Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47419
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47499 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47292
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47495 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: John Crispin <blogic@openwrt.org>
Backport of r47240
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47241 3c298f89-4303-0410-b956-a3cf2f4a3e73
adds URL alias support
Signed-off-by: John Crispin <blogic@openwrt.org>
BAckport of r47206
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47231 3c298f89-4303-0410-b956-a3cf2f4a3e73
The two commits
5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291
"allow request handlers to disable chunked reponses"
and
618493e378e2239f0d30902e47adfa134e649fdc
"file: disable chunked encoding for file responses"
broke the chunked transfer encoding handling for proc responses in keep-alive
connections that followed a file response with http status 204 or 304.
The effect of this bug is that cgi responses following a 204 or 304 one where
sent neither in chunked encoding nor with a content-length header, causing
browsers to stall until the keep alive timeout was reached.
Fix the logic flaw by inverting the chunk prevention flag in the client state
and by testing the chunked encoding preconditions every time instead of
once upon client (re-)initialization.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r47161
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47162 3c298f89-4303-0410-b956-a3cf2f4a3e73
One second is not enough for some devices to ackowledge null data frame
which is sent at the end of ap_max_inactivity interval. In particular,
this causes severe Wi-Fi instability with Apple iPhone which may take
up to 3 seconds to respond.
Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Backport of r47149
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47150 3c298f89-4303-0410-b956-a3cf2f4a3e73
When using FullMAC drivers (e.g. brcmfmac) we don't get mgmt frames so
check for banned client in probe request handler won't ever be used.
Since cfg80211 provides us info about STA associating let's put a check
there.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Backport of r47064
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47065 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r47055
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@47060 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46807
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46808 3c298f89-4303-0410-b956-a3cf2f4a3e73
backport of r46737
Add CONFIG_IEEE80211W variable to DRIVER_MAKEOPTS so that 802.11w
support is properly compiled in full variant.
This fixes#20179
Signed-off-by: Janusz Dziemidowicz <rraptorr@nails.eu.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46751 3c298f89-4303-0410-b956-a3cf2f4a3e73
backport of r46688
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46689 3c298f89-4303-0410-b956-a3cf2f4a3e73
this is required by the new button timeout feature
Signed-off-by: John Crispin <blogic@openwrt.org>
Backport of r46471
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46581 3c298f89-4303-0410-b956-a3cf2f4a3e73
found with strace, not sure we got all of them though
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Backport of r46467
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46511 3c298f89-4303-0410-b956-a3cf2f4a3e73
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Backport of r46156
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46157 3c298f89-4303-0410-b956-a3cf2f4a3e73
This is for security precautions. As persist_tun and persist_key are
already there, this should not cause compatibility issue.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45961 3c298f89-4303-0410-b956-a3cf2f4a3e73
- fix iconv detection because it adds host paths
- disable python detection (host python-config is found)
iconv issue is reported by buildbot config.log + replicated locally
see config.log in logs.tar.gz
python issue observed locally on Arch Linux
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45953 3c298f89-4303-0410-b956-a3cf2f4a3e73
Adds PPP unnumbered support via the parameter unnumbered which points to a logical OpenWRT interface.
The PPP proto shell handler will "borrow" an IP address from the unnumbered interface (if multiple
IP addresses are present the longest prefix different from 32 will be "borrowed") for which a host
interface dependency will be created. Due to the host interface dependency the PPP unnumbered interface
will only "borrow" an IP address from an interface which is up.
The borrowed IP address will be shared as local IP address by the PPP daemon and no other local IP
will be accepted from the peer in the IPCP negotiation.
A typical use case is the usage of a public IP subnet on the Lan interface which will be shared
by the PPP interface as local IP address.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45948 3c298f89-4303-0410-b956-a3cf2f4a3e73
The file is not available at the older path any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45910 3c298f89-4303-0410-b956-a3cf2f4a3e73
This prevents auto-detection of libxml2 and thus the error:
Package lldpd is missing dependencies for the following libraries:
libxml2.so.2
Preventing a dependency to libxml2 is preferred, since libxml2
would be a out-of-(core-)tree dependency.
Reported-by: Buildbot
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45859 3c298f89-4303-0410-b956-a3cf2f4a3e73
Also set HTTPS environment variable for CGI programs on SSL connections.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45852 3c298f89-4303-0410-b956-a3cf2f4a3e73
Bump dnsmasq to v2.73rc8
Important - fixes remotely exploitable buffer overflow introduced in all v2.73 test/release candidates.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45693 3c298f89-4303-0410-b956-a3cf2f4a3e73
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.
The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.
Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.
References:
* https://dev.openwrt.org/ticket/19101
* https://community.openvpn.net/openvpn/ticket/524
* https://github.com/ARMmbed/mbedtls/pull/185
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45602 3c298f89-4303-0410-b956-a3cf2f4a3e73
