* 5.01.9672 release
* Cedar: handle UDP acceleration and R-UDP versions
* Mayaqua: implement R-UDP version 2, powered by ChaCha20-Poly1305
* Cedar: implement UDP acceleration version 2, powered by ChaCha20-Poly1305
* Cedar: serve new web management interface
* Cedar: implement detailed protocol info
* Mayaqua: add Windows Server 2019 to the supported operating systems list
* Cedar: various fixes
* Cedar: add "DisableIPsecAggressiveMode" option
* Make install dir for unit files configurable
* Protocol.c: adapt ClientConnectGetSocket() for new proxy functions
* Wpc.c: adapt WpcSockConnectEx() for new proxy functions
* Protocol: add ProxyCodeToCedar()
* Move generic proxy stuff from Cedar to Mayaqua
* Proto_OpenVPN.c: improve OvsProcessData(), fix out-of-bounds access found by Coverity
* Proto_OpenVPN.c: fix segmentation fault in OvsProceccRecvPacket()
* Addressing the UDP reflection amplification attack: https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1001
* Mayaqua.h: include <stdarg.h> for "va_list" on Illumos
* Protocol.c: fix bug in ClientConnectGetSocket() causing custom HTTP header not to work
* Mayaqua: move HTTP functions from "Network" to "HTTP"
* Move GetMimeTypeFromFileName() and related structure to Mayaqua
* Mayaqua.h: include <stdio.h> for "FILE"
* Mayaqua.h: include <stddef.h>, for "wchar_t"
* Bump mixin-deep in /src/bin/hamcore/wwwroot/admin/default
* - Fixed the problem occurs when RPC messages between Cluster Members exceed 64Kbytes. - Fixed the RADIUS PEAP client to use the standard TLS versioning. - Implementation of a function to fix the MAC address of L3 VPN protocol by entering e.g. "MAC: 112233445566" in the "Notes" field of the user information. - Implementation of a function to fix the virtual MAC address to be assigned to the L3 VPN client as a string attribute from RADIUS server when authentication.
* Updating built-in Win32 libraries - OpenSSL 1.1.1 -> 1.1.1d - zlib 1.2.3 -> 1.2.11
* Update strtable_cn.stb
* Avoid using hardcoded paths in log file enumeration
* Fix buffer overflow during NETBIOS name resolution
* Update SEVPN.sln
* Create strtable_pt_br.stb
* ci: display error if vpntest failed
* Fix several compile warnings on MS VC++ 2008.
* Enables crash minidump for Win32 vpntest. Minidump files will be saved to the 'C:\Users\<username>\AppData\Local\Temp\vpn_debug' (for normal user) or 'src\bin\vpn_debug\' (for administrator user).
* OpenVPN: use new protocol interface
* Add interface for easy protocol implementation
* add "no-deprecated" to openssl builds "no-deprecated" is widely used in openwrt devices
* Fix LibreSSL support
* Switch to OpenSSL THREADID API
* travis-ci: update openssl, libressl
* enable sonar-scan in travis-ci builds
* Virtual: fix race condition in DHCP server which resulted in multiple clients receiving the same IP
* Mayaqua: Fix compilation without deprecated OpenSSL APIs
* Mayaqua: Replace GNU specific sys/poll.h header with POSIX poll.h
* systemd: replace deprecated CAP_SYS_ADMIN with CAP_SYSLOG
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
This is useful to assign all traffic to a fw3 zone, e.g.:
/etc/config/ipsec:
config remote 'test'
list tunnel 'dev'
...
config 'tunnel' 'dev'
option reqid '33'
...
/etc/config/firewall:
config zone
option name wan
option extra_src "-m policy --pol none --dir in"
option extra_dest "-m policy --pol none --dir out"
...
config zone
option name vpn
# subnet needed for firewall3 before 22 Nov 2019, 8174814a
list subnet '0.0.0.0/0'
option extra_src "-m policy --pol ipsec --dir in --reqid 33"
option extra_dest "-m policy --pol ipsec --dir out --reqid 33"
...
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
* cifsd-tools: fix Assignment of a signed value which has type 'long'
* init: convert hide_dot_files to yes/no option
* 'read only = no' seems bugged for cifsd/smb.conf, so fix via 'writeable = yes'
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
Change deprecated options to a new one:
DetectBrokenExecutables to AlertBrokenExecutables
ArchiveBlockEncrypted to AlertEncrypted
Fixes: CVE-2019-12900 and CVE-2019-12625
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* cifsd: fix uninitialized fp could be freed
* cifsd: fix potential uninitialized spnego_blob could be freed
* cifsd: smbd: replace spinlock_irqsave with spinlock
* cifsd: smbd: avoid the lack of client's send credits
* cifsd-tools: add version generation script
* cifsd-tools: do not abbrev git describe
* cifsd-tools: use 'unknown' version string if git describe fails
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* Update nextdns to version 1.1.5 which adds IPv6 dual stack support.
* Add the ability to configure per host configuration id from uci.
Signed-off-by: Olivier Poitrey <rs@nextdns.io>
* some init tweaks
* use the usual wifi wrapper for reloads
* compatibility fix for latest wifi-related changes
in master (dynamic wireless radio reconfiguration)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Fix breaking change introduced in the main tree with a commit
7519a36774ca ("base-files,procd: add generic service status") where the
old service `status` callback function doesn't work anymore and needs to
be renamed to `status_service`. This name was chosen for consistency
with start and stop function callbacks, which are using `start_service`
and `stop_service` naming schemes.
While at it, fix whitespace issues in the status_service as well.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-September/019035.html
Reported-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This change:
* Removes building of Lua bindings. These bindings were already removed
upstream[1].
* Fixes building of Python bindings:
* Fix SWIG_DIR path (note that SWIG_VERSION will need to be updated
whenever the swig package is upgraded)
* Fix Python module paths and filenames
* Packages the Python bindings in a new package (python3-sysrepo) and
builds it by default, instead of depending on a config option.
[1]: https://github.com/sysrepo/sysrepo/pull/1429
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
When the user requests 'any' as 'iptype', we may get either IPv4 or
IPv6 settings.
Simplify the logic by not requiring any explicit iptype before loading
the method reported by the bearer object for IPv4 and IPv6; just load
the methods right away and setup settings based on those.
Signed-off-by: Aleksander Morgado <aleksander@aleksander.es>
Till now we could only ping http targets on port 80. With this change by
adding the config boolean config option httping_ssl we could also ping
https ping targets on port 443.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Sometimes the return value of `ubus -S call network.interface.wan status`
cause `json_load` to return `Failed to parse message data` error.
To avoid this, the JSON data always should be quoted with double quotes.
Signed-off-by: Evren Yurtesen <eyurtese@abo.fi>
Removed quoatation marks from commit heading
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
There is an issue with the included build scripts which improperly check for a
requirement on libboost-thread where another implementation is available.
Fixes#10273.
Signed-off-by: James Taylor <james@jtaylor.id.au>
seafile-server uses libevhtp pthreads support. libevhtp needs
libevent2-pthreads for that. However, since there is no installable
package for libevhtp--the library is build static-only--then
seafile-server, its consumer, needs to add the dependecy.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Current version of ubus module have some problem with list method. Update the module to fix this problem.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* limit firewall hotplug trigger to certain wan 'INTERFACE' as well,
to prevent possible race conditions during boot
Signed-off-by: Dirk Brenken <dev@brenken.org>
* fix a logical glitch in the hotplug event handler
* properly handle fatal iptables errors - even in subshells
Signed-off-by: Dirk Brenken <dev@brenken.org>