| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from commit ac771313ebedd2c4bfda8adef47650d45d77c32d
portidsubtype takes 1 of 2 possible keywords which do not need quoting:
configure lldp portidsubtype ifname | macaddress
The third keyword 'local' is used in the syntax when individual ports
are being defined:
configure [ports ethX [,…]] lldp portidsubtype local value
When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
from commit c98ee4dbb3db0f064d990941cdd82e872da76946
agent-type takes 1 of 3 possible keywords which do not require quoting:
configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
| nearest-customer-bridge
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
'capabilities enabled x' where x is a string of CSV
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
from commit 24176a6bdd8f26040a97960868fd0d9ee968d695
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
from commit 1be2088a5247b2cfabe8be991c1e52ddaf780a16
The original PR #13018 did not exhibit this.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
| |
Supplementary fix for PR #14193
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Supplementary fix for PR #14193 and commit
b67182008fd124706be0ec3ce67347447554ffd5
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
|
| |
|
|
|
|
|
| |
163a640fef30 devices: add device id for Qualcomm Atheros QCA6174
8ffb8bfd1115 devices: add add Qualcomm Atheros IPQ6018 WiSoC compatible
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
| |
pass '-q' switch to uci to prevent spurious output
Signed-off-by: Paul Donald <newtwen@gmail.com>
|
| |
|
|
|
|
| |
dnsmasq --dhcp-boot option uses 'tag' instead of 'net' to specify tags
Signed-off-by: Julius Lehmann <lehmanju@devpi.de>
|
| |
|
|
|
|
|
|
|
| |
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In some situations (slow protocol or interfaces with auto 0), the
interfaces are not available during the dnsmasq initialization and
hence, the ignore setting will be skipped.
Install an interface trigger for ignored interfaces in case their
ifname cannot be resolved.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
| |
Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
| |
Fixes an error in wifi detection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
| |
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)
closes #10849
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
dropbear may be configured and compiled with support for different host key types
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
| |
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
this takes an effect only if getusershell(3) is missing
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
fixes 65256aee
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
improves b78aae79
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)
various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels
adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
allow EDP support if compiled and add force EDP option
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
prevent SNMP options being passed unless lldpd supports them
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
increment Makefile package release to reflect changes to init script
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set LLDP transmit delay, hold timers to set update frequency
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to override system platform instead of using kernel name
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to force SONMP to be enabled even when no peer detected
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to force FDP when no peers detected
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to specify CDPv1 or CDPv2 and separately enable or force each
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to allow LLDP disabling while using other supported protocols
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option portidsubtype to correct port identifiers and descriptions
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set agent-type to control propogation
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to enable LLDP MED fast-start and set fast-start timer
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to disable LLDP-MED inventory TLV transmission
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to disable advertising kernel version
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add filter option to init script.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
| |
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
|
|
| |
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|