Commit Graph

38145 Commits

Author SHA1 Message Date
Felix Fietkau
acd481470c build: get rid of FIND_L from host.mk
This was added for Mac OS X many years ago, but recent versions also
support find -L

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit be206eba3a)
2017-12-13 14:32:21 +01:00
Thomas Reifferscheid
11cd6077ba build: unsilence move command
The @ sign in front of the "mv" command was significantly suppressing
output to stdout. When reviewing the make/build logs it was tricking
me a whole lot and it mad me lose time. Removing the @ sign will get
stdout and logs right about what happened when.

Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
(cherry picked from commit 1d49b534f5)
2017-12-13 14:31:36 +01:00
Felix Fietkau
903a404663 build: skip headers install and config on make target/linux/prepare
This simplifies working with quilt on the kernel tree

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit dce6eeccc0)
2017-12-13 14:27:44 +01:00
Felix Fietkau
a7fc27edce build: make Host/Install/Default use Host/Compile/Default with an extra argument
Allows parallelizing compile steps that might be necessary during install

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fe1e3622a2)
2017-12-13 14:24:59 +01:00
Michal Sojka
94f079e338 build: Pass -iremap gcc option as a single argument
Passing -iremap argument separately causes problems with projects that
use scons and its ParseFlags function. Consider this SConscript
example:

    env = Environment()
    d = env.ParseFlags("-iremap one:two")

ParseFlags will interpret one:two as a file name and the returned dict
d will contain only "-iremap". When the -iremap is passed to the
compiler without an argument, compilation obviously fails.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit 202ae4cc6a)
2017-12-13 14:24:21 +01:00
Felix Fietkau
3056122bf7 toolchain/gcc: parallelize make install
If the staging dir was deleted, the build needs to recompile some files.
This change speeds up this corner case significantly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 0f5d17a7e6)
2017-12-13 14:22:36 +01:00
Felix Fietkau
a33b0ced78 toolchain/musl: parallelize make install
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 43332f513b)
2017-12-13 14:22:32 +01:00
Jo-Philipp Wich
1d0f7e3136 imagebuilder: make submake invocations less verbose
Use silent make invocations for sub-makes like build_image or checksum to
avoid bloating the IB output with non-status info.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0d1765b4ba)
2017-12-13 14:17:32 +01:00
Felix Fietkau
bdb05f5ef5 gcc: remove obsolete uclibc patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 70973dd30d)
2017-12-13 14:16:17 +01:00
Felix Fietkau
90a43e508e toolchain/gcc: reduce source directory size by about 420 MB
Remove gcc testsuite, ada and libjava (if not selected)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f204e0fc46)
2017-12-13 14:15:34 +01:00
Felix Fietkau
82615922b0 bcm53xx: suppress osafeloader info error messages during flashing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 727e244fae)
2017-12-13 14:15:09 +01:00
Florian Fainelli
c566a9e563 toolchain: Broaden the executable loader pattern
Some toolchains will produce executables with an interpreter that is e.g:
ld.so.1 (typically a symbolic link). Due to our current LIBC_SPEC_FILE value,
we would not be able to copy this symbolic link/file over to the rootfs and
executables would fail to load. Extend the search pattern to include all
ld*.so* files that could be needed.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 200d932322)
2017-12-13 14:15:08 +01:00
Florian Fainelli
3387158e45 build: Suffix build directory with _$(LIBC) for external toolchains
For external toolchain, we also know the type of C library used, and the
toolchain triplet may not always be reflective of that, therefore make
$(TARGET_DIR_NAME) suffixed with _$(LIBC).

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 57657a7237)
2017-12-13 14:15:08 +01:00
Rosen Penev
2428b6d6b6 tools/sstrip: Fix compile under standard linux.
bswap32 undefined is the issue. Added the proper header. Also fixed a few format/conversion warnings that clang complained about without -Wall or -Wextra.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit d6e34b7352)
2017-12-13 13:17:35 +01:00
Peter Wagner
50b478956a openssl: update to 1.0.2n
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from commit 55e70c8b72)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-13 13:17:12 +01:00
Christian Lamparter
135aa3ba7e base-files: upgrade: make get_partitions() endian agnostic
This patch fixes two issues with the current get_partitions()
function.

First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.

This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.

This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.

Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4e3f6dae04)
2017-12-13 13:13:51 +01:00
Jo-Philipp Wich
207bcea1de cyassl: update to wolfssl 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 902961c148)
2017-12-13 13:08:38 +01:00
Jo-Philipp Wich
3bb881862b mdadm: fix parameter quoting
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d4e7af5278)
2017-12-13 12:58:38 +01:00
Rosen Penev
6c1b6e8221 mdadm: Fix config generation
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.

Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.

Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8eadec40bd)
2017-12-13 12:58:38 +01:00
Florian Fainelli
4fc0fb3ca3 mdadm: Do not check RUN_DIR
Fixes build failure on hosts that do not have mdadm
installed/configured:

make[3]: Entering directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
***** Parent of /run/mdadm does not exist.  Maybe set different RUN_DIR=
*****  e.g. make RUN_DIR=/dev/.mdadm
***** or set CHECK_RUN_DIR=0
make[3]: *** [check_rundir] Error 1
make[3]: Leaving directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
make[2]: ***
[/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0/.built]
Error 2
make[2]: Leaving directory
`/local/users/fainelli/openwrt/trunk/package/utils/mdadm'
make[1]: *** [package/utils/mdadm/compile] Error 2
make[1]: Leaving directory `/local/users/fainelli/openwrt/trunk'
make: *** [package/mdadm/compile] Error 2

Fixes: 980c41f8e0 ("utils/mdadm: Update to 4.0")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 5229c45363)
2017-12-13 12:58:37 +01:00
Felix Fietkau
157b892994 kernel: remove out of tree direct-io disable hack
Direct-IO support has to be enabled for the release build anyway, so
this hack is not worth keeping

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from commit 0b7ed65cec)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-13 12:57:41 +01:00
Daniel Engberg
adc9f935c3 utils/mdadm: Update to 4.0
Update mdadm to 4.0
Remove 000-compile.patch as it's fixed upstream
Refresh patches
Add mdadm.h-Undefine-dprintf-before-redefining.patch
Source: http://git.openembedded.org/openembedded-core/tree/meta/recipes-extended/mdadm/files
Add RAID 0,1 and 10 as depends to make mdadm usable.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 980c41f8e0)
2017-12-13 12:55:15 +01:00
Jo-Philipp Wich
8bf67f63b9 mdadm: extend uci config support
Extend the mdadm package to allow to explicitely configure arrays as
well as device list entries.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 813efe57e4)
2017-12-13 12:54:53 +01:00
Matthias Schiffer
4af145ea67 rules.mk: make PKG_CONFIG_DEPENDS properly track string values
The confvar macro is adjusted to not only consider if a variable has a
value or not, but also the value itself. Instead of creating a string of
'y' and 'n' characters, all variable names and values are concatenated
and hashed.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 5ef0854b11)
2017-12-12 15:40:41 +01:00
Etienne Haarsma
2b664499cd kernel: bump 4.4 to 4.4.103 for 17.01
Refreshed all patches.

Removed upstream ramips patches:
0101-MIPS-ralink-Fix-MT7628-pinmux.patch
0102--MIPS-ralink-Fix-typo-in-mt7628-pinmux-function.patch

Compile-tested: ar71xx
Run-tested: ar71xx

Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
2017-12-12 11:10:47 +01:00
Koen Vandeputte
ed82c52a4a uqmi: also try newer pin verification
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.

Fixes PIN issues with modems like the Sierra Wireless MC7455

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-12-11 12:26:39 +01:00
Rafał Miłecki
b41a2e646e opkg: bump to version 2017-12-08
This updates package to the latest commit from the lede-17.01 branch. It
contains few fixes backported from the master:
1) SHA256 fix
2) URL encoding which allows hosting packages on some more picky servers

Changes:
9f61f7a opkg_download: decode file:/ URLs
3c46c88 file_util: implement urldecode_path()
79908c2 file_util: consolidate hex/unhex routines
793fbac opkg: encode archive filenames while constructing download URLs
a6bb5cb file_util: implement urlencode_path() helper
098e774 libopkg: fix SHA256 calculation for big endian system

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-08 14:17:38 +01:00
Timo Sigurdsson
f5f5f583f9 hostapd: backport fix for wnm_sleep_mode=0
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd45e15d0a
 fixed PKG_RELEASE and renumbered patch)

Conflicts:
	package/network/services/hostapd/Makefile
2017-12-07 19:45:44 +01:00
Timo Sigurdsson
19ebc19f54 hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 6515887ed9)
2017-12-07 19:42:30 +01:00
Hans Dedecker
3590316121 dnsmasq: backport infinite dns retries fix
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 22:04:31 +01:00
Stijn Segers
060b7f1fbb curl: apply CVE 2017-8816 and 2017-8817 security patches
This commit adds the upstream patches for CVE 2017-8816 and 2017-8817 to the 17.01
Curl package.

Compile-tested on ar71xx, ramips and x86.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2017-12-04 11:10:31 +01:00
Felix Fietkau
4b5861c47d mt76: update to the latest version
Significant performance/stability improvements for MT76x2 and MT7603.
Adds LED support.

Changes:

2895775 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature
1dae8f0 mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature
5e49aa9 Fix errors found by cppcheck
1b8c8a0 mt7603: add LED definition registers
4d83561 mt76x2: add LED register definitions
2f40e4a mt76x2: Support using PCI ID as chip ID
27c64bc mt76: add led support using mac80211 led framework
dfd64fc mt76x2: init: add ma80211 led callbacks
215edf1 mt7603: init: add ma80211 led callbacks
9d36ff2 mt76x2: Add PCI identifier for MT7602
0b7984e mt7603: remove unnecessary mcu register read function
f5498d2 debugfs: add support for changing the LED pin
8e453b3 mac80211: move DT led configuration to the "led" child node
8f1673a mt76x2: limit client WCID entries to 0-127
f9d9c22 mt76x2: clear drop flag for all WCIDs on init
0dd8b68 mt76x2: clear per-WCID tx rate lookup register
3e5afe7 mt76x2: add helper function for setting drop mask
941555b mt76x2: clear drop mask when sending a PS response
7dfb354 mt76: increase rx ring size for mt76x2
73902dc mt76x2: add rx statistics registers
fe79816 mt76x2: fix LNA gain register annotation
cc588c5 mt76x2: sync channel gain value with latest reference driver
60a4d67 mt76x2: implement dynamic AGC tuning based on false packet detection count
4bc9aa9 mt76x2: add more gain tuning based on the latest reference driver
0a0d16f mt76x2: sync tx power related values with reference driver
8c821aa mac80211: add missing include
82acc85 mt7603: add missing include required on newer kernels
2c1a77c mt76x2: fix transmission of encrypted management frames
0532315 mt76x2: increase OFDM SIFS time
1acde21 mt76x2: add channel argument to eeprom tx power functions
58364a2 mt76x2: initialize channel power limits
c2bd89e mt76x2: convert between per-chain tx power and combined output
e7eaa7c mt7603: rename mt7603_mac_reset to mt7603_pse_reset
ea4c2a1 mt7603: rename MT_PSE_RESET register
c86c3a0 mt7603: remove watchdog reset on interface stop
4490f93 mt7603: remove WARN_ON_ONCE for workaround checks
3075059 mt7603: simplify PSE reset
4ed7e07 mt7603: warn if PSE reset fails
7dc8db1 mt7603: clean up dma debug reads
41e6a04 mt7603: make mt7603_mac_watchdog_reset() static
dc7a351 mt7603: clear wtbl PS bit for powersave responses
123acf2 mt7603: set tx-skip flag for powersave clients
7dd2a9e mt7603: initialize wtbl ps flag on station add
86ddef3 mt76x2: remove some harmless WARN_ONs in tx status and rx path
e326bc2 mt7603: remove some harmless WARN_ONs in rx path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-04 10:52:52 +01:00
Ryan Mounce
f19d47f848 tools: patch various gnu tools for macOS 10.13
These host tools compile but may crash at runtime when building on
macOS 10.13 (High Sierra). Backport upstream gnulib patch until new
releases of affected tools.

https://lists.gnu.org/archive/html/bug-gnulib/2017-07/msg00056.html
https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=c41f233c4c38e84023a16339782ee306f03e7f59

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-12-04 10:51:07 +01:00
Felix Fietkau
e5a10bc0fc samba36: backport an upstream fix for an information leak (CVE-2017-15275)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-04 10:51:07 +01:00
Mathias Kresin
d77fe9219a ramips: backport MT7628 pinmux fixes
According to the datasheet the REFCLK pin is shared with GPIO#37 and
the PERST pin is shared with GPIO#36.

While at it fix a typo inside the pinmux setup code. The function is called
refclk and not reclk.

Update device tree source files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-27 21:28:34 +01:00
INAGAKI Hiroshi
9601e6a0e2 ramips: add missing reset button for Nexx WT1520
This commit adds missing the GPIO key used as reset button.
Nexx WT1520 has a GPIO key for factory reset, but it's not defined in
WT1520.dtsi and cannot use it.

Drop the UART (full) from the device tree source file, it was never
used for this board. Adjust the kernel bootargs accordingly.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[add note about dropped UART (full) to the commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-27 20:36:46 +01:00
Kevin Darbyshire-Bryant
0946ec0f46 wireguard: bump to snapshot 20171127
== Changes ==

 * compat: support timespec64 on old kernels
 * compat: support AVX512BW+VL by lying
 * compat: fix typo and ranges
 * compat: support 4.15's netlink and barrier changes
 * poly1305-avx512: requires AVX512F+VL+BW

 Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.

 * blake2s: AVX512F+VL implementation
 * blake2s: tweak avx512 code
 * blake2s: hmac space optimization

 Another terrific submission from Samuel Neves: we now have an implementation
 of Blake2s using AVX512, which is extremely fast.

 * allowedips: optimize
 * allowedips: simplify
 * chacha20: directly assign constant and initial state

 Small performance tweaks.

 * tools: fix removing preshared keys
 * qemu: use netfilter.org https site
 * qemu: take shared lock for untarring

 Small bug fixes.

Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.

Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-27 14:51:05 +01:00
Etienne Haarsma
7f3dab2fc3 kernel: bump 4.4 to 4.4.102
Refreshed all patches.

Removed upstream ramips patch: 0063-set-CM_GCR_BASE_CMDEFTGT_MEM-according-to-datasheet.patch

Compile-tested: ar71xx
Run-tested: ar71xx

Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
Tested-by: Stijn Segers <francesco.borromini@inventati.org>
2017-11-26 15:10:36 +01:00
Kevin Darbyshire-Bryant
d3f40aabba wireguard: bump to 20171122
Bump to latest WireGuard snapshot release:

ed479fa (tag: 0.0.20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-24 12:56:36 +01:00
Mathias Kresin
7ec639451d ramips: fix Planex CS-QR10 device packages
Add kmod-sound-core, it is a dependency of kmod-sound-mt7620 and will
not be autoselected.

Remove kmod-i2c-core, it will be autoselected by kmod-i2c-ralink.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:19:37 +01:00
Mathias Kresin
6cfa7e5788 ramips: fix DCH-M225 support
Setting the pins of the uartf group to gpio+i2s at the time the i2c
driver loads is to late for the WPS gpio button.

The gpio-keys driver fails to load since the pin used by the WPS button
is not yet set to GPIO. The WPS button with the rfkill keycode is
essential for this wifi only board.

Add the missing sound and i2c kernel modules corresponding to the
device nodes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:19:37 +01:00
Emerson Pinter
e626942c33 dnsmasq: load instance-specific conf-file if exists
Without this change, the instance-specific conf-file is being added to procd_add_jail_mount,
but not used by dnsmasq.

Signed-off-by: Emerson Pinter <dev@pinter.com.br>
2017-11-20 21:42:10 +01:00
Daniel Golle
d64c0e54a5 rpcd: update to version 2017-11-12
a0231be8fbc61 fix memory leak in packagelist
4e483312b0216 sys: add packagelist method

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-17 14:42:49 +01:00
Antony Black
ecaad8b2cb brcm47xx: fix switch port mapping on D-Link DIR-330
D-Link DIR-330 is clone of ASUS WL500GP2, by default conf the WAN port is
eth1, it's not working cus eth1 not soldered and wan port function
performs 5th port of the switch.

Signed-off-by: Antony Black <gtrtfm@gmail.com>
2017-11-16 22:57:06 +01:00
Felix Fietkau
d851d7fa56 wireguard: fix portability issue
Check if the compiler defines __linux__, instead of assuming that the
host OS is the same as the target OS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 22:44:45 +01:00
Felix Fietkau
8751bd771d wireguard: move to kernel build directory
It builds a kernel module, so its build dir should be target specific

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 22:43:28 +01:00
Kevin Darbyshire-Bryant
ed571c14e0 wireguard: bump to 0.0.20171111
edaad55 (tag: 0.0.20171111) version: bump snapshot
7a989b3 tools: allow for NULL keys everywhere
46f8cbc curve25519: reject deriving from NULL private keys
9b43542 tools: remove ioctl cruft
f6cea8e allowedips: rename from routingtable
23f553e wg-quick: allow for tabs in keys
ab9befb netlink: make sure we reserve space for NLMSG_DONE
73405c0 compat: 4.4.0 has strange ECN function
868be0c wg-quick: stat the correct enclosing folder of config file
ceb11ba qemu: bump kernel version
0a8e173 receive: hoist fpu outside of receive loop
bee188a qemu: more debugging
f1fdd8d device: wait for all peers to be freed before destroying
2188248 qemu: check for memory leaks
c77a34e netlink: plug memory leak
0ac8efd device: please lockdep
a51e196 global: revert checkpatch.pl changes
65c49d7 Kconfig: remove trailing whitespace

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-16 22:36:04 +01:00
Hans Dedecker
c9fb48a432 procd: update to latest git HEAD (fixes and improvements)
d9dc0e0 service: fix calls to blobmsg_parse()
5db8f70 procd: add missing new lines inside debug code
8d5d29c service: fix SERVICE_ATTR_NAME usage in service_handle_set

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-15 22:14:26 +01:00
Peter Wagner
cda8ec7dd8
openssl: update to 1.0.2m
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:

../libssl.so: undefined reference to `SSLv3_client_method'

Fixes CVE: CVE-2017-3735, CVE-2017-3736

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-11-13 00:53:35 +01:00
Jo-Philipp Wich
421754191d brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models
On Asus RT-N12 and RT-N16 models, the WAN and LAN4 ports are swapped in the
initial switch configuration since the presets present in nvram appear to be
wrong.

Add special casing for these models to detect_by_model() in order to ensure
a proper switch configuration.

Fixes FS#502.

(cherry picked from commit 96ed69101da254b0cb61a0dfc42bd48d27bfacb9
  and squashed with commit f2fdd68664)

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-10 15:00:57 +01:00