Commit Graph

11978 Commits

Author SHA1 Message Date
Etienne CHAMPETIER
3946a55291 base-files: seed /dev/urandom
This commit:
1) seed /dev/urandom with the saved seeds as early as possible
   (see /lib/preinit/81_urandom_seed)
2) save a seed at /etc/urandom.seed if it doesn't exists
3) save a new seed each boot at "system.@system[0].urandom_seed"
   (see /etc/init.d/urandom_seed)

We use getrandom() so we are sure /dev/urandom pool is initialized

Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
it's the same size as in ubuntu 14.04 and all systemd systems

Seeding /dev/urandom doesn't change entropy estimation, so we still have
"random: ubus urandom read with 4 bits of entropy available"
messages in the logs, but we can now ignore them if
after "urandom-seed: Seeding with ..." message

Saving a new seed on each boot is disabled by default to avoid too much
writes without user consent

v2: log preinit messages to /dev/kmsg
v3: use non generic function name for logging, as /lib/preinit/ files
    are all sourced together in /etc/preinit
v4: after a lot of discussion on the ML, use a uci config param
v5: config param is now the path of the seed

Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2016-06-30 22:48:39 +02:00
Daniel Dickinson
3ee278c5c9 package/kernel: Enable XATTR by default
OpenWrt enables XATTR support pretty much universally, therefore
for filesystems that a loaded as modules also enable XATTR support
so that there are no unexpected missing capabilities.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-30 22:48:39 +02:00
Hauke Mehrtens
ffcae8b494 prism54-firmware: add also other p54 firmware to own package
Extract the other p54 firmware files into the prism54-firmware package.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-06-30 19:42:59 +02:00
Hauke Mehrtens
37fa64a6c5 firmware: extract prism54-firmware into own package
Instead of downloading the firmware for prism54 devices in the
wireless.mk do it in an extra package Makefile. To ship the complete
source code Intel ships our modified OpenWrt/LEDE + the content of the
dl directory. We do not want to have any files in the dl/ directory
which are not needed to build our images. The prism54 gets downloaded
every time independently of building kmod-net-prism54 or not. When it
is in a own package it only gets downloaded when the firmware package
is selected.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-06-30 19:21:02 +02:00
Hans Dedecker
ecbc138343 odhcp6c: Upstep to latest version
Following fixes are included in the latest version:
    -Script is launched with incorrect action
    -Possible buffer overflows
    -Lots of minor bugfixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-06-30 14:53:21 +02:00
Kevin Darbyshire-Bryant
0b208a7de1 kmod-sched-cake: Switch to COBALT algorithm
COBALT is a hybrid codel/blue algo combining best elements of both.
Exhibits improved behaviour in presence of abuse from unresponsive flows
handled by 'blue', whereas responsive flows are still handled by codel.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-30 00:43:03 +02:00
Kevin Darbyshire-Bryant
6d7f54ccdb iproute2: cake AQM prepare tc for COBALT algorithm
Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead
of just using codel alone. This patch updates tc to cope with some new
stats produced by COBALT.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-30 00:43:03 +02:00
Hans Dedecker
c2bd469521 dnsmasq: Add broken realtime clock build switch in full variant
By default dnsmasq uses the time function; which returns the time since
Epoch; to retrieve the current time. On boards which have no realtime
clock this can lead to side effects when the time is synced via ntp
as the "time wrap" forces dhcp leases to be considered as expired.
By enabling the broken realtime clock build switch dnsmasq uses the
times utility which returns the number of clock tick.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
[Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-30 00:42:46 +02:00
Jo-Philipp Wich
95d9330d57 rpcd: iwinfo plugin fixes
- Expose supported HT rate information in info call
 - Zero out ccode buffer when listing countries

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-30 00:42:02 +02:00
Alexander Couzens
19aae09f5f kmod-bmp085: add dependency on !LINUX_3_18 !LINUX_4_1
93d5629a introduced a build failure on older platforms (<4.4)
because bmp085 is a boolean and not a tristate.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2016-06-29 02:46:48 +02:00
Dirk Neukirchen
93d5629a27 modules: add BMP085 pressure sensor
add BMP085 and BMP180 pressure sensors
this driver supports the SPI and I2C and
older chips (BMP280 is supported by iio subsystem)

issue found when cleaning up omap/config

found while writing this patch that a
similar patch was submitted in June/July 2014 but not integrated

only compile tested

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-06-29 00:42:19 +02:00
Jo-Philipp Wich
1e03998e2b mac80211: fix skb size calculation in 4addr mode (FS#24)
The PDU length of incoming LLC frames is set to the total skb payload size
in __ieee80211_data_to_8023() of net/wireless/util.c which incorrectly
includes the length of the IEEE 802.11 header.

The resulting LLC frame header has a too large PDU length, causing the
llc_fixup_skb() function of net/llc/llc_input.c to reject the incoming
skb, effectively breaking STP.

Solve the problem by properly substracting the IEEE 802.11 frame header size
from the PDU length, allowing the LLC processor to pick up the incoming
control messages.

Special thanks to Gerry Rozema for tracking down the regression and proposing
a suitable patch.

Fixes FS#24.

References:
https://bugs.lede-project.org/index.php?do=details&task_id=24

Reported-by: Gerry Rozema <gerryr@rozeware.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 22:43:22 +02:00
Jo-Philipp Wich
8d51706616 base-files: use LEDE NTP vendor pool
The vendor NTP pool for the LEDE project got approved, so switch to it now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 19:14:31 +02:00
Jo-Philipp Wich
f98f4601de openvpn: fix missing cipher list for polarssl in v2.3.11
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.

Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.

Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 10:47:22 +02:00
Daniel Dickinson
4a3b8e0596 lldpd: Use /etc/os-release instead of /etc/openwrt_*
With the addition of /etc/os-release patching lldpd to use
/etc/openwrt_release and to have the initscript use
/etc/openwrt_release and/or /etc/openwrt_version becomes
unnecessary.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-27 15:16:01 +02:00
Alin Năstac
86a2702a00 libnetfilter_queue: fix checksum computation
There are 2 issues fixed by this patch:
  - UDP checksum is computed incorrectly, the used pseudo IP header
    contains transport protocol 6 iso 17
  - on big endian arches the UDP/TCP checksum is incorrectly
    computed when payload length is odd

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
2016-06-26 16:09:48 +02:00
Hauke Mehrtens
9493613e94 linux-firmware: fix md5sum
The copy on the mirror has a different md5sum as specified in this
package Makefile. The content of the file on the mirror is the same as
in the checkout so just update our md5sum.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-25 19:20:16 +02:00
Hauke Mehrtens
2ca4fa5feb rtl8192su-firmware: move firmware to own package
Instead of downloading the firmware from some website take it from
linux-firmware package and do not download it separately any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-25 19:20:16 +02:00
Hauke Mehrtens
d2a372c4fc rtl8192se-firmware: fix package build
The package did not pack the firmware because of a problem which looks
like a copy and past error.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-25 19:20:16 +02:00
Jo-Philipp Wich
cb7aa4b1fe ebtables: fix segmentation fault due to uninitialized extension data
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.

Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.

In order to fix the issue ...
 - remove the use of the -nostartfiles linker flag
 - rename the init procedures to a generic name without implicit semantics
 - explicitely annotate those init procedures as constructors

The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-24 15:59:36 +02:00
Kevin Darbyshire-Bryant
d4ede1c118 base-files: sysfixtime no longer exclude dnsmasq.time
dnsmasq's dnssec time checking method now uses a ntp hotplug mechanism,
therefore dnsmasq.time is redudant and no longer needs to be explicitly
excluded from sysfixtime.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-24 13:56:30 +02:00
Kevin Darbyshire-Bryant
5acfe55d71 dnsmasq: dnssec time handling uses ntpd hotplug
Change dnsmasq's dnssec time check handling to use time validity
indicated by ntpd rather than maintaining a cross boot/upgrade
/etc/dnsmasq.time timestamp file.  This saves flash device wear.

If ntpd client is configured in uci and you're using dnssec, then
dnsmasq will not check dnssec timestamp validity until ntpd hotplug
indicates sync via a stratum change. The ntpd hotplug leaves a status
flag file to indicate to dnsmasq.init that time is valid and that it
should now start in 'check dnssec timestamp valid' mode.

If ntpd client is not configured and you're using dnssec, then it is
presumed you're using an alternate time sync mechanism and that time is
correct, thus dnsmasq checks dnssec timestamps are valid from 1st start.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

V2 - stratum & step ntp changes indicate time is valid
V3 - on initial flag file step signal dnsmasq with SIGHUP if running
V4 - only accept step ntp changes. Accepting both stratum & step could
result in unpleasant script race conditions
V5 - Actually only accepting stratum is the correct thing to do after
further testing
V6 - improve handling of non busybox ntpd
if sysntpd not executable
  dnsmasq checks dnssec timestamps
else
  sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file
  sysntp script enabled & uci ntp enabled  - look for timestamp file
  sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec
timestamps
fi
2016-06-24 13:53:39 +02:00
Daniel Dickinson
f954f4337b base-files: Add standard os-release file
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE).  Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-24 13:52:53 +02:00
John Crispin
27493e82f9 mountd: update to latest git HEAD
adds HFS+ support

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-22 19:32:06 +02:00
Hauke Mehrtens
3f38356893 packages: prefer http over git for git protocol
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-22 19:32:06 +02:00
Mathias Kresin
b32eb40210 uboot-lantiq: Add Arcadyan ARV7506PW11 support
Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-06-22 19:32:06 +02:00
Daniel Gimpelevich
7385f754b1 lantiq: Correct ADSL race condition
puts br2684ctl init after ADSL init instead of before, so that the ESI
is set at the right time, and for consistency with the PTM driver.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-06-22 19:32:06 +02:00
Ben Greear
040ebe2473 ath10k-ct: Update to latest 10.4.3 CT firmware for 9980 chipsets.
This works around regressions added in the 4.7 kernel.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-06-21 13:44:12 +02:00
Kevin Darbyshire-Bryant
5d60bedcb3 ath10k-firmware: fix board-2.bin download URL
Original URL got 303 redirect which then also dropped the commit id
leading to different file revision & MD5 mismatch.

Corrected URL & clarified commit ID use in Makefile

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-21 12:00:10 +02:00
John Crispin
163cc22643 procd: properly set /dev/snd permission and group
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-20 11:48:02 +02:00
Xotic750
e2d2b136b3 e2fsprogs: Bump to v1.43.1
Signed-off-by: Graham Fairweather <xotic750@gmail.com>
2016-06-20 11:45:45 +02:00
Mathias Kresin
ac1cc30cdf lantiq: ltq-atm: fix xrx200 depends
This one was missed by abc346db0e.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-06-20 11:45:44 +02:00
John Crispin
e4bad7953b fstools: fix missing dependency
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-18 17:07:44 +02:00
Rafał Miłecki
7e08f2ccbd mtd: support -c (datasize) option for fixseama command
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-20 08:01:31 +02:00
Daniel Golle
fac7ba1abc uboot-envtools: add support for ZBT-WG2626
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-06-19 16:22:23 +02:00
Felix Fietkau
240137a744 mt76: update to the latest version, fixes a SMPS handling issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-17 14:51:11 +02:00
John Crispin
16e04fd1b4 procd: update to latest git head
fixes !root perms of /var/{run,lock,state}

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
John Crispin
87eb8fad13 base-files: remove fstab symlink
the symlink no longer gets used since we switched to the block-mount tool.

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
John Crispin
ea828eb3af mountd: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
Felix Fietkau
4bab4dee84 ath10k: merge some more pending upstream fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-17 14:12:44 +02:00
Felix Fietkau
475e94b1d2 uhttpd: update to the latest version, adds some extensions to handler script support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16 19:00:16 +02:00
Rafał Miłecki
952beca4aa uclient: update to the latest version with better help and DELETE
This slightly improves output of help messages and supports sending
message body for DELETE.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-16 14:54:25 +02:00
Felix Fietkau
4e0a533f60 hostapd: fix breakage with non-nl80211 drivers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 19:28:55 +02:00
Jo-Philipp Wich
e2a9c638e7 hostapd: fix compilation error in wext backend
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-15 19:10:32 +02:00
Felix Fietkau
70bb22037a hostap-driver: mark as broken, it causes extra bloat in hostapd and is probably not used anymore
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 18:27:44 +02:00
Felix Fietkau
c2ec43733a mt76: update to latest version, adds survey support for mt76x2
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:50:51 +02:00
Felix Fietkau
ef74d5cbf8 hostapd: implement fallback for incomplete survey data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:31:48 +02:00
Felix Fietkau
13b44abcff hostapd: update to version 2016-06-15
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:11:43 +02:00
Michal Hrusecky
b67af71181 hostapd: Update to version 2016-05-05
Fixes CVE-2016-4476 and few possible memory leaks.

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-06-15 17:11:18 +02:00
Felix Fietkau
a3cde627f8 libubox: update to the latest version, fixes an uloop signal handling race condition
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:01:15 +02:00