Commit Graph

2436 Commits

Author SHA1 Message Date
champtar 8eb10fd28f Merge pull request #5012 from TDT-AG/20171025-luci-app-mwan3-fix-iface_state
net/mwan3-luci: fix iface_state on on status page for 17.01
2017-12-11 11:43:46 -08:00
Florian Eckert 78acfcc7ed net/mwan3-luci: fix iface_state on on status page
Since commit 4739584c24 the status of the
interface is not reported correctly anymore. To fix this issue do not test
if the routing table is presented use instead the "/var/run/iface_state/[iface]"
to get the interface state because the routing table will not get deleted
anymore if the interface is offline.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-11 15:21:16 +01:00
Saverio Proto feda1e4ba6 tinc: version bump 1.0.33
Signed-off-by: Saverio Proto <saverio.proto@switch.ch>
2017-11-05 04:00:10 +01:00
Matthias Schiffer 82ef2fd773 jool: fix PKG_BUILD_DIR to avoid kernel ABI mismatch
As jool builds a kernel module, a PKG_BUILD_DIR under KERNEL_BUILD_DIR must
be used to avoid reusing build artifacts when switching to a different
target of the same architecture. Otherwise, kernel ABI mismatches may
result, leading to an unusuable module, or build failures like the
following:

    Package kmod-jool is missing dependencies for the following libraries:
    crypto_hash.ko

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-10-29 18:38:59 +01:00
Stijn Tintel cd5c448758 wireguard: drop package
WireGuard was added to LEDE core. See discussion at
https://github.com/lede-project/source/pull/1409

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-16 14:08:26 +03:00
Hannu Nyman 73c9ff9274 Merge pull request #4914 from zx2c4/lede-17.01
wireguard: bump to release 0.0.20171005 for 17.01
2017-10-10 17:54:20 +03:00
Steven Hessing 9040b270b5 noddos: new backport of noddos from master branch
Signed-off-by: Steven Hessing <steven.hessing@gmail.com>
2017-10-07 21:24:43 -07:00
Jason A. Donenfeld 72e886788a wireguard: bump to release 0.0.20171005 for 17.01
WireGuard is well documented for being an experimental project, not
currently ready to be stabilized. As such, it's important for packagers
to always keep the project up to date in all contexts.

However, it is common for some projects, such as LEDE/OpenWrt to have
stable branches, which don't expect a lot of churn or modification.

The WireGuard that happened to ship with 17.01 is broken and crufty and
shouldn't be used at all. It's highly unlikely that there's anybody out
there even using it; it won't work with anything else.

So, this commit updates the 17.01 package to the latest upstream
version. Because the 17.01 stable branch can't be updated all the time,
it's important that this bump here in this commit is a stable one.

I believe 0.0.20171005 to be a fairly stable snapshot, which should be
suitable for the 17.01 branch. As stated earlier, the 0.0.20170115
currently in this branch is highly problematic. 0.0.20171005 offers
extremely important changes.

I'll continue to send package bumps for 17.01, but only for snapshot
releases that I think fix an important bug or provide a noted increase
in stability, or have similar goals to this commit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-08 01:24:29 +02:00
Hauke Mehrtens b56e6504be tor: update to version 0.2.9.12
This fixes the TROVE-2017-008 (CVE-2017-0380) security problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-24 17:54:16 +02:00
Hauke Mehrtens c69b077483 tor: update to version 0.2.9.11
This fixes CVE-2017-0376

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-24 17:53:13 +02:00
Marcin Jurkowski 4739584c24 mwan3: fix interface-bound traffic when interface is offline
This is a backport of 66406f9 to LEDE 17.01 and replaces hotfix 282e900.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
2017-09-14 10:00:34 +02:00
Thomas Heil d61bf45c3c haproxy: update to 1.7.8 and pending patches
- fixes reload issue with hanging process

Signed-off-by: Thomas Heil <heil@terminal-consulting.de>
2017-09-03 15:16:49 +02:00
Stijn Tintel ad256bbfa7 strongswan: fix typo
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 4660504c61)
2017-09-02 12:29:35 +03:00
Stijn Tintel a700729158 strongswan: add curve25519 plugin
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit a268689adc)
2017-09-02 12:29:13 +03:00
Stijn Tintel 1143cb9b2c strongswan: bump to 5.5.3
Fixes CVE-2017-9022, CVE-2017-9023.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 960006be50)
2017-09-02 12:28:42 +03:00
Stijn Tintel 384e89b3d7 strongswan: bump to 5.5.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 18b076ab93)

Conflicts:
	net/strongswan/Makefile
2017-09-02 12:26:26 +03:00
champtar 4e845ad639 Merge pull request #4722 from TDT-GmbH/mwan3-fixes
net/mwan3: fixes for mwan3 (lede-17.01)
2017-08-25 14:10:45 -07:00
Florian Eckert fe233e3596 net/mwan3: update Makefile
- Update version
- Update maintainer to me

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-08-25 08:01:27 +02:00
Eric Luehrsen 42f465707f unbound: update to 1.6.5
This fixes the root.key file if created when unbound is installed between sep11 and oct11 2017

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-08-21 23:45:42 -04:00
Florian Eckert a3c78648cb net/mwan3: remove lock file on mwan3 stop
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 5e123852bc)
2017-08-17 11:57:40 +02:00
Florian Eckert 282e90014e net/mwan3: fix ping issue if last interface recovers from failure
Even though error was fixed the interface checks still fails, if last_resort
was set to blackhole or unreachable.

To fix this issue do not remove failure interface from iptables change on
down event.

Reported-by: Colby Whitney <colby.whitney@luxul.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 6d99b602fd)
2017-08-17 11:51:15 +02:00
Florian Eckert 94a5233619 net/mwan3: fix ipset generation in hotplug script with an lock
Fix critical section during hotplug events.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit a4fbc7eba6)
2017-08-17 11:49:01 +02:00
Florian Eckert 822bc96b7c net/mwan3: add lock for mwan3 hotplug script
If more then one interface get up/down at once mwan3 could be in a
undefined state, because more then one mwan3 hotplug script are running
and editing the iptables.

Lock the critical section should solve this issue.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit b6e9debc1b)
2017-08-17 11:46:27 +02:00
Florian Eckert 70d96f5dcc net/mwan3: add connected network regardless of mwan3 interface enable state
If netifd set an interface up/down which is not tracked by mwan3 the
connected network of that interface should regardless be added/removed to the
mwan3_connected ipset.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit f94975b71f)
2017-08-17 11:46:27 +02:00
Florian Eckert 8a111b5b27 net/mwan3: mwan3track interrupt sleep on signal (trap) event
Sleep will be aborted if a signal is send to this process.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 7e80e83dfd)
2017-08-17 11:31:23 +02:00
Florian Eckert eefc65b014 net/mwan3: fix hotplug on ACTION ifdown
On dynamic interface proto (dhcp/pppoe) the hotplug will not execude (exit 9)
because the gateway is already released. The check will now only be made
on a ifup ACTION event.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 28c8b664e4)
2017-08-17 11:25:30 +02:00
Karl Palsson 7fb33ad6b6 mosquitto: properly use localhost instead of ipv4
On some environments, connecting to localhost was resolving to ::1,
which didn't match the bind to the explicit 127.0.0.1.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-08-16 15:02:17 +00:00
Karl Palsson 75f50611ce mosquitto: support more config options in UCI
Added many more UCI config options, particularly for bridge connections

The recently introduced username/password options for bridges are kept,
even though they have been deprecated upstream for a while.  In keeping
with this, while support is kept in UCI, the generated mosquitto.conf
file will always generate the "modern" remote_username/remote_password
options preferred by mosquitto instead.

Likewise for bridge clientid and remote_clientid options.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-08-16 15:02:17 +00:00
Toke Høiland-Jørgensen 956ef7a855 acme: Make sure postrm script doesn't fail
Fixes #4716.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-08-16 01:10:55 +02:00
Daniel H 788f17e98d acme: Fix for curl linked against mbed TLS. (#4254)
Use newest acme.sh release (2.6.8).
Remove dependency on ca-certificates and add dependency on ca-bundle.
Update environment variable.

Signed-off-by: Daniel Halmschlager <da@halms.at>

Backport to 17.01 for compatibility with 17.01.2, but keep the old envvar so
it'll hopefully keep working for users who haven't upgraded.

Closes #4579, closes #4699.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-08-13 22:15:10 +02:00
Jo-Philipp Wich 5383fd42e9 nlbwmon: update to latest version
Changes since last update:

32fc092 build: remove extraneous _GNU_SOURCE defines
096aaa3 build: compile with -D_GNU_SOURCE
76487b5 transform to source-only repository

Fixes build with uClibc and eglibc toolchains.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-05 14:23:52 +02:00
Jo-Philipp Wich 29fb31fe83 nlbwmon: add package
This commit introduces nlbwmon, the lightweight NetLink BandWidth Montor.

The nlbwmon daemon gathers per-host traffic statistics by querying netlink
accounting data. Due to this approach, the executable is very small and does
not rely on libpcap and CPU intensive raw sockets to monitor traffic.

Besides raw per-host traffic counters, nlbwmon also support rudimentary
traffic classification by observing IP protocols and used port numbers.

Gathered accounting data is stored into a series of database files which
are regularily committed to persistent storage.

Refresh, commit and accounting intervals are freely configurable as well
as the layer7 protocol mapping rules and observed source subnets.

This package also bundles a cli client which can be used to dump the
gathered traffic data as JSON, CSV or plaintext data. A pull request to
add a graphical LuCI frontend for nlbwmon is pending.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-05 14:23:52 +02:00
Karl Palsson ce5ff27473 mosquitto: update to 1.4.14
Fixes a regression due to the CVE fix in the recently released 1.4.13.

https://mosquitto.org/2017/07/version-1-4-14-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-07-11 13:22:50 +00:00
Karl Palsson bdac491469 mosquitto: update to 1.4.13
Primarily a bugfix release for a CVE that doesn't affect lede/openwrt,
but also includes some websockets perfomance fixes.

Release notes at https://mosquitto.org/2017/07/version-1-4-13-released/

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-07-10 16:50:20 +00:00
Rafał Miłecki f2539c5847 lighttpd: backport more mod_cgi fixes queued for 1.4.46
The most important change is local redirects being disabled by default.
There is an option called cgi.local-redir that allows enabling this
optimization manually back if needed.

Local redirects were initially introduced in 1.4.40 but caused many
problems for *some* web services.

One of problems is breaking Post/Redirect/Get design pattern. With
redirects handled on server side there is no browser redirection making
it "lose" the POST data.

Another possible issue are HTML forms with action="". With CGI local
redirects browser may be sending form data to the wrong URL (the one
that was supposed to redirect the browser).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-29 10:23:59 +02:00
Yousong Zhou b91c48ba6c openconnect: new option mtu
According to openconnect --help output:

  -m, --mtu=MTU                   Request MTU from server
      --base-mtu=MTU              Indicate path MTU to/from server

Fixes #2099 by allowing setting tunnel mtu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 13:13:08 +02:00
Yousong Zhou 7af43217f5 openconnect: drop stale config: interface
It was introduced with 41f8d5465 ("openconnect: fix a couple of minor
things and add an interface option") and not needed since 4083de9d7
("openconnect: use proto_add_host_dependency")

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 13:13:03 +02:00
Qian 9c9571fd2c openconnect: Bump openconnect to 7.08
Bump openconnect to 7.08. Remove patch as it is included in the
upstream source.

Signed-off-by: Qian Sheng billsq@billsq.me
2017-06-18 13:12:52 +02:00
Karl Palsson dc558eaa29 mosquitto: fix empty client-nossl package
Fallout of PROVIDES handling.
Fixes: https://github.com/openwrt/packages/issues/4432

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-06-07 16:06:11 +00:00
Hauke Mehrtens 53d18a45de tor: update to version 0.2.9.10
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-05 19:49:18 +02:00
Karl Palsson 8844d7e2d4 net/mosquitto: bump to 1.4.12 for CVE-2017-7650
Dot release, primarily due to CVE-2017-7650 but also rolls up some
earlier patches.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-05-29 11:12:55 +00:00
Hannu Nyman 254f6b05a1 vsftpd: create directory for extra config files
* create /etc/vsftpd directory for extra config files
  like userlist, certificate and key
* modify config file to use that directory
* include that directory in conffiles for backup

* use PKG_HASH
* update URL

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 3f390c5509)
2017-05-09 17:52:54 +03:00
Nikos Mavrogiannopoulos 0161310d85 ocserv: updated to 0.11.8
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2017-05-08 05:58:30 +02:00
Karl Palsson bd32212234 net/mosquito: bump to 1.4.11
Full changelog available at:
https://mosquitto.org/2017/02/version-1-4-11-released/

Mostly ipv6 and websockets fixes, but requires a patch (submitted
upstream) to work around an accidental glibc dependency upstream.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-05-05 11:39:02 +00:00
Karl Palsson 91605abdf8 net/mosquitto: support more config fields in init script
Adds the "notifications" option which is important when connecting
mosquitto to rabbitmq for instance.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-05-05 11:39:02 +00:00
David Thornley 56178f5c34 net/mosquitto: Added further security configuration options for bridge section
Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
2017-05-05 11:39:02 +00:00
Karl Palsson 245c21e4ad net/mosquitto: use PROVIDES for -client tools also
Earlier, PROVIDES handling was clarified for the broker and the library.
Use the same style to properly provide the -client-ssl and -client-nossl
packages.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-05-05 11:39:02 +00:00
Dirk Brenken 710965eb12 adblock: backport updates to 2.6.2
Backport updates in 2.5.0-2.6.2 from master.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-04-30 00:01:55 +03:00
Val Kulkov 51e67dae00 subversion: add unixodbc dependency
Compile tested: LEDE HEAD

If unixodbc package is present in the environment, subversion
fails to compile due to missing dependencies.

Fixes the dependency on unixodbc if unixodbc package is selected.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>

(cherry picked from commit 06a529df35)
2017-04-19 17:19:18 +03:00
Hannu Nyman 8e1027aa1a lighttpd: disable trigger_b4_dl module due to buildbot failure
trigger_b4_dl fails to build in the 17.01 buildbot and that causes
also three other modules to be unbuilt (userdir, usertrack, webdav).

As a quick fix, disable trigger_b4_dl to see if the three missing
modules then build ok in the buildbot.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-04-18 16:16:37 +03:00