Compare revisions

58e9eadd · 58e9eadd · 58e9eadd · 58e9eadd · 58e9eadd · 58e9eadd
--- a/package/network/ipv6/odhcp6c/files/dhcpv6.sh
+++ b/package/network/ipv6/odhcp6c/files/dhcpv6.sh
@@ -26,14 +26,15 @@ proto_dhcpv6_init_config() {
 	proto_config_add_string "vendorclass"
 	proto_config_add_boolean delegate
 	proto_config_add_int "soltimeout"
+	proto_config_add_boolean fakeroutes
 }

 proto_dhcpv6_setup() {
 	local config="$1"
 	local iface="$2"

-	local reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout
-	json_get_vars reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout
+	local reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout fakeroutes
+	json_get_vars reqaddress reqprefix clientid reqopts noslaaconly forceprefix norelease ip6prefix iface_dslite iface_map ifaceid sourcerouting userclass vendorclass delegate zone_dslite zone_map zone soltimeout fakeroutes


 	# Configure
@@ -72,6 +73,7 @@ proto_dhcpv6_setup() {
 	[ -n "$zone_dslite" ] && proto_export "ZONE_DSLITE=$zone_dslite"
 	[ -n "$zone_map" ] && proto_export "ZONE_MAP=$zone_map"
 	[ -n "$zone" ] && proto_export "ZONE=$zone"
+	[ "$fakeroutes" != "0" ] && proto_export "FAKE_ROUTES=1"

 	proto_export "INTERFACE=$config"
 	proto_run_command "$config" odhcp6c \

--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.71
-PKG_RELEASE:=3
+PKG_RELEASE:=4

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq

--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -293,15 +293,22 @@ dhcp_host_add() {
 	config_get ip "$cfg" ip
 	[ -n "$ip" -o -n "$name" ] || return 0

+	config_get_bool dns "$cfg" dns 0
+	[ "$dns" = "1" -a -n "$ip" -a -n "$name" ] && {
+		echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE
+	}
+
 	config_get mac "$cfg" mac
-	[ -z "$mac" ] && {
+	if [ -n "$mac" ]; then
+		# --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap
+		macs=""
+		for m in $mac; do append macs "$m" ","; done
+	else
+		# --dhcp-host=lap,192.168.0.199
 		[ -n "$name" ] || return 0
-		mac="$name"
+		macs="$name"
 		name=""
-	}
-
-	macs=""
-	for m in $mac; do append macs "$m" ","; done
+	fi

 	config_get tag "$cfg" tag

@@ -309,11 +316,6 @@ dhcp_host_add() {
 	[ "$broadcast" = "0" ] && broadcast=

 	xappend "--dhcp-host=$macs${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip}${name:+,$name}"
-
-	config_get_bool dns "$cfg" dns 0
-	[ "$dns" = "1" ] && {
-		echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE
-	}
 }

 dhcp_tag_add() {
@@ -373,6 +375,9 @@ dhcp_add() {
 	config_get net "$cfg" interface
 	[ -n "$net" ] || return 0

+	config_get dhcpv4 "$cfg" dhcpv4
+	[ "$dhcpv4" != "disabled" ] || return 0
+
 	config_get networkid "$cfg" networkid
 	[ -n "$networkid" ] || networkid="$net"

@@ -438,13 +443,10 @@ dhcp_domain_add() {
 	[ -n "$ip" ] || return 0

 	for name in $names; do
-		[ "${name%.*}" == "$name" ] && \
-			name="$name${DOMAIN:+.$DOMAIN}"
-
-		record="${record:+$record/}$name"
+		record="${record:+$record }$name"
 	done

-	xappend "--address=/$record/$ip"
+	echo "$ip $record" >> $HOSTFILE
 }

 dhcp_srv_add() {
@@ -569,7 +571,7 @@ start_service() {
 	local lanaddr
 	[ $ADD_LOCAL_HOSTNAME -eq 1 ] && network_get_ipaddr lanaddr "lan" && {
 		local hostname="$(uci_get system @system[0] hostname OpenWrt)"
-		dhcp_hostrecord_add "" "${hostname%.$DOMAIN}${DOMAIN:+.$DOMAIN ${hostname%.$DOMAIN}}" "$lanaddr"
+		dhcp_domain_add "" "$hostname" "$lanaddr"
 	}

 	echo >> $CONFIGFILE

--- a/package/network/services/dnsmasq/patches/002-fix-race-on-interface-flaps.patch
+++ b/package/network/services/dnsmasq/patches/002-fix-race-on-interface-flaps.patch
+From a0358e5ddbc1ef3dec791f11f95f5dbe56087a5e Mon Sep 17 00:00:00 2001
+From: Simon Kelley <simon@thekelleys.org.uk>
+Date: Sat, 7 Jun 2014 13:38:48 +0100
+Subject: [PATCH] Handle async notification of address changes using the event
+ system.
+
+---
+ CHANGELOG     |  4 ++++
+ src/bpf.c     |  6 +++---
+ src/dhcp6.c   | 10 ----------
+ src/dnsmasq.c | 13 +++++++++++--
+ src/dnsmasq.h |  6 ++++--
+ src/netlink.c | 39 ++++++++++-----------------------------
+ src/network.c | 11 +++--------
+ 7 files changed, 35 insertions(+), 54 deletions(-)
+
+--- a/CHANGELOG
+++ b/CHANGELOG
+@@ -15,6 +15,10 @@ version 2.71
+ 	    regression introduced in 2.69. Thanks to James Hunt and
+ 	    the Ubuntu crowd for assistance in fixing this.
+ 
+	    Fix race condition which could lock up dnsmasq when an 
+	    interface goes down and up rapidly. Thanks to Conrad 
+	    Kostecki for helping to chase this down.
+	    
+ 
+ version 2.70
+             Fix crash, introduced in 2.69, on TCP request when dnsmasq
+--- a/src/bpf.c
+++ b/src/bpf.c
+@@ -376,7 +376,7 @@ void route_init(void)
+     die(_("cannot create PF_ROUTE socket: %s"), NULL, EC_BADNET);
+ }
+ 
+-void route_sock(time_t now)
+void route_sock(void)
+ {
+   struct if_msghdr *msg;
+   int rc = recv(daemon->routefd, daemon->packet, daemon->packet_buff_sz, 0);
+@@ -401,7 +401,7 @@ void route_sock(time_t now)
+    else if (msg->ifm_type == RTM_NEWADDR)
+      {
+        del_family = 0;
+-       newaddress(now);
+       send_newaddr();
+      }
+    else if (msg->ifm_type == RTM_DELADDR)
+      {
+@@ -439,7 +439,7 @@ void route_sock(time_t now)
+ 	       of += sizeof(long) - (diff & (sizeof(long) - 1));
+ 	   }
+        
+-       newaddress(now);
+       send_newaddr();
+      }
+ }
+ 
+--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
+@@ -917,10 +917,10 @@ int main (int argc, char **argv)
+ 
+ #if defined(HAVE_LINUX_NETWORK)
+       if (FD_ISSET(daemon->netlinkfd, &rset))
+-	netlink_multicast(now);
+	netlink_multicast();
+ #elif defined(HAVE_BSD_NETWORK)
+       if (FD_ISSET(daemon->routefd, &rset))
+-	route_sock(now);
+	route_sock();
+ #endif
+ 
+       /* Check for changes to resolv files once per second max. */
+@@ -1037,6 +1037,11 @@ void send_alarm(time_t event, time_t now
+     }
+ }
+ 
+void send_newaddr(void)
+{
+  send_event(pipewrite, EVENT_NEWADDR, 0, NULL);
+}
+
+ void send_event(int fd, int event, int data, char *msg)
+ {
+   struct event_desc ev;
+@@ -1230,6 +1235,10 @@ static void async_event(int pipe, time_t
+ 	if (daemon->log_file != NULL)
+ 	  log_reopen(daemon->log_file);
+ 	break;
+
+      case EVENT_NEWADDR:
+	newaddress(now);
+	break;
+ 	
+       case EVENT_TERM:
+ 	/* Knock all our children on the head. */
+--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
+@@ -165,6 +165,7 @@ struct event_desc {
+ #define EVENT_LUA_ERR   19
+ #define EVENT_TFTP_ERR  20
+ #define EVENT_INIT      21
+#define EVENT_NEWADDR   22
+ 
+ /* Exit codes. */
+ #define EC_GOOD        0
+@@ -1289,6 +1290,7 @@ unsigned char *extended_hwaddr(int hwtyp
+ int make_icmp_sock(void);
+ int icmp_ping(struct in_addr addr);
+ #endif
+void send_newaddr(void);
+ void send_alarm(time_t event, time_t now);
+ void send_event(int fd, int event, int data, char *msg);
+ void clear_cache_and_reload(time_t now);
+@@ -1297,7 +1299,7 @@ void poll_resolv(int force, int do_reloa
+ /* netlink.c */
+ #ifdef HAVE_LINUX_NETWORK
+ void netlink_init(void);
+-void netlink_multicast(time_t now);
+void netlink_multicast(void);
+ #endif
+ 
+ /* bpf.c */
+@@ -1306,7 +1308,7 @@ void init_bpf(void);
+ void send_via_bpf(struct dhcp_packet *mess, size_t len,
+ 		  struct in_addr iface_addr, struct ifreq *ifr);
+ void route_init(void);
+-void route_sock(time_t now);
+void route_sock(void);
+ #endif
+ 
+ /* bpf.c or netlink.c */
+--- a/src/netlink.c
+++ b/src/netlink.c
+@@ -38,7 +38,7 @@
+ static struct iovec iov;
+ static u32 netlink_pid;
+ 
+-static int nl_async(struct nlmsghdr *h);
+static void nl_async(struct nlmsghdr *h);
+ 
+ void netlink_init(void)
+ {
+@@ -142,7 +142,7 @@ int iface_enumerate(int family, void *pa
+   struct nlmsghdr *h;
+   ssize_t len;
+   static unsigned int seq = 0;
+-  int callback_ok = 1, newaddr = 0;
+  int callback_ok = 1;
+ 
+   struct {
+     struct nlmsghdr nlh;
+@@ -191,21 +191,10 @@ int iface_enumerate(int family, void *pa
+ 	if (h->nlmsg_seq != seq || h->nlmsg_pid != netlink_pid || h->nlmsg_type == NLMSG_ERROR)
+ 	  {
+ 	    /* May be multicast arriving async */
+-	    if (nl_async(h))
+-	      {
+-		newaddr = 1; 
+-		enumerate_interfaces(1); /* reset */
+-	      }
+	    nl_async(h);
+ 	  }
+ 	else if (h->nlmsg_type == NLMSG_DONE)
+-	  {
+-	    /* handle async new interface address arrivals, these have to be done
+-	       after we complete as we're not re-entrant */
+-	    if (newaddr) 
+-	      newaddress(dnsmasq_time());
+-		
+-	    return callback_ok;
+-	  }
+	  return callback_ok;
+ 	else if (h->nlmsg_type == RTM_NEWADDR && family != AF_UNSPEC && family != AF_LOCAL)
+ 	  {
+ 	    struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+@@ -330,11 +319,11 @@ int iface_enumerate(int family, void *pa
+     }
+ }
+ 
+-void netlink_multicast(time_t now)
+void netlink_multicast(void)
+ {
+   ssize_t len;
+   struct nlmsghdr *h;
+-  int flags, newaddr = 0;
+  int flags;
+   
+   /* don't risk blocking reading netlink messages here. */
+   if ((flags = fcntl(daemon->netlinkfd, F_GETFL)) == -1 ||
+@@ -343,24 +332,19 @@ void netlink_multicast(time_t now)
+   
+   if ((len = netlink_recv()) != -1)
+     for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+-      if (nl_async(h))
+-	newaddr = 1;
+      nl_async(h);
+   
+   /* restore non-blocking status */
+   fcntl(daemon->netlinkfd, F_SETFL, flags);
+-  
+-  if (newaddr) 
+-    newaddress(now);
+ }
+ 
+-static int nl_async(struct nlmsghdr *h)
+static void nl_async(struct nlmsghdr *h)
+ {
+   if (h->nlmsg_type == NLMSG_ERROR)
+     {
+       struct nlmsgerr *err = NLMSG_DATA(h);
+       if (err->error != 0)
+ 	my_syslog(LOG_ERR, _("netlink returns error: %s"), strerror(-(err->error)));
+-      return 0;
+     }
+   else if (h->nlmsg_pid == 0 && h->nlmsg_type == RTM_NEWROUTE) 
+     {
+@@ -385,18 +369,15 @@ static int nl_async(struct nlmsghdr *h)
+ 	      else if (daemon->rfd_save && daemon->rfd_save->refcount != 0)
+ 		fd = daemon->rfd_save->fd;
+ 	      else
+-		return 0;
+		return;
+ 	      
+ 	      while(sendto(fd, daemon->packet, daemon->packet_len, 0,
+ 			   &daemon->srv_save->addr.sa, sa_len(&daemon->srv_save->addr)) == -1 && retry_send()); 
+ 	    }
+ 	}
+-      return 0;
+     }
+   else if (h->nlmsg_type == RTM_NEWADDR || h->nlmsg_type == RTM_DELADDR) 
+-    return 1; /* clever bind mode - rescan */
+-  
+-  return 0;
+    send_newaddr();
+ }
+ #endif
+ 
+--- a/src/network.c
+++ b/src/network.c
+@@ -551,7 +551,7 @@ static int iface_allowed_v4(struct in_ad
+ int enumerate_interfaces(int reset)
+ {
+   static struct addrlist *spare = NULL;
+-  static int done = 0, active = 0;
+  static int done = 0;
+   struct iface_param param;
+   int errsave, ret = 1;
+   struct addrlist *addr, *tmp;
+@@ -570,14 +570,11 @@ int enumerate_interfaces(int reset)
+       return 1;
+     }
+ 
+-  if (done || active)
+  if (done)
+     return 1;
+ 
+   done = 1;
+ 
+-  /* protect against recusive calls from iface_enumerate(); */
+-  active = 1;
+-
+   if ((param.fd = socket(PF_INET, SOCK_DGRAM, 0)) == -1)
+     return 0;
+  
+@@ -677,10 +674,8 @@ int enumerate_interfaces(int reset)
+     }
+   
+   errno = errsave;
+-  
+   spare = param.spare;
+-  active = 0;
+-  
+    
+   return ret;
+ }
+ 
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=dropbear
 PKG_VERSION:=2014.63
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
@@ -21,6 +21,7 @@ PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE

 PKG_BUILD_PARALLEL:=1
+PKG_USE_MIPS16:=0

 PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC


--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -47,7 +47,6 @@ validate_section_dropbear()
 		'Port:list(port):22' \
 		'SSHKeepAlive:uinteger:300' \
 		'IdleTimeout:uinteger:0'
-	return $?
 }

 dropbear_instance()

--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=hostapd
-PKG_VERSION:=2014-06-03
+PKG_VERSION:=2014-06-03.1
 PKG_RELEASE:=1
 PKG_REV:=84df167554569af8c87f0a8ac1fb508192417d8e


--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -196,13 +196,13 @@ hostapd_set_bss_options() {
 		config_get device_type "$vif" wps_device_type "6-0050F204-1"
 		config_get device_name "$vif" wps_device_name "OpenWrt AP"
 		config_get manufacturer "$vif" wps_manufacturer "openwrt.org"
-		config_get wps_pin "$vif" wps_pin "12345670"
+		config_get wps_pin "$vif" wps_pin

 		config_get_bool ext_registrar "$vif" ext_registrar 0
 		[ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" "upnp_iface=$bridge" "$N"

 		append "$var" "eap_server=1" "$N"
-		append "$var" "ap_pin=$wps_pin" "$N"
+		[ -n "$wps_pin" ] && append "$var" "ap_pin=$wps_pin" "$N"
 		append "$var" "wps_state=${wps_not_configured:-2}" "$N"
 		append "$var" "ap_setup_locked=0" "$N"
 		append "$var" "device_type=$device_type" "$N"

--- a/package/network/services/hostapd/files/netifd.sh
+++ b/package/network/services/hostapd/files/netifd.sh
@@ -251,7 +251,7 @@ hostapd_set_bss_options() {
 			}

 			append bss_conf "nas_identifier=$nasid" "$N"
-                        [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
+			[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N"
 			append bss_conf "eapol_key_index_workaround=1" "$N"
 			append bss_conf "ieee8021x=1" "$N"
 			append bss_conf "wpa_key_mgmt=WPA-EAP" "$N"
@@ -290,7 +290,6 @@ hostapd_set_bss_options() {
 		set_default wps_device_type "6-0050F204-1"
 		set_default wps_device_name "OpenWrt AP"
 		set_default wps_manufacturer "openwrt.org"
-		set_default wps_pin "12345670"

 		wps_state=2
 		[ -n "$wps_configured" ] && wps_state=1
@@ -298,7 +297,7 @@ hostapd_set_bss_options() {
 		[ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N"

 		append bss_conf "eap_server=1" "$N"
-		append bss_conf "ap_pin=$wps_pin" "$N"
+		[ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N"
 		append bss_conf "wps_state=$wps_state" "$N"
 		append bss_conf "ap_setup_locked=0" "$N"
 		append bss_conf "device_type=$wps_device_type" "$N"
@@ -310,7 +309,7 @@ hostapd_set_bss_options() {

 	append bss_conf "ssid=$ssid" "$N"
 	[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N"
-	[ -n "$iapp_interface" ] &&  {
+	[ -n "$iapp_interface" ] && {
 		iapp_interface="$(uci_get_state network "$iapp_interface" ifname "$iapp_interface")"
 		[ -n "$iapp_interface" ] && append bss_conf "iapp_interface=$iapp_interface" "$N"
 	}
@@ -390,7 +389,7 @@ hostapd_set_log_options() {
 	set_default log_iapp   1
 	set_default log_mlme   1

-	local log_mask=$((       \
+	local log_mask=$(( \
 		($log_80211  << 0) | \
 		($log_8021x  << 1) | \
 		($log_radius << 2) | \
@@ -417,7 +416,7 @@ _wpa_supplicant_common() {

 wpa_supplicant_teardown_interface() {
 	_wpa_supplicant_common "$1"
-	rm -rf "$_rpath" "$_config"
+	rm -rf "$_rpath/$1" "$_config"
 }

 wpa_supplicant_prepare_interface() {

--- a/package/network/services/hostapd/patches/001-fix_pmksa_cache.patch
+++ b/package/network/services/hostapd/patches/001-fix_pmksa_cache.patch
+From 9c829900bb01d6fb22e78ba78195c78de39f64b9 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 04 Oct 2014 19:11:00 +0000
+Subject: Fix authenticator OKC fetch from PMKSA cache to avoid infinite loop
+
+If the first entry in the PMKSA cache did not match the station's MAC
+address, an infinite loop could be reached in pmksa_cache_get_okc() when
+trying to find a PMKSA cache entry for opportunistic key caching cases.
+This would only happen if OKC is enabled (okc=1 included in the
+configuration file).
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+--- a/src/ap/pmksa_cache_auth.c
+++ b/src/ap/pmksa_cache_auth.c
+@@ -394,15 +394,13 @@ struct rsn_pmksa_cache_entry * pmksa_cac
+ 	struct rsn_pmksa_cache_entry *entry;
+ 	u8 new_pmkid[PMKID_LEN];
+ 
+-	entry = pmksa->pmksa;
+-	while (entry) {
+	for (entry = pmksa->pmksa; entry; entry = entry->next) {
+ 		if (os_memcmp(entry->spa, spa, ETH_ALEN) != 0)
+ 			continue;
+ 		rsn_pmkid(entry->pmk, entry->pmk_len, aa, spa, new_pmkid,
+ 			  wpa_key_mgmt_sha256(entry->akmp));
+ 		if (os_memcmp(new_pmkid, pmkid, PMKID_LEN) == 0)
+ 			return entry;
+-		entry = entry->next;
+ 	}
+ 	return NULL;
+ }
--- a/package/network/services/hostapd/patches/002-Add-os_exec-helper-to-run-external-programs.patch
+++ b/package/network/services/hostapd/patches/002-Add-os_exec-helper-to-run-external-programs.patch
+From 89de07a9442072f88d49869d8ecd8d42bae050a0 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 16:27:44 +0300
+Subject: [PATCH 1/3] Add os_exec() helper to run external programs
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ src/utils/os.h       |  9 +++++++++
+ src/utils/os_unix.c  | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ src/utils/os_win32.c |  6 ++++++
+ 3 files changed, 70 insertions(+)
+
+--- a/src/utils/os.h
+++ b/src/utils/os.h
+@@ -584,6 +584,15 @@ static inline void os_remove_in_array(vo
+  */
+ size_t os_strlcpy(char *dest, const char *src, size_t siz);
+ 
+/**
+ * os_exec - Execute an external program
+ * @program: Path to the program
+ * @arg: Command line argument string
+ * @wait_completion: Whether to wait until the program execution completes
+ * Returns: 0 on success, -1 on error
+ */
+int os_exec(const char *program, const char *arg, int wait_completion);
+
+ 
+ #ifdef OS_REJECT_C_LIB_FUNCTIONS
+ #define malloc OS_DO_NOT_USE_malloc
+--- a/src/utils/os_unix.c
+++ b/src/utils/os_unix.c
+@@ -9,6 +9,7 @@
+ #include "includes.h"
+ 
+ #include <time.h>
+#include <sys/wait.h>
+ 
+ #ifdef ANDROID
+ #include <sys/capability.h>
+@@ -540,3 +541,57 @@ char * os_strdup(const char *s)
+ }
+ 
+ #endif /* WPA_TRACE */
+
+
+int os_exec(const char *program, const char *arg, int wait_completion)
+{
+	pid_t pid;
+	int pid_status;
+
+	pid = fork();
+	if (pid < 0) {
+		perror("fork");
+		return -1;
+	}
+
+	if (pid == 0) {
+		/* run the external command in the child process */
+		const int MAX_ARG = 30;
+		char *_program, *_arg, *pos;
+		char *argv[MAX_ARG + 1];
+		int i;
+
+		_program = os_strdup(program);
+		_arg = os_strdup(arg);
+
+		argv[0] = _program;
+
+		i = 1;
+		pos = _arg;
+		while (i < MAX_ARG && pos && *pos) {
+			while (*pos == ' ')
+				pos++;
+			if (*pos == '\0')
+				break;
+			argv[i++] = pos;
+			pos = os_strchr(pos, ' ');
+			if (pos)
+				*pos++ = '\0';
+		}
+		argv[i] = NULL;
+
+		execv(program, argv);
+		perror("execv");
+		os_free(_program);
+		os_free(_arg);
+		exit(0);
+		return -1;
+	}
+
+	if (wait_completion) {
+		/* wait for the child process to complete in the parent */
+		waitpid(pid, &pid_status, 0);
+	}
+
+	return 0;
+}
+--- a/src/utils/os_win32.c
+++ b/src/utils/os_win32.c
+@@ -244,3 +244,9 @@ size_t os_strlcpy(char *dest, const char
+ 
+ 	return s - src - 1;
+ }
+
+
+int os_exec(const char *program, const char *arg, int wait_completion)
+{
+	return -1;
+}
--- a/package/network/services/hostapd/patches/003-wpa_cli-Use-os_exec-for-action-script-execution.patch
+++ b/package/network/services/hostapd/patches/003-wpa_cli-Use-os_exec-for-action-script-execution.patch
+From c5f258de76dbb67fb64beab39a99e5c5711f41fe Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 17:25:52 +0300
+Subject: [PATCH 2/3] wpa_cli: Use os_exec() for action script execution
+
+Use os_exec() to run the action script operations to avoid undesired
+command line processing for control interface event strings. Previously,
+it could have been possible for some of the event strings to include
+unsanitized data which is not suitable for system() use. (CVE-2014-3686)
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ wpa_supplicant/wpa_cli.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
+@@ -3149,28 +3149,19 @@ static int str_match(const char *a, cons
+ static int wpa_cli_exec(const char *program, const char *arg1,
+ 			const char *arg2)
+ {
+-	char *cmd;
+	char *arg;
+ 	size_t len;
+ 	int res;
+-	int ret = 0;
+ 
+-	len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+-	cmd = os_malloc(len);
+-	if (cmd == NULL)
+	len = os_strlen(arg1) + os_strlen(arg2) + 2;
+	arg = os_malloc(len);
+	if (arg == NULL)
+ 		return -1;
+-	res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+-	if (res < 0 || (size_t) res >= len) {
+-		os_free(cmd);
+-		return -1;
+-	}
+-	cmd[len - 1] = '\0';
+-#ifndef _WIN32_WCE
+-	if (system(cmd) < 0)
+-		ret = -1;
+-#endif /* _WIN32_WCE */
+-	os_free(cmd);
+	os_snprintf(arg, len, "%s %s", arg1, arg2);
+	res = os_exec(program, arg, 1);
+	os_free(arg);
+ 
+-	return ret;
+	return res;
+ }
+ 
+ 
--- a/package/network/services/hostapd/patches/004-hostapd_cli-Use-os_exec-for-action-script-execution.patch
+++ b/package/network/services/hostapd/patches/004-hostapd_cli-Use-os_exec-for-action-script-execution.patch
+From 5d4fa2a29bef013e61185beb21a3ec110885eb9a Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@qca.qualcomm.com>
+Date: Mon, 6 Oct 2014 18:49:01 +0300
+Subject: [PATCH 3/3] hostapd_cli: Use os_exec() for action script execution
+
+Use os_exec() to run the action script operations to avoid undesired
+command line processing for control interface event strings. Previously,
+it could have been possible for some of the event strings to include
+unsanitized data which is not suitable for system() use. (CVE-2014-3686)
+
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+---
+ hostapd/hostapd_cli.c | 25 ++++++++-----------------
+ 1 file changed, 8 insertions(+), 17 deletions(-)
+
+--- a/hostapd/hostapd_cli.c
+++ b/hostapd/hostapd_cli.c
+@@ -238,28 +238,19 @@ static int hostapd_cli_cmd_mib(struct wp
+ static int hostapd_cli_exec(const char *program, const char *arg1,
+ 			    const char *arg2)
+ {
+-	char *cmd;
+	char *arg;
+ 	size_t len;
+ 	int res;
+-	int ret = 0;
+ 
+-	len = os_strlen(program) + os_strlen(arg1) + os_strlen(arg2) + 3;
+-	cmd = os_malloc(len);
+-	if (cmd == NULL)
+	len = os_strlen(arg1) + os_strlen(arg2) + 2;
+	arg = os_malloc(len);
+	if (arg == NULL)
+ 		return -1;
+-	res = os_snprintf(cmd, len, "%s %s %s", program, arg1, arg2);
+-	if (res < 0 || (size_t) res >= len) {
+-		os_free(cmd);
+-		return -1;
+-	}
+-	cmd[len - 1] = '\0';
+-#ifndef _WIN32_WCE
+-	if (system(cmd) < 0)
+-		ret = -1;
+-#endif /* _WIN32_WCE */
+-	os_free(cmd);
+	os_snprintf(arg, len, "%s %s", arg1, arg2);
+	res = os_exec(program, arg, 1);
+	os_free(arg);
+ 
+-	return ret;
+	return res;
+ }
+ 
+ 
--- a/package/network/services/hostapd/patches/120-daemonize_fix.patch
+++ b/package/network/services/hostapd/patches/120-daemonize_fix.patch
 --- a/src/utils/os_unix.c
 +++ b/src/utils/os_unix.c
-@@ -9,6 +9,7 @@
- #include "includes.h"
+@@ -10,6 +10,7 @@
 
 #include <time.h>
+ #include <sys/wait.h>
 +#include <fcntl.h>
 
 #ifdef ANDROID
 #include <sys/capability.h>
-@@ -154,59 +155,46 @@ int os_gmtime(os_time_t t, struct os_tm 
+@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm
 	return 0;
 }
 

--- a/package/network/services/hostapd/patches/370-ap_sta_support.patch
+++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch
@@ -157,7 +157,7 @@
 #include "drivers/driver.h"
 #include "wpa_supplicant_i.h"
 #include "config.h"
-@@ -247,6 +248,10 @@ static void calculate_update_time(const 
+@@ -247,6 +248,10 @@ static void calculate_update_time(const
 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
 			     struct os_reltime *fetch_time)
 {

--- a/package/network/services/hostapd/patches/450-limit_debug_messages.patch
+++ b/package/network/services/hostapd/patches/450-limit_debug_messages.patch
@@ -166,7 +166,7 @@
 
 /**
  * wpa_hexdump_ascii_key - conditional hex dump, hide keys
-@@ -142,8 +177,14 @@ void wpa_hexdump_ascii(int level, const 
+@@ -142,8 +177,14 @@ void wpa_hexdump_ascii(int level, const
  * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by
  * default, does not include secret keys (passwords, etc.) in debug output.
  */

--- a/package/network/services/hostapd/patches/470-hostapd_cli_ifdef.patch
+++ b/package/network/services/hostapd/patches/470-hostapd_cli_ifdef.patch
@@ -16,7 +16,7 @@
 "   get_config           show current configuration\n"
 "   help                 show this usage help\n"
 "   interface [ifname]   show interfaces/select interface\n"
-@@ -362,7 +360,6 @@ static int hostapd_cli_cmd_sa_query(stru
+@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru
 #endif /* CONFIG_IEEE80211W */
 
 
@@ -24,7 +24,7 @@
 static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
 				   char *argv[])
 {
-@@ -588,7 +585,6 @@ static int hostapd_cli_cmd_wps_config(st
+@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st
 			 ssid_hex, argv[1]);
 	return wpa_ctrl_command(ctrl, buf);
 }
@@ -32,7 +32,7 @@
 
 
 static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
-@@ -979,7 +975,6 @@ static struct hostapd_cli_cmd hostapd_cl
+@@ -970,7 +966,6 @@ static struct hostapd_cli_cmd hostapd_cl
 #ifdef CONFIG_IEEE80211W
 	{ "sa_query", hostapd_cli_cmd_sa_query },
 #endif /* CONFIG_IEEE80211W */
@@ -40,7 +40,7 @@
 	{ "wps_pin", hostapd_cli_cmd_wps_pin },
 	{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin },
 	{ "wps_pbc", hostapd_cli_cmd_wps_pbc },
-@@ -993,7 +988,6 @@ static struct hostapd_cli_cmd hostapd_cl
+@@ -984,7 +979,6 @@ static struct hostapd_cli_cmd hostapd_cl
 	{ "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin },
 	{ "wps_config", hostapd_cli_cmd_wps_config },
 	{ "wps_get_status", hostapd_cli_cmd_wps_get_status },

--- a/package/network/services/hostapd/patches/490-scan_wait.patch
+++ b/package/network/services/hostapd/patches/490-scan_wait.patch
@@ -33,7 +33,7 @@
 	/* Initialize the driver interface */
 	if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5]))
 		b = NULL;
-@@ -372,8 +384,6 @@ static void hostapd_global_deinit(const 
+@@ -372,8 +384,6 @@ static void hostapd_global_deinit(const
 #endif /* CONFIG_NATIVE_WINDOWS */
 
 	eap_server_unregister_methods();

--- a/package/network/services/mdns/Makefile
+++ b/package/network/services/mdns/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=mdns
-PKG_VERSION:=2014-06-25
+PKG_VERSION:=2014-09-02
 PKG_RELEASE=$(PKG_SOURCE_VERSION)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_URL:=git://git.openwrt.org/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=902e2d1eaaff0d3d33dee605a4746fd5d4b6b999
+PKG_SOURCE_VERSION:=b7e5cb7ab91a9487ec71a14b706b5589cefe9052

 PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>


--- a/package/network/services/odhcpd/Makefile
+++ b/package/network/services/odhcpd/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=odhcpd
-PKG_VERSION:=2014-07-23
+PKG_VERSION:=2014-09-25
 PKG_RELEASE=$(PKG_SOURCE_VERSION)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_URL:=git://github.com/sbyx/odhcpd.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=ac448deb59fc9ed2f19a3549d521ab796ae6ca47
+PKG_SOURCE_VERSION:=a6e2953843eaf6c93764f9feef10466e7a84ec85

 PKG_MAINTAINER:=Steven Barth <steven@midlink.org>
No results found