:EE:D0:0D:42':

config wifi-iface
	option device 'radio2'
	option network 'uplink'
	option mode 'sta'
	option ssid 'MyNetwork'
	option encryption 'none'
	list bssid_blacklist 'C0:FF:EE:D0:0D:42/00:FF:FF:FF:FF:FF'

This change consists of the following cherry-picked upstream commits:

b3d6a0a8259002448a29f14855d58fe0a624ab76
b83e455451a875ba233b3b8ac29aff8b62f064f2
79cd993a623e101952b81fa6a29c674cd858504f
(squashed to implement bssid_{white,black}lists)

0047306bc9ab7d46e8cc22ff9a3e876c47626473
(Add os_snprintf_error() helper)

Signed-off-by: Stefan Tomanek <stefan.tomanek+openwrt@wertarbyte.de>

SVN-Revision: 44438
2015-02-13 10:53:54 +00:00
Felix Fietkau
658a33688e relayd: update to the latest version, adds fixes by Alejandro Enrique
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44389
2015-02-11 10:09:57 +00:00
Jo-Philipp Wich
ccc33238a4 openvpn: autostart openvpn instances for each .conf file in /etc/openvpn
Align init behaviour with other distros by starting an OpenVPN instance
for each config file found in /etc/openvpn/. This removes the additional
requirement to "register" the configs with uci and thus simplifies the
setup.

Make sure to respect the disabled state in uci to not suddenly autostart
instances which have been previously set to disabled, also skip configs
which are already started due to uci configuration.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44310
2015-02-07 21:01:28 +00:00
Jo-Philipp Wich
a7c27877e2 uhttpd: fix another remaining relro issue in the Lua plugin
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44143
2015-01-25 20:43:17 +00:00
Jo-Philipp Wich
634c8c215c uhttpd: fix time_t type mismatch on 32bit systems
The previous update introducing LFS support unconditionally changed the
sprintf() pattern used to print the file modification time to use PRIx64.

Explicitely convert the st_mtime member of the stat struct to uint64_t in
order to avoid type mismatch errors when building for non-64bit targets.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44138
2015-01-25 17:59:08 +00:00
Jo-Philipp Wich
b82bd94b62 uhttpd: fix crash with enabled relro, memory leak in dirlists and lfs
* Fix the ubus plugin to not make its uhttpd_plugin entry symbol
   constant as uhttpd needs to modify its list_head member
 * Make sure that uhttpd supports large files by using 64bit ints
   where appropriate and by passing _FILE_OFFSET_BITS=64 to the build
 * Plug a possible memleak in the directory listing code

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44135
2015-01-25 17:23:26 +00:00
Jo-Philipp Wich
8f5c0708ed uhttpd: fix exit code of mod-ubus postinstall script
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44132
2015-01-25 15:54:43 +00:00
Felix Fietkau
768d09be87 mac80211/hostapd: fix HT mode setup for RSN ad-hoc networks
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44100
2015-01-24 19:27:22 +00:00
Felix Fietkau
c180e8df1e relayd: prevent start for disabled interfaces
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44099
2015-01-24 18:12:09 +00:00
Felix Fietkau
929559c946 ppp: on PPPoE, always send PADT when shutting down the connection
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 44097
2015-01-24 13:41:10 +00:00
Jo-Philipp Wich
639f388fc2 ppp: rework host-uniq support to take hex encoded strings
The previous implementation of the "host-uniq" option used plain strings for
passing the value to pppd which made it impossible to specify binary data.

Switch the format to a hex encoded string to support binary data.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 44094
2015-01-24 11:30:45 +00:00
Felix Fietkau
2f43d3dcba igmpproxy: add patch to silence unnecessary logging of downstream igmp traffic
This patch adds a simple check to silence logging of messages about
unrecognized igmp packets which originate from devices in local network.

Without this patch igmpproxy floods openwrt syslog with messages such as:
  user.warn igmpproxy[19818]: The source address 192.168.1.175 for group
  239.255.250.250, is not in any valid net for upstream VIF.

Signed-off-by: Antti Seppälä <a.seppala@gmail.com>

SVN-Revision: 44020
2015-01-18 00:42:43 +00:00
John Crispin
16b45d21c6 dnsmasq: add option --quiet-dhcp
The --quiet-dhcp setting increases privacy by omitting DHCP lease logs including MAC addresses.

Signed-off-by: Lars Kruse <devel@sumpfralle.de>

SVN-Revision: 44006
2015-01-17 14:38:55 +00:00
John Crispin
491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
Jo-Philipp Wich
59cab6dd48 dnsmasq: support and use local-service by default (#14951)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43982
2015-01-16 19:04:19 +00:00
Luka Perkov
5b0849b97f mdns: install uci package as config
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

SVN-Revision: 43967
2015-01-14 09:59:26 +00:00
Rafał Miłecki
adaac86c7f hostapd: backport patch fixing handling new stations
This patch fixes adding new stations for some specific drivers when
using more than 1 BSS.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43951
2015-01-12 22:10:00 +00:00
Jo-Philipp Wich
39d0b8fea8 lldpd: update to v0.7.13
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43891
2015-01-09 12:35:09 +00:00
John Crispin
52c949e448 openvpn: procd_set_param respawn
Makes sure that the openvpn instance gets restarted in case of a crash.

Intentional stops using /etc/init.d/openvpn stop will not result in
respawning. Anything else will, e.g. killall openvpn.

Signed-off-by: Lars Gierth <larsg@systemli.org>

SVN-Revision: 43886
2015-01-08 20:26:41 +00:00
Jo-Philipp Wich
a0fb139369 openvpn: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43859
2015-01-06 12:41:22 +00:00
Felix Fietkau
6493328c8f dnsmasq: fix dependency problems of the dnsmasq-full variant.
This patch tries to

 - Let the DHCPv6 feature depend on CONFIG_IPV6.
 - Conditionally select libnettle, kmod-ipv6, kmod-ipt-ipset only if the
   corresponding features are enabled.
 - Install `trust-anchors.conf` only if DNSSEC is selected.
 - Add PKG_CONFIG_DEPENDS for the configurable options.
 - Add a patch to let the Makefile of dnsmasq be aware of changes in
   COPTS variable.

Big thanks goes to Frank Schäfer <fschaefer.oss@googlemail.com> for
providing necessary information on connections and dependency relations
between these CONFIGs and packages.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 43851
2015-01-05 13:03:48 +00:00
Felix Fietkau
4ea1edf840 hostapd: Add uapsd option to netifd.sh
The uapsd option sets the uapsd_advertisement_enabled flag in hostapd.

The check for phy support is already implemented here in hostapd since 2011:
http://w1.fi/cgit/hostap/commit/?id=70619a5d8a3d32faa43d66bcb1b670cacf0c243e

So this can be safely set to 1 as default.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43846
2015-01-05 13:03:12 +00:00
Felix Fietkau
8bd2c446d4 openvpn: backport an upstream fix for a regression in using --cipher none (fixes #18676)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43823
2015-01-04 12:03:29 +00:00
Felix Fietkau
b2de18bea4 hostapd: add support for configuring supported rates
patch by Wilco Baan Hofman from #18627

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43782
2014-12-27 12:59:47 +00:00
Steven Barth
d945d7d647 dnsmasq: also add the actual patches...
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43759
2014-12-22 09:52:19 +00:00
Steven Barth
1472eaec65 dnsmasq: backport some dnssec fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43758
2014-12-22 09:51:22 +00:00
Steven Barth
d9011ad6be dnsmasq: allow de-selecting features from -full variant.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 43733
2014-12-17 05:59:12 +00:00
Felix Fietkau
8afce572b7 igmpproxy: do not attempt to ifstatus error messages as json
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43660
2014-12-12 14:52:29 +00:00
Felix Fietkau
f48b7aa6e4 igmpproxy: do not start instance if no upstream interface is available
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43659
2014-12-12 14:52:24 +00:00
Felix Fietkau
b37dc7e7ce igmpproxy: fix init script indentation
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43658
2014-12-12 14:52:18 +00:00
Felix Fietkau
fe05893ffb openvpn: update to 2.3.6, fixes CVE-2014-8104
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43482
2014-12-01 19:49:59 +00:00
John Crispin
d40842d180 hostapd: improve 802.1x dynamic vlan support with bridge names
In r41872 and r42787 Dynamic VLAN support was reintroduced, but the vlan_bridge
parameter is not read while setting up the config, so the default is used which
is undesirable for some uses.

Signed-off-by: Ben Franske <ben.mm@franske.com>

SVN-Revision: 43473
2014-12-01 16:15:20 +00:00
Felix Fietkau
ed5ed9cf6f hostapd: fix build error on some variants with CONFIG_WPA_RFKILL_SUPPORT=y (#17765)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43345
2014-11-23 14:16:47 +00:00
Felix Fietkau
6c1c3cac55 hostapd: switch dependency from mac80211 to cfg80211
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 43339
2014-11-21 20:38:14 +00:00
Matteo Croce
9ee442d0f9 pppd: add option to set custom host-uniq pppoe tag
SVN-Revision: 43241
2014-11-14 16:39:59 +00:00
Jo-Philipp Wich
6966aa0d50 lldpd: allow discovery protocols to be disabled from menuconfig
Signed-off-by: Michel Stam <m.stam@fugro.nl>
[jow: fixed condition for CONFIG_LLDPD_WITH_JSON]
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43233
2014-11-11 09:49:20 +00:00
Nicolas Thill
f4417f7ad8 package/*: replace occurences of 'ln -sf' to '$(LN)'
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205
2014-11-06 19:35:34 +00:00
Steven Barth
4e26b81c48 odhcpd: disable flash-renumbering hack for non-64 prefixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43202
2014-11-06 13:37:50 +00:00
Steven Barth
c7ae195c9e mdnsd: add query / fetch methods, fix some bugs
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43169
2014-11-03 19:35:53 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Jo-Philipp Wich
bc356cef82 ppp: support adaptive LCP echos
Port Debians adaptive LCP echo patch to pppd, make it configurable with UCI
and enable it by default.

When adaptive LCP echo is enabled, LCP echo requests are only sent if the
link is idle, this avoids the common situation where a congested PPP link
(e.g. during torrenting) is falsely detected as disconnected because the
LCP replies are not received in time.

Also bump the copyright year in the Makefile, remove a redundant maintainer
entry and fix the shell processing of the keepalive option when the two-
value syntax is used.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43143
2014-11-01 12:37:03 +00:00
Jo-Philipp Wich
ba48074622 uhttpd: fix HTTP incompatibilities in file handler
* Fixes sending an extraneous message body for 204 and 304 resoponses which
   breaks Chrome in keep-alive mode.

 * Adds mimetypes for JSON and JSONP.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 43078
2014-10-27 10:25:07 +00:00
Felix Fietkau
3c9fcd2526 hostapd: update to 2014-10-25
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43059
2014-10-25 16:48:45 +00:00
John Crispin
d5b734e145 hostapd: Add wpa_psk_file option to netifd.sh
The wpa_psk_file option offers the possibility to use a different WPA-PSK key for each client. The directive points to a file with the following syntax:

mac_address wpa_passphrase_or_hex_key

Example:

00:11:22:33:44:55 passphrase_for_client_1
00:11:22:33:44:67 passphrase_for_client_2
00:11:22:33:44:89 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

So it is possible to specify both ASCII passphrases and raw 64-chars hex keys.

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>

SVN-Revision: 43001
2014-10-20 11:19:21 +00:00
Felix Fietkau
6c2a017553 authsae: fix musl build
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42980
2014-10-19 23:04:02 +00:00
Steven Barth
6d3fd947e4 odhcpd: fix regression in dhcpv6 t1 and t2 calculation
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42951
2014-10-18 15:47:31 +00:00
Steven Barth
f71f3afd20 odhcpd: multiple fixes
* Rewrite ndp proxy using kernel proxying
* Aid flash-renumbering in hybrid DHCPv6-mode
* Unicast RAs to RS senders
* Add support for router address

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42944
2014-10-17 11:18:52 +00:00
Steven Barth
99984eaeb3 hostapd: CVE-2014-3686 fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42942
2014-10-17 06:15:35 +00:00
John Crispin
20940138ac scripts: fix wrong usage of '==' operator
[base-files] shell-scripting: fix wrong usage of '==' operator

normally the '==' is used for invoking a regex parser and is a bashism.
all of the fixes just want to compare a string. the used busybox-ash
will silently "ignore" this mistake, but make it portable/clean at least.

this patch does not change the behavior/logic of the scripts.

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

SVN-Revision: 42911
2014-10-14 12:21:11 +00:00
Steven Barth
aad6cb99cf ppp: add unconditional autoipv6-trigger
SVN-Revision: 42860
2014-10-09 07:38:25 +00:00
Steven Barth
3f700643fa ppp: remove ugly ipv6-workaround
This is not needed after all:

Omitting option ipv6 or setting it to 'auto' will
fire up a dhcpv6 subprotocol (this was added).

Setting ipv6 to 1 will only cause the IPv6 link to
be brought up and an accompanying dhcpv6 or static
interface with ifname @wan can be used to configure addresses.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42859
2014-10-09 07:35:28 +00:00
Steven Barth
b2d099c11c dropbear: ensure the interface has an ip-address
Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the
function fails, the interface does not exists or has not any suiteable ip
addresses assigned.

Use the returned ip-address(es) to construct the dropbear listen address.

Signed-off-by: Mathias Kresin <openwrt@kresin.me>

SVN-Revision: 42857
2014-10-09 07:16:35 +00:00
Steven Barth
c62b07b2ce ppp: allow auto-detecting and creation of ipv6 subinterface
this makes ipv6 with ppp a bit more comfortable

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42854
2014-10-08 20:37:15 +00:00
John Crispin
344a304524 lldp: make use of new USERID syntax
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42839
2014-10-08 08:01:33 +00:00
John Crispin
70d56d749b hostapd: read missing parameter for dynamic VLANs
In r41872 Dynamic VLAN support was reintroduced, but the vlan_naming
parameter is not read while setting up the config, so it always
defaults to 1.

Signed-off-by: Reiner Herrmann <reiner@reiner-h.de>

SVN-Revision: 42787
2014-10-06 04:52:21 +00:00
Felix Fietkau
bf0305725a hostapd: add conflicts with wpad(-mini) to hostapd and wpa_supplicant
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42772
2014-10-05 16:41:50 +00:00
Felix Fietkau
62e6e788dd relayd: update to the latest version, fixes a build error with the new gcc (#18010)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42765
2014-10-05 11:01:49 +00:00
Felix Fietkau
281f40cef2 hostapd: allow using iapp for any encryption type (fixes #18022)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42764
2014-10-05 10:55:55 +00:00
Felix Fietkau
cd80931e03 hostapd: merge an upstream patch for pmksa cache
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42762
2014-10-05 10:26:26 +00:00
Steven Barth
e15f03e5de authsae: update to latest version
Send a netlink call to leave the mesh when meshd exits
Make hunting-and-pecking loop (more) resistant to side channel attack

Signed-off-by: Michel Stam <m.stam@fugro.nl>

SVN-Revision: 42750
2014-10-02 19:47:28 +00:00
Steven Barth
dd948b7990 dnsmasq: bump to 2.72
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42668
2014-09-26 08:57:36 +00:00
Steven Barth
71960baa7d odhcpd: fix segfault when parsing domain options in UCI
SVN-Revision: 42663
2014-09-25 11:53:12 +00:00
Steven Barth
2ccf88744c dnsmasq: fix lockup when interfaces disappear
SVN-Revision: 42648
2014-09-22 12:07:20 +00:00
John Crispin
ed2fff7452 hostapd: do not remove foreign wpa_supplicant sockets
https://dev.openwrt.org/ticket/17886

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42586
2014-09-17 07:41:31 +00:00
Felix Fietkau
7ff276afd3 hostapd: remove bogus default setting for wps_pin (#17873)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42553
2014-09-15 16:09:23 +00:00
Hauke Mehrtens
2c605ba1f1 ppp: update to version 2.4.7
This fixes: CVE-2014-3158 and some other bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 42525
2014-09-13 20:56:13 +00:00
John Crispin
5920eac8ee lldp: remove calls to user/group_add/exists
use the new ipkg based mechanism

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42472
2014-09-11 12:28:22 +00:00