Commit Graph

40061 Commits

Author SHA1 Message Date
Martin Schiller
65d62b5f4f dropbear: disable MD5 HMAC and switch to sha1 fingerprints
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.

By disabling the MD5 HMAC support dropbear  will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-12-12 22:24:17 +01:00
Luis Araneda
575178e462 treewide: add only one device when appending to TARGET_DEVICES
This will avoid some conflicts when doing a git rebase or merge,
specially when adding support to a new device.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
[drop brcm47xx changes which rename the images]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-12 18:47:26 +01:00
Jo-Philipp Wich
72051f7036 rules.mk: export TMPDIR
Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:44:01 +01:00
Jo-Philipp Wich
902961c148 wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:39:52 +01:00
Felix Fietkau
905bbc96ef build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after including package.mk
Reverts commit a9c96ef0ac and replaces it
with a different approach

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-12 12:45:28 +01:00
Kabuli Chana
e4a69bda61 mwlwifi: update to version 10.3.4.0 / 2017-11-29
Improves stability on WRT3200ACM

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-12-12 12:00:50 +01:00
Gabor Juhos
e7b48fcfe1 ar71xx: fix board detection with newer RouterBOOT versions
Recent RouterBOOT version (at least version 3.41 on RB911G-5HPacD)
use "Board=" kernel parameter instead of "board=" to pass the board
name to the kernel. Due to this change the board detection code is
not working on the devices shipped with the new RouterBOOT version.
Because the kernel is unable to identify these boards they become
unusable despite that they are supported by the current code.

Update the prom_init code to convert the 'Board' kernel parameter to
'board'. After this change, the board detection works also with the
new RouterBOOT versions.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
2017-12-12 17:05:25 +08:00
Moritz Warning
b8220883fd brcm47xx: remove versions from linksys-e1000 target
The target name does not need to included a revision
if all revisions are supported.
This target supports all revisions (v1, v2, v2.1).

Signed-off-by: Moritz Warning <moritzwarning@web.de>
[Keep the version numbers in the device title, it doesn't harm]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-11 12:44:50 +01:00
Moritz Warning
ac3d7d3569 brcm47xx: use proper region code in image name
Replace 'north-america' by 'na' and remove 'other-regions' in image
files for Netgear WGR614 v10.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
2017-12-11 12:44:41 +01:00
Mathias Kresin
ab6620e817 lantiq: dgn3500 drop worldwide suffix
Remove the WW suffix, everything without a region suffix is world wide
anyway.

While at it, normalise the image filenames by using only lower case
characters.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-11 12:43:29 +01:00
Sascha Paunovic
d810a2aebf kernel: fix spelling in CONFIG_DEVTMPFS help text
Change "ti" to "to", as that's the correct spelling.

Signed-off-by: Sascha Paunovic <azarus@posteo.net>
2017-12-11 12:43:29 +01:00
Mathias Kresin
0c7ad4e5d3 lantiq: nand: drop ubifs images
Users are confused which image type they should use and there are more
drawbacks than adavantages in using a r/w ubifs rootfs in constrast to
a read-only squashfs rootfs like:

 - less available free flash space due to better compression of squashfs
   images
 - no support for factory reset due to r/w filesystem
 - possibility to break failsafe due to r/w filesystem

Therefore, drop support for r/w ubifs rootfs images.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-11 10:31:00 +01:00
Hans Dedecker
893a1ede2e dnsmasq: add DHCP build switch support in full variant
Add config option which allows to enable/disable DHCP support at compile
time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support
implies having DHCP support.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-10 16:42:01 +01:00
Jo-Philipp Wich
f4c68e1cc6 busybox: fix glibc libresolv dependency for LEDE nslook applet
Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config.
Fixes FS#1212.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-10 14:26:19 +01:00
Matthias Schiffer
d573b1287e
base-files: remove remaining uses of %N, and drop VERSION_NICK config symbol
Fixes d23e1e1e1a "merge: properly remove %n / %N references"

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-09 23:27:41 +01:00
Jo-Philipp Wich
d23e1e1e1a merge: properly remove %n / %N references
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files

Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-09 16:01:14 +01:00
Pavel Kubelun
69d22a6bf6 ramips: fix a typo in 02_network
The typo in network defaults script in ramips target that prevents
defaults to initialize.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-12-08 22:34:31 +01:00
Mathias Kresin
abdf0dea3a netifd: always send DHCPv4 hostname
udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.

It syncs the behaviour to odhcpc, which always sends a hostname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-08 21:00:26 +01:00
Mathias Kresin
93bd46b719 procd: nand: remove nand_board_name platform override
It isn't uses anymore by any target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Mathias Kresin
0b8a1e75df ar71xx: remove nand_board_name platform override
The boardname isn't used any longer to find the subdirectory in the
sysupgrade tar archive, which makes this override useless.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Mathias Kresin
c90a8cb755 procd: nand: dont rely on boardname in nand_upgrade_tar
Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.

Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.

It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Felix Fietkau
668eb70157 kernel: MIPS compile out no-op DMA mapping ops where possible
Slightly improves networking throughput on some devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-08 19:55:17 +01:00
Rosen Penev
1c2fdfbaf2 ag71xx: Reduce NAPI weight to 32.
Qualcomm claims this reduces cache misses. Original commit message below:

From: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Date: Tue, 11 Jun 2013 12:18:46 -0500
Subject: [ag71xx] reduce NAPI weight

In an attempt to increase our cache warmth, we are decreasing NAPI.
This increases the warmth of the reused SKBs.

Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-08 19:54:37 +01:00
Rosen Penev
524d103e7e Revert "ag71xx: Switch from driver to kernel macro for NAPI_WEIGHT."
The motivation for this was misguided. It turns out tuning the NAPI weight could be useful for testing purposes. Therefore reverting.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-08 19:54:34 +01:00
Christian Lamparter
6b175b7cd6 toolchain: musl: update to current HEAD
Changes:

72656157 fix fgetwc when decoding a character that crosses buffer boundary
a223dbd2 add reverse iconv mappings for JIS-based encodings
105eff9d generalize iconv framework for 8-bit codepages
a71b46cf fix malloc state corruption when ldso rejects loading a second libc
d060edf6 reformat cjk iconv tables to be diff-friendly, match tool output
c21051e9 prevent fork's errno from being clobbered by atfork handlers
a39f20bf add iso-2022-jp support (decoding only) to iconv
5b546faa add iconv framework for decoding stateful encodings
0df5b39a simplify/optimize iconv utf-8 case
9eb6dd51 handle ascii range individually in each iconv case
bff59d13 move iconv_close to its own translation unit
79f49eff refactor iconv conversion descriptor encoding/decoding
30fdda6c fix getaddrinfo error code for non-numeric service with AI_NUMERICSERV
67b29947 fix mismatched type of __pthread_tsd_run_dtors weak definition
13935337 s390x: use generic ioctl.h
4dc44ce8 microblaze: add statx syscall from linux v4.13
ffd048a0 aarch64: add extra_context struct from linux v4.13
6651ef1f add new tcp.h socket options from linux v4.13
14ced228 add new fcntl.h macros from linux v4.13
754f66af ioctl TIOCGPTPEER from linux v4.13
c35a8bf4 add SO_ getsockopt options from linux v4.13
5daaed6a s390x: add syscall number for s390_guarded_storage from linux v4.12
2dc6760f i386: add arch_prctl syscall number from linux v4.12
840d45be aarch64: add new HWCAP_* flags from linux v4.12
4c811227 add ARPHDR_VSOCKMON from linux v4.12
54f04d99 add new SO_ socket options from linux v4.12
9864f60e add statx syscall numbers from linux v4.11
c519658c add TCP_NLA_* enums from linux v4.11
ee3ae782 add TCP_FASTOPEN_CONNECT tcp socket option from linux v4.11
3eb82f73 add ETH_P_IBOE from linux v4.11
bd1560f6 update aarch64 hwcap.h for linux v4.11
cee73f0c add kexec_file_load syscall number on powerpc from linux v4.10
8f569557 add microblaze syscall numbers from linux v4.10
d8004030 add TFD_TIMER_CANCEL_ON_SET that timerfd.h was missing
f5638c22 add ETH_MIN_MTU and ETH_MAX_MTU from linux v4.10
01369691 add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE from linux v4.10
5c596ed8 add SCM_TIMESTAMPING_OPT_STATS and related TCP_ enums from linux v4.10
6fc6ca1a adjust posix_spawn dup2 action behavior to match future requirements

Cc: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:21 +01:00
Christian Lamparter
4e3f6dae04 base-files: upgrade: make get_partitions() endian agnostic
This patch fixes two issues with the current get_partitions()
function.

First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.

This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.

This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.

Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:16 +01:00
Christian Lamparter
96b485ec7a firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:14 +01:00
Zoltan HERPAI
d2c06eb075 merge: etc: update remaining files
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
2ffff58c2b merge: uhttpd: update cert generation to match system defaults
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
23f774f727 merge: packages: update branding in core packages
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
1f8585cf99 merge: ssid: update default ssid
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
7b5c989ab9 merge: targets: update image generation and targets
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
bf5cef47b3 merge: release/banner: drop release name and update banner
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
34bbbbf9c3 merge: base: update base-files and basic config
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Felix Fietkau
98fb380d88 mt76: update to the latest version, fixes setting per-vif mac address
d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-08 17:58:05 +01:00
David Bauer
5a8e9846af
ar71xx: C58/C59 fix LAN1 working incorrectly
This commit fixes LAN Port 1 not transferring data in case no
other LAN Port has active link-state on TP-Link Archer C58/C59.

Signed-off-by: David Bauer <mail@david-bauer.net>
2017-12-08 13:53:03 +01:00
Peter Wagner
55e70c8b72 openssl: update to 1.0.2n
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-12-08 10:47:51 +01:00
Rosen Penev
d6e34b7352 tools/sstrip: Fix compile under standard linux.
bswap32 undefined is the issue. Added the proper header. Also fixed a few format/conversion warnings that clang complained about without -Wall or -Wextra.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-08 10:40:20 +01:00
Hans Dedecker
01c5cf0b24 odhcpd: fix faulty PKG_SOURCE_DATE in 711a816
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-07 18:43:01 +01:00
Rafał Miłecki
3cd6ccf199 opkg: bump to version 2017-12-07
Changes:
3b417b9 opkg_download: decode file:/ URLs
71c27cb file_util: implement urldecode_path()
d1fe095 file_util: consolidate hex/unhex routines
ebdfc12 add opkg option http_timeout
9f003e3 opkg: encode archive filenames while constructing download URLs
73e6c81 file_util: implement urlencode_path() helper
468158f libopkg: fix SHA256 calculation for big endian system

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-07 18:21:54 +01:00
Daniel Golle
173edcdc9d rpcd: update to version from 2017-12-07
cfe1e75c91bc1 sys: packagelist: allow listing all packages
74a784f037867 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-12-07 17:26:04 +01:00
Hans Dedecker
a39ddff428 dnsmasq: write atomic host file
Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-07 10:59:03 +01:00
Rosen Penev
94fcd92913 strace: Update to 4.20
Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also
reordered the Makefile a little bit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-07 11:46:37 +08:00
Timo Sigurdsson
bd45e15d0a hostapd: backport fix for wnm_sleep_mode=0
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 02:00:23 +02:00
Timo Sigurdsson
6515887ed9 hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2017-12-07 01:57:29 +02:00
Stijn Tintel
f997478655 kernel: bump 4.9 to 4.9.67
Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 01:41:09 +02:00
Hans Dedecker
79a19e5d27 iproute2: align ip help text for tiny variant
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 22:30:54 +01:00
Russell Senior
c3c1185d56 iproute2: update to v4.14.1
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2017-12-06 22:30:00 +01:00
Hans Dedecker
711a816770 odhcpd: update to latest git HEAD
c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 19:17:44 +01:00