aboutsummaryrefslogtreecommitdiff
path: root/net
Commit message (Collapse)AuthorAge
...
* | | | | | | Merge pull request #12093 from pprindeville/openssh-no-ecdsa-hostkeyPhilip Prindeville2020-05-06
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | openssh-server: deprecate the ecdsa HostKey
| * | | | | | | openssh-server: deprecate the ecdsa HostKeyPhilip Prindeville2020-05-05
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The init.d script for sshd never generates an ecdsa HostKey as seen here: for type in rsa ed25519 do # check for keys key=/etc/ssh/ssh_host_${type}_key [ ! -f $key ] && { # generate missing keys [ -x /usr/bin/ssh-keygen ] && { /usr/bin/ssh-keygen -N '' -t $type -f $key 2>&- >&- } } done so we'll never succeed at loading one. Get rid of the resultant error message in logging: May 5 17:13:59 OpenWrt sshd[20070]: error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* | | | | | | shadowsocks-libev: ignore error from flushing route tableYousong Zhou2020-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Linux kernel and iproute2 together now implement strict checking of the existence of route tables. Previously kernel does not support filtering by table id, now it does and will error with nlmsgerr "ipv4: FIB table does not exist". Previously iproute2 dump all routes and filter by table id in userspace, now this has changed with iproute2 commit c7e6371bc4af ("ip route: Add protocol, table id and device to dump request") Error scene root@OpenWrt:/# ip route flush table 100 Error: ipv4: FIB table does not exist. Flush terminated root@OpenWrt:/# echo $? 2 Fixes: https://github.com/openwrt/packages/issues/12095 Ref: https://lists.openwall.net/netdev/2019/05/02/105 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* | | | | | | Merge pull request #12092 from wongsyrone/patch-1Rosen Penev2020-05-05
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | wsdd2: fix infinite loop when BI_PARM is never set
| * | | | | | | wsdd2: bump PKG_RELEASE; refine init scriptSyrone Wong2020-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
| * | | | | | | wsdd2: fix infinite loop when BI_PARM is never setSyrone Wong2020-05-06
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If BI_PARM is never set, it's "" and causes infinite loop (before my PR sent upstream) or error out (after my PR sent upstream). Append -b option only if it's valid. Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
* / / / / / / libevhtp: Fix dependencies not selected when building static libraryJeffery To2020-05-05
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When libevhtp is added to a package's PKG_BUILD_DEPENDS (i.e. for seafile-server), libevhtp's target package dependencies are not automatically selected, in particular libevent2-openssl and libevent2-pthreads. Moreover, if libevent-openssl and libevent2-pthreads are not selected, OpenSSL and thread support are disabled when compiling libevent2, which in turn causes a compile error when building libevhtp. This adds a config option, LIBEVHTP_BUILD_DEPENDS, that will select libevent2-openssl and libevent2-pthreads (via LIBEVHTP_BUILD_SELECT) when it is selected. Other build dependencies are moved to PKG_BUILD_DEPENDS. This also updates seafile-server to remove the (indirect) dependencies added in 13d843fec1cd3281cc469fc74de302c1f793b723 and instead select LIBEVHTP_BUILD_DEPENDS. This also updates the maintainer's email address and adds myself as another maintainer. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* | | | | | Merge pull request #12079 from stangri/master-vpn-policy-routingRosen Penev2020-05-04
|\ \ \ \ \ \ | | | | | | | | | | | | | | vpn-policy-routing: support phys-dev policies
| * | | | | | vpn-policy-routing: support phys-dev policiesStan Grishin2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.net>
* | | | | | | freeradius3: Fix to init script.Eiji MATSUMOTO2020-05-05
|/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To use eap tls, 'tmpdir' must be created before server starts. This 'tmpdir' is used to store and verify client certificate, and therefore radiusd do 'chmod go-rwx'. If 'tmpdir' does NOT exists, server failed to start and default 'tmpdir' is '/tmp/radiusd'. So init script MUST create default 'tmpdir' like other directories. Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
* | | | | | acme: Bump acme.sh to v2.8.6Toke Høiland-Jørgensen2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* | | | | | acme: Remove luci-app-acmeToke Høiland-Jørgensen2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Luci app for ACME has been moved to the luci package feed. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* | | | | | keepalived: update PKG_RELEASE numberFlorian Eckert2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | | keepalived: add script security param to fix warningFlorian Eckert2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Openwrt is a single user system. So keepalived is runnig as root. If we add the config options `script_user root` and `enabled_script_security' the following warnings are gone. > local1.info Keepalived_vrrp[5382]: SECURITY VIOLATION - scripts are being executed but script_security not enabled. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | | keepalived: move linkbeat_use_polling section into main sectionFlorian Eckert2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | | keepalived: move alt_config_file check into process_configFlorian Eckert2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | | keepalived: add upgrade script for globals sectionFlorian Eckert2020-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* | | | | | Merge pull request #12039 from lucize/frrrefRosen Penev2020-05-03
|\ \ \ \ \ \ | | | | | | | | | | | | | | frr: makefile cleanup and misc fixes
| * | | | | | frr: makefile cleanup and misc fixesLucian Cristian2020-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fix mips runtime by backporting some yang changes from master added commited fixes to 7.3 also add option for snmp support Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* | | | | | | Merge pull request #12069 from stangri/master-vpn-policy-routingRosen Penev2020-05-03
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | vpn-policy-routing: bugfix: remove non-ASCII from log; update README
| * | | | | | | vpn-policy-routing: bugfix: remove non-ASCII from log; update READMEStan Grishin2020-05-03
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.net>
* | | | | | | Merge pull request #12056 from stangri/master-vpnbypassHannu Nyman2020-05-03
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | vpnbypass: bugfix: remove non-ASCII from system log; update README
| * | | | | | | vpnbypass: bugfix: remove non-ASCII from system log; update READMEStan Grishin2020-05-02
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stan Grishin <stangri@melmac.net>
* | | | | | | Shorewall6: Bump to 5.2.4.4W. van den Akker2020-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
* | | | | | | Shorewall: Bump to 5.2.4.4W. van den Akker2020-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
* | | | | | | Shorewall6-lite: Bump to 5.2.4.4W. van den Akker2020-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
* | | | | | | Shorewall-lite: Bump to 5.2.4.4W. van den Akker2020-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
* | | | | | | Shorewall-core: Bump to 5.2.4.4W. van den Akker2020-05-03
|/ / / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: W. van den Akker <wvdakker@wilsoft.nl>
* | | | | / ddns-scripts: Add digitalocean as DDNS providerJeroen Peelaerts2020-05-03
| |_|_|_|/ |/| | | | | | | | | | | | | | Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
* | | | | bind: update to version (security fix)Jan Pavlinec2020-05-01
| |/ / / |/| | | | | | | | | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* | | | ocserv: updated to 1.0.1Nikos Mavrogiannopoulos2020-05-01
| | | | | | | | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
* | | | openconnect: updated to 8.09Nikos Mavrogiannopoulos2020-05-01
|/ / / | | | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
* | | Merge pull request #11798 from GuLinux/patch-1Nikos Mavrogiannopoulos2020-05-01
|\ \ \ | | | | | | | | openconnect: Allow to set `usergroup` option
| * | | openconnect: Allow to set `usergroup` option in OpenConnectMarco Gulino2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | Just adding the extra option `-g|--usergroup <group>` (required by the VPN server I'm currently using) Signed-off-by: Marco Gulino <marco@gulinux.net>
* | | | snort: bump to 2.9.15.1Ian Cooper2020-04-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix compilation error with x86_64 glibc Fix changed download location on snort.org Signed-off-by: Ian Cooper <iancooper@hotmail.com>
* | | | Merge pull request #12021 from eglooca/masterRosen Penev2020-04-30
|\ \ \ \ | | | | | | | | | | netifyd: Updated to v3.00
| * | | | netifyd: Updated to v3.00Darryl Sokoloski2020-04-30
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Darryl Sokoloski <darryl@sokoloski.ca>
* | | | | uacme: add support for user-provided setup and cleanup scriptsAntti Seppälä2020-04-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add possibility for user to provide setup and cleanup scripts for additional flexibility. Setup-script takes precedence over the built-in behavior of uacme. This helps users with more complex use-cases to utilize uacme to update certificates without adding complexity to the provided run.sh script. Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
* | | | | acme: add support for user-provided setup and cleanup scriptsAntti Seppälä2020-04-30
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add possibility for user to provide setup and cleanup scripts for additional flexibility. Setup-script takes precedence over the built-in behavior of acme. This helps users with more complex use-cases to utilize acme to update certificates without adding complexity to the provided run.sh script. Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
* | | | mwan3: Update MakefileBrian J. Murrell2020-04-30
| | | | | | | | | | | | Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
* | | | mwan3: Don't use /128 address for ping sourceBrian J. Murrell2020-04-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An interface can have both a /64 and a /128 from a provider. In such a case, use the address from the /64 to do the ping check, not the /128. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
* | | | Merge pull request #11998 from jefferyto/uwsgi-pypiRosen Penev2020-04-29
|\ \ \ \ | |/ / / |/| | | uwsgi: Use pypi.mk to download source tarball
| * | | uwsgi: Use pypi.mk to download source tarballJeffery To2020-04-29
| | |/ | |/| | | | | | | | | | | | | | | | This also removes PKG_BUILD_DIR, which does not need to be explicitly set. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* | | switchdev-poller: netifd now keep dev downLuiz Angelo Daros de Luca2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since 19.07, netifd will not try to bring a device up after someone brought it down. This way, there is no need to rename the device. It also fixes a rename error on 19.07 when the *_down device was being in use (by netifd?). Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* | | Merge pull request #11997 from jefferyto/scapy-python-packageRosen Penev2020-04-29
|\ \ \ | | | | | | | | scapy: Use Python packaging, PyPI download
| * | | scapy: Use Python packaging, PyPI downloadJeffery To2020-04-29
| |/ / | | | | | | | | | | | | | | | | | | This updates the package to use the default Python package build recipe, adds a src package, and changes to download from PyPI (using pypi.mk). Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* | | Merge pull request #12001 from jefferyto/radicale2-cleanupRosen Penev2020-04-29
|\ \ \ | | | | | | | | radicale2: Clean up Makefile
| * | | radicale2: Clean up MakefileJeffery To2020-04-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove preinst, the default prerm script will stop the service * Use default Python package filespec and shebang fix Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* | | | travelmate: fix captive portal detectionDirk Brenken2020-04-29
| | | | | | | | | | | | | | | | | | | | * made captive portal detection more bullet proof, fixes #11990 Signed-off-by: Dirk Brenken <dev@brenken.org>
* | | | Merge pull request #11968 from yangfl/masterToke Høiland-Jørgensen2020-04-29
|\ \ \ \ | |/ / / |/| | | acme: fix some errors
Powered by cgit, Themed by Ted Yin.