Commit Graph

13282 Commits

Author SHA1 Message Date
Hans Dedecker
503e496366 odhcpd: update to version 2017-04-28 (FS#595)
9268ca6 ndp: don't trigger IPv6 ping when neighbor entry is invalid
2b3355f ndp: fix adding proxy neighbor entries
7dff5b4 ndp: fix wrong interface name in syslog message
a54afb5 dhcpv6-ia: Fix segfault when writing DHCPv4 leases in state file
c0e9dbf ubus: don't segfault when there're no leases

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-02 22:08:32 +02:00
Hans Dedecker
c266641acf odhcpd: update to version 2017-04-21
570069d ubus: rework dumping IPv6 and IPv4 leases
4e579c4 dhcpv6-ia: simplify logic to write statefile and dhcpv6 logging

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-02 22:08:21 +02:00
Florian Fainelli
e200c66a1a rpcd: Explicitly link with lcrypt
Fixes build issues with some toolchains that don't add lcrypt in the default
search paths:

CMakeFiles/rpcd.dir/session.c.o: In function `rpc_login_test_password':
build_dir/target-mipsel-linux-gnu/rpcd-2016-12-03-0577cfc1/session.c:823: undefined reference to `crypt'
collect2: error: ld returned 1 exit status

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-04-28 17:09:13 +02:00
Jo-Philipp Wich
ae0e167f2b busybox: revert accidential version bump
Due to an oversight during patch conflict resolution, the PKG_VERSION got
accidentially bumped instead of the PKG_RELEASE field.

Revert the bad version change as there exists no upstream 1.25.2 version.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-27 15:38:48 +02:00
Jo-Philipp Wich
fe0b171372 busybox: nslookup_lede: mimic output format of old Busybox applet
When invoking "nslookup_lede" with a domain argument and without explicit
query type, issue both A and AAAA queries and display the resulting IP
addresses in a numbered list style, similar to how the old BusyBox nslookup
used to output the records.

This is required for compatibility with certain scripts.

Ref: https://forum.lede-project.org/t/nslookup-ipv6-in-lede-17-01-1

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-27 15:33:16 +02:00
Jo-Philipp Wich
a2ee9b7068 busybox: nslookup_lede: fix compatibility with v1.25
The ":*" optstring syntax was only recently introduced with BusyBox v1.26,
older versions need a corresponding hint in the "opt_complementary" variable
to denote flag values that should be stored as llist entries.

Add the required opt_complementary entry to fix random SIGBUS, SIGILL or
SIGSEGV related crashes on BusyBox 1.25.x when attempting to use the "-q"
flag of the "nslookup_lede" applet.

Ref: https://forum.lede-project.org/t/nslookup-ipv6-in-lede-17-01-1

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-27 15:31:07 +02:00
Yousong Zhou
2bc8d5eaf1 ubox: bump to version 2017-03-10
Fixes FS#684 with commit 21a4bd0

Changes since current version.  All changes except the ones prefixed
with asterisks are for bugfixes.  Module aliases awareness is expected
by the kernel to be a basic facility and is required for properly
initializing wireguard.

    16f7e16 syslog: remove unnecessary sizeof struct between messages
    21a4bd0 kmodloader: modprobe: return 0 for loaded modules
    3dc78a4 kmodloader: don't store aliases info in struct module
    c553354 cmake: fix typo
    8973576 kmodloader: fix not being able to find some modules
    fce9382 cmake: Check for getrandom system call
    ac2d43e kmodloader: support '-q' quiet option
   *f8d3d16 ubox: Add an option for more accurate timestamps in log
    14839f0 kmodloader: make insert_module() idempotent
   *6e3c6dc kmodloader: add module alias awareness
    9371411 kmodloader: fix out-of-bound access when parsing .modinfo
    a62c946 kmodloader: modprobe: skip possible command line arguments
   *46a4b5f kmodloader: log to kmsg when loading directories of modules
    eacc426 kmodloader: remove redundant glob wildcard char
    8488bb5 ubox: Initialize conditionally uninitialized variabled
    db070f1 ubox: Fix some memory leaks
    acc48b5 kmodloader: Fix typo in error message

Size comparison on x86_64 host

    function                                             old     new   delta
    main                                                2190    2344    +154
    scan_module_folder                                   665     793    +128
    alloc_module_node                                      -     113    +113
    .rodata                                              946    1036     +90
    alloc_module                                         202     245     +43
    free_modules                                          77     119     +42
    load_modprobe                                        209     237     +28
    scan_loaded_modules                                  241     265     +24
    avl_modcmp                                            45      67     +22
    insert_module                                        204     224     +20
    find_module                                           13      30     +17
    static.optind@@GLIBC_2                                 -       4      +4
    static.load_moddeps                                  118     117      -1
    scan_module_folders                                   55      54      -1
    ------------------------------------------------------------------------------
    (add/remove: 2/0 grow/shrink: 10/2 up/down: 685/-2)           Total: 683 bytes

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-04-27 14:38:05 +08:00
Florian Fainelli
72fcdb6286 openssl: Use mkhash for STAMP_CONFIGURED
The current way of creating a STAMP_CONFIGURED filename for OpenSSL can
lead to an extremely long filename that makes touch unable to create it,
and fail the build.

Use mkhash to produce a hash against OPENSSL_OPTIONS which creates a
shortert stamp file,

Fixes #572

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-04-22 12:43:51 +02:00
Jo-Philipp Wich
5feb4f0e6d busybox: fix build of nslookup_lede applet without IPv6 (#728)
Protect any IPv6 related with appropriate guards to fix compilation with
disabled IPv6 support in Busybox.

Fixes #728.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-21 13:20:42 +02:00
Florian Fainelli
449880e0ff busybox: Move libresolv detection to LEDE Makefile
Since the LEDE nslookup applet is already specific to LEDE, move the
libresolv detection into the busybox Makefile that LEDE uses.

This fixes builds with external toolchains that don't automatically
search for headers and/or libraries without being told so.

Fixes: de5b8e5d2f ("busybox: add musl compatible nslookup replacement")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-04-21 12:24:17 +02:00
Daniel Engberg
7eb58cf109 utils/f2fs-tools: Update to 1.8.0
Update f2fs-tools to 1.8.0
Refresh patches
Remove selinux patch, use configure argument instead.
Switch to xz tarball
Adjust url to avoid redirects

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-04-17 18:15:53 +02:00
Jo-Philipp Wich
1d76542cca busybox: add musl compatible nslookup replacement
Add an alternative nslookup applet implementation which is compatible with
musl libc wrt. name server selection and which supports a number of additional
features such as query type selection.

Fixes #155, #217

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-15 18:13:45 +02:00
Hans Dedecker
c2999ef592 odhcpd: update to version 2017-03-29 (FS#635)
3d9f406 rework IPv6 dns address selection (FS#635)
bc6c3ac ndp: keep an exact copy of IPv6 interface addresses
6eb1e01 ndp: code cleanup
eea7d03 rework IPv6 address dump logic
24d21c7 ndp: add syslog debug tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-04-13 13:55:57 +02:00
Florian Fainelli
a532aaa2aa odhcpd: update to version 2017-02-28
Brings in the following change:

9eac2a896341 dhcpv6-ia: Check lockf return value

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-04-13 13:55:57 +02:00
Hans Dedecker
425c6d0462 odhcpd: update to version 2017-02-21
1b630f8 router: don't announce prefixes with valid lifetime equal to 0
ba0cac0 router: fix arithmetic exception fault
3495f17 router: allow RA prefix lifetime being set to leasetime value (FS#397)
e437ce9 treewide: simplify dhcp leasetime checking
942fb33 router: support ra_mininterval and ra_lifetime uci parameters (FS#397)
f913337 router.h: fix alignment style
4dc7edb Revert "odhcpd.h: fix alignment style"
62ea54f odhcpd.h: fix alignment style
a898ee5 config: make loglevel configurable via uci (FS#481)
51c756c odhcpd: display correct default log level in usage text
68ee0b5 treewide: define and use macro IN6_IS_ADDR_ULA
fa57225 ndp: deregister netlink event socket for non recoverable errors
ac70d28 odhcpd: fix white space errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-04-13 13:55:57 +02:00
Felix Fietkau
caaa214eae util-linux: re-enable parallel builds
The original build error in 'more' seems to be gone

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-11 19:33:04 +02:00
Felix Fietkau
0faf921a01 util-linux: unconditionally enable ncursesw support
The build dependency is unconditional, and some components might fail if
ncurses is not available

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-11 19:33:00 +02:00
Daniel Engberg
f2a3653882 utils/util-linux: Update to 2.29.2
Update util-linux to 2.29.2
Remote 0001-fix-uClibc-ng-scanf-check.patch as it's been merged upstream.
Refresh patches
Change ncurses to ncursesw to fix compilation and avoid confusion

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove faulty dependency changes]
2017-04-11 19:32:57 +02:00
Jo-Philipp Wich
c6e79980b8 build: fix triggering opkg/host compilation
Commit 131db36 "build: remove separate /install step for host builds" dropped
the package/*/host/install targets in favor to performing the install steps
within the compile target instead.

Adjust package/Makefile accordingly in order to prevent a missing
staging_dir/host/bin/opkg when staging package archives into the rootfs.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-09 15:42:20 +02:00
Felix Fietkau
5866ff8be8 libubox: fix host build on macOS
Use the defaults instead of a custom non-portable Host/Install section

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-08 14:49:05 +02:00
Jo-Philipp Wich
293c54c567 libubox: add host build
Our opkg fork requires libubox to build, so add a host build for it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-08 14:48:55 +02:00
Jo-Philipp Wich
5aa97e35de opkg: switch to LEDE fork (#120, #551, #571)
Cherry-pick the following commits from master to bump opkg in LEDE 17.01:

b65dc04712 opkg: switch to own fork to improve memory usage
55ffc38004 opkg: re-enable usign support
19720a6f03 opkg: fix handling conffiles in status lists
9e4555f58d opkg: fix stray printf() (#551)
ebf846b005 opkg: mark as essential (FS#571)
aedd5d5cb0 opkg: fix several package installation bugs
48ae44d033 opkg: gracefully handle missing $PATH, fix build warnings
1449b52f02 opkg: backport upstream fixes, code cleanups

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-08 14:31:27 +02:00
Felix Fietkau
7099bb19b5 mt76: ensure that the metapackage gets built as .ipk
Fixes errors during the image builder run

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-05 23:39:23 +02:00
Felix Fietkau
47bf110cbb mac80211: backport an upstream fix for queue start/stop handling
Fixes issues with 802.11s

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-03 15:12:50 +02:00
Piotr Dymacz
a49503bbc7 sysntpd: restore support for peer-less (standalone) mode
ntpd from Busybox supports peer-less (standalone) mode when it's started
with option -l and without any peer provided with option -p. In this
mode ntpd uses local time as reference and acts as stratum 1 server.

This mode can be used in isolated networks, where Internet access and/or
other NTP server/s are not available, but the device has some other way
of getting correct time, like e.g. GPS (ugps supports setting local time
by default).

Support for this mode was incorrectly disabled/removed in:
1527f96ca6

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-04-02 15:09:09 +02:00
Piotr Dymacz
0cb669b469 ugps: fix and improve init script
The ugps tool expects device path in last argument. If it's provided
before other options, they won't be processed at all.

Additionally, make it possible to use absolute path for gps character
device in related uci configuration.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-04-02 15:09:09 +02:00
Hauke Mehrtens
1adc6db036 ubox: fix sha256 mirror hash
Commit 5c20a4fec9 ("ubox: turn logd into a separate package") changed
the PKG_SOURCE_DATE which is also included in the tar file. This change
resulted in a new tar with a different hash, but the sha256 hash was not
updated. Fix the sha256 hash value in this commit to match what would be
created from git and what is already on the mirror.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-03-30 22:34:49 +02:00
Hauke Mehrtens
298c40fd34 odhcpd: fix sha256 sum
The sha256sum added in commit b8567cb44e ("odhcpd: update to git HEAD
version (FS#396)") does not match the sha256sum of the file on the mirror or
when I clone it. Update the sha256 sum to the correct value.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-03-30 22:00:48 +02:00
Yousong Zhou
910a9430a0 firewall: document rules for IPSec ESP/ISAKMP with 'name' option
These are recommended practices by REC-22 and REC-24 of RFC6092:
"Recommended Simple Security Capabilities in Customer Premises Equipment
(CPE) for Providing Residential IPv6 Internet Service"

Fixes FS#640

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-28 17:46:30 +08:00
Matthias Schiffer
1b94737824
iw: enable MESH ID in scan output
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.

Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-03-25 14:55:10 +01:00
Yousong Zhou
0d304d4228 busybox: vi: backporting patches to fix ZZ and :x command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-25 13:23:58 +08:00
Rafał Miłecki
474c31a20d umdns: update to the version 2017-03-21
This includes following changes:
480d7bc Fix sending unicast questions on cache expire
a0403cd Keep source sockaddr for every cached DNS record
1478293 Fix code freeing cached non-A(AAA) records too early
9f1cc22 Fix replying to "QU" questions received on unicast interface
943bedb Fix reading port of incoming packets
c725494 Use MCAST_PORT define for port 5353
ce7e9e9 Use one define for DNS-Based Service Discovery service name
e1bacef Drop entries cached for interface we're going to delete
496aeba Fix comment typo in cache_gc_timer
f89986b Fix refreshing cached A(AAA) records that expire

Previous updates made umdns work as expected on startup but there were
still many bugs. They were mostly related to runtime - cache management
and requests + responses. E.g. umdns was never able to send question on
DNS record expire. It was also ignoring all incoming unicast questions.

Since these issues are quite serious it makes sense to backport this
update to the stable branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-24 06:51:45 +01:00
Rafał Miłecki
ba076ebbc5 umdns: update to the version 2017-03-14
This includes 3 cleanups:
fd5a160 Don't cache hosts as services
80dd246 Refresh DNS records A and AAAA directly
6515101 Access cached records (instead of services) to read list of hosts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-24 06:51:44 +01:00
Yousong Zhou
0f23e80c27 iproute2: fix ip monitor can't work when NET_NS is not enabled
The bug appeared in v4.1.0 and was fixed since v4.8.0

Fixes FS#620

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-19 12:42:16 +08:00
Hauke Mehrtens
111cf1b9f3 curl: fix CVE-2017-2629 SSL_VERIFYSTATUS ignored
This fixes the following security problem:
https://curl.haxx.se/docs/adv_20170222.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 22:51:20 +01:00
Hauke Mehrtens
c4ed92ae7d mbedtls: update to version 2.4.2
This fixes the following security problems:
* CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
* SLOTH vulnerability
* Denial of Service through Certificate Revocation List

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 22:35:48 +01:00
Álvaro Fernández Rojas
7d70ad66ac mac80211: mwifiex-sdio: select DRIVER_11AC_SUPPORT
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-11 20:34:52 +01:00
Álvaro Fernández Rojas
7ae68124a4 mac80211: mwifiex-pcie: select DRIVER_11AC_SUPPORT
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-11 20:34:52 +01:00
Henryk Heisig
c03083339a mac80211: add support for Marvell 802.11n/802.11ac SDIO Wireless cards
This adds option to build kernel module and firmware packages
for a Marvell 8887 SDIO Wireless device

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-11 20:34:03 +01:00
Rafał Miłecki
0eed4a61b9 umdns: update to the 2017-03-10 version
This fixes crash in interface_start caused by freeing interface in
interface_free without stopping a timeout.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-10 13:09:54 +01:00
Álvaro Fernández Rojas
b3ba3764d0 brcm2708-gpu-fw: update to latest version
This is needed in order to add support for the new RPi Zero W

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-08 09:28:19 +01:00
Jo-Philipp Wich
20a2db83de ppp: propagate master peerdns setting to dynamic slave interface
Honour the parent interfaces peerdns option when spawning a virtual DHCPv6
interface in order to avoid pulling in IPv6 DNS servers when the user opted
to inhibit peer DNS servers in the configuration.

Fixes #597.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-03-07 11:27:27 +01:00
Hsing-Wang Liao
21903d056e wireless-tools: Change download url to github
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-03-01 20:37:37 +01:00
Alif M. Ahmad
f0e8470aa9 grub2: update to 2.02~rc1
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-03-01 20:37:37 +01:00
Kevin Darbyshire-Bryant
1b2a54b5cd iftop: bump to latest upstream
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-03-01 20:37:37 +01:00
Ben Kelly
3d52251df4 swconfig: Bugfix switch_port uci option parsing
When not defining 'device' or 'vlan' in relevant switch_port uci
sections, behaviour is inconsistent due to *devn, *port and *vlan
pointers not being zero initialized.

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-03-01 20:37:37 +01:00
Felix Fietkau
df041b6520 netifd: fix stopping netifd + interfaces
stop() is overwritten by rc.common, so implement stop_service instead.
While at it, remove the now unnecessary restart() override

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:37 +01:00
Martin Schiller
87e021e6e3 libpcap: add optional netfilter support
This is needed to use the nflog interface with tcpdump

Signed-off-by: Martin Schiller <mschiller@tdt.de>
2017-03-01 20:37:37 +01:00
Felix Fietkau
0f2757dce4 px5g: replace px5g-standalone with a statically linked variant of px5g-mbedtls
px5g-standalone only supports SHA1 for certificates, which is strongly
deprecated. The new px5g-standalone is about 27k bigger (compressed),
and has identical behavior to px5g-mbedtls (it uses SHA256).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:37 +01:00
Felix Fietkau
2e8545333a mbedtls: add --function-sections and --data-sections to CFLAGS
This allows binaries that links these libraries statically to be reduced
by using --gc-sections on link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:37 +01:00
Hsing-Wang Liao
b036a22fcc kernel: add Chinese codepages
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-03-01 20:37:36 +01:00
Felix Fietkau
db7f80c587 libpcap: remove feature dependencies on kmod-* packages
USB support could be built into the kernel as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:36 +01:00
Ansuel Smith
00e4f6fd36 ebtables: update to last commit
Refreshed patches

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-03-01 20:37:36 +01:00
Daniel Albers
8aa92deaf6 hostapd: mv netifd.sh hostapd.sh
same name for the file on the host and target

Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
2017-03-01 20:37:36 +01:00
Pavel Kubelun
2856c7e320 ath10k-firmware: update qca9984 firmware
Bump qca9984 firmware.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-03-01 20:37:36 +01:00
Ulrich Weber
3983b4ad0f ppp: honor ip6table for IPv6 PPP interfaces
as we do for IPv4 PPP interfaces. When we create the
dynamic IPv6 interface we should inherit ip6table from
main interface.

Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
2017-03-01 20:37:36 +01:00
Florian Eckert
352f92fe08 ppp: add pppoe-discovery to an independent package
pppoe-discovery performs the same discovery process as pppoe, but does
not initiate a session

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-01 20:37:36 +01:00
David Pinilla Caparrós
31c2461e3f base-files: Added a deprecation notice on wifi detect
When running wifi detect, the user will be told on error output that
wifi detect is deprecated, that wifi config must be used instead. Also
the commit that changes it is referenced for further info.

Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
2017-03-01 20:37:36 +01:00
David Pinilla Caparrós
8bb839e85a base-files: Add wifi config to wifi command usage
Since commit 5f8f8a3661 wifi detect does
not longer work and wifi config it's used to configure not yet
configured wireless devices.

This commit changes command usage to reflect that change.

Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
2017-03-01 20:37:36 +01:00
Ben Kelly
e1e9d27655 uclibc++: patch bugfix erase() on derived __base_associative
When calling erase() on a containers derived from __base_associative
(e.g. multimap) and providing a pair of iterators a segfault will
occur.

Example code to reproduce:

	typedef std::multimap<int, int> testmap;
	testmap t;
	t.insert(std::pair<int, int>(1, 1));
	t.insert(std::pair<int, int>(2, 1));
	t.insert(std::pair<int, int>(3, 1));
	t.erase(t.begin(), t.end());

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-03-01 20:37:36 +01:00
Felix Fietkau
37b0d547db ath10k-firmware: revert faulty PKG_SOURCE_DATE change from 7cb27b46
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:35 +01:00
Pavel Kubelun
e591831430 ath10k-firmware: update qca9984 firmware and board data
Fixes firmware crash in rare cases and a bug
ath10k_pci 0001:01:00.0: received unexpected tx_fetch_ind event: in
push mode
for those who kept experiencing it after previous firmware update.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-03-01 20:37:35 +01:00
Ben Greear
8a3ac15a47 ath10k-ct: Support ath10k CT firmware for 9887 chipsets.
And, update support for 9880 chipsets.  The new firmware
fixes a regression with EAPOL 4/4 packets added in
a recent commit.

It also fixes a case where the firmware would improperly try
to use STBC when configured for 1x1 (as 9887 always is).

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-03-01 20:37:35 +01:00
Chris Blake
9451cd7c5b leds-apu2: Add PC Engines APU2 LED driver
This adds support for the PCB LEDs and Reset Button found on the PC
Engines APU2/APU3 embedded boards.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-03-01 20:37:35 +01:00
Koen Vandeputte
65b05463d7 netfilter: re-enable TEE support for kernel 4.4
It got disabled in commit 4454a3fb63
but works nicely these days.

Tested on cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-03-01 20:37:35 +01:00
Chris Blake
2b122a6750 gpio-nct5104d: Add nct5104d driver package
This adds support for the SuperIO chip nct5104d found on the PC Engines
APU boards, which allows for a handful of additional ports, such as 2x
additional UART pinouts, enabling an external watchdog (no driver for
this functionality yet), and 16 GPIO pins. More info can be found at
https://pcengines.ch/ht_gpio.htm

Thanks to @feckert for helping package this.

Cc: Florian Eckert <Eckert.Florian@googlemail.com>

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-03-01 20:37:35 +01:00
Mathias Kresin
c5d8d8fd64 x86: drop ep80579-drivers
The subtarget on which the driver still depends was removed with
dee8986b95 because it was unmaintained
for a long time.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-03-01 20:37:35 +01:00
Daniel Golle
83d3e393bf 6in4: add missing colon when setting default ca_path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-03-01 20:37:35 +01:00
John Crispin
ee1cd31d2b procd: update to latest git HEAD
5f91241 procd: add cancel_timeout on rc scripts when a runtime_timeout is specified
961dc69 procd: stop service using SIGKILL if SIGTERM failed to do so

Fixes FS#516.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 946d1dfb87)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-03-01 12:10:06 +01:00
Felix Fietkau
bc61c1328d procd: update to the latest version
Fixes compatibility issues with glibc 2.25

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2ffb80bc9f)
2017-03-01 12:10:06 +01:00
Jo-Philipp Wich
709c326461 hostapd: fix feature indication
- Fix eap test to work with standalone hostapd builds
 - Fix 11n test to check the correct define
 - Add 11ac, 11r and 11w tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-03-01 01:18:58 +01:00
Yousong Zhou
ef5cb964b1 relayd: fix making incomplete instance json data
Defer procd_open_instance only after validity check passed.

Fixes FS#541

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:25 +08:00
Yousong Zhou
77fb98ee41 relayd: remove old start-stop-service related code
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:24 +08:00
Yousong Zhou
b24273fe71 ppp: ppp6-up: add executable permission bit
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:24 +08:00
Yousong Zhou
5f5fae27b5 mac80211: hwsim: select DRIVER_11AC_SUPPORT and DRIVER_11W_SUPPORT
This is required for default wireless configuration of malta target to
work out of the box again.  Fixes "77ece30e: hostapd: Add ability to
specify that that wireless driver supports 802.11ac"

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:24 +08:00
Brandon Koepke
2b22e1d5c3 openvpn: adding key_direction to append_params.
key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me.

Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
[Fixes FS#537]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:36:16 +08:00
Felix Fietkau
6cb46adbc9 ubus: update to the latest version
c09e4f0 ubusd: fix incomplete copy of shared buf during queue-ing
453b87f cli: add support for subscribing to objects
6eb3c96 cli: do not use default timeout for listen
dfe3383 libubus: reset ctx->sock.error when doing ubus reconnect
34c6e81 cli: fix listen_timeout compile issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:15:46 +01:00
Felix Fietkau
fdc22b616c ubus: update to the latest version
Adds the following fixes:

91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:11:24 +01:00
Ted Hess
4c9b45966e libubox: Update to latest version
9d6305a utils: Change calloc_a() to return size_t aligned pointers

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-02-25 11:10:41 +01:00
Felix Fietkau
67c2a176ce libubox: update to the latest version
Adds the following changes:

de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:10:35 +01:00
Felix Fietkau
bf53a8327f acx-mac80211: fix scan API error that could lead to a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 15:03:48 +01:00
Felix Fietkau
f1336d2a70 iw: sync nl80211.h with mac80211 package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau
703515f889 mac80211: sync with master branch as of 9edff13abd
Includes the following changes:
9edff13abd mac80211: disable potentially harmful PS software retry for A-MPDU sessions
75216a76b0 mac80211: backport upstream fix for CSA in IBSS mode
368cc8ef47 mac80211: update brcmfmac backporting brcmf_err cleanups
66a63d25c4 mac80211: fix build on linux 3.18
9eacb9d7fc rt2x00: mt7620: lots of improvements
fd94fa61a7 mac80211: brcmfmac: update Raspberry Pi patches for linux 4.9
649e766a64 mac80211: update to wireless-testing 2017-01-31
47540afa5d ath9k: add a warning to the tx99 config option
b367eef21d mac80211: rt2x00: add support for external LNA on MT7620
9200e168f2 mac80211: move (& update) upstream accepted brcmfmac patches

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau
d27dd6298b ath10k-ct: depend on kmod-hwmon-core, it gets used when CONFIG_THERMAL is set
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau
0ce2d5b6bf ath10k-ct: fix kernel api compatibility issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:28 +01:00
Ben Greear
09620c0825 ath10k-ct: Fix performance of 2x2 hardware running 3x3 firmware.
The driver had a bug when calculating the rateset.  This resolves
that and allows full VHT mcs rates on 2x2 hardware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-02-24 12:22:28 +01:00
Joseph C. Lehner
0a3088cb4b mt76: split kmod package
This patch splits `kmod-mt76` into three separate packages:
`kmod-mt76-core`, `kmod-mt76x2` and `kmod-mt7603`. By making
`kmod-mt76` a metapackage containing these new packages,
the previous behaviour of including all drivers and firmware
is left unchanged, unless explicitly unselected in
`DEVICE_PACKAGES`.

This splitting is especially beneficial for devices with
small flash chips, since the `kmod-mt76` package currently
requires ~160K on squashfs (after compression).

Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2017-02-23 17:34:14 +01:00
Baptiste Jonglez
59508e309e dnsmasq: Add upstream patch fixing SERVFAIL issues with multiple servers
This fixes FS#391 for lede-17.01

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-02-20 18:13:44 +01:00
Stijn Tintel
5612114090 Revert "px5g-standalone: provide px5g via PROVIDES"
This reverts commit cc66f819b4.

This commit causes opkg to install px5g-standalone instead of px5g when
installing luci-ssl. As luci-ssl depends on mbedtls, using
px5g-standalone makes no sense. Next to that, it creates deprecated SHA1
certificates. Revert the commit to avoid pxg5-standalone to be
installed by accident.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ca8aee0c57)
2017-02-20 15:17:20 +01:00
Alberto Bursi
4d1ab84f1e uboot-kirkwood: fix goflexhome/net bootcommand
Goflexhome/net use uImage, and to boot an uImage the u-boot
must use bootm command, not bootz.

Fixes the "i cannot boot LEDE with this u-boot" issue that I
found out myself with my goflexnet.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-19 21:00:19 +01:00
Felix Fietkau
c835c9ebe5 uhttpd: use sha256 when generating certificates with openssl (FS#512)
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-17 14:43:11 +01:00
Stijn Tintel
6ebb8723a6 dropbear: bump PKG_RELEASE
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 27040dbf89)
2017-02-17 12:31:52 +01:00
Joseph C. Sible
f527436364 dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
(cherry picked from commit 0bf85ef048)
2017-02-17 12:31:39 +01:00
Cezary Jackiewicz
44aec27112 ugps: fix typo
Removing redundant spaces from the name of the option. Without fix:

root@LEDE:~# opkg install ugps
Installing ugps (2016-10-24-32a6b2b7-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01-SNAPSHOT/packages/mips_24kc/base/ugps_2016-10-24-32a6b2b7-1_mips_24kc.ipk
Configuring ugps.
uci: Parse error (invalid character in name field) at line 3, byte 23
uci: Parse error (invalid character in name field) at line 3, byte 23
sh: out of range
root@LEDE:~# uci show gps
uci: Parse error (invalid character in name field) at line 3, byte 23

With this fix:

root@LEDE:~# uci show gps
gps.@gps[0]=gps
gps.@gps[0].tty='ttyACM0'
gps.@gps[0].adjust_time='1'

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2017-02-16 09:54:14 +01:00
Felix Fietkau
dbb8e04472 qos-scripts: fix module load commands (FS#438)
fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark
module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 14:02:04 +01:00
Rafał Miłecki
df49e49bc7 mdns: update and rename package to the umdns
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).

This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-15 13:07:21 +01:00
Felix Fietkau
b8c9ded999 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 11:37:13 +01:00
Sven Eckelmann
d6d9f256ff package/uboot-envtools: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:54 +01:00
Sven Eckelmann
e6057ed207 package/om-watchdog: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:53 +01:00
Sven Eckelmann
8785ebc471 package/uboot-envtools: add OpenMesh a60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:49 +01:00
Sven Eckelmann
eb383710e2 package/om-watchdog: add OpenMesh A60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:48 +01:00
Sven Eckelmann
a3061e57e8 package/uboot-envtools: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:45 +01:00
Sven Eckelmann
8a35c489ad package/om-watchdog: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:44 +01:00
Denis Osvald
cbd69f7e4e procd: fix default timeout for reload trigger actions
Default trigger action timeout was added to procd.sh in commit f88e3a4c0
(procd: add default timeout for reload trigger actions)
However, the timeout value was not placed under the correct JSON-script
array nesting level and thus did not apply.

To fix this and make the timeout actually apply to the reload triggers,
we place it in the correct scope, that is the per-trigger array.

Fixes: f88e3a4c0a
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-02-15 09:35:12 +01:00
Felix Fietkau
e967f4dd27 ath9k: fix various issues in the airtime-fairness implementation
Effects of the bugs could include memory corruption, tx hangs, kernel
crahes, possibly other things as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-12 14:27:21 +01:00
Hans Dedecker
b8567cb44e odhcpd: update to git HEAD version (FS#396)
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:42:48 +01:00
Hans Dedecker
03ff2d7359 odhcpd: update to git HEAD version (FS#388)
3317c86 dhcpv6-ia: apply lease delete based on assignment bound state
df50429 odhcpd: properly handle netlink messages (FS#388)
83d72cf odhcpd: fix coding style

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:42:00 +01:00
John Crispin
bd64568d27 procd: update to latest git HEAD
cdc3dab ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-08 15:03:16 +01:00
Álvaro Fernández Rojas
86bd886697 brcmfmac: improve Raspberry Pi 3 stability
- Really disable power management (wrong config flags).
- Disable internal roaming engine.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 18:00:16 +01:00
Hauke Mehrtens
2ad4383b74 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:34:28 +01:00
Rafał Miłecki
5c4b2eb3dd mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
52add1988c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
c578da6198 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
4b9bdb48d9 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
85d128f145 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki
e48b1c2c07 mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
e8f42223be mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki
36288db2fd mac80211: start hostapd with logging wpa_printf messages to syslog
Some debugging/error messages are printed using wpa_printf and this
change allows finally reading them out of the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:33:05 +01:00
Rafał Miłecki
bc49d7902c hostapd: enable support for logging wpa_printf messages to syslog
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:31:02 +01:00
Rafał Miłecki
a0bc62fe08 hostapd: backport support for sending debug messages to the syslog
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.

We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.

Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:29:56 +01:00
Hannu Nyman
1b51a49a9d ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:26:05 +01:00
Wilco Baan Hofman
f8d8b60f1b Fix dependency for hostapd
Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
2017-02-01 16:06:58 +01:00
Kevin Darbyshire-Bryant
4cd9625dd4 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Kevin Darbyshire-Bryant
4f5ff0041a kmod-sched-cake: Bump to latest version
wash, mpu & some memory optimisation have now made it to the official
cake repository.

Point LEDE to the official repository.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Jo-Philipp Wich
d1d970e235 libtool: don't clobber host libtool infrastructure
The libtool target package stages its files into the host staging directory
and moves the libltdl library parts from there into the target staging
directory afterwards.

By doing so, the package essentially renders the host libtool infrastructure
unusable, leading to the below error in subsequent package builds:

    libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool`

Prevent this problem by using a dedicated libltdl install prefix in order to
avoid overwriting and moving away preexisting files belonging to tools/libtool.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:05:52 +01:00
Hans Dedecker
786160cd76 odhcp6c: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 16:00:01 +01:00
Hans Dedecker
4d9106afa6 odhcp6c: update to git HEAD version
c13b6a0 dhcpv6: fix white space error
e9d80cc dhcpv6: trigger restart of DHCPv6 state machine when not
		receiving statefull options
c7122ec update README
419fb63 dhcpv6: server unicast option support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
02d511818f odhcpd: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
036cf93edf odhcpd: update to git HEAD version
c4f9ace odhcpd: decrease default log level to LOG_INFO
a6eadd7 odhcpd: rework IPv6 interface address dump
44965f1 odhcpd: extra syslog tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker
cd99f3c744 odhcpd: update to git HEAD version
e447ff9 router: fix compile issue on 64 bit systems

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker
ef170bff32 odhcpd: update to git HEAD version
237f1f4 router: convert syslog lifetime traces into LOG_INFO prio
da660c7 treewide: rework prio of syslog messages
0485580 ndp: code cleanup
c5040fe router: add syslog debug tracing for trouble shooting
df023ad treewide: use RELAYD_MAX_ADDRS as address array size
c8ac572 ndp: don't scan netlink attributes in case of netlink route
event

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker
fe253bcb99 netifd: update to git HEAD version
650758b interface-ip: route proto config support (FS#170)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker
718c201b82 base-files: add /etc/iproute2/rt_protos
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Yousong Zhou
754f474568 base-files: uppercase default hostname: LEDE
The name will appear in shell prompt and LuCI page title.  Uppercase
letters seem to be more vigorous

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-01 15:40:20 +01:00
Bastian Bittorf
be7480cb5a procd: update procd.sh to disallow signal-numbers, enforce signal-names
A given signal-name is now converted to the corresonding number. In general
it's good style to use names (readability) and it's more portable: signal
numbers can be architecture-dependent, so we are more safe giving names.

A real world example is signal 10, which is BUS on ramips and USR1 on PPC.

All users of 'procd_send_signal' must change their code to reflect this.

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-02-01 15:40:20 +01:00
Sven Roederer
7c5bc827b7 openvpn: ssl-enabled variants also provide a virtual openvpn-crypto package
When relying on x.509 certs for auth and / or encryption of traffic you can't
use package openvpn-nossl.
Just have your package depend on openvpn-crypto to have SSL-encryption and
X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use
virtual packge openvpn, which is provided by all OpenVPN-variants.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2017-02-01 15:40:20 +01:00
Kevin Darbyshire-Bryant
acebb4a990 iproute2: cake: add 'mpu' minimum packet length support
Add 'mpu' minimum length packet size parameter for scheduling/bandwidth
accounting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 15:40:20 +01:00
Kevin Darbyshire-Bryant
06fca0c48b kmod-sched-cake: add 'mpu' minimum packet length support
Add 'mpu' minimum packet length for scheduling/bandwidth accounting
purposes.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 15:40:20 +01:00
Steven Honson
ff813588fd hostapd: default to wps_independent 1
Signed-off-by: Steven Honson <steven@honson.id.au>
2017-02-01 15:40:20 +01:00
Steven Honson
2f9568ac2a hostapd: expose wps_independent and ap_setup_locked as uci options
ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other
wps related uci options.

Signed-off-by: Steven Honson <steven@honson.id.au>
2017-02-01 15:40:20 +01:00
Gabe Rodriguez
f9519636f5 mwlwifi: Fixes rewritten history hash and latest version
The author of the upstream mwlwifi edited the history of the previous commit.
This commit not only fixes the updated hash but also sends in the latest
commits he made to the code which are mainly testing.

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2017-02-01 15:40:20 +01:00
Hannu Nyman
d7cae5f0b4 opkg: clarify messages and errors related to downloads
Clarify opkg's messages related to downloads:

* more visible error message for package list download failure
* separate error message for signature file download error
* if wget returns 4, signal the network error more clearly
* remove '.' from end of filenames and URLs

* try signature check only if the package list was downloaded ok.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-01 15:40:20 +01:00
Felix Fietkau
b2cd9b80ef ubus: update to the latest version
Adds uloop related libubus fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 15:40:20 +01:00
Felix Fietkau
977eb2c019 ubus: update to the latest version
- Adds support for passing file descriptors in ubus invoke requests
- Fixes clearing pending timers on ubus_shutdown()
- Fixes checking the amount of written data in ubusd
- Fixes an ubusd crash when trying to subscribe to system objects

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 15:40:19 +01:00
Mathias Kresin
b2437a02a4 base-files: don't overwrite model name set by target
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.

Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-01 07:40:09 +01:00
Felix Fietkau
f4162bf3ca mt76: update to the latest version
Fixes DFS detection false positive issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 21:29:33 +01:00
Felix Fietkau
5f2a1ac59a ath9k: remove the deaf rx path state check patch
This needs to be refined and reworked before we can safely leave it
enabled by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 11:45:23 +01:00
Felix Fietkau
406f85a328 mdns: update to the latest version
- fixes unaligned acccesses, causing DNS parsing issues on ARMv5
- fixes service timeout handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 11:25:22 +01:00
Toke Høiland-Jørgensen
b8fcbbf31d kmod-sched-core: Add HTB and TBF traffic shapers
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.

This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-01-29 15:13:21 +01:00
Magnus Kroken
69f773daa3 openvpn: add support for various new 2.4 configuration options
Updates to openvpn.init were included in early OpenVPN 2.4 patch
series, but got lost along the way and were never merged.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-01-28 20:20:02 +01:00
Hauke Mehrtens
f5ab082243 openssl: update to version 1.0.2k
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-28 13:33:22 +01:00
Felix Fietkau
36db143690 ath9k: fix up a refcount imbalance error in the IRQ related fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-27 15:46:07 +01:00
Matthias Schiffer
ecc362ed04
procd: update to latest git HEAD
0f58977 init: fix /tmp permissions on zram

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:12 +01:00
Matthias Schiffer
a1f918cd92
base-files: fix user creation on sysupgrade with few opkg control files
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.

Add -s to suppress an error message when no control files exist.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:02 +01:00
Felix Fietkau
f9022964cf ath9k: add stability fixes for long standing hang issues (FS#13, #34, #373, #383)
The radio would stop communicating completely. This issue was easiest to
trigger on AR913x devices, e.g. the TP-Link TL-WR1043ND, but other
hardware was occasionally affected as well.

The most critical issue was a race condition in disabling/enabling IRQs
between the IRQ handler and the IRQ processing tasklet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:17 +01:00
Felix Fietkau
acd1795a60 mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:13 +01:00
Felix Fietkau
a6f3ea5e84 Add back the commit "ath9k: Add airtime fairness scheduler"
This reverts commit c296ba834d.
According to several reports, the issues with the airtime fairness
changes are gone in current versions.
It's time to re-apply the patch now.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:10 +01:00
Rafał Miłecki
e9d2173921 mac80211: brcmfmac: don't use uninitialize mem for country codes
There was a bug in brcmfmac patch that could result in treating random
memory as source of country codes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:46 +01:00
Rafał Miłecki
81f2196bb1 mac80211: move (& update) upstream accepted brcmfmac patches
These 3 patches are now in wireless-drivers-next tree.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:34 +01:00
Mathias Kresin
806d3cc2c3 packages: mark packages depending on a target as nonshared
The packages can't be build as shared packages due to the unmet
dependencies.

Fixes FS#418.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-24 19:59:55 +01:00
Jo-Philipp Wich
b850218584 hostapd: fix stray "out of range" shell errors in hostapd.sh
The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized
$ieee80211r and $ieee80211w variables in a numerical comparisation, leading
to stray "netifd: radio0 (0000): sh: out of range" errors in logread when
WPA-PSK security is enabled.

Ensure that those variables are substituted with a default value in order to
avoid emitting this (harmless) shell error.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 14:56:20 +01:00
Jo-Philipp Wich
ef08595c3f openvpn: let all openvpn variants provide a virtual openvpn package
Add PROVIDES:=openvpn to the default recipe in order to let all build variants
provide a virtual openvpn package.

The advantage of this approach is that downstream packages can depend on just
"openvpn" without having to require a specific flavor.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-21 23:05:54 +01:00
Kevin Darbyshire-Bryant
3a9926e40f kmod-sched-cake: fix parameter passing kernel/user space
The last two parameters passed between user space tc and kernel space
sched-cake were transposed due to a merge mistake in a parameter header
file.

As such, using a packet overhead figure was likely to set cake to wash
packet DSCP values.  Similarly, the DSCP wash flag was used as an offset
to the displayed packet overhead value.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-21 14:27:37 +01:00
Daniel Engberg
12392e5600 zlib: Update to 1.2.11
Update to 1.2.11 as suggested by upstream
Also add SF as primary source and main site as fallback

Note: SF doesn't carry the 1.2.11 update yet.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-21 14:27:23 +01:00
Jo-Philipp Wich
cfb3ef3a97 lede-keyring: bundle latest usign certificates
Includes the public usign certificates used by the 17.01.* release builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-20 10:11:15 +01:00
Hans Dedecker
c71e13a81a netifd: update to git HEAD version
a057f6e device: fix DEV_OPT_SENDREDIRECTS definition

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-17 14:07:47 +01:00
Stijn Segers
2ac776ac76 curl: fix HTTPS network timeouts with OpenSSL
Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:41:08 +01:00
Jo-Philipp Wich
1e1e3ef2fb LEDE v17.01: set branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 18:56:07 +01:00
Matthias Schiffer
b9a408c2b4
base-files: add ARCH_PACKAGES to openwrt_release and os-release
Knowing the package architecture at runtime can be useful, e.g. to
configure opkg repository URLs. The value of ARCH_PACKAGES ("%A" in
VERSION_SED) as added to openwrt_release (as DISTRIB_ARCH) and os-release
(as LEDE_ARCH).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 13:29:47 +01:00
Andrej Vlasic
5c20a4fec9 ubox: turn logd into a separate package
Currently system log is always included as a part of ubox. Add logd as a
seperate package and add it to default packages list.

Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Domagoj Pintaric
b5b83706be mbedtls: add static files in staging_dir
Signed-off-by: Domagoj Pintaric <domagoj.pintaric@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
2017-01-16 11:41:54 +01:00
Matthias Schiffer
621fd9fd62
opkg: use default PKG_BUILD_DIR
opkg doesn't have BUILD_VARIANTs anymore, so the previously defined
PKG_BUILD_DIR would lead to a weird 'opkg-' path component.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-16 09:02:42 +01:00
Rafał Miłecki
25200ae7a5 mac80211: brcmfmac: add early (& hacky) patch for storing country codes
This allows some basic region switching on Netgear R8000. More devices &
codes may be added. Ideally it should be converted into DT info & patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-16 00:32:27 +01:00
Rafał Miłecki
5fba00a686 mac80211: use wiphy_read_of_freq_limits in brcmfmac
This makes use of cfg80211 feature backported & described in
188626f17c ("mac80211: backport cfg80211 support for
ieee80211-freq-limit DT property").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-15 23:10:55 +01:00
Stijn Tintel
f4f2dd04bd mt76: select 802.11w support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 20:13:56 +01:00
Florian Fainelli
dea191914c kernel: can: Add missing regmap dependency for kernel 4.4
Fixes build failure for kmod-can-c-can-platform which depends on
kmod-regmap for kernel 4.1 and 4.4.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-15 17:43:14 +01:00
Timo Sigurdsson
21baa25009 ath10k-firmware: Update QCA988X firmware to latest version
This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00016
found in the official ath10k-firmware repository.

Tested on TP-Link Archer C7 v2.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2017-01-15 14:59:24 +01:00
Felix Fietkau
7e8fecb224 hostapd: fix passing jobserver to hostapd/supplicant build processes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:57:53 +01:00
Felix Fietkau
40e4c342fd hostapd: backport a few upstream fixes
Fixes reassoc issues with WDS mode
Fixes reassoc issues in AP mode
Fixes IBSS reauthentication issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:53:28 +01:00
Felix Fietkau
a206394efa mt76: update to the latest version, adds support for 802.11w
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-15 14:53:27 +01:00
Matthias Schiffer
0d8381aea3
ncurses: revert $(STAGING_DIR_HOSTPKG) to $(STAGING_DIR)/host where appropriate
Host files installed in Build/InstallDev are target-specific and will stay
in $(STAGING_DIR)/host after the STAGING_DIR_HOSTPKG unification.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-14 18:58:44 +01:00
Felix Fietkau
e7e91e62bb mac80211: backport a fix for a tx related race condition
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-14 18:28:28 +01:00
Felix Fietkau
a46d1fde4b mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-14 18:28:24 +01:00
Koen Vandeputte
adf2fef5e8 mac80211: backport some upstream fixes
Backports the following upstream fixes:

mac80211: initialize fast-xmit 'info' later
mac80211: fix legacy and invalid rx-rate report
mac80211: fix tid_agg_rx NULL dereference

Compiled and tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-01-14 18:28:21 +01:00
Hauke Mehrtens
5b089e45a6 kernel: update 4.4 kernel to 4.4.42
Refresh patches on all 4.4 supported platforms.
Compile & run tested: lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-13 23:05:36 +01:00
Jo-Philipp Wich
920170a27f firewall: fix forwarding local subnet traffic
Packets which are merely forwarded by the router and which are neither
involved in any DNAT/SNAT nor originate locally, are considered INVALID
from a conntrack point of view, causing them to get dropped in the
zone_*_dest_ACCEPT chains, since those only allow stream with state NEW
or UNTRACKED.

Remove the ctstate restriction on dest accept chains to properly pass-
through unrelated 3rd party traffic.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-13 18:31:36 +01:00
Kevin Darbyshire-Bryant
c914fa04a3 dnsmasq: use ubus signalling in ntp hotplug script
Use ubus process signalling instead of 'kill pidof dnsmasq' for
SIGHUP signalling to dnsmasq when ntp says time is valid.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-13 16:08:22 +01:00
Felix Fietkau
402fea62c4 netifd: update to the latest version
This disables IGMP snooping by default, which was causing various issues
over time, like FS#95

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 14:54:12 +01:00
Felix Fietkau
f44663c673 uqmi: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:09 +01:00
Felix Fietkau
185b06f04a umbim: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
1ca31b0931 comgt: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
bd68ddbda4 polarssl: remove package
The mbedTLS 1.3 branch has been EOL since end of 2016 and now all
remaining users have been converted.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
2b6284f5a8 mac80211: fix broken spatial multiplexing defaults
Most mac80211 drivers leave the SMPS field in the HT capabilities
uninitialized (unfortunately defaults to static SMPS), which leads to
some devices limiting themselves to single-stream rates in some modes
(mostly mesh and IBSS).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 10:22:22 +01:00
Ben Greear
544dee575d ath10k-fw: Update to latest CT firmware
For 988X, 9980, 9984 CT firmware.

This should allow IBSS + RSN on at least the 988X firmware,
and includes recent stability fixes for all firmware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-01-13 10:22:20 +01:00
Ben Greear
5c09d7f23d ath10k-ct: Update to latest CT 4.7 ath10k driver.
This at least makes it harder to hit some txq related
crashes on firmware restart, a potential memory leak,
and some other fixes.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-01-13 10:22:20 +01:00
Felix Fietkau
627b0d3559 mountd: drop USB related dependencies
That way we can avoid making it nonshared

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 09:12:19 +01:00
Hans Dedecker
d1daf3f38d map: take over maintainership
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-12 12:15:17 +01:00
Hans Dedecker
0d49f9f4b4 odhcp6c: take over maintainership
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-12 12:15:01 +01:00
Hans Dedecker
5303d4bedb odhcpd: take over maintainership
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-12 12:14:46 +01:00
Hans Dedecker
ec63e3bf13 Revert "dnsmasq: change 'add_local_hostname' to use dnsmasq '--interface-name'"
This causes problem when a FQDN is configured in /etc/config/system. The
domain name will appear twice in reverse DNS.

Next to that, there seems to be a bug in dnsmasq. From the manual page:

--interface-name=<name>,<interface>[/4|/6]
Return  a  DNS  record  associating  the  name  with  the primary address
on the given interface. This flag specifies an A or AAAA record for the
given name in the same way as an /etc/hosts line, except that the address
is not constant, but taken from the given interface. The interface may be
followed by "/4" or "/6" to specify  that  only  IPv4  or  IPv6 addresses
of the interface should be used. If the interface is down, not configured
or non-existent, an empty record is returned. The matching PTR record is
also created, mapping the interface address to the name. More than one name
may be associated with an interface address by repeating the flag; in that
case the first instance is used for  the  reverse address-to-name mapping.

It does not just create an A/AAAA record for the primary address, it creates
one for all addresses. And what is worse, it seems to actually resolve to the
non-primary address first. This is quite annoying when you use floating IP
addresses (e.g. VRRP), because when the floating IP is on the other device,
SSH failes due to incorrect entry in the known hosts file.

I know that this is not a common setup, but it would be nice if there was an
option to restore the previous behaviour, rather than just forcing this new
feature on everybody.

Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-12 12:14:20 +01:00
Hans Dedecker
bb8e9c51ab map: delete map-t device when tearing down map interface
Delete the map-t device when tearing down the map-t interface; as such
there's no conflict when the map-t interface comes up again when trying
to add the map-t device as the map-t device was still present
(Can not add: device 'map-wan6_4' already exists!).

Only call ifdown in teardown for map-e and lw6o4 map interfaces types
in order to suppress the trace "wan6_4 (6652): Interface wan6_4_ not found"

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-12 11:41:11 +01:00
Felix Fietkau
1ad30be982 Revert the recent dependency and metadata scanning rework
This reverts the following commits:
fbe522d120
278ad007ee
863888e44f
96daf6352f
cfd83555fc

This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 19:48:09 +01:00
Felix Fietkau
fbe522d120 comgt: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
278ad007ee umbim: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
863888e44f uqmi: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
96daf6352f mountd: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
4d8da82c29 procd: add support for overriding the tar sysupgrade board name
Useful for providing images that work for multiple devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 13:40:36 +01:00
Kabuli Chana
15f4fbb7bd mvebu: update mwlwifi driver to version 10.3.2.0-20170110
Improves automatic channel section support.

Tested on AC (mamba) and ACM (rango).

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[Jo-Philipp Wich: reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-11 12:15:13 +01:00
Sujith Manoharan
593240075f wpa_supplicant: Fix mesh encryption config
wpa_supplicant allows only SAE as the key management
type for mesh mode. The recent key_mgmt rework unconditionally
added WPA-PSK - this breaks interface bringup and wpa_s
throws this error message:

Line 10: key_mgmt for mesh network should be open or SAE
Line 10: failed to parse network block.
Failed to read or parse configuration '/var/run/wpa_supplicant-wlan0.conf

Fix this by making sure that only SAE is used for mesh.

Signed-off-by: Sujith Manoharan <m.sujith@gmail.com>
2017-01-11 04:01:07 +01:00
Jo-Philipp Wich
b95494baed gettext-full: avoid using iconv for host builds
The gettext-full host build might pick up iconv-stub host build  headers
during the build, leading to stray linker errors with unresolved references
to libiconv_open(), libiconv() and libiconv_close().

Since we're not needing iconv support on the host, pass the appropriate
cache variables to configure to prevent detection and linking of iconv.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-11 03:48:30 +01:00
Matthias Schiffer
77beaf2ec9
package: replace $(STAGING_DIR)/host with $(STAGING_DIR_HOSTPKG)
Cleanup to prepare for changing STAGING_DIR_HOSTPKG. The actual change of
STAGING_DIR_HOSTPKG (i.e., moving the host packages back into a common, not
target-specific directory) will be done after the first LEDE release, but
the cleanup will also be useful for projects like Gluon.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-10 22:15:37 +01:00
Rafał Miłecki
f714fe46a9 mac80211: pending brcmfmac patches cleaning channels management
They prepare brcmfmac for using wiphy_read_of_freq_limits.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-10 17:18:29 +01:00
Rafał Miłecki
07df80a1a6 mac80211: rename b43 patches to make more space
Just 6 patches were using 80*, 81*, 82* and 84* prefixes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-10 16:28:17 +01:00
John Crispin
1ce9b566fd procd: update mirror hash
Signed-off-by: John Crispin <john@phrozen.org>
2017-01-10 15:26:12 +01:00
Felix Fietkau
c9dd40f628 kernel: remove gpiommc patches / driver
This code was marked as incompatible to Linux 4.4 well over a year ago
and nobody cared, and now it's breaking builds.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 15:45:33 +01:00
Pavel Kubelun
36167ae46c ath10k-firmware: update board data for qca9984
Current board-2.bin file for qca9984 in Kvalo's repo is from branch
10.4-3.2, while board-2.bin file in code-aurora repo is newer and
corresponds to the branch 10.4-3.3, the same as recently updated firmware.

Considering that it's better to have all parts from the same branch
we are updating board-2.bin as well.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-01-10 13:48:52 +01:00
Felix Fietkau
4ee4c24092 kernel: drop kmod-i2c-ibm-iic
If any of the ppc4xx targets are restored, this should be built into the
kernel instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:26 +01:00
Felix Fietkau
96815fe0a2 kernel: remove omap24xx specific kernel module packages
If the target is ever restored, those drivers should be built into the
kernel instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:26 +01:00
Felix Fietkau
7ff7be96dd omap: build various core drivers into the kernel instead of packaging them
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:26 +01:00
Felix Fietkau
f630342af2 kernel: simplify dependencies for kmod-via-velocity
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
5b92dca09f kernel: drop crypto-hw-ppc4xx
If any of the ppc4xx targets are restored, this should be built into the
kernel instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
9cdf852ae0 opkg: drop S/MIME support
It has never been used by default (due to being too bloated), and it is
properly replaced by usign (which has been the default for a long time
now).

Remove this feature to simplify the build system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
f5c649d7c6 mpc85xx: build i2c support into the kernel instead of packaging it separately
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:25 +01:00
Felix Fietkau
96ade7adae mpc85xx: build usb support into the kernel instead of packaging it separately
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:24 +01:00
Felix Fietkau
0b2b162db9 kernel: remove kmod-gianfar, it is already built into the kernel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:24 +01:00
Felix Fietkau
c472ed29b4 kernel: remove kmod-ata-imx, it is already built into the kernel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 13:44:24 +01:00
Stijn Tintel
cdcf7265fd lldpd: take over maintainership
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:02:00 +01:00
Stijn Tintel
046606a05e lldpd: add Net-SNMP AgentX support
Enabling this makes it possible to query LLDP neighbors via SNMP.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:02:00 +01:00
Stijn Tintel
c687a70fdf iwinfo: drop references to madwifi
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:01:26 +01:00
Stijn Tintel
cc66f819b4 px5g-standalone: provide px5g via PROVIDES
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:00:23 +01:00
Jo-Philipp Wich
38de638eae mtd-utils: mark as nonshared
Since mtd-utils embeds ubi-utils and ubi-utils depends on @NAND_SUPPORT, we
cannot share this package among targets as the SDK processing the package is
not guaranteed to claim NAND_SUPPORT.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 12:27:28 +01:00
Felix Fietkau
acd0c8c178 kernel: move the gateworks system controller driver to an out-of-tree package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
c00e5a4f09 mpc85xx: enable the crypto acceleration driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
a2f6b56c8f imx6: enable the crypto acceleration driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
93cbdde43a kernel: fix kmod-w1-master-mxc dependency
The kernel config symbol is not selectable on mxs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
78de59f15a kernel: fix dwc2 gadget dependency
Use USB_GADGET_SUPPORT feature flag instead of hardcoding the target
list.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
64be6fe9ca mxs: enable the chipidea usb driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
7450698957 imx6: enable the chipidea usb driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
7f0796d874 imx6: remove kmod-thermal-imx, it is already enabled in the kernel config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
348fedc1a6 imx6: build support for the ventana ethernet expansion board into the kernel instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
Felix Fietkau
c524d1b256 imx6: enable the Freescale SNVS RTC driver in the kernel config instead of packaging it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-10 12:10:20 +01:00
John Crispin
029b36d9b5 procd: update to latest git HEAD
f706903 ujail: add basic /dev files

Signed-off-by: John Crispin <john@phrozen.org>
2017-01-10 09:26:43 +01:00
Daniel Engberg
dfe93c20ec libnl: Update to 3.2.29
Update libnl to 3.2.29

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-10 08:26:42 +01:00
Daniel Engberg
1016a32919 usbutils: Update usb.ids database to 2016.10.13
Update usb.ids database to 2016.10.13

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-10 08:12:42 +01:00
Hauke Mehrtens
e9f0b75976 cyassl: update to wolfssl version 3.10.0
This fixes a low level security vulnerability.
Deactivate MIPS16 support, crypto code gets much slower with MIPS16.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-10 00:10:15 +01:00
Felix Fietkau
589a16fdb6 px5g: remove obsolete reference to $(BUILD_VARIANT)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 16:37:33 +01:00
Felix Fietkau
3e7b894ac0 ustream-ssl: remove legacy polarssl support
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 14:35:09 +01:00
Felix Fietkau
1cf64e210f px5g: remove legacy polarssl support
The old polarssl 1.3 branch is EOL since end of 2016, and the package
for it will be removed soon.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 14:35:08 +01:00
Hans Dedecker
8d2171e469 odhcp6c: add option "keep_ra_dnslifetime"
Add option keep_ra_dnslifetime which will preserve the received
lifetime for RDNSS and DNSSL RA records and not overwrite it
by the RA router lifetime as specified in RFC6106.
This allows to accept RDNNS records from RAs that don't announce
a default route by setting router lifetime to 0 in the RAs.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-09 13:28:22 +01:00
Felix Fietkau
f0353c5e8c mbedtls: re-enable CFB support
It is safe and required by some software, e.g. shadowsocks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-09 10:59:30 +01:00
Felix Fietkau
d4ce3e8692 uboot-mvebu: enable loader with the default profile
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-08 18:39:44 +01:00
Felix Fietkau
355e150065 mbedtls: re-enable RC4 support (needed by transmission and others)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-08 18:22:23 +01:00
Hans Dedecker
621f8cbfae odhcpd: bump to git HEAD
ef3c563 dhcpv6-ia: filter out prefixes having invalid length
16cd87e dhcpv6-ia: fix dereference after freeing assignment
d6b0c99 dhcpv6-ia: log only IPv6 addresses which are effectively
assigned to a DHCPv6 client
08a9367 config: respect ignore uci option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-07 21:08:24 +01:00
Hauke Mehrtens
4061c8eb53 Revert "gdb: fix build with gcc 4.1.2 as host compiler"
Support for such old gcc version is not needed.

This reverts commit 2694d43b05.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-07 19:53:36 +01:00
Magnus Kroken
186cd4533d zlib: update to 1.2.10
* Fix bug in deflate_stored() for zero-length input
* Fix bug in gzwrite.c that produced corrupt gzip files

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-01-07 19:35:22 +01:00
Rafał Miłecki
188626f17c mac80211: backport cfg80211 support for ieee80211-freq-limit DT property
This property allows specifying extra limits for wireless device in DT.
For a full documentation see upstream commit b330b25eaabd ("dt-bindings:
document common IEEE 802.11 frequency limit property").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-06 15:52:55 +01:00
Felix Fietkau
7304510392 base-files: save /bin/mknod for sysupgrade
It is used on NAND devices in case hotplug is too slow

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-06 15:34:14 +01:00
Hauke Mehrtens
b7e8de67e0 strace: update to version 4.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-05 23:10:44 +01:00
Eric Luehrsen
612e2276b4 dnsmasq: change 'add_local_hostname' to use dnsmasq '--interface-name'
'add_local_hostname' previous implementation may drop some addresses.
Soft addition of IP6 addresses may not cause a reload or restart event.
dnsmasq '--interface-name' robustly applies DNS to all addresses per
interface (except fe80::/10).

Change UCI 'add_local_hostname' to expand during each interface assignement
during add_dhcp().
Assign '<iface>.<host>.<domain>' as true name (reflexive A, AAAA, and PTR).
Assign '<host>.<domain>' and '<host>' as convinience aliases (no PTR, not
technically CNAME).
This is accomplished with the '--interface-name' order, first is PTR.
We could also assign each <ip4/6>.<iface>.<host>.<domain> to the respective
dual stack on the interface.
That seemed excessive so it was skipped (/4 or /6 suffix to the interface).
Add UCI 'add_wan_hostname' similar to 'add_local_hostname' function for
external WAN.

WAN IP4 are less often named by the ISP and rarely WAN IP6 due to complexity.
For logs, LuCI connection graph, and other uses assigning a WAN name is desired.
'add_local_hostname' only applies with DHCP and 'add_wam_hostname' only applies
without DHCP. Common residential users will want to set both options TRUE.
Businesses will probably have global DNS, static IP, and 'add_wan_hostname' FALSE.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-01-05 22:51:39 +01:00
Eric Luehrsen
06e26363d8 dnsmasq: clean up white space in dnsmasq.init
Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-01-05 22:51:23 +01:00
Felix Fietkau
fbe3e22507 uboot-sunxi: enable parallel build
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:15 +01:00
Yousong Zhou
6268d496a4 uboot-sunxi: add uboot-sunxi-all for selecting all other variants
While at it, the following changes are introduced

 - Rewrite the Makefile for better readability
 - Make parallel builds possible

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-01-05 11:09:14 +01:00
Yousong Zhou
6f61d8511e base-files: export x86 platform upgrade functions to common.sh
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-01-05 11:09:14 +01:00
Felix Fietkau
e3072599f6 ath9k: don't run periodic and nf calibration at the same time
Might fix some stability issues on older chips

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Felix Fietkau
84bd74057f build: use mkhash to replace various quirky md5sum/openssl calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Stijn Tintel
ed69e93262 kernel/modules: add SSSE3 SHA512 module
This module is optimized for SSSE3/AVX/AVX2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:33 +01:00
Stijn Tintel
86de53203e kernel/modules: add SSSE3 SHA256 module
This module is optimized for SSSE3/AVX/AVX2/SHA-NI.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:33 +01:00
Stijn Tintel
159e82d0db kernel/modules: add SSSE3 SHA1 module
This module is optimized for SSSE3/AVX/AVX2/SHA-NI.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-04 13:20:33 +01:00
Felix Fietkau
c296ba834d Revert "ath9k: Add airtime fairness scheduler"
This reverts commit 528f46d082.
After this commit, several users reported stability issues. Revert it
now so it doesn't cause issues for the upcoming release

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-04 01:13:58 +01:00
Arjen de Korte
10f91525bc dnsmasq: add DHCP Unique Identifier for DHCPv6
Add DHCPv6 matching by DHCP Unique Identifier (RFC-3315) in addition to
existing MAC-address (RFC-6939). The latter is not widely supported yet.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
2017-01-03 22:27:23 +01:00
Hans Dedecker
1175a5b153 odhcpd: bump to git HEAD version
091d8a9 dhcpv6-ia: fix static assignment check
11ce6b5 dhcpv6-ia: coding style fixes
561890e dhcpv6-ia: update valid_until only for non static DHCPv6 leases
0b45fce dhcpv4: coding style fixes
95b76c2 README: Add host leasetime uci parameter
541219e dhcpv6-ia: fix invalid IPv6/hostname entries in statefile
13937ab dhcpv6-ia: fix delete logic of an assignment in reconf_timer
60c3969 dhcpv6-ia : code style fixes
bf4ebc0 config: use free_lease to delete a lease
c24782a config: coding style fixes
0572d1a config: Create statefile dir
ec833f4 dhcpv6-ia: use free_dhcpv6_assignment where needed
1d55edb dhcpv6-ia: make free_dhcpv6_assignment static
f01e538 dhcpv4: make dhcpv4_msg_to_string static
700f5ab dhcpv4: fix DHCPv4 hostname handling
4c89614 Limit lifetime of non-static leases in case of release and
decline

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-03 22:25:13 +01:00
Hans Dedecker
34fa03ea16 odhcp6c: bump to git HEAD version
5d6fec3 Merge pull request #50 from sartura/libubox_md5_reuse
33a2ba1 odhcp6c: reuse md5 from libubox

Switch PKG_SOURCE_URL to git.lede-project.org/project/odhcp6c.git

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-03 22:25:13 +01:00
Stijn Tintel
388681fe53 hostapd: enable SHA256-based algorithms
Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.

We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:49 +01:00
Stijn Tintel
30f14f6198 hostapd: add function to handle wpa_key_mgmt
Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
bdcffb9bb6 wpa_supplicant: rework wpa_key_mgmt handling
Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-01-03 20:53:48 +01:00
Stijn Tintel
b13e103d71 ath5k: select 802.11w support
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-01-03 20:53:48 +01:00
Roger Pueyo Centelles
c6d3a62919 gre: add different per-protocol prefixes to GRE-TAP IPv4/6 tunnel interfaces.
This commit modifies the /lib/netifd/proto/gre.sh script so that, when
GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen
interface name contains the "tap" substring, to differentiate them from non-TAP
GRE tunnels.

Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined
in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname)
upon creation. For instance, the following tunnels:

        config interface 'tuna'
                option peeraddr '172.30.22.1'
                option proto 'gre'

        config interface 'tunb'
                option peeraddr '192.168.233.4'
                option proto 'gretap'

        config interface 'tunc'
                option peer6addr 'fdc5:7c9e:e93d:45af::1'
                option proto 'grev6'

        config interface 'tund'
                option peer6addr 'fdc0:6071:1348:31ff::2'
                option proto 'grev6tap'

are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund".

The current change makes that each GRE tunnel interface of the four different
types available (gre, gretap, grev6 and grev6tap) gets a different prefix.
Therefore, the abovementioned tunnels will be named, respectively:
"gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund".

This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA)
where the whole protocol name is used. For instance, a PPPoA interface named
"p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1"
and "pppoe-p2", not as "ppp-p1" and "ppp-p2").

Since Linux interfaces names are limited to 15 characters, these prefixes leave,
for the worst case (TAP tunnels), 9 characters for the actual name.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2017-01-03 14:36:37 +01:00
Luiz Angelo Daros de Luca
0bb474652e elfutils: bump to 0.168
Other changes:
- Project moved to sourceware.org
- musl patch where cleaned up and submitted upstream
- TEMP_FAILURE_RETRY macro fixed and submitted upstream

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-03 14:32:35 +01:00
Rosen Penev
558680012d curl: Remove PolarSSL and adjust default to mbedTLS
luci-ssl has already made the switch since mainline support for PolarSSL is
almost over (2016).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-01-03 14:26:41 +01:00
Daniel Engberg
0050b39fd4 gmp: Update to 6.1.2
Update GMP to 6.1.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
6099f22097 zlib: Update to 1.2.9
Update zlib to 1.2.9 and switch to XZ tarballs for download.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Daniel Engberg
bb4afdc8bc libusb: Update to 1.0.21
Update libusb to 1.0.21

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-03 14:24:33 +01:00
Florian Fainelli
1618c4abdb rpcd: Update to 2016-12-03
Brings in the following changes:

0577cfc1acdb cmake: Find libubox/blobmsg_json.h
26c98ec94d7a sys: Check return values of chdir and write
f4089654a399 cmake: Find libubus.h

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:14 +01:00
Florian Fainelli
9bf2bc7587 fstools: Update to 2016-12-04
Brings in the following changes:
84b530a732b1 libfstools: Check return values for fread and system

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:14 +01:00
Florian Fainelli
55209a9df9 uclient: Update to 2016-12-09
Brings in the following changes:

52d955fd802a remove obsolete mac os x /opt/local include/library search path
a4e49b4163b2 Fix unused results warnings
48cfff3fbec9 uclient-http: send correct "Host:" header if port is set

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-01-02 21:06:13 +01:00
Mathias Kresin
8c822ec4ca uboot-lantiq: fix boot of images larger than 8MB
Increasing CONFIG_SYS_BOOTM_LEN from 8 MB to 16 MB is necessary to
support uncompressing images larger than 8 MB when using the bootm
command.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Mathias Kresin
cfe1c6debe uboot-lantiq: fix build with gcc6
Backport u-boot commit 9b2c282b348dfe966bbba967dc7a45ce817cce50 to fix
compile with gcc5 and gcc6.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-02 19:16:54 +01:00
Alexis Green
fd718c5025 mac80211: Allow HT/VHT rates when running unencrypted mesh.
Signed-off-by: Alexis Green <agreen@cococorp.com>
2017-01-02 16:47:59 +01:00
Alberto Bursi
8496659eb4 base-files: fix message of initscript wrapper
currently (after blogic's edit to my commit) it prints like this:

root@lede:/# service aa
aa does not exist. the following services are available :adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.

with this commit it looks like this:

root@lede:/# service
service "" not found, the following services are available:
adblock       dnsmasq       gpio_switch   rpcd          system
boot          done          led           sqm           uhttpd
crelay        dropbear      log           sysctl        umount
cron          firewall      network       sysfixtime    urandom_seed
ddns          fstab         odhcpd        sysntpd

Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-01-02 16:47:59 +01:00
George Amanakis
5639e45614 generic: package Broadcom BNX2 driver
bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.

Signed-off-by: George Amanakis <g_amanakis@yahoo.com>
2017-01-02 16:47:59 +01:00
Hauke Mehrtens
1436e15488 curl: update to version 7.52.1
This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-02 13:07:10 +01:00
Hannu Nyman
b7677f05d6 ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarssl
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT

Remove extra DEFAULT_VARIANT from libustream-polarssl.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-12-30 17:38:39 +01:00
Magnus Kroken
39d3a4117b openvpn: update to 2.4.0
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-30 13:07:41 +01:00
Magnus Kroken
8ed11ebf7d mbedtls: enable DHE-RSA key exchange
Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>
2016-12-30 13:06:43 +01:00
Magnus Kroken
ca963bbf5f mbedtls: enable secp384r1 elliptic curve support
Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-30 13:06:25 +01:00
Felix Fietkau
ae37f2310b mbedtls: enable support for external private RSA keys to fix openvpn build issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-28 22:56:36 +01:00
Felix Fietkau
c9c68c7177 ath9k: fix issues with external reset on AR913x
An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 20:55:35 +01:00
Felix Fietkau
6b524fe5b8 relayd: fix expiry time handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 13:21:42 +01:00
Felix Fietkau
3f20fd4ee0 relayd: fix reload / interface restart issues
- replace the hotplug script with an interface trigger
- add netdev params to procd to trigger restart

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 13:20:33 +01:00
Felix Fietkau
f04b651453 ath5k: drop bogus warning on drv_set_key with unsupported cipher (FS#334)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-27 12:18:36 +01:00