Commit Graph

12956 Commits

Author SHA1 Message Date
Felix Fietkau
6cb46adbc9 ubus: update to the latest version
c09e4f0 ubusd: fix incomplete copy of shared buf during queue-ing
453b87f cli: add support for subscribing to objects
6eb3c96 cli: do not use default timeout for listen
dfe3383 libubus: reset ctx->sock.error when doing ubus reconnect
34c6e81 cli: fix listen_timeout compile issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:15:46 +01:00
Felix Fietkau
fdc22b616c ubus: update to the latest version
Adds the following fixes:

91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:11:24 +01:00
Ted Hess
4c9b45966e libubox: Update to latest version
9d6305a utils: Change calloc_a() to return size_t aligned pointers

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-02-25 11:10:41 +01:00
Felix Fietkau
67c2a176ce libubox: update to the latest version
Adds the following changes:

de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:10:35 +01:00
Felix Fietkau
bf53a8327f acx-mac80211: fix scan API error that could lead to a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 15:03:48 +01:00
Felix Fietkau
f1336d2a70 iw: sync nl80211.h with mac80211 package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau
703515f889 mac80211: sync with master branch as of 9edff13abd
Includes the following changes:
9edff13abd mac80211: disable potentially harmful PS software retry for A-MPDU sessions
75216a76b0 mac80211: backport upstream fix for CSA in IBSS mode
368cc8ef47 mac80211: update brcmfmac backporting brcmf_err cleanups
66a63d25c4 mac80211: fix build on linux 3.18
9eacb9d7fc rt2x00: mt7620: lots of improvements
fd94fa61a7 mac80211: brcmfmac: update Raspberry Pi patches for linux 4.9
649e766a64 mac80211: update to wireless-testing 2017-01-31
47540afa5d ath9k: add a warning to the tx99 config option
b367eef21d mac80211: rt2x00: add support for external LNA on MT7620
9200e168f2 mac80211: move (& update) upstream accepted brcmfmac patches

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau
d27dd6298b ath10k-ct: depend on kmod-hwmon-core, it gets used when CONFIG_THERMAL is set
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau
0ce2d5b6bf ath10k-ct: fix kernel api compatibility issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:28 +01:00
Ben Greear
09620c0825 ath10k-ct: Fix performance of 2x2 hardware running 3x3 firmware.
The driver had a bug when calculating the rateset.  This resolves
that and allows full VHT mcs rates on 2x2 hardware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-02-24 12:22:28 +01:00
Joseph C. Lehner
0a3088cb4b mt76: split kmod package
This patch splits `kmod-mt76` into three separate packages:
`kmod-mt76-core`, `kmod-mt76x2` and `kmod-mt7603`. By making
`kmod-mt76` a metapackage containing these new packages,
the previous behaviour of including all drivers and firmware
is left unchanged, unless explicitly unselected in
`DEVICE_PACKAGES`.

This splitting is especially beneficial for devices with
small flash chips, since the `kmod-mt76` package currently
requires ~160K on squashfs (after compression).

Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2017-02-23 17:34:14 +01:00
Baptiste Jonglez
59508e309e dnsmasq: Add upstream patch fixing SERVFAIL issues with multiple servers
This fixes FS#391 for lede-17.01

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-02-20 18:13:44 +01:00
Stijn Tintel
5612114090 Revert "px5g-standalone: provide px5g via PROVIDES"
This reverts commit cc66f819b4.

This commit causes opkg to install px5g-standalone instead of px5g when
installing luci-ssl. As luci-ssl depends on mbedtls, using
px5g-standalone makes no sense. Next to that, it creates deprecated SHA1
certificates. Revert the commit to avoid pxg5-standalone to be
installed by accident.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ca8aee0c57)
2017-02-20 15:17:20 +01:00
Alberto Bursi
4d1ab84f1e uboot-kirkwood: fix goflexhome/net bootcommand
Goflexhome/net use uImage, and to boot an uImage the u-boot
must use bootm command, not bootz.

Fixes the "i cannot boot LEDE with this u-boot" issue that I
found out myself with my goflexnet.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-19 21:00:19 +01:00
Felix Fietkau
c835c9ebe5 uhttpd: use sha256 when generating certificates with openssl (FS#512)
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-17 14:43:11 +01:00
Stijn Tintel
6ebb8723a6 dropbear: bump PKG_RELEASE
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 27040dbf89)
2017-02-17 12:31:52 +01:00
Joseph C. Sible
f527436364 dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
(cherry picked from commit 0bf85ef048)
2017-02-17 12:31:39 +01:00
Cezary Jackiewicz
44aec27112 ugps: fix typo
Removing redundant spaces from the name of the option. Without fix:

root@LEDE:~# opkg install ugps
Installing ugps (2016-10-24-32a6b2b7-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01-SNAPSHOT/packages/mips_24kc/base/ugps_2016-10-24-32a6b2b7-1_mips_24kc.ipk
Configuring ugps.
uci: Parse error (invalid character in name field) at line 3, byte 23
uci: Parse error (invalid character in name field) at line 3, byte 23
sh: out of range
root@LEDE:~# uci show gps
uci: Parse error (invalid character in name field) at line 3, byte 23

With this fix:

root@LEDE:~# uci show gps
gps.@gps[0]=gps
gps.@gps[0].tty='ttyACM0'
gps.@gps[0].adjust_time='1'

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2017-02-16 09:54:14 +01:00
Felix Fietkau
dbb8e04472 qos-scripts: fix module load commands (FS#438)
fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark
module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 14:02:04 +01:00
Rafał Miłecki
df49e49bc7 mdns: update and rename package to the umdns
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).

This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-15 13:07:21 +01:00
Felix Fietkau
b8c9ded999 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 11:37:13 +01:00
Sven Eckelmann
d6d9f256ff package/uboot-envtools: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:54 +01:00
Sven Eckelmann
e6057ed207 package/om-watchdog: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:53 +01:00
Sven Eckelmann
8785ebc471 package/uboot-envtools: add OpenMesh a60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:49 +01:00
Sven Eckelmann
eb383710e2 package/om-watchdog: add OpenMesh A60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:48 +01:00
Sven Eckelmann
a3061e57e8 package/uboot-envtools: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:45 +01:00
Sven Eckelmann
8a35c489ad package/om-watchdog: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:44 +01:00
Denis Osvald
cbd69f7e4e procd: fix default timeout for reload trigger actions
Default trigger action timeout was added to procd.sh in commit f88e3a4c0
(procd: add default timeout for reload trigger actions)
However, the timeout value was not placed under the correct JSON-script
array nesting level and thus did not apply.

To fix this and make the timeout actually apply to the reload triggers,
we place it in the correct scope, that is the per-trigger array.

Fixes: f88e3a4c0a
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-02-15 09:35:12 +01:00
Felix Fietkau
e967f4dd27 ath9k: fix various issues in the airtime-fairness implementation
Effects of the bugs could include memory corruption, tx hangs, kernel
crahes, possibly other things as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-12 14:27:21 +01:00
Hans Dedecker
b8567cb44e odhcpd: update to git HEAD version (FS#396)
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:42:48 +01:00
Hans Dedecker
03ff2d7359 odhcpd: update to git HEAD version (FS#388)
3317c86 dhcpv6-ia: apply lease delete based on assignment bound state
df50429 odhcpd: properly handle netlink messages (FS#388)
83d72cf odhcpd: fix coding style

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:42:00 +01:00
John Crispin
bd64568d27 procd: update to latest git HEAD
cdc3dab ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-08 15:03:16 +01:00
Álvaro Fernández Rojas
86bd886697 brcmfmac: improve Raspberry Pi 3 stability
- Really disable power management (wrong config flags).
- Disable internal roaming engine.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 18:00:16 +01:00
Hauke Mehrtens
2ad4383b74 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:34:28 +01:00
Rafał Miłecki
5c4b2eb3dd mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
52add1988c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
c578da6198 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
4b9bdb48d9 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
85d128f145 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
e48b1c2c07 mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
e8f42223be mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
36288db2fd mac80211: start hostapd with logging wpa_printf messages to syslog
Some debugging/error messages are printed using wpa_printf and this
change allows finally reading them out of the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:33:05 +01:00
Rafał Miłecki
bc49d7902c hostapd: enable support for logging wpa_printf messages to syslog
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:31:02 +01:00
Rafał Miłecki
a0bc62fe08 hostapd: backport support for sending debug messages to the syslog
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.

We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.

Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:29:56 +01:00
Hannu Nyman
1b51a49a9d ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:26:05 +01:00
Wilco Baan Hofman
f8d8b60f1b Fix dependency for hostapd
Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
2017-02-01 16:06:58 +01:00
Kevin Darbyshire-Bryant
4cd9625dd4 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Kevin Darbyshire-Bryant
4f5ff0041a kmod-sched-cake: Bump to latest version
wash, mpu & some memory optimisation have now made it to the official
cake repository.

Point LEDE to the official repository.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Jo-Philipp Wich
d1d970e235 libtool: don't clobber host libtool infrastructure
The libtool target package stages its files into the host staging directory
and moves the libltdl library parts from there into the target staging
directory afterwards.

By doing so, the package essentially renders the host libtool infrastructure
unusable, leading to the below error in subsequent package builds:

    libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool`

Prevent this problem by using a dedicated libltdl install prefix in order to
avoid overwriting and moving away preexisting files belonging to tools/libtool.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:05:52 +01:00
Hans Dedecker
786160cd76 odhcp6c: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 16:00:01 +01:00