| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
e91ed40 ubus: assume that the service iface can be NULL
4094a3c interface: remove unused peer field
8a0c9db interface: add missing cache cleanup on interface free
3b341f4 add the ability to announce additional hostnames
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
Make sure /etc/umdns/ is accessiable for the umdns process if it
exists and umdns is run with umdns.@umdns[0].jail='1'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
| |
These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Add Generic Packet Tunneling in IPv6 Specification (RFC 2473) support.
Signed-off-by: Arayuki Mago <ms@missing233.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
|
| |
|
|
|
|
|
| |
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.
Fixes: 838a27f64f56 ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |
|
|
|
|
| |
update Makefile URL
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
No functionality/behaviour changes; code is synonymous
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
For certain lldp_class scenarios (2 & 3) a policy must be set also.
Class 4 is default, although it's good to handle the policy eventuality.
Here, set a default lldp_policy for all lldp_class scenarios. Any
lldp_policy can now be set.
Depends on PR #14584 (which introduced an `if` block)
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously only partially implemented. After commit
5007f488bb5e1b556052ef246bd3822fed8d09d2 lldp_location was never removed
Now, add the value of lldp_location to the generated config.
The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'
Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from commit 909f0630663d7ae1471c76154516e3299992a150
Now pass two params to get_config_cid_ifaces() for:
cid_interface
interface
Each of which is a CSV of interfaces.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
from commit a5f715da713304972467612d6934130ce3aa2837
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from commit ac771313ebedd2c4bfda8adef47650d45d77c32d
portidsubtype takes 1 of 2 possible keywords which do not need quoting:
configure lldp portidsubtype ifname | macaddress
The third keyword 'local' is used in the syntax when individual ports
are being defined:
configure [ports ethX [,…]] lldp portidsubtype local value
When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
from commit c98ee4dbb3db0f064d990941cdd82e872da76946
agent-type takes 1 of 3 possible keywords which do not require quoting:
configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
| nearest-customer-bridge
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
'capabilities enabled x' where x is a string of CSV
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
from commit 24176a6bdd8f26040a97960868fd0d9ee968d695
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
from commit 1be2088a5247b2cfabe8be991c1e52ddaf780a16
The original PR #13018 did not exhibit this.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
Supplementary fix for PR #14193
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Supplementary fix for PR #14193 and commit
b67182008fd124706be0ec3ce67347447554ffd5
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
|
| |
|
|
|
|
|
| |
163a640fef30 devices: add device id for Qualcomm Atheros QCA6174
8ffb8bfd1115 devices: add add Qualcomm Atheros IPQ6018 WiSoC compatible
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
| |
pass '-q' switch to uci to prevent spurious output
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
| |
dnsmasq --dhcp-boot option uses 'tag' instead of 'net' to specify tags
Signed-off-by: Julius Lehmann <lehmanju@devpi.de>
|
| |
|
|
|
|
|
|
|
| |
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.
Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
| |
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
| |
Fixes an error in wifi detection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
| |
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)
closes #10849
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
dropbear may be configured and compiled with support for different host key types
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
| |
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
this takes an effect only if getusershell(3) is missing
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
fixes 65256aee
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
improves b78aae79
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)
various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels
adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
allow EDP support if compiled and add force EDP option
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
prevent SNMP options being passed unless lldpd supports them
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
increment Makefile package release to reflect changes to init script
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set LLDP transmit delay, hold timers to set update frequency
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to override system platform instead of using kernel name
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|