Commit Graph

82 Commits

Author SHA1 Message Date
Alexander Couzens cb5ddd5168 Merge remote-tracking branch 'upstream_openwrt/master'
* openssl update
* hostapd: fix remote denial of service vulnerability in WMM action frame parsing
* kernel: remove the netfilter optimization that skips the filter table, it has caused too many issues
* ath9k: fix a beacon enable handling bug
* minor bugfixes and board backports
2015-07-19 19:59:25 +02:00
nbd 179bab8b17 hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r45619

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45620 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-05-06 09:47:05 +00:00
Alexander Couzens 1c00a18a38 package/lldp: add eth0 to listening interfaces 2015-03-17 13:21:56 +01:00
nbd e0b8c83ec8 samba36: update to 3.6.25, fixes remote code execution bug (CVE-2015-0240)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r44515

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44516 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-24 07:24:29 +00:00
cyrus 3a2fa00474 map: backport fixes from trunk
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43962 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-13 19:02:32 +00:00
jow 4cbedb56ae BB: qos-scripts: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43860

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43862 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-06 12:43:49 +00:00
jow 4d84b8624b BB: openvpn: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43859

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-06 12:43:44 +00:00
nbd c2a8bebec3 openvpn: backport an upstream fix for a regression in using --cipher none (fixes #18676)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43823

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43824 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-04 12:03:51 +00:00
cyrus 66e21465bb odhcp6c: correctly handle renew-replies with short lease times
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43593 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-10 10:42:41 +00:00
nbd 938c6b4242 qos-scripts: fix insmod commands
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43562

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43566 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-08 12:06:02 +00:00
nbd 678b8b53a3 openvpn: update to 2.3.6, fixes CVE-2014-8104
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43482

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43483 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-01 19:50:45 +00:00
cyrus cb902a80c8 odhcp6c: backport from trunk to fix busyloop
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43416 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-28 00:42:24 +00:00
cyrus 83a67bc701 netifd: fix default ORO for 6rd
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43215 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-08 12:27:41 +00:00
jow 071e09e698 BB: uhttpd: fix HTTP incompatibilities in file handler
* Fixes sending an extraneous message body for 204 and 304 resoponses which
   breaks Chrome in keep-alive mode.

 * Adds mimetypes for JSON and JSONP.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43078

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43082 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-27 11:09:09 +00:00
cyrus f34834fe36 odhcp6c: avoid some unnecessary big mallocs
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43057 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-25 10:39:31 +00:00
cyrus 249857af0e hostapd: CVE-2014-3686 fixes
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42943 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-17 06:16:07 +00:00
cyrus 60012ae40e odhcp6c: fix parse errors with some dhcpv6 servers
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42870 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-12 12:18:58 +00:00
cyrus 6f93bcd13b odhcp6c: fix typo in last commit
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42853 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-08 15:27:38 +00:00
cyrus 58b855cae6 odhcp6c: don't assign addresses or prefixes prematurely
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42851 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-08 15:16:41 +00:00
cyrus a292e3b8bc odhcp6c: ensure signal-safety of signal handlers
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42843 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-08 10:00:40 +00:00
cyrus 28c47a66d9 odhcp6c: add route-workaround for broken IPv6-ISPs
Some ISP seem to only do stateful DHCPv6 and not sending RAs.
This is technically broken because plain DHCPv6 doesn't carry routes.

We work around here by faking a default route to the DHCPv6 server
if we do not receive a useful RA from the ISP.

This workaround can be turned off with: option fakeroutes 0

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42842 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-08 10:00:36 +00:00
nbd 059675c34f hostapd: merge an upstream patch for pmksa cache
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r42762

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42763 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-05 10:39:52 +00:00
cyrus d26726dbc7 map: fix portsets starting with 0 and use regular NAT for 1:1 MAP
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42742 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-02 19:16:17 +00:00
cyrus a397aa16aa odhcp6c: work around weird ISP RS behaviour
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42675 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-27 16:58:15 +00:00
cyrus b03d43d551 odhcpd: fix segfault when parsing domain options in UCI
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42664 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-25 11:54:08 +00:00
jow 58c6e574c3 BB: firewall: allow '*' as synonym for any / all in family and proto options
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42620

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42623 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-19 18:23:20 +00:00
jow e12261d40a BB: firewall: fix heap corruption in fw3_bitlen2netmask() with IPv6 addresses
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42610

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42622 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-19 18:23:17 +00:00
jow a3f528c624 BB: firewall: fix invalid memory access when processing /128 IPv6 addresses from ubus, properly emit REDIRECT rules for local port forwards
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42604

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42621 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-19 18:23:15 +00:00
blogic f3c7b78225 ppp: update to version 2.4.7
This fixes: CVE-2014-3158 and some other bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Backport of r42525

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42613 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-18 15:24:22 +00:00
blogic 42d19d4de6 curl: 7.36.0 -> 7.38.0
Main changes:
- URL parser: IPv6 zone identifiers are now supported
- cyassl: Use error-ssl.h when available (drop local patch)
- polarssl: support CURLOPT_CAPATH / --capath
- mkhelp: generate code for --disable-manual as well (drop local patch)

Full release notes: http://curl.haxx.se/changes.html

MIPS 34kc binary size:
- 7.36.0 before: 82,539 bytes
- 7.38.0 after: 83,321 bytes

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

Backport of r42517

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42612 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-18 15:24:07 +00:00
blogic 445be98788 mdns: update to latest git HEAD
Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42593 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-17 11:01:26 +00:00
blogic 5d7d895845 hostapd: do not remove foreign wpa_supplicant sockets
https://dev.openwrt.org/ticket/17886

Signed-off-by: John Crispin <blogic@openwrt.org>

Backport of r42586

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42591 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-17 11:01:23 +00:00
blogic 13237e2ea4 comgt: add directip proto
add a proto handler for sierra wireless directip modems

Signed-off-by: John Crispin <blogic@openwrt.org>

Backport of r42465

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42577 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-16 18:34:44 +00:00
nbd cebcd32fe8 hostapd: remove bogus default setting for wps_pin (#17873)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r42553

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42554 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-15 16:09:36 +00:00
cyrus dbbf0efa00 netifd: work-around kernel IPv6 on-link route issue
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42440 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-08 14:47:26 +00:00
blogic 67cfa7ee6e dnsmasq: Make the --dhcp-host logic easier to understand
Use an if/else statement to cover the two different syntaxes.  Add
comments explaining what the end results should look like.

This patch should not change the script's output.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

Backport of r42320

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42390 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:22:08 +00:00
blogic 41ed6f55fb dnsmasq: Fix hosts file format when MAC address is not specified
An entry like this in /etc/config/dhcp:

    config 'host'
        option 'name' 'pc2'
        option 'ip' '192.168.100.56'
        option 'dns' '1'

results in a /tmp/hosts/dhcp entry that looks like this:

    192.168.100.56 .lan

Obviously it should say "pc2.lan".

This happens because $name is set to "" in order to support the MAC-less
syntax: "--dhcp-host=lap,192.168.0.199".  Fix this by reordering the
operations.  Also, refuse to add a DNS entry if the hostname or IP is
missing.

Fixes #17683

Reported-by: Kostas Papadopoulos <kpapad75@travelguide.gr>
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>

Backport of r42319

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42389 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:22:06 +00:00
blogic abd77939b4 dnsmasq: Create rDNS records for LuCI "Hostnames"
LuCI creates "domain" UCI config sections, which the dnsmasq init file
then, currently, translates into "address" config lines. This is not
the correct usage of "address" (see r36943), and also causes rDNS
records to not be created. This patches dnsmasq.init to utilize the
additional hosts file introduced in r40799 for such domain names,
resolving both issues.

Signed-off-by: Tyler Fenby <tylerf@securecominc.com>

Backport of r42318

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42388 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:22:05 +00:00
blogic cb8f6fa0b4 package/*: remove useless explicit set of function returncode
somebody started to set a function returncode in the validation
stuff and everybody copies it, e.g.

myfunction()
{
	fire_command

	return $?
}

a function automatically returns with the last returncode,
so we can safely remove the command 'return $?'. reference:

http://tldp.org/LDP/abs/html/exit-status.html
"The last command executed in the function or script determines the exit status."

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>

Backport of r42278

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42379 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:21:54 +00:00
blogic e848b54b53 firewall: the firewall did not start properly on boot
https://dev.openwrt.org/ticket/17593

Signed-off-by: John Crispin <blogic@openwrt.org>

Backport of r42233

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42374 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:21:46 +00:00
blogic 64098682a1 ppp: enable IPv6CP by default
Signed-off-by: Steven Barth <steven@midlink.org>

Backport of r42158

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42355 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:21:11 +00:00
blogic 921a5bb956 firewall: fix potential NULL pointer access
Properly skip struct ifaddr entries with NULL ifa_addr, thanks Kostas Papadopoulos for reporting.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42138

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42354 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:21:09 +00:00
blogic f76ea8c4ef firewall: implement selective conntrack flushing (#10225)
Utilize the new selective conntrack flushing facility to clear
out active conntrack entries referring to old IP addresses after
a firewall reload.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42114

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42353 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:21:07 +00:00
blogic 4eebf6dfc4 hostapd: fix some whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>

Backport of r42111

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42351 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-09-01 13:21:04 +00:00
nbd 3bbd43553f netifd: update to the latest version, adds interface cleanup fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r42345

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42347 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-08-31 13:09:15 +00:00
nbd 6ac1ae4938 netifd: update to the latest version, fixes proto-shell teardown after renew
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r42344

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42346 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-08-31 13:09:14 +00:00
jow dc422c5293 BB: uhttpd: do not configure TLS parameters if libustream-ssl is not present
A quite frequent problem after sysupgrading from an older, SSL enabled build
is that ustream-ssl is not installed so uhttpd fails to come up again due to
https listening directives in the preserved configuration.

Skip key/cert and ssl listen options when libustream-ssl.so is not present.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42284

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42286 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-08-25 12:46:35 +00:00
jow 6c3fc907a4 BB: iwinfo: properly decode SSIDs when scanning through wpa_supplicant
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42273

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42285 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-08-25 12:46:27 +00:00
cyrus 8583b7ca2c odhcp6c: enable softwires support by default
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42275 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-08-25 06:12:19 +00:00
cyrus fef411a8e3 odhcpd: fix static lease behavior with dhcpv4
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42271 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-08-24 08:13:42 +00:00