Commit Graph

12397 Commits

Author SHA1 Message Date
Florian Fainelli
493b0f3f57 toolchain: Force installation into /lib
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-28 08:39:00 +02:00
John Crispin
986ec56507 rfkill: add fake rfkill support
allow building of modules depending on RFKILL even if RFKILL is not enabled.

Signed-off-by: John Crispin <john@phrozen.org>
2016-09-27 20:27:26 +02:00
Matthias Schiffer
376944c0ab
perf: fix build with musl on PowerPC
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-28 06:26:35 +02:00
Matthias Schiffer
82aa061251
kernel: remove echainiv.ko from kmod-crypto-iv
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-28 02:39:18 +02:00
Rafał Miłecki
a0ce6982d8 mac80211: backport brcmfmac changes from 2016-09-27
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-27 18:23:53 +02:00
Magnus Kroken
b1f39d3d7e openssl: update to 1.0.2j
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-09-27 17:50:22 +02:00
diizzyy
0d4f02dfd6 linux-firmware: Add mirrors
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:22 +02:00
Rosen Penev
c0b15b3072 openssl: Make DTLS configurable.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Rosen Penev
aaa067ab0b openssl: Remove J-PAKE. Nothing uses it.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Kevin Darbyshire-Bryant
78ae7d8efd busybox: v1.25.0 upstream patches
Include upstream patches for gzip, ip & ntpd.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-09-27 17:50:22 +02:00
Daniel Engberg
edbc8fec8a libjson-c: Update to 0.12.1
Updates libjson-c and removes backport patch.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:21 +02:00
diizzyy
509708889c libunwind: use url alias
Use alias instead of hardcoded URL

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:21 +02:00
Jo-Philipp Wich
875cddd94c iwinfo: fix WPA cipher reporting
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.

This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-27 16:23:48 +02:00
Jo-Philipp Wich
8badcba229 iproute: properly support high routing table IDs
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.

If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.

This commit adds a patch which...
 - switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
   sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
   order to support IDs up to 65535
 - adds proper handling of high table IDs to iprule.c and iproute.c when
   adding, removing and dumping ip rules and network routes

After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-27 16:23:06 +02:00
Jo-Philipp Wich
864b2d113a 6in4: fix invalid local variable declaration (FS#188)
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-27 16:23:06 +02:00
Rafał Miłecki
45b73af7f6 mac80211: backport brcmfmac changes from 2016-09-26
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-27 07:00:53 +02:00
Matthias Schiffer
26b4216f95
base-files: make default_prerm work offline
IPKG_INSTROOT must be respected for offline removal (used for per-device
rootfs).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:57 +02:00
Matthias Schiffer
6c1542787d
base-files: fix check for empty password warning
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root' and 'root:!:' allow no
password login at all.

This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Matthias Schiffer
77f54eae45
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Felix Fietkau
da4e81960d mac80211: fix crash in mac80211_hwsim
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 16:19:58 +02:00
Jonas Gorski
c4823622d8 uboot-mvebu: reset the 88E1512 PHY to make the wan port work
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 13:03:18 +02:00
Jonas Gorski
d8075b15d0 uboot-mvebu: make hidden and be m for clearfog to fix IB failing to add it
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.

This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 12:48:18 +02:00
Jonas Gorski
bc1f006b4e uboot-mvebu: also install into KDIR to ensure it packaged in IB
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 12:47:36 +02:00
Matthias Schiffer
b3dd642584
fstools: mark as nonshared and add missing PKG_CONFIG_DEPENDS
The fstools build depends on the CONFIG_NAND_SUPPORT flag, which is
target-specific.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-25 23:26:25 +02:00
Matthias Schiffer
663145e419
image: fix CONFIG_CLEAN_IPKG with CONFIG_TARGET_PER_DEVICE_ROOTFS
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.

To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-25 09:30:55 +02:00
Matthias Schiffer
ce89535bce
kernel: remove duplicate br-netfilter file and Kconfig symbol from kmod-ebtables
br_netfilter.ko and the corresponding Kconfig symbol are already provided
by kmod-br-netfilter, which is a dependency of kmod-ebtables.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-24 23:37:54 +02:00
Hauke Mehrtens
ea288126db openssl: backport build fix when hardware support is used
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 19:53:00 +02:00
Jo-Philipp Wich
1c09849f6c treewide: remove bad local shell variable declarations
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-24 14:38:20 +02:00
Hauke Mehrtens
df9efc9497 curl: update to version 7.50.3
This fixes the following security problems:
7.50.1:
 CVE-2016-5419 TLS session resumption client cert bypass
 CVE-2016-5420 Re-using connections with wrong client cert
 CVE-2016-5421 use of connection struct after free
7.50.2:
 CVE-2016-7141 Incorrect reuse of client certificates
7.50.3:
 CVE-2016-7167 curl escape and unescape integer overflows

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:48:05 +02:00
Magnus Kroken
6926325829 openssl: update to 1.0.2i
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:28:59 +02:00
Jo-Philipp Wich
4f272dd032 linux-firmware: update to current Git head
Update the linux-firmware package in order to force the buildbots to fetch the
proper mirrored version.

Currently each builder has its own copy of the linux-firmware checkout staged
in its own dl/, since the package was updated before the mirrored copy has
been uploaded. The builders then subsequently uploaded their own copy instead,
leading to md5sum mismatches since each clone produces different tarballs.

By bumping the package to a new version and uploading the mirrored archive
with the proper md5sum beforehand, the builders will fetch that instead and
not upload their own copies.

To properly solve that problem in the future we need to ensure that packed
checkouts become reproducable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-23 12:11:06 +02:00
Felix Fietkau
175237e7df kernel: fix broken dependency of kmod-owl-loader on kmod-ath9k
It messes up the build order of package/kernel/linux vs
package/kernel/mac80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-22 20:09:20 +02:00
Jo-Philipp Wich
a84d51c85d linux-firmware: update md5sum
Since the md5sum of the mirrored Git clone archive has been set in the Makefile
before that particular archive was uploaded to the source mirror, the buildbots
uploaded their own, different copy instead invalidating the mirror md5sum for
anyone else.

In order to fix the mismatch, update the md5sum to reflect the archive being
present on the download server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-22 10:47:57 +02:00
Hauke Mehrtens
7b472f7c21 busybox: fix md5sum
The md5sum was not updated in commit 06fa1c46fc "busybox: update
to version 1.25.0"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-20 22:56:47 +02:00
Hauke Mehrtens
e59bbb6fe2 ltq-vdsl-app: update to version 4.17.18.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
7ecbc27951 ltq-vdsl: update to version 4.17.18.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
3a4db8548f ltq-vdsl-mei: update mei driver to version 1.5.17.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
909ed82b10 dsl-vrx200-firmware-xdsl: update to more recent versions
The Annex A firmware will be updated to:
05.08.01.08.01.06_05.08.00.0B.01.01_osc

The Annex B firmware will be updated to:
05.07.09.09.00.06_05.07.04.04.00.02_osc

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
06fa1c46fc busybox: update to version 1.25.0
The following patches were removed:
010-networking-fix-uninitialized-memory-when-displaying-.patch
  https://git.busybox.net/busybox/commit/?id=f2c043acfcf9dad9fd3d65821b81f89986bbe54e

030-ip-fix-problem-on-mips64-n64-big-endian-musl-systems.patch
  https://git.busybox.net/busybox/commit/?id=4ab372d49a6e82b0bf097dedb96d26330c5f2d5f

204-udhcpc_src_ip_rebind.patch
  https://git.busybox.net/busybox/commit/?id=abe8f7515aded80889d78c2c1c8947997918cf90

230-ntpd_delayed_resolve.patch
  https://git.busybox.net/busybox/commit/?id=c8641962e4cbde48108ddfc1c105e3320778190d
  https://git.busybox.net/busybox/commit/?id=e4caf1dd9ce8569371a0eeb77ccf02a572dc0f11

260-arping_missing_includes.patch
  Not needed any more, still builds with musl for me.
  Add in 92fd6e6f1a "busybox: fix arping applet building on musl"

The Kconfig files were updated with these commands:
cd config
../convert_menuconfig.pl .../build_dir/target-*/busybox-1.25.0
cd ..
./convert_defaults.pl < .../build_dir/target-*/busybox-1.25.0/.config > Config-defaults.in

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-20 22:37:02 +02:00
Florian Fainelli
ef64c8694b base-files: Allow subtargets to define base-files.mk
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-19 19:42:10 +02:00
Christian Lamparter
e9401a2335 kernel: owl-loader for delayed Atheros ath9k fixup
Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway)
need to be able to initialize the PCIe wifi device. Normally, this is done
during the early stages of booting linux, because the necessary init code
is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup.
However,this isn't possible for devices which have the init code for the
Atheros chip stored on NAND in an UBI volume. Hence, this module can be
used to initialze the chip when the user-space is ready to extract the
init code.

Martin Blumenstingl made a few fixes and added support for lantiq:
kernel: owl-loader: add support for OWL emulation PCI devices
kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
kernel: owl-loader: use dev_* instead of pr_* logging functions
kernel: owl-loader: auto-generate the eeprom filename as fallback
kernel: owl-loader: add a debug message when swapping the eeprom data
kernel: owl-loader: add missing newlines in log messages
kernel: owl-loader: add support for the lantiq platform

These patches have been integrated. Thanks!

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2016-09-19 19:32:35 +02:00
John Crispin
edf5b2955e cyassl: remove duplicate submenu level
Signed-off-by: John Crispin <john@phrozen.org>
2016-09-19 16:07:58 +02:00
Andreas Schultz
b9e3e38e79 cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-09-19 15:30:32 +02:00
Hans Dedecker
32f4777530 dnsmasq: Add match section support
Match sections allow to set a tag specified by the option networkid if the client
sends an option and optionally the option value specified by the match option.
The force option will convert the dhcp-option to force-dhcp-option if set to 1 in
the dnsmasq config if options are specified in the dhcp_option option.

config match
    option networkid tag
    option match 12,myhost
    option force 1
    list dhcp_option '3,192.168.1.1'

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-09-19 15:30:32 +02:00
Florian Fainelli
559f55dffc iwinfo: Bump to 2016-07-29
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-19 15:30:32 +02:00
John Crispin
63bd73a5cf base-files: remind users to set root password
print a warning when a shell spawns, telling users to set a root password.

Signed-off-by: John Crispin <john@phrozen.org>
2016-09-19 15:30:32 +02:00
Hauke Mehrtens
0109ed87d9 kernel: add nlmon kernel module
This driver allows to monitor netlink communication on the system.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-16 23:00:01 +02:00
Hauke Mehrtens
8b5e128250 busybox: libnetlink: fix alignment of netlink messages
A padding to align a message should not only be added between
different attributes of a netlink message, but also at the end of the
message to pad it to the correct size.

Without this patch the following command does not work and returns an
error code:
ip link add type nlmon

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-16 23:00:01 +02:00
Felix Fietkau
25dab5d217 base-files: reduce vm.min_free_kbytes for devices with 32M RAM
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-16 16:44:45 +02:00
Rafał Miłecki
4fec58be09 linux-firmware: update to the commit from 2016-09-15
This adds e.g. BCM43430 firmware (not packaged yet).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-16 12:30:04 +02:00
Álvaro Fernández Rojas
092e77d948 rtl8xxxu: add support for rtl8188eu
Patches by Jes Sorensen:
https://git.kernel.org/cgit/linux/kernel/git/jes/linux.git/

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
c1678f1fa0 linux-firmware: rename r8188eu-firmware to rtl8188eu-firmware
This is consistent with the names used for other realtek firmwares.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
f7670a2d07 mac80211: stop brcmfmac from selecting all SDIO firmwares
Now that we have firmwares separated and brcm2708 being the only target that
actually selects SDIO support, avoid selecting all firmwares by default.
sunxi should select the proper firmwares once SDIO support is enabled and
tested.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
ba5a9aba5c brcmfmac43430-firmware: rename to brcmfmac-firmware-43430-sdio
This is consistent with the rest of brcmfmac firmwares.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Álvaro Fernández Rojas
daa5691a4d linux-firmware: separate packages for Broadcom FullMAC SDIO firmwares
Using few packages will allow saving some space by decreasing rootfs
size.

Moreover there are more firmware files that may require packaging and
even more to come later.

This can especially useful now, with per device rootfs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-15 20:23:46 +02:00
Felix Fietkau
fa05f1d41b kernel: fix missing rename on usb gadget kmod cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-15 17:01:40 +02:00
Tim Harvey
dc17fde994 kernel: clean up usb gadget support
clean up usb gadget support:
- rename gadget modules so that they appear together and are easier to
  identify as gadget modules
- make usb-lib-composite and usb-gadget hidden as there is no point in
  selecting those without gadget drivers that require them as deps

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2016-09-15 13:11:21 +02:00
Rafał Miłecki
65c5d097a4 mac80211: stop brcmfmac from selecting all PCIe firmwares
Now we have firmwares separated and bcm53xx selecting required ones make
use of it to actually save that rootfs space.
Other targets using brcmfmac (brcm2708 and sunxi) use SDIO interface and
firmware so they don't won't be affected.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-14 22:12:57 +02:00
John Crispin
a3f12a8dbe mountd: update to latest git HEAD
fixes cleanup of mount points

Signed-off-by: John Crispin <john@phrozen.org>
2016-09-14 21:37:21 +02:00
Rafał Miłecki
e70e3c544a hostapd: fix regression breaking brcmfmac
The latest update of hostapd broke brcmfmac due to upstream regression.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-13 12:06:42 +02:00
Rafał Miłecki
ac887f4832 linux-firmware: separate packages for Broadcom FullMAC PCIe firmwares
Using few packages will allow saving some space by decreasing rootfs
size. Dropping 43602a1 firmware saves 316 580 B. Dropping 4366b1 saves
468 188 B.

Moreover there are more firmware files that may require packaging and
even more to come later (e.g. 4366c0).

This can especially useful now, with per device rootfs.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-13 10:31:01 +02:00
Felix Fietkau
f3747020e2 mac80211: fix tx issue with CCMP PN generated in hardware
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-12 11:25:33 +02:00
Álvaro Fernández Rojas
ac08cb06f6 brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-10 14:54:08 +02:00
Kevin Darbyshire-Bryant
591755ad1a dnsmasq: make NO_ID optional in full variant
Permit users of the full variant to disable the NO_ID *.bind pseudo
domain masking.

Defaulted 'on' in all variants.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-09-10 12:17:39 +02:00
Kevin Darbyshire-Bryant
96f0bbe91d dropbear: hide dropbear version
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'

Based on a patch by Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
2016-09-10 12:17:39 +02:00
Felix Fietkau
1867537d65 fstools: update to the latest version, adds support for ext4/f2fs overlay via loopback device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-10 12:17:39 +02:00
Felix Fietkau
dbbd5eef58 f2fs-tools: import from packages, clean up, and update to latest
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:38 +02:00
Kevin Darbyshire-Bryant
03cd416795 dnsmasq: Don't expose *.bind data incl version
Don't expose dnsmasq version & other data to clients via the *.bind
pseudo domain.  This uses a new 'NO_ID' compile time option which has been
discussed and submitted upstream.

This is an alternate to replacing version with 'unknown' which affects
the version reported to syslog and 'dnsmasq --version'

Run time tested with & without NO_ID on Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-09-08 15:28:38 +02:00
Felix Fietkau
c4bfb119d8 mac80211: remove the fq-disable hack, now that reordering is fixed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:38 +02:00
Felix Fietkau
a194ffd4a8 mac80211: fix packet loss on fq reordering
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:38 +02:00
Felix Fietkau
859d940c79 hostapd: update to version 2016-09-05
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-08 15:28:38 +02:00
Florian Fainelli
2728512e15 e2fsprogs: List all libraries explicitly
e2fsprogs would fail linking with external toolchains which would not be able
to find several dependencies, explicit them.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-08 13:40:03 +02:00
Florian Fainelli
9a2f2f32cf e2fsprogs: Honor the global verbose flag
Look for OPENWRT_VERBOSE and pass it down to the e2fsprogs entry-point
Makefile.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-08 13:40:03 +02:00
Kevin Darbyshire-Bryant
9209f4304b dnsmasq: fix remove pidfile on shutdown regression
Regression introduced by 3481d0d dnsmasq: run as dedicated UID/GID

dnsmasq is unable to remove its own pidfile as /var/run/dnsmasq is owned
by root and now dnsmasq runs as dnsmasq:dnsmasq.  Change directory
ownership to match.

dnsmasq initially starts as root, creates the pidfile, then drops to
requested non-root user.  Until this fix dnsmasq had insufficient
privilege to remove its own pidfile.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-09-06 11:26:05 +02:00
Petko Bordjukov
c5913264e7 mwlwifi: Expose the IEEE 802.11w support to hostapd
Add a dependency on DRIVER_11W_SUPPORT in order to enable the IEEE
802.11w functionality in hostapd.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-09-05 19:24:37 +02:00
Johannes Römer
e8cb7d30e9 hostapd: fix typo and indentation in ap_sta_support.patch
Signed-off-by: Johannes Römer <jroemer@posteo.net>
2016-09-05 18:03:24 +02:00
Alexis Green
aeea251fad ath10k-ct: fix missing symbols if ath9k is not selected
Require kernel to compile with CONFIG_RELAY=y

Signed-off-by: Alexis Green <alexis@cessp.it>
2016-09-05 18:01:59 +02:00
Felix Fietkau
49a6f67c39 mac80211: backport new register bitfield macros
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-05 17:46:26 +02:00
Felix Fietkau
9cf0444768 mac80211: add a tx sequence number allocation fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-05 14:02:34 +02:00
Karl Palsson
a4dc9ff934 dropbear: mdns flag is a bool, not integer
Effectively the same for most purposes, but more accurate.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2016-09-05 07:27:16 +02:00
Karl Palsson
ad8d197b82 base-files: support oneshot leds properly.
oneshot trigger configurations for LEDs are created, but the on/off
timing configurations are ignored.  generate_config is correctly creating
oneshot configs, but the later led script doesn't recognise the trigger
details.

Fixes: c0c3f2d4c9 leds: support oneshot as well as timer triggers
Signed-off-by: Karl Palsson <karlp@etactica.com>
2016-09-05 07:27:15 +02:00
John Crispin
b5f7221afa fstools: fix logic bug in extroot verification code
Signed-off-by: John Crispin <john@phrozen.org>
2016-09-05 07:27:15 +02:00
John Crispin
81b779d4d9 ugps: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-09-05 07:27:15 +02:00
Conn O'Griofa
f362dc154d zram-swap: CONFIG_PROCD_ZRAM_TMPFS compatibility
Enable CONFIG_PROCD_ZRAM_TMPFS compatibility via two changes to list_cpu_idx():
* detect if /tmp is being used by /dev/zram0; if yes, offset initial value by 1 to skip first zram device.
* hot-add /dev/zram1, if not already present.

Signed-off-by: Conn O'Griofa >connogriofa@gmail.com>
2016-09-05 07:12:00 +02:00
Tim Harvey
232893037a generic: add NET3380 UDC support
Add a patch to backport 5185c91385d73cdf79836eb8548e4726e43ae831
from Linux 4.8 adding USB2380 support to the NET2280 driver and
create an OpenWrt menu option to select it as a module.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2016-09-04 13:36:10 +02:00
Tim Harvey
a4b86b292a boot: kobs-ng: update kobs-ng for newer kernels
This allows kobs-ng to flash the SPL successfully on the 4.4 kernel used by
the Gateworks IMX boards supporting NAND. The previous version of kobs-ng
worked with the 3.14 kernel but will brick a board making its SPL unbootable
for the 4.4 kernel.

See http://trac.gateworks.com/wiki/ventana/bootloader#nandspl for instructions
on updating the SPL from Linux.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2016-09-04 13:36:09 +02:00
Felix Fietkau
dbc9ee5b72 ath9k: fix regression in tx queueing patch
power save response frames can go through the old tx path, and the tid
needs to be set for sequence numbers to be assigned correctly.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-02 14:43:53 +02:00
Felix Fietkau
7130833a27 mvebu: fix boot script for booting from mmc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-02 14:43:53 +02:00
Zhao Gang
28a2901cba ath10k-firmware: add QCA9887 firmware
QCA9887 is experimentally supported in compat-wireless-2016-06-20.

Signed-off-by: Zhao Gang <gang.zhao.42@gmail.com>
2016-09-02 14:43:52 +02:00
Gabe Rodriguez
2d418381bb mwlwifi: Updated to latest source
This commit updates the mwlwifi driver to the latest version provided in the repo.

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2016-09-02 14:43:52 +02:00
Felix Fietkau
a894a535ff mac80211: add fixes for dealing with unexpected BlockAck frames
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-02 14:43:52 +02:00
Felix Fietkau
372d0fea29 ath9k: add a bunch of powersave handling fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-02 14:43:51 +02:00
Felix Fietkau
1e72d1bf16 mac80211: add a powersave handling fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-02 14:43:51 +02:00
Felix Fietkau
00a1056c3f openssl: re-enable ARM assembly
The original reason for disabling it seems to have been fixed
Related discussion: https://github.com/lede-project/source/pull/307

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-31 13:57:05 +02:00
Felix Fietkau
8e0cb8f582 ebtables: fix build with glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-30 12:12:34 +02:00
Felix Fietkau
18c7d1c626 dante: remove -D_GNU_SOURCE to fix build errors with current glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-30 12:12:34 +02:00
Felix Fietkau
98206cb9c6 iperf: add -lm to fix build with newer glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-30 10:51:21 +02:00
Felix Fietkau
b0dcb6bfed iperf: drop PKG_BUILD_DIR override
No longer necessary since the removal of build variants

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-30 10:51:21 +02:00
Jo-Philipp Wich
bba8a1a9ba Revert "opkg: use vfork on gz_open by default (FS#120)"
This reverts commit 763f5d7873.

Currently the vfork() code path in opkg is broken and relies on unsupported
ftello() / fseeko() operations on pipes - we need to restructure the code
before we can reconsider this approach.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-28 23:03:13 +02:00
Jo-Philipp Wich
d0b88b6067 Revert "opkg: disable the use of vfork for the host build"
This reverts commit 02e3c718e9.

Currently the vfork() code path in opkg is broken and relies on unsupported
ftello() / fseeko() operations on pipes - we need to restructure the code
before we can reconsider this approach.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-28 23:03:13 +02:00
Ben Greear
2ca0cdb7bf ath10k-firmware: Update to latest ath10k-ct 9984 firmware.
Tested briefly on Netgear r7800.  Firmware failed to load on first
boot, but then it worked after that and I could not reproduce the
failure.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-28 20:59:23 +02:00
Felix Fietkau
02e3c718e9 opkg: disable the use of vfork for the host build
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-28 14:34:40 +02:00
Felix Fietkau
763f5d7873 opkg: use vfork on gz_open by default (FS#120)
Reduces memory consumption and binary size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-28 14:18:54 +02:00
Felix Fietkau
3e4d0e3e77 ath9k: revert temperature compensation support patch (FS#111)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-28 14:08:49 +02:00
Felix Fietkau
4530ca3c11 kernel: remove obsolete legacy ide kernel module packages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-28 13:51:42 +02:00
Ben Greear
545d86490c ct-bugcheck: Add tools to poll for and report ath10k firmware crashes.
This tool can periodically check for ath10k firmware crashes.
If it finds a crash, it will package up the binary crash dump,
some OS level things like dmesg, lspci, etc into a tar file.

It then notifies the user about the crash and asks them to report
the bug to the appropriate email address.

This is most useful when used with ath10k-ct driver and
CT ath10k firmware, but it should also report issues with stock
ath10k driver and firmware in case one has appropriate contacts
to debug them.

This tool could be extended later for other modules/bugs/etc.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-28 13:51:41 +02:00
Ben Greear
d66db35a1d ath10k-ct: Remove useless WARNING for 10.4 firmware.
Removes a useless splat in ath10k, and adds some safety code
around setting keys in the firmware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-28 13:51:41 +02:00
Ben Greear
3a2d142a3a ath10k-fw: Update to latest 9980 CT firmware.
This fixes a nasty memory corruption bug, among other things.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-28 13:51:41 +02:00
Jo-Philipp Wich
885910225d iwinfo: mark as nonshared
The iwinfo library might get compiled with different backends, depending on
the driver selection of the current target, so mark it as nonshared to avoid
broken libiwinfo support on other targets with same cpu architecture but
different wireless driver types.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-25 16:51:57 +02:00
Felix Fietkau
acffa62d12 mt76: update to the latest version
Adds client + ad-hoc mode fixes and some initial TPC preparation work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-25 13:00:10 +02:00
Felix Fietkau
2b0a1292f8 uqmi: update to the latest version, adds QMI-in-MBIM support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-24 15:16:01 +02:00
Magnus Kroken
2653a12c4d openvpn: update to 2.3.12
300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream.
Replaced 101-remove_polarssl_debug_call.patch with upstream backport.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-08-24 00:33:08 +02:00
Ralph Sennhauser
012873074f perf: drop sched_getcpu wrapper
Current musl already provides sched_getcpu

Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
2016-08-23 22:47:43 +02:00
Ralph Sennhauser
91362e7aa4 strace: bump to 4.13
Fixes broken btrfs support in 4.12

Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
2016-08-23 22:47:43 +02:00
Toke Høiland-Jørgensen
e58c20aac3 ath9k: Set ATH9K_STATION_STATISTICS when enabling debugging
The ATH9K_STATION_STATISTICS kernel config variable enables some extra
statistics that are useful for debugging (in particular with the airtime
fairness patches enabled). This adds that kernel config when selecting
ath9k debugging.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2016-08-23 13:30:59 +02:00
Felix Fietkau
d41f56864c ubus: update to the latest version, adds object remove fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-23 13:30:04 +02:00
Felix Fietkau
223c124db8 ubox: move logd into ubox package
Preparation for further build rework

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-23 12:19:23 +02:00
Ash Benz
798cd261ab hostapd: use printf to improve portability.
Signed-off-by: Ash Benz <ash.benz@bk.ru>
2016-08-23 12:15:41 +02:00
Ben Greear
4c451ae0a7 ath10k-ct: Update to latest ath10k-ct driver.
This uses GFP_DMA32 for firmware swap.  Fixes issue on x86-64 with
QCA 9984 chipset when host system does not have vt-d enabled.

Also tested on linksys ea8500 with 9980 chipset.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-23 11:55:32 +02:00
Felix Fietkau
c487bde9e4 netifd: update to the latest version
Adds fixes for wireless device error handling
Adds link state fixes for shell proto handlers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-23 11:08:35 +02:00
Andreas Schultz
277f85c21a cyassl: make CyaSSL/WolfSSL more configurable
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
2016-08-22 17:30:35 +02:00
Daniel Golle
d7e040f8bc kernel: add fake users for udptunnel and iptunnel modules
Without any in-tree users enabled the Kernel's build process doesn't
actually build those modules. Enable some potential in-tree users
during Kernel build, so out-of-tree modules can depend on them.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-08-22 17:23:05 +02:00
Martin Schiller
070edfd92f ltq-deu: fix cra_priority
With the default priority of 0, the DEU algos would be overlapped
by the generic algos (if available).

To fix this, set the cra_priority of the hardware algos to the
recommended value of 300/400.

Signed-off-by: Martin Schiller <mschiller@tdt.de>
2016-08-20 05:33:09 +02:00
Martin Schiller
9391661394 ltq-deu: fix handling of data blocks with sizes != AES/DES block size
This fix is a backport from the lantiq UGW-6.1.1-MR1

Signed-off-by: Martin Schiller <mschiller@tdt.de>
2016-08-20 05:32:56 +02:00
Martin Schiller
8dba24cfc2 ltq-deu: fix aes initialization vector handling
This fix is a backport from the lantiq UGW-6.1.1-MR1

Signed-off-by: Martin Schiller <mschiller@tdt.de>
2016-08-20 05:32:44 +02:00
Jo-Philipp Wich
b91e58e606 busybox: enable sha256sum by default
Now that snapshot builds are only publishing SHA-256 checksums, it makes
sense to ship an appropriate utility for verification.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-18 15:09:06 +02:00
Hans Dedecker
d7c249fa1c ppp: Extend uci datamodel with persistency sypport
PPP daemon can be put into persist mode meaning the
daemon will not exit after a connection gets terminated
but will instead try to reopen the connection.
The re-initiation after the link has been terminated
can be controlled via holdoff; this is helpfull in
scenarios where a BRAS is in denial of service mode
due to link setup requests after a BRAS has gone down

Following uci parameters have been added :
persist (boolean) : Puts the ppp daemon in persist mode
maxfail (integer) : Number of consecutive fail attempts which
puts the PPP daemon in exit mode
holdoff (interget) : Specifies how many seconds to wait
before re-initiating link setup after it has been terminated

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-08-18 09:49:18 +02:00
Josua Mayer
1e71fca777 mtd: fix building with glibc
src/linksys_bootcount.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2016-08-18 09:49:18 +02:00
Josua Mayer
c8580f51ba u-boot-envtools: fix building with glibc
tools/env/fw_env.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2016-08-18 09:49:18 +02:00
John Crispin
5e563262f1 ubox: fixes segfault inside kmodloader
null pointer deref when no modules folder was present

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-18 09:49:18 +02:00
Felix Fietkau
fe7fdd3bb4 ath9k: switch to using mac80211 intermediate software queues
Provides a nice latency reduction under load, due to mac80211's fq_codel
support.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-17 07:02:54 +02:00
John Crispin
99a1888287 swconfig: revert the portmapping patches, they seem to cause a segfault
Revert "kernel/swconfig: remove obsolete portmapping feature from swconfig"

This reverts commit 675407baa4.

Revert "swconfig: remove obsolete portmapping feature"

This reverts commit fca1eb349e.

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-16 10:20:01 +02:00
Matteo Croce
2ebb4733e1 kernel: add kmod-squashfs
add kernel package to build squashfs as module when it's not the root filesystem

Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
2016-08-15 15:32:38 +02:00
Hannu Nyman
a77ce8ba96 libs/gmp: update to 6.1.1
Update libgmp to 6.1.1

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-08-15 15:32:38 +02:00
Hannu Nyman
785cdc3cf2 package/devel/gdb: Update to 7.11.1
Update gdb to version 7.11.1 to match the version in toolchain.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-08-15 15:32:37 +02:00
John Crispin
fca1eb349e swconfig: remove obsolete portmapping feature
Signed-off-by: John Crispin <john@phrozen.org>
2016-08-15 15:32:36 +02:00
Conn O'Griofa
63f6fc5c16 samba: add file/interface reload triggers & filter interfaces
* Only parse interfaces that are up during init_config (as the
  script depends on this to determine the proper IP/subnet range)
* Add reload interface triggers for samba-designated interfaces
* Force full service restart upon config change to ensure Samba
  binds to new interfaces (sending HUP signal doesn't work)
* Rename "interface" variable to "samba_iface" and move into
  global scope

Needed to fix Samba connectivity for clients connecting from a
different LAN subnet (e.g. pseudobridge configurations) due to the
'bind interfaces only' setting.

Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
2016-08-15 15:18:35 +02:00
John Crispin
40b8cbc2af procd: update to latest git HEAD
adds O_PATH define

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-15 15:16:42 +02:00
Jo-Philipp Wich
d36c5152ef ncurses: change handling of PKG_CONFIG_LIBDIR
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.

Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch

Also refresh patches while we're at.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-15 13:34:17 +02:00
Jonas Gorski
30352e72ff base-files: set pi_ifname in board.d case to fix deconfig
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-14 23:10:17 +02:00
Jonas Gorski
6c9588ddf5 base-files: configure switch in failsafe
Also configure the switch based on the failsafe config, and create the
failsafe interface as tagged if necessary.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:15 +02:00
Jonas Gorski
072cf26729 base-files: allow failsafe to configure vlans
In preparation of properly setting up vlans and switches, add
support for configuring failsafe on a vlan tagged interface.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:06 +02:00
Jonas Gorski
c18edcec45 base-files: add preinit ifname detection based on board.json
Make use of the existing board.d to autodetect lan ifname in a generic way.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:50:00 +02:00
Jonas Gorski
0f1ae840c9 base-files: split out preinit interface config
Move preinit interface and ip config to its own function to allow
calling it from more than one place.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:56 +02:00
Jonas Gorski
780ccbf9f1 base-files: board_detect: allow specifying the generated file
Allow passing a filename to change the location of the generated
board.json.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:51 +02:00
Jonas Gorski
e934a129f0 base-files: let config_generate call board_detect
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2016-08-13 15:49:46 +02:00
Jo-Philipp Wich
4e8c6f3407 dropbear: security update to 2016.74
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

  The security issues were reported by an anonymous researcher working with
  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-12 11:45:47 +02:00
Imre Kaloz
f76f83de71 mwlwifi: upgrade to 10.3.0.18-20160804
adds support for the Linksys WRT1900ACSv2 and WRT1200ACv2

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
2016-08-11 21:04:42 +02:00
Felix Fietkau
08a27b99a2 kernel: add missing config symbol
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-11 18:33:02 +02:00
Ben Greear
4d39726b21 ath10k-firmware: Update to latest 99X0 CT firmware.
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.

Briefly tested on ea8500.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-11 10:55:22 +02:00