Commit Graph

13073 Commits

Author SHA1 Message Date
Hauke Mehrtens
2ad4383b74 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:34:28 +01:00
Rafał Miłecki
5c4b2eb3dd mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
52add1988c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
c578da6198 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
4b9bdb48d9 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
85d128f145 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
e48b1c2c07 mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
e8f42223be mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
36288db2fd mac80211: start hostapd with logging wpa_printf messages to syslog
Some debugging/error messages are printed using wpa_printf and this
change allows finally reading them out of the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:33:05 +01:00
Rafał Miłecki
bc49d7902c hostapd: enable support for logging wpa_printf messages to syslog
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:31:02 +01:00
Rafał Miłecki
a0bc62fe08 hostapd: backport support for sending debug messages to the syslog
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.

We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.

Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:29:56 +01:00
Hannu Nyman
1b51a49a9d ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:26:05 +01:00
Wilco Baan Hofman
f8d8b60f1b Fix dependency for hostapd
Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
2017-02-01 16:06:58 +01:00
Kevin Darbyshire-Bryant
4cd9625dd4 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Kevin Darbyshire-Bryant
4f5ff0041a kmod-sched-cake: Bump to latest version
wash, mpu & some memory optimisation have now made it to the official
cake repository.

Point LEDE to the official repository.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Jo-Philipp Wich
d1d970e235 libtool: don't clobber host libtool infrastructure
The libtool target package stages its files into the host staging directory
and moves the libltdl library parts from there into the target staging
directory afterwards.

By doing so, the package essentially renders the host libtool infrastructure
unusable, leading to the below error in subsequent package builds:

    libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool`

Prevent this problem by using a dedicated libltdl install prefix in order to
avoid overwriting and moving away preexisting files belonging to tools/libtool.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:05:52 +01:00
Hans Dedecker
786160cd76 odhcp6c: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 16:00:01 +01:00
Hans Dedecker
4d9106afa6 odhcp6c: update to git HEAD version
c13b6a0 dhcpv6: fix white space error
e9d80cc dhcpv6: trigger restart of DHCPv6 state machine when not
		receiving statefull options
c7122ec update README
419fb63 dhcpv6: server unicast option support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
02d511818f odhcpd: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
036cf93edf odhcpd: update to git HEAD version
c4f9ace odhcpd: decrease default log level to LOG_INFO
a6eadd7 odhcpd: rework IPv6 interface address dump
44965f1 odhcpd: extra syslog tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
cd99f3c744 odhcpd: update to git HEAD version
e447ff9 router: fix compile issue on 64 bit systems

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker
ef170bff32 odhcpd: update to git HEAD version
237f1f4 router: convert syslog lifetime traces into LOG_INFO prio
da660c7 treewide: rework prio of syslog messages
0485580 ndp: code cleanup
c5040fe router: add syslog debug tracing for trouble shooting
df023ad treewide: use RELAYD_MAX_ADDRS as address array size
c8ac572 ndp: don't scan netlink attributes in case of netlink route
event

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker
fe253bcb99 netifd: update to git HEAD version
650758b interface-ip: route proto config support (FS#170)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker
718c201b82 base-files: add /etc/iproute2/rt_protos
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Yousong Zhou
754f474568 base-files: uppercase default hostname: LEDE
The name will appear in shell prompt and LuCI page title.  Uppercase
letters seem to be more vigorous

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-01 15:40:20 +01:00
Bastian Bittorf
be7480cb5a procd: update procd.sh to disallow signal-numbers, enforce signal-names
A given signal-name is now converted to the corresonding number. In general
it's good style to use names (readability) and it's more portable: signal
numbers can be architecture-dependent, so we are more safe giving names.

A real world example is signal 10, which is BUS on ramips and USR1 on PPC.

All users of 'procd_send_signal' must change their code to reflect this.

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-02-01 15:40:20 +01:00
Sven Roederer
7c5bc827b7 openvpn: ssl-enabled variants also provide a virtual openvpn-crypto package
When relying on x.509 certs for auth and / or encryption of traffic you can't
use package openvpn-nossl.
Just have your package depend on openvpn-crypto to have SSL-encryption and
X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use
virtual packge openvpn, which is provided by all OpenVPN-variants.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2017-02-01 15:40:20 +01:00
Kevin Darbyshire-Bryant
acebb4a990 iproute2: cake: add 'mpu' minimum packet length support
Add 'mpu' minimum length packet size parameter for scheduling/bandwidth
accounting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 15:40:20 +01:00
Kevin Darbyshire-Bryant
06fca0c48b kmod-sched-cake: add 'mpu' minimum packet length support
Add 'mpu' minimum packet length for scheduling/bandwidth accounting
purposes.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 15:40:20 +01:00
Steven Honson
ff813588fd hostapd: default to wps_independent 1
Signed-off-by: Steven Honson <steven@honson.id.au>
2017-02-01 15:40:20 +01:00
Steven Honson
2f9568ac2a hostapd: expose wps_independent and ap_setup_locked as uci options
ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other
wps related uci options.

Signed-off-by: Steven Honson <steven@honson.id.au>
2017-02-01 15:40:20 +01:00
Gabe Rodriguez
f9519636f5 mwlwifi: Fixes rewritten history hash and latest version
The author of the upstream mwlwifi edited the history of the previous commit.
This commit not only fixes the updated hash but also sends in the latest
commits he made to the code which are mainly testing.

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2017-02-01 15:40:20 +01:00
Hannu Nyman
d7cae5f0b4 opkg: clarify messages and errors related to downloads
Clarify opkg's messages related to downloads:

* more visible error message for package list download failure
* separate error message for signature file download error
* if wget returns 4, signal the network error more clearly
* remove '.' from end of filenames and URLs

* try signature check only if the package list was downloaded ok.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-01 15:40:20 +01:00
Felix Fietkau
b2cd9b80ef ubus: update to the latest version
Adds uloop related libubus fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 15:40:20 +01:00
Felix Fietkau
977eb2c019 ubus: update to the latest version
- Adds support for passing file descriptors in ubus invoke requests
- Fixes clearing pending timers on ubus_shutdown()
- Fixes checking the amount of written data in ubusd
- Fixes an ubusd crash when trying to subscribe to system objects

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 15:40:19 +01:00
Mathias Kresin
b2437a02a4 base-files: don't overwrite model name set by target
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.

Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-01 07:40:09 +01:00
Felix Fietkau
f4162bf3ca mt76: update to the latest version
Fixes DFS detection false positive issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 21:29:33 +01:00
Felix Fietkau
5f2a1ac59a ath9k: remove the deaf rx path state check patch
This needs to be refined and reworked before we can safely leave it
enabled by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 11:45:23 +01:00
Felix Fietkau
406f85a328 mdns: update to the latest version
- fixes unaligned acccesses, causing DNS parsing issues on ARMv5
- fixes service timeout handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 11:25:22 +01:00
Toke Høiland-Jørgensen
b8fcbbf31d kmod-sched-core: Add HTB and TBF traffic shapers
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.

This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-01-29 15:13:21 +01:00
Magnus Kroken
69f773daa3 openvpn: add support for various new 2.4 configuration options
Updates to openvpn.init were included in early OpenVPN 2.4 patch
series, but got lost along the way and were never merged.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-01-28 20:20:02 +01:00
Hauke Mehrtens
f5ab082243 openssl: update to version 1.0.2k
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-28 13:33:22 +01:00
Felix Fietkau
36db143690 ath9k: fix up a refcount imbalance error in the IRQ related fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-27 15:46:07 +01:00
Matthias Schiffer
ecc362ed04
procd: update to latest git HEAD
0f58977 init: fix /tmp permissions on zram

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:12 +01:00
Matthias Schiffer
a1f918cd92
base-files: fix user creation on sysupgrade with few opkg control files
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.

Add -s to suppress an error message when no control files exist.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:02 +01:00
Felix Fietkau
f9022964cf ath9k: add stability fixes for long standing hang issues (FS#13, #34, #373, #383)
The radio would stop communicating completely. This issue was easiest to
trigger on AR913x devices, e.g. the TP-Link TL-WR1043ND, but other
hardware was occasionally affected as well.

The most critical issue was a race condition in disabling/enabling IRQs
between the IRQ handler and the IRQ processing tasklet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:17 +01:00
Felix Fietkau
acd1795a60 mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:13 +01:00
Felix Fietkau
a6f3ea5e84 Add back the commit "ath9k: Add airtime fairness scheduler"
This reverts commit c296ba834d.
According to several reports, the issues with the airtime fairness
changes are gone in current versions.
It's time to re-apply the patch now.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:10 +01:00
Rafał Miłecki
e9d2173921 mac80211: brcmfmac: don't use uninitialize mem for country codes
There was a bug in brcmfmac patch that could result in treating random
memory as source of country codes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:46 +01:00
Rafał Miłecki
81f2196bb1 mac80211: move (& update) upstream accepted brcmfmac patches
These 3 patches are now in wireless-drivers-next tree.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:34 +01:00
Mathias Kresin
806d3cc2c3 packages: mark packages depending on a target as nonshared
The packages can't be build as shared packages due to the unmet
dependencies.

Fixes FS#418.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-24 19:59:55 +01:00
Jo-Philipp Wich
b850218584 hostapd: fix stray "out of range" shell errors in hostapd.sh
The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized
$ieee80211r and $ieee80211w variables in a numerical comparisation, leading
to stray "netifd: radio0 (0000): sh: out of range" errors in logread when
WPA-PSK security is enabled.

Ensure that those variables are substituted with a default value in order to
avoid emitting this (harmless) shell error.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 14:56:20 +01:00
Jo-Philipp Wich
ef08595c3f openvpn: let all openvpn variants provide a virtual openvpn package
Add PROVIDES:=openvpn to the default recipe in order to let all build variants
provide a virtual openvpn package.

The advantage of this approach is that downstream packages can depend on just
"openvpn" without having to require a specific flavor.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-21 23:05:54 +01:00
Kevin Darbyshire-Bryant
3a9926e40f kmod-sched-cake: fix parameter passing kernel/user space
The last two parameters passed between user space tc and kernel space
sched-cake were transposed due to a merge mistake in a parameter header
file.

As such, using a packet overhead figure was likely to set cake to wash
packet DSCP values.  Similarly, the DSCP wash flag was used as an offset
to the displayed packet overhead value.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-21 14:27:37 +01:00
Daniel Engberg
12392e5600 zlib: Update to 1.2.11
Update to 1.2.11 as suggested by upstream
Also add SF as primary source and main site as fallback

Note: SF doesn't carry the 1.2.11 update yet.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-21 14:27:23 +01:00
Jo-Philipp Wich
cfb3ef3a97 lede-keyring: bundle latest usign certificates
Includes the public usign certificates used by the 17.01.* release builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-20 10:11:15 +01:00
Hans Dedecker
c71e13a81a netifd: update to git HEAD version
a057f6e device: fix DEV_OPT_SENDREDIRECTS definition

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-17 14:07:47 +01:00
Stijn Segers
2ac776ac76 curl: fix HTTPS network timeouts with OpenSSL
Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:41:08 +01:00
Jo-Philipp Wich
1e1e3ef2fb LEDE v17.01: set branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 18:56:07 +01:00
Matthias Schiffer
b9a408c2b4
base-files: add ARCH_PACKAGES to openwrt_release and os-release
Knowing the package architecture at runtime can be useful, e.g. to
configure opkg repository URLs. The value of ARCH_PACKAGES ("%A" in
VERSION_SED) as added to openwrt_release (as DISTRIB_ARCH) and os-release
(as LEDE_ARCH).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 13:29:47 +01:00
Andrej Vlasic
5c20a4fec9 ubox: turn logd into a separate package
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.

Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Domagoj Pintaric
b5b83706be mbedtls: add static files in staging_dir
Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Matthias Schiffer
621fd9fd62
opkg: use default PKG_BUILD_DIR
opkg doesn't have BUILD_VARIANTs anymore, so the previously defined
PKG_BUILD_DIR would lead to a weird 'opkg-' path component.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 09:02:42 +01:00
Rafał Miłecki
25200ae7a5 mac80211: brcmfmac: add early (& hacky) patch for storing country codes
This allows some basic region switching on Netgear R8000. More devices &
codes may be added. Ideally it should be converted into DT info & patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-16 00:32:27 +01:00
Rafał Miłecki
5fba00a686 mac80211: use wiphy_read_of_freq_limits in brcmfmac
This makes use of cfg80211 feature backported & described in
188626f17c ("mac80211: backport cfg80211 support for
ieee80211-freq-limit DT property").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-15 23:10:55 +01:00
Stijn Tintel
f4f2dd04bd mt76: select 802.11w support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 20:13:56 +01:00
Florian Fainelli
dea191914c kernel: can: Add missing regmap dependency for kernel 4.4
Fixes build failure for kmod-can-c-can-platform which depends on
kmod-regmap for kernel 4.1 and 4.4.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-15 17:43:14 +01:00
Timo Sigurdsson
21baa25009 ath10k-firmware: Update QCA988X firmware to latest version
This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00016
found in the official ath10k-firmware repository.

Tested on TP-Link Archer C7 v2.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2017-01-15 14:59:24 +01:00
Felix Fietkau
7e8fecb224 hostapd: fix passing jobserver to hostapd/supplicant build processes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:57:53 +01:00
Felix Fietkau
40e4c342fd hostapd: backport a few upstream fixes
Fixes reassoc issues with WDS mode
Fixes reassoc issues in AP mode
Fixes IBSS reauthentication issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:53:28 +01:00
Felix Fietkau
a206394efa mt76: update to the latest version, adds support for 802.11w
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:53:27 +01:00
Matthias Schiffer
0d8381aea3
ncurses: revert $(STAGING_DIR_HOSTPKG) to $(STAGING_DIR)/host where appropriate
Host files installed in Build/InstallDev are target-specific and will stay
in $(STAGING_DIR)/host after the STAGING_DIR_HOSTPKG unification.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-14 18:58:44 +01:00
Felix Fietkau
e7e91e62bb mac80211: backport a fix for a tx related race condition
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-14 18:28:28 +01:00
Felix Fietkau
a46d1fde4b mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-14 18:28:24 +01:00
Koen Vandeputte
adf2fef5e8 mac80211: backport some upstream fixes
Backports the following upstream fixes:

mac80211: initialize fast-xmit 'info' later
mac80211: fix legacy and invalid rx-rate report
mac80211: fix tid_agg_rx NULL dereference

Compiled and tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-01-14 18:28:21 +01:00
Hauke Mehrtens
5b089e45a6 kernel: update 4.4 kernel to 4.4.42
Refresh patches on all 4.4 supported platforms.
Compile & run tested: lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-13 23:05:36 +01:00
Jo-Philipp Wich
920170a27f firewall: fix forwarding local subnet traffic
Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.

Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-13 18:31:36 +01:00
Kevin Darbyshire-Bryant
c914fa04a3 dnsmasq: use ubus signalling in ntp hotplug script
Use ubus process signalling instead of 'kill pidof dnsmasq' for
SIGHUP signalling to dnsmasq when ntp says time is valid.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-13 16:08:22 +01:00
Felix Fietkau
402fea62c4 netifd: update to the latest version
This disables IGMP snooping by default, which was causing various issues
over time, like FS#95

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 14:54:12 +01:00
Felix Fietkau
f44663c673 uqmi: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:09 +01:00
Felix Fietkau
185b06f04a umbim: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
1ca31b0931 comgt: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
bd68ddbda4 polarssl: remove package
The mbedTLS 1.3 branch has been EOL since end of 2016 and now all
remaining users have been converted.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
2b6284f5a8 mac80211: fix broken spatial multiplexing defaults
Most mac80211 drivers leave the SMPS field in the HT capabilities
uninitialized (unfortunately defaults to static SMPS), which leads to
some devices limiting themselves to single-stream rates in some modes
(mostly mesh and IBSS).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 10:22:22 +01:00
Ben Greear
544dee575d ath10k-fw: Update to latest CT firmware
For 988X, 9980, 9984 CT firmware.

This should allow IBSS + RSN on at least the 988X firmware,
and includes recent stability fixes for all firmware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-01-13 10:22:20 +01:00
Ben Greear
5c09d7f23d ath10k-ct: Update to latest CT 4.7 ath10k driver.
This at least makes it harder to hit some txq related
crashes on firmware restart, a potential memory leak,
and some other fixes.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-01-13 10:22:20 +01:00
Felix Fietkau
627b0d3559 mountd: drop USB related dependencies
That way we can avoid making it nonshared

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 09:12:19 +01:00
Hans Dedecker
d1daf3f38d map: take over maintainership
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-12 12:15:17 +01:00
Hans Dedecker
0d49f9f4b4 odhcp6c: take over maintainership
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-12 12:15:01 +01:00
Hans Dedecker
5303d4bedb odhcpd: take over maintainership
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-12 12:14:46 +01:00
Hans Dedecker
ec63e3bf13 Revert "dnsmasq: change 'add_local_hostname' to use dnsmasq '--interface-name'"
This causes problem when a FQDN is configured in /etc/config/system. The
domain name will appear twice in reverse DNS.

Next to that, there seems to be a bug in dnsmasq. From the manual page:

--interface-name=<name>,<interface>[/4|/6]
Return  a  DNS  record  associating  the  name  with  the primary address
on the given interface. This flag specifies an A or AAAA record for the
given name in the same way as an /etc/hosts line, except that the address
is not constant, but taken from the given interface. The interface may be
followed by "/4" or "/6" to specify  that  only  IPv4  or  IPv6 addresses
of the interface should be used. If the interface is down, not configured
or non-existent, an empty record is returned. The matching PTR record is
also created, mapping the interface address to the name. More than one name
may be associated with an interface address by repeating the flag; in that
case the first instance is used for  the  reverse address-to-name mapping.

It does not just create an A/AAAA record for the primary address, it creates
one for all addresses. And what is worse, it seems to actually resolve to the
non-primary address first. This is quite annoying when you use floating IP
addresses (e.g. VRRP), because when the floating IP is on the other device,
SSH failes due to incorrect entry in the known hosts file.

I know that this is not a common setup, but it would be nice if there was an
option to restore the previous behaviour, rather than just forcing this new
feature on everybody.

Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-12 12:14:20 +01:00
Hans Dedecker
bb8e9c51ab map: delete map-t device when tearing down map interface
Delete the map-t device when tearing down the map-t interface; as such
there's no conflict when the map-t interface comes up again when trying
to add the map-t device as the map-t device was still present
(Can not add: device 'map-wan6_4' already exists!).

Only call ifdown in teardown for map-e and lw6o4 map interfaces types
in order to suppress the trace "wan6_4 (6652): Interface wan6_4_ not found"

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-12 11:41:11 +01:00
Felix Fietkau
1ad30be982 Revert the recent dependency and metadata scanning rework
This reverts the following commits:
fbe522d120
278ad007ee
863888e44f
96daf6352f
cfd83555fc

This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 19:48:09 +01:00
Felix Fietkau
fbe522d120 comgt: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
278ad007ee umbim: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
863888e44f uqmi: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
96daf6352f mountd: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
4d8da82c29 procd: add support for overriding the tar sysupgrade board name
Useful for providing images that work for multiple devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 13:40:36 +01:00
Kabuli Chana
15f4fbb7bd mvebu: update mwlwifi driver to version 10.3.2.0-20170110
Improves automatic channel section support.

Tested on AC (mamba) and ACM (rango).

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[Jo-Philipp Wich: reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-11 12:15:13 +01:00
Sujith Manoharan
593240075f wpa_supplicant: Fix mesh encryption config
wpa_supplicant allows only SAE as the key management
type for mesh mode. The recent key_mgmt rework unconditionally
added WPA-PSK - this breaks interface bringup and wpa_s
throws this error message:

Line 10: key_mgmt for mesh network should be open or SAE
Line 10: failed to parse network block.
Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf

Fix this by making sure that only SAE is used for mesh.

Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
2017-01-11 04:01:07 +01:00
Jo-Philipp Wich
b95494baed gettext-full: avoid using iconv for host builds
The gettext-full host build might pick up iconv-stub host build  headers
during the build, leading to stray linker errors with unresolved references
to libiconv_open(), libiconv() and libiconv_close().

Since we're not needing iconv support on the host, pass the appropriate
cache variables to configure to prevent detection and linking of iconv.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-11 03:48:30 +01:00
Matthias Schiffer
77beaf2ec9
package: replace $(STAGING_DIR)/host with $(STAGING_DIR_HOSTPKG)
Cleanup to prepare for changing STAGING_DIR_HOSTPKG. The actual change of
STAGING_DIR_HOSTPKG (i.e., moving the host packages back into a common, not
target-specific directory) will be done after the first LEDE release, but
the cleanup will also be useful for projects like Gluon.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-10 22:15:37 +01:00
Rafał Miłecki
f714fe46a9 mac80211: pending brcmfmac patches cleaning channels management
They prepare brcmfmac for using wiphy_read_of_freq_limits.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-10 17:18:29 +01:00
Rafał Miłecki
07df80a1a6 mac80211: rename b43 patches to make more space
Just 6 patches were using 80*, 81*, 82* and 84* prefixes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-10 16:28:17 +01:00
John Crispin
1ce9b566fd procd: update mirror hash
Signed-off-by: John Crispin <john@phrozen.org>
2017-01-10 15:26:12 +01:00
Felix Fietkau
c9dd40f628 kernel: remove gpiommc patches / driver
This code was marked as incompatible to Linux 4.4 well over a year ago
and nobody cared, and now it's breaking builds.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 15:45:33 +01:00
Pavel Kubelun
36167ae46c ath10k-firmware: update board data for qca9984
Current board-2.bin file for qca9984 in Kvalo's repo is from branch
10.4-3.2, while board-2.bin file in code-aurora repo is newer and
corresponds to the branch 10.4-3.3, the same as recently updated firmware.

Considering that it's better to have all parts from the same branch
we are updating board-2.bin as well.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-01-10 13:48:52 +01:00
Felix Fietkau
4ee4c24092 kernel: drop kmod-i2c-ibm-iic
If any of the ppc4xx targets are restored, this should be built into the
kernel instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:26 +01:00
Felix Fietkau
96815fe0a2 kernel: remove omap24xx specific kernel module packages
If the target is ever restored, those drivers should be built into the
kernel instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:26 +01:00
Felix Fietkau
7ff7be96dd omap: build various core drivers into the kernel instead of packaging them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:26 +01:00
Felix Fietkau
f630342af2 kernel: simplify dependencies for kmod-via-velocity
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
5b92dca09f kernel: drop crypto-hw-ppc4xx
If any of the ppc4xx targets are restored, this should be built into the
kernel instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
9cdf852ae0 opkg: drop S/MIME support
It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).

Remove this feature to simplify the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
f5c649d7c6 mpc85xx: build i2c support into the kernel instead of packaging it separately
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
96ade7adae mpc85xx: build usb support into the kernel instead of packaging it separately
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:24 +01:00
Felix Fietkau
0b2b162db9 kernel: remove kmod-gianfar, it is already built into the kernel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:24 +01:00
Felix Fietkau
c472ed29b4 kernel: remove kmod-ata-imx, it is already built into the kernel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:24 +01:00
Stijn Tintel
cdcf7265fd lldpd: take over maintainership
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:02:00 +01:00
Stijn Tintel
046606a05e lldpd: add Net-SNMP AgentX support
Enabling this makes it possible to query LLDP neighbors via SNMP.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:02:00 +01:00
Stijn Tintel
c687a70fdf iwinfo: drop references to madwifi
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:01:26 +01:00
Stijn Tintel
cc66f819b4 px5g-standalone: provide px5g via PROVIDES
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:00:23 +01:00
Jo-Philipp Wich
38de638eae mtd-utils: mark as nonshared
Since mtd-utils embeds ubi-utils and ubi-utils depends on @NAND_SUPPORT, we
cannot share this package among targets as the SDK processing the package is
not guaranteed to claim NAND_SUPPORT.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 12:27:28 +01:00
Felix Fietkau
acd0c8c178 kernel: move the gateworks system controller driver to an out-of-tree package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
c00e5a4f09 mpc85xx: enable the crypto acceleration driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
a2f6b56c8f imx6: enable the crypto acceleration driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
93cbdde43a kernel: fix kmod-w1-master-mxc dependency
The kernel config symbol is not selectable on mxs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
78de59f15a kernel: fix dwc2 gadget dependency
Use USB_GADGET_SUPPORT feature flag instead of hardcoding the target
list.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
64be6fe9ca mxs: enable the chipidea usb driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
7450698957 imx6: enable the chipidea usb driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
7f0796d874 imx6: remove kmod-thermal-imx, it is already enabled in the kernel config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
348fedc1a6 imx6: build support for the ventana ethernet expansion board into the kernel instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
c524d1b256 imx6: enable the Freescale SNVS RTC driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
John Crispin
029b36d9b5 procd: update to latest git HEAD
f706903 ujail: add basic /dev files

Signed-off-by: John Crispin <john@phrozen.org>
2017-01-10 09:26:43 +01:00
Daniel Engberg
dfe93c20ec libnl: Update to 3.2.29
Update libnl to 3.2.29

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-10 08:26:42 +01:00
Daniel Engberg
1016a32919 usbutils: Update usb.ids database to 2016.10.13
Update usb.ids database to 2016.10.13

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-10 08:12:42 +01:00
Hauke Mehrtens
e9f0b75976 cyassl: update to wolfssl version 3.10.0
This fixes a low level security vulnerability.
Deactivate MIPS16 support, crypto code gets much slower with MIPS16.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-10 00:10:15 +01:00
Felix Fietkau
589a16fdb6 px5g: remove obsolete reference to $(BUILD_VARIANT)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 16:37:33 +01:00
Felix Fietkau
3e7b894ac0 ustream-ssl: remove legacy polarssl support
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 14:35:09 +01:00
Felix Fietkau
1cf64e210f px5g: remove legacy polarssl support
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 14:35:08 +01:00
Hans Dedecker
8d2171e469 odhcp6c: add option "keep_ra_dnslifetime"
Add option keep_ra_dnslifetime which will preserve the received
lifetime for RDNSS and DNSSL RA records and not overwrite it
by the RA router lifetime as specified in RFC6106.
This allows to accept RDNNS records from RAs that don't announce
a default route by setting router lifetime to 0 in the RAs.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-09 13:28:22 +01:00
Felix Fietkau
f0353c5e8c mbedtls: re-enable CFB support
It is safe and required by some software, e.g. shadowsocks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 10:59:30 +01:00
Felix Fietkau
d4ce3e8692 uboot-mvebu: enable loader with the default profile
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-08 18:39:44 +01:00
Felix Fietkau
355e150065 mbedtls: re-enable RC4 support (needed by transmission and others)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-08 18:22:23 +01:00
Hans Dedecker
621f8cbfae odhcpd: bump to git HEAD
ef3c563 dhcpv6-ia: filter out prefixes having invalid length
16cd87e dhcpv6-ia: fix dereference after freeing assignment
d6b0c99 dhcpv6-ia: log only IPv6 addresses which are effectively
assigned to a DHCPv6 client
08a9367 config: respect ignore uci option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-07 21:08:24 +01:00
Hauke Mehrtens
4061c8eb53 Revert "gdb: fix build with gcc 4.1.2 as host compiler"
Support for such old gcc version is not needed.

This reverts commit 2694d43b05.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-07 19:53:36 +01:00
Magnus Kroken
186cd4533d zlib: update to 1.2.10
* Fix bug in deflate_stored() for zero-length input
* Fix bug in gzwrite.c that produced corrupt gzip files

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-01-07 19:35:22 +01:00
Rafał Miłecki
188626f17c mac80211: backport cfg80211 support for ieee80211-freq-limit DT property
This property allows specifying extra limits for wireless device in DT.
For a full documentation see upstream commit b330b25eaabd ("dt-bindings:
document common IEEE 802.11 frequency limit property").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-06 15:52:55 +01:00
Felix Fietkau
7304510392 base-files: save /bin/mknod for sysupgrade
It is used on NAND devices in case hotplug is too slow

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-06 15:34:14 +01:00
Hauke Mehrtens
b7e8de67e0 strace: update to version 4.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-05 23:10:44 +01:00
Eric Luehrsen
612e2276b4 dnsmasq: change 'add_local_hostname' to use dnsmasq '--interface-name'
'add_local_hostname' previous implementation may drop some addresses.
Soft addition of IP6 addresses may not cause a reload or restart event.
dnsmasq '--interface-name' robustly applies DNS to all addresses per
interface (except fe80::/10).

Change UCI 'add_local_hostname' to expand during each interface assignement
during add_dhcp().
Assign '<iface>.<host>.<domain>' as true name (reflexive A, AAAA, and PTR).
Assign '<host>.<domain>' and '<host>' as convinience aliases (no PTR, not
technically CNAME).
This is accomplished with the '--interface-name' order, first is PTR.
We could also assign each <ip4/6>.<iface>.<host>.<domain> to the respective
dual stack on the interface.
That seemed excessive so it was skipped (/4 or /6 suffix to the interface).
Add UCI 'add_wan_hostname' similar to 'add_local_hostname' function for
external WAN.

WAN IP4 are less often named by the ISP and rarely WAN IP6 due to complexity.
For logs, LuCI connection graph, and other uses assigning a WAN name is desired.
'add_local_hostname' only applies with DHCP and 'add_wam_hostname' only applies
without DHCP. Common residential users will want to set both options TRUE.
Businesses will probably have global DNS, static IP, and 'add_wan_hostname' FALSE.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-01-05 22:51:39 +01:00
Eric Luehrsen
06e26363d8 dnsmasq: clean up white space in dnsmasq.init
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-01-05 22:51:23 +01:00
Felix Fietkau
fbe3e22507 uboot-sunxi: enable parallel build
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:15 +01:00
Yousong Zhou
6268d496a4 uboot-sunxi: add uboot-sunxi-all for selecting all other variants
While at it, the following changes are introduced

 - Rewrite the Makefile for better readability
 - Make parallel builds possible

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-01-05 11:09:14 +01:00
Yousong Zhou
6f61d8511e base-files: export x86 platform upgrade functions to common.sh
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-01-05 11:09:14 +01:00
Felix Fietkau
e3072599f6 ath9k: don't run periodic and nf calibration at the same time
Might fix some stability issues on older chips

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Felix Fietkau
84bd74057f build: use mkhash to replace various quirky md5sum/openssl calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Stijn Tintel
ed69e93262 kernel/modules: add SSSE3 SHA512 module
This module is optimized for SSSE3/AVX/AVX2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:33 +01:00
Stijn Tintel
86de53203e kernel/modules: add SSSE3 SHA256 module
This module is optimized for SSSE3/AVX/AVX2/SHA-NI.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:33 +01:00
Stijn Tintel
159e82d0db kernel/modules: add SSSE3 SHA1 module
This module is optimized for SSSE3/AVX/AVX2/SHA-NI.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:33 +01:00
Felix Fietkau
c296ba834d Revert "ath9k: Add airtime fairness scheduler"
This reverts commit 528f46d082.
After this commit, several users reported stability issues. Revert it
now so it doesn't cause issues for the upcoming release

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-04 01:13:58 +01:00
Arjen de Korte
10f91525bc dnsmasq: add DHCP Unique Identifier for DHCPv6
Add DHCPv6 matching by DHCP Unique Identifier (RFC-3315) in addition to
existing MAC-address (RFC-6939). The latter is not widely supported yet.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
2017-01-03 22:27:23 +01:00
Hans Dedecker
1175a5b153 odhcpd: bump to git HEAD version
091d8a9 dhcpv6-ia: fix static assignment check
11ce6b5 dhcpv6-ia: coding style fixes
561890e dhcpv6-ia: update valid_until only for non static DHCPv6 leases
0b45fce dhcpv4: coding style fixes
95b76c2 README: Add host leasetime uci parameter
541219e dhcpv6-ia: fix invalid IPv6/hostname entries in statefile
13937ab dhcpv6-ia: fix delete logic of an assignment in reconf_timer
60c3969 dhcpv6-ia : code style fixes
bf4ebc0 config: use free_lease to delete a lease
c24782a config: coding style fixes
0572d1a config: Create statefile dir
ec833f4 dhcpv6-ia: use free_dhcpv6_assignment where needed
1d55edb dhcpv6-ia: make free_dhcpv6_assignment static
f01e538 dhcpv4: make dhcpv4_msg_to_string static
700f5ab dhcpv4: fix DHCPv4 hostname handling
4c89614 Limit lifetime of non-static leases in case of release and
decline

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-03 22:25:13 +01:00
Hans Dedecker
34fa03ea16 odhcp6c: bump to git HEAD version
5d6fec3 Merge pull request #50 from sartura/libubox_md5_reuse
33a2ba1 odhcp6c: reuse md5 from libubox

Switch PKG_SOURCE_URL to git.lede-project.org/project/odhcp6c.git

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-03 22:25:13 +01:00
Stijn Tintel
388681fe53 hostapd: enable SHA256-based algorithms
Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.

We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:49 +01:00
Stijn Tintel
30f14f6198 hostapd: add function to handle wpa_key_mgmt
Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
bdcffb9bb6 wpa_supplicant: rework wpa_key_mgmt handling
Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
b13e103d71 ath5k: select 802.11w support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-03 20:53:48 +01:00
Roger Pueyo Centelles
c6d3a62919 gre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.
This commit modifies the /lib/netifd/proto/gre.sh script so that, when
GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen
interface name contains the "tap" substring, to differentiate them from non-TAP
GRE tunnels.

Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined
in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname)
upon creation. For instance, the following tunnels:

        config interface 'tuna'
                option peeraddr '172.30.22.1'
                option proto 'gre'

        config interface 'tunb'
                option peeraddr '192.168.233.4'
                option proto 'gretap'

        config interface 'tunc'
                option peer6addr 'fdc5:7c9e:e93d:45af::1'
                option proto 'grev6'

        config interface 'tund'
                option peer6addr 'fdc0:6071:1348:31ff::2'
                option proto 'grev6tap'

are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund".

The current change makes that each GRE tunnel interface of the four different
types available (gre, gretap, grev6 and grev6tap) gets a different prefix.
Therefore, the abovementioned tunnels will be named, respectively:
"gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund".

This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA)
where the whole protocol name is used. For instance, a PPPoA interface named
"p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1"
and "pppoe-p2", not as "ppp-p1" and "ppp-p2").

Since Linux interfaces names are limited to 15 characters, these prefixes leave,
for the worst case (TAP tunnels), 9 characters for the actual name.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2017-01-03 14:36:37 +01:00
Luiz Angelo Daros de Luca
0bb474652e elfutils: bump to 0.168
Other changes:
- Project moved to sourceware.org
- musl patch where cleaned up and submitted upstream
- TEMP_FAILURE_RETRY macro fixed and submitted upstream

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-03 14:32:35 +01:00
Rosen Penev
558680012d curl: Remove PolarSSL and adjust default to mbedTLS
luci-ssl has already made the switch since mainline support for PolarSSL is
almost over (2016).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-01-03 14:26:41 +01:00
Daniel Engberg
0050b39fd4 gmp: Update to 6.1.2
Update GMP to 6.1.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
6099f22097 zlib: Update to 1.2.9
Update zlib to 1.2.9 and switch to XZ tarballs for download.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
bb4afdc8bc libusb: Update to 1.0.21
Update libusb to 1.0.21

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Florian Fainelli
1618c4abdb rpcd: Update to 2016-12-03
Brings in the following changes:

0577cfc1acdb cmake: Find libubox/blobmsg_json.h
26c98ec94d7a sys: Check return values of chdir and write
f4089654a399 cmake: Find libubus.h

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:14 +01:00
Florian Fainelli
9bf2bc7587 fstools: Update to 2016-12-04
Brings in the following changes:
84b530a732b1 libfstools: Check return values for fread and system

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:14 +01:00
Florian Fainelli
55209a9df9 uclient: Update to 2016-12-09
Brings in the following changes:

52d955fd802a remove obsolete mac os x /opt/local include/library search path
a4e49b4163b2 Fix unused results warnings
48cfff3fbec9 uclient-http: send correct "Host:" header if port is set

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:13 +01:00
Mathias Kresin
8c822ec4ca uboot-lantiq: fix boot of images larger than 8MB
Increasing CONFIG_SYS_BOOTM_LEN from 8 MB to 16 MB is necessary to
support uncompressing images larger than 8 MB when using the bootm
command.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Mathias Kresin
cfe1c6debe uboot-lantiq: fix build with gcc6
Backport u-boot commit 9b2c282b348dfe966bbba967dc7a45ce817cce50 to fix
compile with gcc5 and gcc6.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Alexis Green
fd718c5025 mac80211: Allow HT/VHT rates when running unencrypted mesh.
Signed-off-by: Alexis Green <agreen@cococorp.com>
2017-01-02 16:47:59 +01:00
Alberto Bursi
8496659eb4 base-files: fix message of initscript wrapper
currently (after blogic's edit to my commit) it prints like this:

root@lede:/# service aa
aa does not exist. the following services are available :adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.

with this commit it looks like this:

root@lede:/# service
service "" not found, the following services are available:
adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-01-02 16:47:59 +01:00
George Amanakis
5639e45614 generic: package Broadcom BNX2 driver
bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.

Signed-off-by: George Amanakis <g_amanakis@yahoo.com>
2017-01-02 16:47:59 +01:00
Hauke Mehrtens
1436e15488 curl: update to version 7.52.1
This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-02 13:07:10 +01:00
Hannu Nyman
b7677f05d6 ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarssl
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT

Remove extra DEFAULT_VARIANT from libustream-polarssl.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-12-30 17:38:39 +01:00
Magnus Kroken
39d3a4117b openvpn: update to 2.4.0
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-30 13:07:41 +01:00
Magnus Kroken
8ed11ebf7d mbedtls: enable DHE-RSA key exchange
Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>
2016-12-30 13:06:43 +01:00
Magnus Kroken
ca963bbf5f mbedtls: enable secp384r1 elliptic curve support
Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-30 13:06:25 +01:00
Felix Fietkau
ae37f2310b mbedtls: enable support for external private RSA keys to fix openvpn build issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-28 22:56:36 +01:00
Felix Fietkau
c9c68c7177 ath9k: fix issues with external reset on AR913x
An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 20:55:35 +01:00
Felix Fietkau
6b524fe5b8 relayd: fix expiry time handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 13:21:42 +01:00
Felix Fietkau
3f20fd4ee0 relayd: fix reload / interface restart issues
- replace the hotplug script with an interface trigger
- add netdev params to procd to trigger restart

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 13:20:33 +01:00
Felix Fietkau
f04b651453 ath5k: drop bogus warning on drv_set_key with unsupported cipher (FS#334)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 12:18:36 +01:00
Felix Fietkau
00ad43f047 ath9k: remove old rx dma stop check optimization
This commit was added to improve reset time on old SoC devices that run
into chip hangs more frequently. However with the more recent addition
of full WMAC reset on these chips, it could be problematic.
Drop this patch to ensure that DMA activity is really stopped before the
chip reset is issued

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 12:18:36 +01:00
Stijn Tintel
1b5640be33 odhcpd: bump to git HEAD
8dc2a59 Revert "Respect interface "ignore" settings as documented."
93ab25b router: skip parse_routes when ra_default > 1

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2016-12-27 10:50:29 +01:00
Jo-Philipp Wich
e1d1c31890 opkg: vfork external gzip command to uncompress data
Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.

Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.

This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.

Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 09:50:00 +01:00
Stijn Tintel
dc5f496a0d Revert "opkg: vfork external gzip command to uncompress data"
This reverts commit 0090adcd5c.
It breaks reading package list in /tmp/opkg-lists, making it impossible
to install packages from feeds in snapshots.
2016-12-27 04:41:30 +01:00
Hans Dedecker
bdd2b67414 odhcpd: Use procd_send_signal in reload_service
Replace killall HUP by procd_send_signal in reload_service to trigger
an odhcpd config reload

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-12-26 22:32:38 +01:00
Felix Fietkau
d3489d899a opkg: add missing dependency on libpthread
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-26 15:52:00 +01:00
Gabe Rodriguez
94030e86d5 mwlwifi: Update to latest source
-MAC register revisions for 8864 firmware

Tested on WRT1900ACv1 (mvebu). No regressions

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2016-12-26 11:17:33 +01:00
Alberto Bursi
c24172cad1 package/Makefile & ipkg-make-index.sh: add full package data list
The external script used to generate the package lists for the
LEDE wiki's table of packages [1] and package indexes [2] requires
a "Source:" field in the package lists to find package makefiles.
The package makefiles are used to read the package's Category and Submenu.

The "Source:" field was removed in commit
b4aa3c899c
to reduce package list sizes and lessen opkg issues in low ram devices.

Add a separate package list file with full data to be used by the wiki's script.
It's called Packages.manifest and isn't compressed as it's not necessary.

1. https://lede-project.org/packages/start
2. https://lede-project.org/packages/index/start

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-12-26 11:17:33 +01:00
Jo-Philipp Wich
0090adcd5c opkg: vfork external gzip command to uncompress data
Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.

Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.

This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.

Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-26 11:17:32 +01:00