Commit Graph

14579 Commits

Author SHA1 Message Date
Roman Yeryomin
0b1fa809d0 base-files: rc.common: fix enable() return code and logic
In current state, if there is START but no STOP, enbale()
will return 1 (failure), which is wrong.
Moreover there is no need to check for START/STOP twice.
Instead, add err variable to save success state and
and return it's value.
Also eliminate the need to disable() by using 'ln -sf',
which will first delete the old symlink if one exists.

Changes from v1:
- fixed description

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-01-02 07:14:08 +01:00
John Crispin
b153745bfb procd: update to latest git HEAD
7aad940 procd: initd: fix path allocation in early_insmod
006c19c procd: Remove unnecessary memset calls.

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
Jo-Philipp Wich
ab703bf174 uci: bump to git HEAD version
5beb95d lua: additionally return name when looking up sections
ff33bb2 lua: support extended section notation

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-01 16:42:29 +01:00
Hauke Mehrtens
9f626501cb nftables: fix sha256sum
The mirror was delivering a file with a different hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-31 18:46:13 +01:00
Kabuli Chana
d0a14c1cd9 mwlwifi: update to version 10.3.4.0 / 2017-12-14
Lastest stamped version

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-12-31 18:46:13 +01:00
Kevin Darbyshire-Bryant
7aa15953e1 kmod-sched-cake: bump to latest bake
Fix overhead accounting error introduced by f33c4d6 refactor
cake_advance_shaper and ack_filter

Symptoms were links running under rate.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 14:17:34 +01:00
rektide de la faye
0f72690a2d iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-29 18:06:25 +01:00
Matthias Schiffer
302aa793c0
base-files: fix logic when to show failsafe banner
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 8170f280c4 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
2017-12-29 15:58:16 +01:00
Matthias Schiffer
8170f280c4
base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode. This also broke sysupgrade from failsafe mode over SSH.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-29 14:34:03 +01:00
Matthias Schiffer
20c349f68c
busybox: add missing TARGET_CPPFLAGS and TARGET_LDFLAGS
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.

The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:26:23 +01:00
Matthias Schiffer
a10fae1133
busybox: streamline Makefile
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:24:25 +01:00
Florian Eckert
23bba9cb33 dnsmasq: send procd signal on service reload
Send a SIGHUP signal via procd to the dnsmasq service so the instance(s)
re-read(s) the /tmp/hosts/dhcp config.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-26 23:35:45 +01:00
Florian Eckert
4f02285d8b dnsmasq: rewrite config on host name modification
If the hostname in /etc/config/system is modified the dnsmasq should also
get triggered to rewrite/reload the config.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-26 23:35:34 +01:00
Yangbo Lu
ab8da4d285 layerscape: add byte_swap.py script for ls-rcw package
This patch is to add a byte_swap.py script for rcw bin
byte swapping instead of using tclsh.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-12-26 23:30:59 +01:00
Yangbo Lu
5741835ed4 layerscape: fix PKG_BUILD_DIR for packages
PKG_BUILD_DIR was defined with quoting PKG_VERSION in
layerscape package makefiles. Now PKG_VERSION has been
removed from these makefiles. When PKG_BUILD_DIR quotes
PKG_VERSION, '=' should be used instead ':=' to make
sure PKG_VERSION has been defined in common makefile.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-12-26 23:30:59 +01:00
Philip Prindeville
60c4f9ce56 kernel: add i2c-smbus module package
Intel motherboards (as well as the Cavium ThunderX SoC) use a
superset of the I2C protocol called SMBus.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-12-26 20:13:43 +01:00
Hans Dedecker
67c1c145f0 nghttp2: bump to 1.29.0
439b9b6c (tag: v1.29.0) Update manual pages
48498452 Bump up version number to v1.29.0, LT revision to 29:1:15
d30f3816 Update manual pages
4d1139f6 Remove SPDY
48f57407 nghttpx: Update doc
c1f14d73 Update manual pages
216f4dad nghttpx: Remove redundant check
a4e27d76 Revert "nghttpx: Use an existing h2 backend connection as much as possible"
2365f12e Fix CMAKE_MODULE_PATH
03f7ec0f nghttpx: Write API request body in temporary file
2056e812 nghttpx: Increase api-max-request-body
1ebb6810 nghttpx: Faster configuration loading with lots of backends
a3ebeeaf nghttpx: Fix crash with --backend-http-proxy-uri option
422ad1be Use NGHTTP2_REFUSED_STREAM for streams which are closed by GOAWAY
97f1735c Bump up version number to 1.29.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-24 17:06:16 +01:00
John Crispin
5bbd493e66 usbmode: update to latest git HEAD
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems

Signed-off-by: John Crispin <john@phrozen.org>
2017-12-24 09:03:01 +01:00
Kevin Darbyshire-Bryant
edf5ae2026 wireguard: bump to 20171221
7e945a8 version: bump snapshot
f2168aa compat: kernels < 3.13 modified genl_ops
52004fd crypto: compile on UML
6b69b65 wg-quick: dumber matching for default routes
aa35d9d wg-quick: add the "Table" config option
037c389 keygen-html: remove prebuilt file

No patch refresh required.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-23 22:08:12 +01:00
Hans Dedecker
0fca474e70 uci: update to latest git HEAD (FS#1182)
25fd142 list: remove unncessary increment of n_section (FS#1182)
021fd65 file: remove unnecessary uci_fixup_section calls

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-22 18:30:59 +01:00
Hans Dedecker
d3ba3963c1 odhcpd: update to latest git HEAD
7aa2594 odhcpd: Replace strerror(errno) with %m format
750e457 Support muliple RAs on single interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-22 18:30:33 +01:00
Hauke Mehrtens
dda2229c52 layerscape: fix package download
The git hash was changed for multiple layerscape packages without
changing the version number. The LEDE build system will not download the
packages again if the old version is already there and so some people
and the build bots are using wrong version of some packages. Use
PKG_SOURCE_DATE instead of PKG_VERSION to generate packages with the
date and the first charterers of the git hash. This will change the file
name and make the build system download them again, also if in future
the git hash is changed the file name will change and trigger a new
download.

This should fix a problem spotted by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-21 10:02:16 +01:00
Mathias Kresin
224d4a96dd ramips: drop LinkIt Smart 7688 Duo userspace support
The  LinkIt Smart 7688/LinkIt Smart 7688 Duo are identical beside the
extra ATmega32U4 - accessible via UART - on the the Duo.

Since all relevant hardware is identical, drop the Duo special handling
in userspace.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-21 01:05:16 +01:00
Hauke Mehrtens
8e03eea875 uboot-layerscape-armv8_32b: fix package download
In commit 2b1ec44dbd ("layerscape: add ls1012afrdm device support")
The git revision and the mirror hash for this package was updated to a
version which includes ls1012afrdm-uboot.bin, but the file name at
dl/uboot-layerscape-armv8_32b-2017.09.tar.xz staid the same. This way
most user did not download the new version but used the old file.
Convert this package to the normal git clone parameters by using
PKG_SOURCE_DATE instated of PKG_VERSION, now the file name in dl also
contains the git hash and should change every time the git hash is
updated.

This should fix a problem spotted by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-20 21:54:18 +01:00
Hauke Mehrtens
b80b0e14c9 kernel: kmod-crypto-hw-talitos: fix dependencies
With the updated to kernel 4.9.70 in commit f704b643b9 ("kernel:
Update kernel 4.9 to 4.9.70"), the talitos.ko kernel module got a
new dependency to kmod-crypto-des in this upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=552f74cbd6ec806ab5ce45336a26cae1e015dbe2

This fixes a build problem found by built bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-20 20:57:13 +01:00
Jake Staehle
e80ab48777 libiconv-full: fix compile-time linking error GCC7
LEDE Flyspray Task 1091:
Fix libiconv-full 'undefined reference' compile linker error using GCC7 Musl
Tested with targets x86 (i386 and x86_64)
Addition of CFLAGS "std=gnu89" fixes the linker issues, credit to harrylwc
Issue found with 'minidlna' package, which depends on 'libiconv-full'
Error in compile log:
../lib/.libs/libiconv.so: undefined reference to `aliases_lookup'
../lib/.libs/libiconv.so: undefined reference to `aliases2_lookup'
collect2: error: ld returned 1 exit status
Makefile:64: recipe for target 'iconv_no_i18n' failed

Signed-off-by: Jake Staehle <jacob@staehle.us>
2017-12-19 22:23:42 +01:00
Felix Fietkau
a428d9229e mt76: update to the latest version, reverts MAC address changes causing performance regressions
cf4a5ce mt76: fix memcpy to potential null pointer on failed allocation
ca5ca8c mt76x2: fix possible NULL pointer dereferencing in mt76x2_ampdu_action()
2d4b8f5 mt76x2: mac: fix possible NULL pointer dereferencing in mt76x2_mac_write_txwi()
4ca8bba mt76x2: eeprom: fix typo in mt76x2_get_power_info_5g()
00f7e60 mt7603: fix configuration for HT40
31e9bdb mt7603: main: fix possible NULL pointer dereferencing in mt7603_ampdu_action()
bf90dd2 mt7603: mcu: fix potential NULL pointer dereferencing on failed allocation
860b185 Revert "mt76x2: init: disable APCLI by default"
bcd576e Revert "mt76x2: drop wiphy->addresses"
bdc6f2f Revert "mt76x2: clean up MAC/BSSID address initialization"
d242650 Revert "mt76x2: remove MAC address limitation for multi-vif setups"
68b0cf1 mt76x2: add functions for setting extended MAC address registers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-17 12:44:18 +01:00
Mathias Kresin
4a4d957d1a lantiq: sync image filename with boardname
Use <manufacturer>_<modelname> as image name.

Use the BOARD_NAME variable to ensure that the former used boardname is
still used as the subdirectory name for the sysupgrade-tar image, to
not break sysupgrade from earlier versions.

While at it, normalise the image filenames by using only lower case
characters and bin as file extension for sysupgrade images.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-16 23:33:56 +01:00
Mathias Kresin
63d7f7fc92 lantiq: use the compatible string as board name
Use the first compatible string as board name in userspace. Add the new
board name as well as the former used board name to the image metadata
to keep compatibilty with already deployed installations.

Don't add the former used boardname for boards which exists only in
master or evaluation boards.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-16 23:33:56 +01:00
Hauke Mehrtens
712e1b36f4 kernel: add missing dependencies to kmod-crypto-acompress
kmod-lib-lzo and kmod-lib-lz4 depend in kernel 4.14 on
kmod-crypto-acompress, add this missing dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:14 +01:00
Hauke Mehrtens
e387d9b0ca kernel: kmod-rtc-ds1307: add dependency to regmap
In kernel 4.14 kmod-rtc-ds1307 depends on regmap-i2c, add this missing
dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:08 +01:00
Hauke Mehrtens
b0b9ec8e54 kernel: kmod-iio-bmp280: allow compile with kernel 4.14
This package also compiles with kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:02 +01:00
Hauke Mehrtens
36f83dbc41 kernel: kmod-zram: deactivate CONFIG_ZRAM_WRITEBACK for kernel 4.14
This new option was introduced in kernel 4.14 and should be deactivated
by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:54 +01:00
Hauke Mehrtens
436fe56485 xtables-addons: fix compile with kernel 4.14
This fixes a compile problems seen with kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:49 +01:00
Hauke Mehrtens
9572bae5b8 kernel: kmod-fbcon: deactivate for kernel 4.14
CONFIG_FRAMEBUFFER_CONSOLE does not activate new modules any more in
kernel 4.14, but CONFIG_FRAMEBUFFER_CONSOLE is now a boolean option
which change the kmod-fb package. kmod-fbcon should be split up.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:35 +01:00
Hauke Mehrtens
228da879fc kernel: kmod-sound-core: handle moved snd-seq-device.ko
The snd-seq-device.ko kernel module was moved with kernel 4.13.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:25 +01:00
Hauke Mehrtens
5c9cc1e73b kernel: kmod-mmc: handle moved mmc_block.ko
mmc_block.ko was moved with kernel 4.10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:20 +01:00
Hauke Mehrtens
ac27f3867a kernel: kmod-rxrpc: handle renamed kernel module
The kernel module was renamed with kernel 4.11, handle that in the
package definition.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:12 +01:00
Hauke Mehrtens
b0d7fcdc49 kernel: deactivate some new network features
This deactivates the following options which were introduced between
kernel 4.9 and 4.14 in some kernel packages:
CONFIG_INET_ESP_OFFLOAD
CONFIG_INET6_ESP_OFFLOAD
CONFIG_LWTUNNEL_BPF
CONFIG_NET_9P_XEN

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:02 +01:00
Hauke Mehrtens
876191d428 kernel: unset CONFIG_CIFS_SMB311 in kmod-fs-cifs
Do not activate the experimental feature CONFIG_CIFS_SMB311.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:13:56 +01:00
Hauke Mehrtens
199273324e kernel: add kmod-crypto-ecdh
In kernel 4.14 kmod-bluetooth depends on kmod-crypto-ecdh, add
kmod-crypto-ecdh to LEDE.
Both packages also depend on the kmod-crypto-kpp package. To build this
we have to fix the dependency of CRYPTO_ECDH which has a typo.
This patch is already accepted upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:13:04 +01:00
Hauke Mehrtens
f1e839dd33 kernel: add kmod-crypto-rsa
In kernel 4.14 kmod-crypto-hw-ccp depends on kmod-crypto-rsa, add it.
kmod-crypto-rsa also packages the ASN1 parser and some other code which
is currently only used by this module.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:46 +01:00
Hauke Mehrtens
1ea5f86437 kernel: add kmod-crypto-acompress
In kernel 4.14 kmod-crypto-deflate depends on kmod-crypto-acompress.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:40 +01:00
Hauke Mehrtens
00b5df832f kernel: add kmod-lib-zstd
In kernel 4.14 kmod-fs-btrfs depends on the zstd compression libraries,
add it to the package system.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:32 +01:00
Hauke Mehrtens
38be62b97e kernel: add kmod-dax
In kernel 4.14 kmod-dm depends on kmod-dax.
Add DAX: "Direct access to differentiated memory" to LEDE.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:24 +01:00
Hauke Mehrtens
efd1854050 kernel: tg3: deactivate hwmon for kernel 4.14
In kernel 4.14 hwmon support can be deactivated for the tg3 driver,
deactivate it by default to save some space.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:58 +01:00
Hauke Mehrtens
c0160f01ae xtables-addons: update to version 2.14
This includes a compile fix needed for kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:10:21 +01:00
Lucian Cristian
342d748eaf netdevices.mk: add Sun Neptune 10Gbit Ethernet
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-12-16 14:41:37 +01:00
Jo-Philipp Wich
ea5d9f5f72 kernel: tune e1000e module parameters
The default e1000e parameters (interrupt throttling rate, MSI/MSI-X
mode) are optimized for desktop and server computers to optimize
user-space execution (i.e. what's typically referred to as "useful"
work).  This assumption breaks on a router under load where most of
the "useful" work actually takes place either in hardware interrupt
handlers (IRQ) or at software IRQ (swirq) modes, so we try to reflect
that by overriding these parameters with more appropriate values.

Patch-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-16 14:41:37 +01:00
Kevin Darbyshire-Bryant
a9940ca2d7 iproute2: cake: support new operating modes
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 23:54:51 +01:00
Kevin Darbyshire-Bryant
0589979f7b kmod-sched-cake: bump to latest bake of cake
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch.  Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet.  Relevant
feature changes:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ptm mode: Minor optimisation in packet overhead calculation.

dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

A separate iproute2 patch to teach it about Cake's new features will
follow.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 23:54:05 +01:00
Hans Dedecker
7f029c3924 netifd: update to latest git HEAD
4268193 interface-ip: harden eui64 IPv6 prefix address generation
81ff6d1 interface-ip: fix race condition in IPv6 prefix address generation
d3a5df0 handler: replace is_error() helper with NULL check

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-15 17:44:50 +01:00
Hans Dedecker
5d6f2a2764 uhttpd: fix PKG_CONFIG_DEPENDS (FS#1189)
Remove PACKAGE_uhttpd_debug config as this is an unused leftover
Add CONFIG_uhttpd_lua to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-15 17:44:42 +01:00
Rafał Miłecki
d2e96d55ab opkg: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-14 09:39:40 +01:00
Lucian Cristian
1044723ec9 busybox: enable find -newer needed for shorewall firewall, no size increase on binary
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-12-14 09:29:30 +01:00
Luiz Angelo Daros de Luca
3e98674bcf base-files: fix sysupgrade -b/-l when -c is used
Since /overlay/upper appeared, -b ignored -c silently (cause it was
still checking for /overlay/etc). Now, if /overlay/upper is absent,
sysupgrade -c will fail and exit verbosely.

Fix -l to consider -c (it never did).

Clean up to always use /overlay/upper/xxx instead of still checking
for /overlay/xxx.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-12-14 09:29:30 +01:00
Rosen Penev
06f8b4ddbd e2fsprogs: Update to 1.43.7
Compiled and tested on ramips with no noticeable problems.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-14 09:29:30 +01:00
Christian Lamparter
da6fdce365 base-files: unify get_dt_led helper function
Lantiq and IPQ806X (which includes IPQ40XX) both define the
same custom function {ipq806x|lantiq}_get_dt_led.

This patch moves the function into the base-file package at
lib/functions/leds.sh to make it more accessible for other
targets as well.

Cc: Mathias Kresin <dev@kresin.me>
Cc: John Crispin <john@phrozen.org>
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-14 09:29:30 +01:00
Jonas Gorski
ef1f6092e0 base-files: make including distfeeds.conf optional
To not clutter the system when building an opkg free image, generate the
distfeeds.conf only if CLEAN_IPKG is unset.

Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but
since opkg is not reasonably usable without the status information, we
can tie the distfeeds.conf to it.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-13 14:59:07 +01:00
Jonas Gorski
5538b4df7f base-files: create /etc/opkg before generating distfeeds.conf
Ensure /etc/opkg exists before trying to write there. This fixes a build
failure if SIGNED_PACKAGES is disabled.

Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-13 14:46:37 +01:00
Jonas Gorski
1cfbd50ff4 package: move distfeeds.conf from opkg to base-files
All the relevant options used for distfeeds.conf are part of base-files,
so it makes more sense to move the file there as well.

This has the added benefit that the we can share the opkg package again,
reducing the amount of target specific packages.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-13 13:38:19 +01:00
Kevin Darbyshire-Bryant
30e18c8d64 wireguard: bump to 20171211
Bump to latest WireGuard snapshot release:

44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch

Refresh patches.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-12 22:24:26 +01:00
Martin Schiller
65d62b5f4f dropbear: disable MD5 HMAC and switch to sha1 fingerprints
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.

By disabling the MD5 HMAC support dropbear  will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-12-12 22:24:17 +01:00
Jo-Philipp Wich
902961c148 wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:39:52 +01:00
Kabuli Chana
e4a69bda61 mwlwifi: update to version 10.3.4.0 / 2017-11-29
Improves stability on WRT3200ACM

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-12-12 12:00:50 +01:00
Hans Dedecker
893a1ede2e dnsmasq: add DHCP build switch support in full variant
Add config option which allows to enable/disable DHCP support at compile
time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support
implies having DHCP support.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-10 16:42:01 +01:00
Jo-Philipp Wich
f4c68e1cc6 busybox: fix glibc libresolv dependency for LEDE nslook applet
Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config.
Fixes FS#1212.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-10 14:26:19 +01:00
Matthias Schiffer
d573b1287e
base-files: remove remaining uses of %N, and drop VERSION_NICK config symbol
Fixes d23e1e1e1a "merge: properly remove %n / %N references"

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-09 23:27:41 +01:00
Jo-Philipp Wich
d23e1e1e1a merge: properly remove %n / %N references
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files

Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-09 16:01:14 +01:00
Mathias Kresin
abdf0dea3a netifd: always send DHCPv4 hostname
udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.

It syncs the behaviour to odhcpc, which always sends a hostname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-08 21:00:26 +01:00
Mathias Kresin
93bd46b719 procd: nand: remove nand_board_name platform override
It isn't uses anymore by any target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Mathias Kresin
c90a8cb755 procd: nand: dont rely on boardname in nand_upgrade_tar
Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.

Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.

It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Christian Lamparter
4e3f6dae04 base-files: upgrade: make get_partitions() endian agnostic
This patch fixes two issues with the current get_partitions()
function.

First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.

This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.

This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.

Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:16 +01:00
Christian Lamparter
96b485ec7a firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:14 +01:00
Zoltan HERPAI
2ffff58c2b merge: uhttpd: update cert generation to match system defaults
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
23f774f727 merge: packages: update branding in core packages
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
1f8585cf99 merge: ssid: update default ssid
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
7b5c989ab9 merge: targets: update image generation and targets
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
bf5cef47b3 merge: release/banner: drop release name and update banner
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
34bbbbf9c3 merge: base: update base-files and basic config
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Felix Fietkau
98fb380d88 mt76: update to the latest version, fixes setting per-vif mac address
d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-08 17:58:05 +01:00
Peter Wagner
55e70c8b72 openssl: update to 1.0.2n
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-12-08 10:47:51 +01:00
Hans Dedecker
01c5cf0b24 odhcpd: fix faulty PKG_SOURCE_DATE in 711a816
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-07 18:43:01 +01:00
Rafał Miłecki
3cd6ccf199 opkg: bump to version 2017-12-07
Changes:
3b417b9 opkg_download: decode file:/ URLs
71c27cb file_util: implement urldecode_path()
d1fe095 file_util: consolidate hex/unhex routines
ebdfc12 add opkg option http_timeout
9f003e3 opkg: encode archive filenames while constructing download URLs
73e6c81 file_util: implement urlencode_path() helper
468158f libopkg: fix SHA256 calculation for big endian system

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-07 18:21:54 +01:00
Daniel Golle
173edcdc9d rpcd: update to version from 2017-12-07
cfe1e75c91bc1 sys: packagelist: allow listing all packages
74a784f037867 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-12-07 17:26:04 +01:00
Hans Dedecker
a39ddff428 dnsmasq: write atomic host file
Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-07 10:59:03 +01:00
Rosen Penev
94fcd92913 strace: Update to 4.20
Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also
reordered the Makefile a little bit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-07 11:46:37 +08:00
Timo Sigurdsson
bd45e15d0a hostapd: backport fix for wnm_sleep_mode=0
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 02:00:23 +02:00
Timo Sigurdsson
6515887ed9 hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2017-12-07 01:57:29 +02:00
Hans Dedecker
79a19e5d27 iproute2: align ip help text for tiny variant
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 22:30:54 +01:00
Russell Senior
c3c1185d56 iproute2: update to v4.14.1
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2017-12-06 22:30:00 +01:00
Hans Dedecker
711a816770 odhcpd: update to latest git HEAD
c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 19:17:44 +01:00
Hans Dedecker
347d18177e dnsmasq: backport infinite dns retries fix
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 14:55:12 +01:00
Felix Fietkau
aec1b6bfcb samba36: backport an upstream fix for an information leak (CVE-2017-15275)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-04 09:58:20 +01:00
Felix Fietkau
04127f0fec mt76: update to the latest version, adds stability fixes
11f42a8 mt76x2: add channel argument to eeprom tx power functions
3bd7e76 mt76x2: initialize channel power limits
19fff41 mt76x2: convert between per-chain tx power and combined output
737cf2b mt7603: rename mt7603_mac_reset to mt7603_pse_reset
8026638 mt7603: rename MT_PSE_RESET register
c4dd32a mt7603: remove watchdog reset on interface stop
d99092b mt7603: remove WARN_ON_ONCE for workaround checks
c8807b4 mt7603: simplify PSE reset
d8a5990 mt7603: warn if PSE reset fails
c079960 mt7603: clean up dma debug reads
96817d6 mt7603: make mt7603_mac_watchdog_reset() static
e953c78 mt7603: clear wtbl PS bit for powersave responses
57a2e33 mt7603: set tx-skip flag for powersave clients
c8e5ab1 mt7603: initialize wtbl ps flag on station add
b4034cf mt76x2: remove some harmless WARN_ONs in tx status and rx path
8e17d36 mt7603: remove some harmless WARN_ONs in rx path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-03 19:06:24 +01:00
Ted Hess
b83c32511e layerscape: rename firmware packages to avoid name collisions
layerscape firmware package names collide with existing package contributions.
Ex: layerscape mc and midnight-commander(mc) are in conflict.

Firmware packages: mc, ppa, rcw and dpl are renamed to ls-mc, ls-ppa, ls-rcw
and ls-dpl respectively.

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-12-02 10:38:08 -05:00
Roman Yeryomin
b32e4c64c7 packages: dnsmasq: remove unused stamp file
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-12-02 09:58:04 +01:00
Hans Dedecker
b0b289ea45 curl: bump to 7.57.0 (3 CVEs)
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-30 09:44:17 +01:00
Yousong Zhou
b59b799cb1 ltq-ifxos: fix compilation against glibc
Fixes FS#1196

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-30 14:53:16 +08:00
Borja Salazar
759785c01a dnsmasq: add interface to ubus notification
Signed-off-by: Borja Salazar <borja.salazar@fon.com>
2017-11-29 22:03:39 +01:00
Felix Fietkau
e966ed236f mt76: update to the latest version, fixes encrypted mesh support and HT20 issues
fc28872 mac80211: add missing include
a4c82ca mt7603: add missing include required on newer kernels
792859b mt76x2: fix transmission of encrypted management frames
a51358e mt76x2: increase OFDM SIFS time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-29 17:50:46 +01:00
Felix Fietkau
111b499024 mac80211: tweak TSQ settings
Latencies can be much higher on wifi devices, especially with
aggregation. Tune the network stack setting introduced in the previous
commit to account for that.
This commit reintroduces the previously reverted one with a fix for the
crash issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-29 17:46:41 +01:00
Jo-Philipp Wich
fcfd5cdb59 dnsmasq: fix dhcp-host entries with empty macs
Due to improper localization of helper variables, "config host" entries
without a given mac address may inherit the mac address of a preceeding,
leading to invalid generated netive configuration.

Fix the issue by marking the "macs" and "tags" helper variables in
dhcp_host_add() local, avoiding the need for explicitely resetting them
with each invocation.

Reported-by: Russell Senior <russell@personaltelco.net>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-28 18:11:25 +01:00
Felix Fietkau
47fa8654a1 Revert "mac80211: tweak TSQ settings"
This reverts commit 2dc485250d.
This patch needs some additional checks in order to avoid overwriting
unrelated fields for request sockets.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-28 14:23:43 +01:00
Kevin Darbyshire-Bryant
179125d334 wireguard: bump to snapshot 20171127
== Changes ==

 * compat: support timespec64 on old kernels
 * compat: support AVX512BW+VL by lying
 * compat: fix typo and ranges
 * compat: support 4.15's netlink and barrier changes
 * poly1305-avx512: requires AVX512F+VL+BW

 Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.

 * blake2s: AVX512F+VL implementation
 * blake2s: tweak avx512 code
 * blake2s: hmac space optimization

 Another terrific submission from Samuel Neves: we now have an implementation
 of Blake2s using AVX512, which is extremely fast.

 * allowedips: optimize
 * allowedips: simplify
 * chacha20: directly assign constant and initial state

 Small performance tweaks.

 * tools: fix removing preshared keys
 * qemu: use netfilter.org https site
 * qemu: take shared lock for untarring

 Small bug fixes.

Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.

Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-27 14:50:04 +01:00
Stijn Tintel
2f1c05bb80 lldpd: bump to 0.9.9
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-27 09:43:23 +01:00
Hans Dedecker
0b3087eebf nghttp2: bump to 1.28.0
939ad5dd Update manual pages
24d92b97 Add deprecation warning when spdylay support is enabled
4c92ff18 Bump up version number to 1.28.0, LT revision to 29:0:15
280db5c6 Update neverbleed
7fbcb2d0 Merge pull request #1074 from nghttp2/fix-doc
53aeb2c3 Fix doc
ff200bfc clang-format-5.0
fee3151f Switch to clang-format-5.0
99a85159 Update manual pages
2a981a3f Merge pull request #1066 from nghttp2/nghttpx-add-affinity-cookie-secure
0028275d nghttpx: Add affinity-cookie-secure parameter to backend option
ee8bfddf Merge pull request #1063 from nghttp2/error_callback2
194acb1f src: Use nghttp2_error_callback2
43a2a70a Add nghttp2_error_callback2
73344ae9 nghttpx: Use plain hex string format for client serial
c479f612 Merge pull request #1060 from nghttp2/nghttpx-add-client-serial
eca0a302 nghttpx: Add $tls_client_serial log variable
4720c5cb nghttpx: Make client serial available in mruby script
cd55ab28 nghttpx: Add function to get serial number from certificate
d402cfdf Merge pull request #1057 from nghttp2/nghttpx-add-tls-client-issuer-name
22502182 Add tls_client_issuer_name log variable and expose it to mruby
05e1fd5e Update manual pages
943d7923 Add Session Affinity section to nghttpx howto
568ecbfb doc: Add missing port
f5ddd7f4 nghttpx: Make initial_addr_idx_ unsigned
88abbce7 nghttpx: Fix compile error with gcc
16e90365 nghttpx: Fix affinity retry
fa7945c6 nghttpx: Refactor
daca43f0 nghttpx: Fix stalled backend connection on retry
16bc11e6 nghttpx: Remove duplicated util::make_socket_nodelay
6f7e94cd Merge pull request #1047 from PiotrSikora/go_vet
61efa15a integration: Fix issues reported by the `go vet` tool.
8c0ea56b Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
54905371 nghttpx: Refactor
6010d393 integration: Add tests
be5c39a1 src: Add tests
b8fda680 nghttpx: Cookie based session affinity
e29b9c12 Merge pull request #1045 from nghttp2/nghttpx-sha1-fingerprint
539e2781 nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
7008afd4 nghttpx: Refactor get_x509_fingerprint to accept hash function
77a41756 Merge pull request #1041 from nghttp2/fix-examples-client-server
b15045d6 Merge pull request #1040 from nghttp2/nghttpx-mruby-add-more-tls-vars
03084f75 examples: Make client and server work with libevent-2.1.8
60baca27 nghttpx: Add more TLS related attributes to mruby Env object
86990db2 Merge pull request #1038 from nghttp2/nghttpx-add-more-logging-vars
cb376bcd nghttpx: Add client fingerprint and subject name to accesslog
f2b8edd1 nghttpx: Fix memory leak
c4f8afcf nghttpx: Get TLS info only when it is necessary when writing accesslog
1a1a216d Merge pull request #1037 from nghttp2/nghttpx-mruby-tls-client-vars
9f80a82c nghttpx: Add client fingerprint and subject name to mruby env
c573c80b nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
3cd6817e Fix typos
d4a69658 Add another warning about mruby
8e06fe49 Fix typo
aaeeec8f Fix typos
66d5e246 Bump up version number to 1.28.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-27 10:12:03 +01:00
Daniel Engberg
38cc071ed1 mwlwifi: Update to latest commit in upstream repo
Update to latest commit in upstream repo
Bumps 88W8964 firmware to 9.3.0.8

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-25 20:11:30 +01:00
Fushan Wen
40868e3bb6 kmod-sched-cake: update to latest git HEAD
dfb2f6c pkt_sched: make compile again
5ab7026 sch_cake: make compile again
6f28803 codel5: make more checkpatch compliant
bd426aa Fix build error on 4.12
e4a3628 Whitespace tidy up

Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
2017-11-25 19:53:37 +01:00
Hans Dedecker
f965827bfb odhcpd: update to latest git HEAD
92e205d dhcpv6: fix compile issues when CER-ID extension is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-25 18:17:43 +01:00
Hans Dedecker
99ea749d37 odhcpd: add a full and ipv6only variant (FS#1188)
Add an ipv6only variant providing server services for RA, stateful and stateless
DHCPv6, prefix delegation and relay support for DHCPv6, NDP and RA.

The full variant called odhcpd supports DHCPv4 server as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-25 18:17:43 +01:00
Kevin Darbyshire-Bryant
088262ac7a wireguard: bump to 20171122
Bump to latest WireGuard snapshot release:

ed479fa (tag: 0.0.20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-24 12:55:38 +01:00
Hauke Mehrtens
332438be40 uboot-sunxi: fix build of HAOYU Electronics Marsboard A10
The uboot target is named MarsBoard_A10 and it was not build at all.
This fixes a build problem seen by the build bot.

Fixes: 6a3565985f ("sunxi: Added profile for HAOYU Electronics Marsboard A10")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-23 21:25:46 +01:00
Hauke Mehrtens
4e93ec1ad6 kernel: i2c-piix4: fix dependency on TARGET_x86
Fix the target dependency to make it possible to select this module also
on x86 target and its subtargets.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:37:15 +01:00
Hauke Mehrtens
9cfcd49735 kernel: e100: take e100 firmware from linux-firmware repository
The firmware directory in the Linux kernel was removed in kernel 4.14,
take the e100 firmware files now from the linux-firmware repository
instead. To do so create the new package e100-firmware. This will also
work with older kernel versions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:37:05 +01:00
Marcin Jurkowski
06e1b90404 kernel: add NFS4 client support
Adds NFS4 client support:
 1. Package kmod-fs-nfs is split into kmod-fs-nfs (nfs.ko) and
    kmod-fs-nfs-v3 (nfsv3.ko).
 2. A new package kmod-fs-nfs-v4 (nfsv4.ko) is created.
 3. Package kmod-fs-nfs-common-v4 is renamed to kmod-fs-nfs-rpcsec
    and includes additional module rpcsec_gss_krb5.ko.
    CONFIG_NFS_V4 goes into kmod-fs-nfs-v4, CONFIG_NFSD_V4 (NFS4
    server) is removed. Missing kernel module oid_registry.ko
    needed by auth_rpcgss.ko is added to the package.

A new package kmod-crypto-cts needed by rpcsec_gss_krb5.ko is
also created.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
[add dependency to kmod-crypto-ecb in fs-nfs-common-rpcsec]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:36:21 +01:00
Martin Schiller
0c78de869d kernel: add kmod-i2c-i801
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Add i2c-smbus.ko and fix target dependency]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:34:56 +01:00
Martin Schiller
7ffeecd6ac kernel: add it87-wdt watchdog timer module
The module parameters "nogameport=1" and "nocir=1" are needed,
because this is not supported on recent chips and doesn't
really tell if the system is stable.

As this features will already be removed in linux-4.13 or newer,
this module parameters can be removed in the future.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-11-22 20:49:04 +01:00
Rosen Penev
9052dd6534 libusb-compat: Upgrade to 0.1.15
Compile tested on ramips (mt7621)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:28 +01:00
Rosen Penev
fc4e7bdca7 usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:07 +01:00
Christian Lamparter
5e6792eab4 wireless-regdb: fix PKG_MIRROR_HASH
make check complains about PKG_MIRROR_HASH of the wireless-regdb package:

WARNING: PKG_MIRROR_HASH does not match wireless-regdb-2017-10-20-4343d359.tar.xz
hash 5f5b669f32ae36cb65b1d99efbbbfd42c2983cda32f6448346e3e54ffaba3889

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-11-22 13:07:48 +01:00
Mathias Kresin
298ade22a0 acx-mac80211: fix build on kernel 4.9
The DEFINE_PCI_DEVICE_TABLE macro was removed with upstream commit
7e9321599011 ("treewide: remove references to the now unnecessary
DEFINE_PCI_DEVICE_TABLE").

Use the pci_device_id struct to fix the acx-mac80211 build failure on
ramips.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:53 +01:00
Hans Dedecker
6aa4b97a8a odhcpd: fix gcc7 build error
0573422 ndp: add switch/case fallthrough comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-21 15:15:20 +01:00
Leon M. George
63462910dd hostapd: remove unused local var declaration
Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-11-21 13:11:42 +01:00
Leon M. George
cc0847eda3 hostapd: don't set htmode for wpa_supplicant
no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-11-21 13:11:42 +01:00
Hans Dedecker
a28d1d5444 odhcpd: update to latest git HEAD (make dhcpv4 support optional)
fd80621 dhcpv4: make DHCPv4 support compiletime configurable
cf29925 treewide: rework handling of netlink events
24cdc1b treewide: add netlink file
5dfb716 treewide: align function naming

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-20 21:40:03 +01:00
Felix Fietkau
6a6dc94e0c mac80211: fix a race condition that could lead to a use-after-free on a timer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-20 20:05:19 +01:00
Felix Fietkau
9247864b6e mac80211: fix netlink family id for nl80211 messages
Fixes responses for nl80211 calls

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-20 17:52:51 +01:00
John Crispin
b9e700cd58 kernel: fix lzo and lz4 modules
both of these have been split up and require additional ko files.

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-20 13:10:57 +01:00
Emerson Pinter
bc50a97dfc dnsmasq: load instance-specific conf-file if exists
Without this change, the instance-specific conf-file is being added to procd_add_jail_mount,
but not used by dnsmasq.

Signed-off-by: Emerson Pinter <dev@pinter.com.br>
2017-11-19 22:27:49 +01:00
Alexander Couzens
bd1ee909d0 wolfssl: add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-19 02:29:08 +01:00
Daniel Engberg
dca96b7546 openssl: Add optimization option
Add option to optimize for speed instead of size

cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048

=== Linksys WRT3200ACM ===

Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14111.49k    47147.75k   123375.02k   206937.09k   258828.97k
sha1             14495.71k    46763.99k   116679.94k   188115.29k   228294.66k
des cbc          22315.63k    23118.98k    23323.14k    23348.22k    23363.58k
des ede3          8085.97k     8217.26k     8255.74k     8266.41k     8273.92k
aes-128 cbc      48740.10k    52606.12k    54224.98k    56263.68k    54774.44k
aes-192 cbc      43410.83k    47325.31k    48994.05k    49377.96k    48532.14k
aes-256 cbc      39132.46k    42512.60k    43692.63k    43997.18k    44070.23k
sha256           19987.80k    47314.69k    86119.08k   109352.28k   119466.67k
sha512            8034.63k    32321.92k    47495.94k    65777.32k    74080.26k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s     49.1   1892.2
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s    168.9    156.3

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14655.49k    48561.79k   126953.56k   210741.93k   262430.72k
sha1             14607.90k    47032.15k   117725.87k   188226.22k   228499.46k
des cbc          28041.11k    29586.84k    29939.80k    30047.91k    30067.37k
des ede3         10697.93k    10899.75k    10956.97k    10972.84k    10980.01k
aes-128 cbc      58852.70k    65956.07k    68675.67k    69388.29k    69607.42k
aes-192 cbc      50299.73k    56501.23k    58491.65k    59008.00k    59159.89k
aes-256 cbc      44684.38k    47944.36k    49098.67k    49573.89k    49463.30k
sha256           19673.53k    47248.58k    86775.04k   110053.72k   119382.02k
sha512            8029.67k    32033.02k    47440.04k    65740.12k    74072.06k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s     50.8   1892.0
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s    170.0    155.0

=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3376.97k    11654.74k    32966.76k    60016.27k    80729.43k
sha1              2310.95k     6024.87k    11680.32k    15273.93k    16784.07k
des cbc           6787.21k     7014.36k     7072.49k     7088.73k     7092.48k
des ede3          2462.47k     2499.87k     2509.48k     2511.35k     2514.75k
aes-128 cbc      10014.28k    11018.87k    11308.99k    11381.03k    11406.20k
aes-192 cbc       8930.35k     9675.27k     9895.97k     9954.57k     9971.92k
aes-256 cbc       8022.81k     8624.03k     8799.60k     8843.14k     8856.07k
sha256            2546.33k     5542.19k     9326.99k    11249.03k    11969.57k
sha512             877.22k     3503.44k     4856.01k     6554.96k     7299.32k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s      9.1    319.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s     30.5     26.9

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3660.39k    12401.37k    34501.23k    62438.83k    81786.64k
sha1              3500.20k    10730.70k    25056.19k    37715.86k    44253.13k
des cbc           7189.75k     7545.88k     7641.90k     7665.71k     7672.18k
des ede3          2690.64k     2734.33k     2745.24k     2748.13k     2748.81k
aes-128 cbc      11325.29k    12731.75k    13151.34k    13259.95k    13289.55k
aes-192 cbc       9932.36k    10997.65k    11309.84k    11389.53k    11408.92k
aes-256 cbc       8845.13k     9677.01k     9920.30k     9980.77k     9996.42k
sha256            3200.50k     7107.76k    12230.85k    14933.73k    15962.15k
sha512             879.12k     3510.79k     4956.45k     6711.45k     7484.39k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s     11.7    422.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s     41.9     38.3

-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-18 21:01:26 +01:00
Hans Dedecker
6fcf4228d8 netifd: update to latest git HEAD
c92106e interface-ip: add missing IPv6 policy rule

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-17 21:58:13 +01:00
Rafał Miłecki
36a92274a8 otrx: fix memory leak in otrx_create_append_zeros
A "free" call was missing after allocating a buffer.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:32:51 +01:00
Rafał Miłecki
70837168ef otrx: bump buffer size in otrx_create_append_file
Usually this function is called for appending some small files only
(like fs marks) but let's just make it more generic and capable of
handling bigger files easily. Increasing buffer to 1 KiB shouldn't hurt.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:30:31 +01:00
Rafał Miłecki
ab8f20c18d otrx: drop unused otrx_create_parse_options function
It was there in case of adding some "create" command options that should
be parsed before actually creating the output image. It seems we don't
need any at this point so let's drop this function for now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:30:31 +01:00
Luis Araneda
1c139d664b mac80211: enable brcmfmac's SDIO support on sunxi target
Needed to support some SDIO connected cards, like AMPAK modules

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2017-11-17 08:20:22 +01:00
Luis Araneda
bf6b3afa8c uboot-sunxi: add NanoPi M1 Plus board
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2017-11-17 08:20:06 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Simon Wunderlich
a479c79818 kobs-ng: add header for integer definitions
My compilation failed because of missing uint.* definitions:

In file included from mtd.h:33:0,
                 from bootstream.c:35:
BootControlBlocks.h:58:2: error: unknown type name 'uint8_t'
  uint8_t m_u8DataSetup;
  ^
BootControlBlocks.h:59:2: error: unknown type name 'uint8_t'
  uint8_t m_u8DataHold;
  ^
BootControlBlocks.h:60:2: error: unknown type name 'uint8_t'
  uint8_t m_u8AddressSetup;
  ^
BootControlBlocks.h:61:2: error: unknown type name 'uint8_t'
  uint8_t m_u8DSAMPLE_TIME;

Adding the header file fixes the problem.

Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
[fold changes into 001-compile.patch]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-16 22:56:54 +01:00
Bjørn Mork
f922b0c191 kernel: pull edgeport firmware from linux-firmware repo
The kernel firmware/ is going away, so pull this firmware
from the linux-firmware git repo instead. No actual changes
to the installed files.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2017-11-16 22:56:54 +01:00
Bjørn Mork
73e8fcf894 linux-firmware: add IO Edgeport USB Serial firmware
Preparing for kernel versions without firmware.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2017-11-16 22:56:54 +01:00
Kevin Darbyshire-Bryant
eea9d2505b wireguard: bump to 0.0.20171111
edaad55 (tag: 0.0.20171111) version: bump snapshot
7a989b3 tools: allow for NULL keys everywhere
46f8cbc curve25519: reject deriving from NULL private keys
9b43542 tools: remove ioctl cruft
f6cea8e allowedips: rename from routingtable
23f553e wg-quick: allow for tabs in keys
ab9befb netlink: make sure we reserve space for NLMSG_DONE
73405c0 compat: 4.4.0 has strange ECN function
868be0c wg-quick: stat the correct enclosing folder of config file
ceb11ba qemu: bump kernel version
0a8e173 receive: hoist fpu outside of receive loop
bee188a qemu: more debugging
f1fdd8d device: wait for all peers to be freed before destroying
2188248 qemu: check for memory leaks
c77a34e netlink: plug memory leak
0ac8efd device: please lockdep
a51e196 global: revert checkpatch.pl changes
65c49d7 Kconfig: remove trailing whitespace

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-16 22:35:36 +01:00
Felix Fietkau
fa6fd45613 mt76: update to the latest version
Significantly improves throughput on MT76x2, fixes some stability
issues, adds LED support.

Changes:

266ef38 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature
758376d mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature
e764787 Fix errors found by cppcheck
a6fce8a mt7603: add LED definition registers
f658dd2 mt76x2: add LED register definitions
f6a021d mt76x2: Support using PCI ID as chip ID
c9bdcd8 mt76: add led support using mac80211 led framework
58e9138 mt76x2: init: add ma80211 led callbacks
8ea8da3 mt7603: init: add ma80211 led callbacks
ded88cd mt76x2: Add PCI identifier for MT7602
51a6764 mt7603: remove unnecessary mcu register read function
fbdbf65 debugfs: add support for changing the LED pin
cc02e49 mac80211: move DT led configuration to the "led" child node
e4e7734 mt76x2: limit client WCID entries to 0-127
60172cc mt76x2: clear drop flag for all WCIDs on init
d8140b6 mt76x2: clear per-WCID tx rate lookup register
0ce7923 mt76x2: add helper function for setting drop mask
ccc4baf mt76x2: clear drop mask when sending a PS response
ff60d14 mt76: increase rx ring size for mt76x2
b57ada5 mt76x2: add rx statistics registers
af425de mt76x2: fix LNA gain register annotation
efd7724 mt76x2: sync channel gain value with latest reference driver
4af37bd mt76x2: implement dynamic AGC tuning based on false packet detection count
70f2002 mt76x2: add more gain tuning based on the latest reference driver
8f1c8ab mt76x2: sync tx power related values with reference driver

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 20:33:37 +01:00
Felix Fietkau
2dc485250d mac80211: tweak TSQ settings
Latencies can be much higher on wifi devices, especially with
aggregation. Tune the network stack setting introduced in the previous
commit to account for that

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 15:23:55 +01:00
Felix Fietkau
f9fa266faf mac80211: update to wireless-testing 2017-11-01
The wireless regdb is now loaded via firmware loading, CRDA support and
built-in regdb support have been removed.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 15:23:35 +01:00
Felix Fietkau
a8d751c243 wireless-regdb: add package containing the wireless regulatory database
Installs to /lib/firmware for newer cfg80211 versions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 15:23:32 +01:00
Felix Fietkau
4b091ab01a ubus: update to the latest version
9c13096 ubus: Remove unnecessary memset calls.
6d1ea6c libubus: Fix deletion from context's object AVL tree when removing object
e02813b ubusd: don't free messages in ubus_send_msg() anymore
be146ad ubusd: rename goto label from `error` to `out`
27d712d ubusd_monitor: alloc & free the buffer outside of the loop
5f87f54 ubusd: move global retmsg per client

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 12:54:17 +01:00
Felix Fietkau
d5bcd0240a libnl-tiny: use fixed message size instead of using the page size
Simplifies the code and reduces size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-16 12:54:15 +01:00
Rafał Miłecki
b15c563929 otrx: always align image to 0x1000
This seems to match what the original trx tool and mjn3's replacement
do.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-16 09:33:56 +01:00
Jianhui Zhao
a8a23ca50c kernel: add packaging for mtdoops
Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
2017-11-15 21:13:16 +01:00
Chris Blakely
6fe9090605 modules: Add kmod-ixgbevf kernel module for Intel(R) 10GbE Virtual Ethernet support
These adapters support SR-IOV. Thus the host can assign Virtual Functions
(VFs) to different VMs by the PCI-E Passthrough (e.g. VFIO for KVM), to
gain different advantages (performance, VF to VF communications, host
kernel offload, etc.).

Signed-off-by: Chris Blakely <cpblakely@gmail.com>
2017-11-15 21:11:23 +01:00
Zhai Zhaoxuan
c382237ac3 packages: nvram: fix memory leak in _nvram_free
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.

Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
2017-11-15 21:11:23 +01:00
Mat Trudel
2dca7177e7 sysupgrade: don't kill our own parent
Add the parent of the sysupgrade script to the list of pids not getting
killed

Signed-off-by: Mat Trudel <mat@geeky.net>
Signed-off-by: John Crispin <john@phrozen.org>
2017-11-15 21:11:23 +01:00
Felix Fietkau
d91494eedf hostapd: rework frequency/ht/vht selection for ibss/mesh
- Remove obsolete patch chunks regarding fixed_freq
- Instead of patching in custom HT40+/- parameters, use the standard
config syntax as much as possible.
- Use fixed_freq for mesh
- Fix issues with disabling obss scan when using fixed_freq on mesh

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-15 18:49:12 +01:00
Antonio Quartulli
0da54fa642 mac80211: don't pass the hostapd ctrl iface in adhoc
Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2017-11-15 18:49:12 +01:00
Sven Eckelmann
772afef61d hostapd: explicitly set beacon interval for wpa_supplicant
The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.

This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.

Fixes: 1a16cb9c67 ("mac80211, hostapd: always explicitly set beacon interval")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
2017-11-15 18:49:12 +01:00
Sven Eckelmann
43f66943d0 hostapd: set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.

This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
2017-11-15 18:49:06 +01:00
Felix Fietkau
46e875a0b0 hostapd: refresh ubus patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-15 18:46:50 +01:00
Piotr Dymacz
c7fdff157e uboot-envtools: add support for Wallys DR342
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-11-14 22:36:46 +01:00
Rafał Miłecki
3f96e57aed otrx: add support for -A (append) and -a (align) options
They are inspired and compatible with the original and mjn3's trx tool.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-14 22:33:19 +01:00
Rafał Miłecki
6d283b8029 otrx: optimize memory usage when creating TRX image
There is no need to allocate buffer as big as the whole image in order
to calculate CRC32. It's enough to use small buffer and just read file
content block by block.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-14 22:33:19 +01:00
Rafał Miłecki
c6761e7c8e otrx: use helper function when checking image's CRC32
This requires changing this helper to accept initial/current CRC32
value as argument but it allows dropping duplicated (complex?) code
calculating the CRC32.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-14 22:33:19 +01:00
Hans Dedecker
31ebbe34cc igmpproxy: remove firewall rules when service is stopped
Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-14 22:01:44 +01:00
Jaroslav Safka
17a4eacd0c dnsmasq: fix swapped ubus args mac and ip
Fix swapped arguments "mac" and "ip" when calling function
"ubus_event_bcast".

Signed-off-by: Jaroslav Safka <devel@safka.org>
2017-11-13 23:30:33 +01:00
Martin Schiller
e2f25e607d openvpn: add support to start/stop single instances
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-11-13 21:37:24 +01:00
Daniel Golle
654016bb0a rpcd: fix packagelist memory leak
a0231be8fbc61 sys: fix memory leak in packagelist

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-13 01:59:53 +01:00
Alexander Couzens
6ab4521464
package/elfutils: add CFLAG -Wno-format-nonliteral
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-13 01:11:12 +01:00
Peter Wagner
164fe697f7
openssl: update to 1.0.2m
don't set no-ssl3-method when CONFIG_OPENSSL_WITH_SSL3 di disabled otherwise the compile breaks with this error:

../libssl.so: undefined reference to `SSLv3_client_method'

Fixes CVE: CVE-2017-3735, CVE-2017-3736

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-11-12 23:47:11 +01:00
Daniel Golle
49fde37758 rpcd: update to the latest version from 2017-11-12
4e483312b0216 sys: add packagelist method

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-12 20:43:43 +01:00
Felix Fietkau
12f9305c12 wireguard: fix portability issue
Check if the compiler defines __linux__, instead of assuming that the
host OS is the same as the target OS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-11 13:20:39 +01:00
Felix Fietkau
f7186599ce wireguard: move to kernel build directory
It builds a kernel module, so its build dir should be target specific

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-11 13:20:39 +01:00
John Crispin
b4e30b863c procd: update to latest git HEAD
7c9aa7c service: add data within the service itself
e2b819a service: fix calls to blobmsg_parse()

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-10 23:35:38 +01:00
Pierre Lebleu
832b6b8305 procd: service_data: Support data within the service itself
Use the same approach than the service_triggers for the service_data.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
2017-11-10 23:31:27 +01:00
Yangbo Lu
2b1ec44dbd layerscape: add ls1012afrdm device support
The QorIQ FRDM-LS1012A Board is an ultra-low-cost
development platform for QorIQ LS1012A Series Network
Processors built on ARM Cortex-A53 processor.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
9e7b166704 layerscape: enlarge ext4 rootfs size to 30MB
This patch is to enlarge ext4 rootfs size to 30MB.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
5b8639f02e layerscape: add ppa firmware package
This patch is to add PPA (The Primary Protected Application)
package and also enable it for all layerscape devices.
LSDK github provides ppa source code git tree, but it
only could be compiled with 64-bit toolchain. For 32-bit
devices, there was no method to use it.
https://github.com/qoriq-open-source/ppa-generic

This patch is to directly use a private ppa binary tree for
both 32-bit and 64-bit devices.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
82fbca8aaa layerscape: support LSDK ppfe
This patch is to use ppfe git tree on LSDK github
instead of private git tree, and support the latest
ppfe on ls1012ardb.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
ede04541ba layerscape: stop pfe before starting up kernel
For ls1012ardb, pfe should be stopped before starting up
kernel.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
38417e9ce1 layerscape: update u-boot to LSDK-1709-update-103017 tag
Updated u-boot to LSDK-1709-update-103017 tag.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
1552dd01d9 layerscape: use 1GHz CPU fequency for ls1012ardb
Used 1GHz CPU fequency for ls1012ardb instead of 800MHz.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
b915ac8ce2 layerscape: update rcw to LSDK-17.09-update-103017 tag
Updated rcw to LSDK-17.09-update-103017 tag.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
69c8e8d00b layerscape: support LEDE boot for ls1088ardb/ls2088ardb
Added u-boot patches to support LEDE boot for ls1088ardb
and ls2088ardb.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
47cff4cf5f layerscape: support all-in-one firmware for ls1088ardb/ls2088ardb
Suppport all-in-one firmware for ls1088ardb/ls2088ardb by
integrating u-boot/rcw/mc/dpl/restool.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
23c1504059 layerscape: add restool package
restool is a user space application providing the
ability to dynamically create and manage Layerscape
DPAA2 containers and objects from Linux.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
1e0276a39a layerscape: add dpl firmware package
This patch is to add data path layout files for the
second generation Data Path Acceleration Architecture.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
71a1df796e layerscape: add mc firmware package
This patch is to add package support for Management
Complex Firmware for the second generation Data Path
Acceleration Architecture.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
85e0d259d2 layerscape: move fman/rcw/ppfe packages to layerscape/
This patch is to create a layerscape directory for all
firmware packages of layerscape.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Rafał Miłecki
5cd48280fd rpcd: update to the latest version from 2017-11-09
9a8640183c031 plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-09 17:30:38 +01:00
Yousong Zhou
b2aa820b48 base-files: fix getting gid from group_add_next
Shell function return code only has range [0, 255].  Other values will
be truncated, e.g. return 65536 will have the same effect as return 0

While at it, drop other "return $rc" where rc will almost always take
value 0 and whose value current callers actually do not check

Fixes FS#988

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-09 17:42:36 +08:00
Marko Ratkaj
73c745f64f functions.sh: fix default_postinst function
When we run "opkg install" on a package that installs an uci-defaults
script, functions.sh will fail to evaluate that script in its
default_postinst function.

This happens because there is no "./" present and it searches for the
file in paths specified by the PATH variable. This would work on bash,
but it will not work on ash and some other shells like sh, zsh. This
applys to the ". filename" directive used in this case.

This patch will make the path relative to the /etc/uci-defaults
directory.

Fixes: FS#1021

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-11-08 23:18:22 +01:00
Jonas Gorski
dea3bad84e ltq-ptm: add missing depency to ltq-?dsl-*-mei
Add the required dependency to the mei driver as cought by the depenceny
checker.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Jonas Gorski
e76340198f ltq-atm: fix dependency for xrx200
Ad the missing dependency for the xrx200 variant, which depends on the
vdsl mei driver.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Jonas Gorski
a9a78a70cc ltq-adsl-mei: use the same file name for all variant
Due to limitations in the symvers treatment and the mei drivers
exporting the same funtions, modpost might use the wrong mei driver
to link against.

Work around this by renaming them all to the same name, making it
always the "right" module name even if the wrong file was used.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Jonas Gorski
ee59f8126f partially revert "mwlwifi: switch to AutoProbe"
Apearently we need to ensure mwlwifi loads before mwifiex on
the WRT3200ACM, else mwifiex will claim the wifi.

Fix this by reverting to AutoLoad, but keep the removal of
mac80211 line.

This partially reverts commit 471d5dc6e3.

Fixes: 471d5dc6e3 ("mwlwifi: switch to AutoProbe")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Hans Dedecker
1928fc93ce firewall: update to latest git HEAD
c430937 ubus: parse the firewall data within the service itself

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-07 22:35:46 +01:00
Jo-Philipp Wich
2b6facc8d4 include: kernel.mk: simplify module autoloading
Let the generic postinstall script invoke "kmodloader" when the just
installed package contains any /etc/module.d/ entries.

This allows us to skip the explicit "insert_module()" calls in the
package postinstall.

Due to the removed insert_module calls we do not need to assemble a
complete list of modules per package anymore, which allows for vast
simplification of the package generation code.

While we're at it, also support specifying default parameters for
modules using either the MODPARAM or MODPARAM.modulename variables
in KernelPackage.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-07 12:02:06 +01:00
Jo-Philipp Wich
05a4200d56 uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.

a235636 2017-11-04 file: fix query string handling

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-07 12:02:06 +01:00
Daniel Golle
ebdf5ed50b netifd: fix PKG_MIRROR_HASH
commit fbde9ac718 set an incorrect sha256sum which doesn't match the
file http://sources.lede-project.org/netifd-2017-10-31-0f96606b.tar.xz
or a locally packaged checkout (which resulted in a file identical with
the one referenced by the URL above).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-07 00:21:02 +01:00
Yury Shvedov
09f90b7829 hostapd: remove default r1_key_holder generation
By default, hostapd assumes r1_key_holder equal to bssid. If LEDE
configures the same static r1 key holder ID on two different APs (BSSes) the
RRB exchanges fails behind them.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
2017-11-06 16:39:41 +01:00
Denis Osvald
ee791fa4ab netfilter, iptables: add optional CHECKSUM module
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-11-06 16:39:41 +01:00
Zoltan HERPAI
f9ecb0d562 sunxi: add Orange Pi 2 support
- H3 @ 1.3 GHz
- 1GiB DDR3
- 10/100Mbps Ethernet
- Realtek RTL8189ETV wifi
- 4 USB 2.0

Difference to the "Orange Pi Plus" is the lack of Gbit ethernet
and lack of onboard flash.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-11-06 16:39:41 +01:00
Marek Vasut
6d2f3b1b19 package: kernel: dtc: Add DTO support
Add patch with the DT overlay support into the DTC package.

Signed-off-by: Marek Vasut <marex@denx.de>
2017-11-06 16:39:41 +01:00
Ralph Sennhauser
f5468d2486 openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
2017-11-06 16:39:41 +01:00
Kayo Phoenix
6a3565985f sunxi: Added profile for HAOYU Electronics Marsboard A10
The MarsBoard was a short-lived credit-card sized, extendable board with an Allwinner A10 SoC.
http://linux-sunxi.org/MarsBoard_A10

Signed-off-by: Kayo Phoenix <kayo@illumium.org>
[Forward-ported to new target layout:]
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-11-06 16:39:41 +01:00
Arjun AK
63d7c45886 iwinfo: add "PKG_MIRROR_HASH" to the Makefile
Defining it will let the build tool download the tarball file from
a buildbot server, avoiding a clone of the source repo.

Signed-off-by: Arjun AK <lede@arjunak.com>
2017-11-06 16:39:41 +01:00
Felix Fietkau
94491a1571 ubox: update to the latest version, fixes syslog issues
7a49632 logd: use uloop instead of ustream_fd for syslog
69d6542 logd: only create pipe in stream mode
df30c8c logread: terminate after EOF
bdcacad logd: implement oneshot mode for stream log read
4a10d4e logread: use oneshot mode without -f, wait for logd to close
ea3d7fa logd: enforce line length limit for ubus based log messages as well
960a29d logread: remove leftover debug code
a081904 logread: fix line buffer size
2c0d9cf logd: move stripping of newlines to log_add()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-06 11:58:40 +01:00
Philip Prindeville
e03dcf494e iperf3: update to 3.3 and refresh patches
Taking the same patchset I've submitted upstream for inclusion.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-10-31 14:19:51 -06:00
John Crispin
bd60c9063d bubox: update to latest git HEAD
729f47f jshn: read and write 64-bit integers

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 10:06:35 +01:00
Koen Vandeputte
06d5d01e8a uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:22 +02:00
Koen Vandeputte
09582d6b4d uqmi: also try newer pin verification
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.

Fixes PIN issues with modems like the Sierra Wireless MC7455

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:21 +02:00
John Crispin
5b3e35d85b ubox: update to latest git HEAD
da5b8b4 log/syslog: Add missing static to two structs.
dd61c9f ubox: Replace { 0 } with {}.

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 09:07:39 +01:00
John Crispin
f62e2f611c procd: update to latest git HEAD
53e92d4 procd: lower the logging threshold
b39c362 service: Start services normally when seccomp is disabled
3ba6b45 procd: add missing new lines inside debug code
56a02e3 service: fix service_handle_event array
d4a183f service: fix SERVICE_ATTR_NAME usage in service_handle_set

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 08:50:18 +01:00
Michal Sojka
0e300a3a71 procd: Always tell cmake whether to include seccomp support or not
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-11-03 22:31:42 +01:00
John Crispin
727ab294d0 ubus: update to latest git HEAD
24ffe9b libubus-req: add data_cb callback handling for ubus notifications

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 08:31:38 +01:00
Yousong Zhou
f0c37f6ceb libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches.  This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.

The error message:

    OpenWrt-libtool: link: ccache_cc -shared  -fPIC -DPIC  .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o  -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive  -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc  -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib   -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
    .libs/os-linux.o: In function `_Ux86_get_elf_image':
    os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
    Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lresume.o: In function `_ULx86_resume':
    Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
    collect2: error: ld returned 1 exit status
    Makefile:2249: recipe for target 'libunwind.la' failed

The snippet from gcc -dumpspecs

    %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-06 10:49:58 +08:00
Kevin Darbyshire-Bryant
e0bd225269 wireguard: version bump to 0.0.20171101
Update wireguard to latest snapshot:

9fc5daf version: bump snapshot
748ca6b compat: unbreak unloading on kernels 4.6 through 4.9
7be9894 timers: switch to kees' new timer_list functions
6be9a66 wg-quick: save all hooks on save
752e7af version: bump snapshot
2cd9642 wg-quick: fsync the temporary file before renaming
b139499 wg-quick: allow for saving existing interface
582c201 contrib: add reresolve-dns
8e04be1 tools: correct type for CTRL_ATTR_FAMILY_ID
c138276 wg-quick: allow for the hatchet, but not by default
d03f2a0 global: use fewer BUG_ONs
6d681ce timers: guard entire setting in block
4bf32ca curve25519: only enable int128 if compiler support is sound
86e06a3 device: expand scope of destruct lock
e3661ab global: get rid of useless forward declarations
bedc77a device: only take reference if netns is different
7c07e22 wg-quick: remember to rewind DNS settings on failure
2352ec0 wg-quick: allow specifiying multiple hooks
573cb19 qemu: test using four cores
e09ec4d global: style nits
4d3deae qemu: work around ccache bugs
7491cd4 global: infuriating kernel iterator style
78e079c peer: store total number of peers instead of iterating
d4e2752 peer: get rid of peer_for_each magic
6cf12d1 compat: be sure to include header before testing
3ea08d8 qemu: allow for cross compilation
d467551 crypto/avx: make sure we can actually use ymm registers
c786c46 blake2: include headers for macros
328e386 global: accept decent check_patch.pl suggestions
a473592 compat: fix up stat calculation for udp tunnel
9d930f5 stats: more robust accounting
311ca62 selftest: initialize mutex in routingtable selftest
8a9a6d3 netns: use time-based test instead of quantity-based
e480068 netns: use read built-in instead of ncat hack for dmesg

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-04 18:10:21 +01:00
Mathias Kresin
8d3857a347 ath9k: unset the default LED pin if used by platform buttons
Unset the default LED gpio pin if the same gpio pin is used by a button
defined via platform button. It prevents the change of the GPIO value
on wireless up/down or wireless traffic.

Fixes: FS#1129

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-04 09:50:13 +01:00
Edmunt Pienkowsky
fdc7cc9907 base-files: add interval option to netdev LED trigger configuration
Add an uci option to set the interval parameter of the netdev trigger.

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
2017-11-03 20:04:52 +01:00
Paul Wassi
67da6a7c5e uboot-kirkwood: update to 2017.09
Upgrade uboot-kirkwood to upstream release 2017.09
Catch up with upstream and move configuration options from
simple defines to Kconfig, as otherwise dependencies would
not be resolved and code would not compile.

Tested-by: Alberto Bursi <alberto.bursi@outlook.it>
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2017-11-03 20:04:52 +01:00
Mathias Kresin
56189f1e32 ltq-atm: add missing dependency to kmod-ltq-adsl-*-mei
Commit 2e496876c6 fixed the generation of the depends line for external
kernel modules which makes it possible for the build system to
automatically detect this missing dependency.

This fixes the packaging of kmod-ltq-atm for the ar9, xway and
xway-legacy subtarget.

Fixes: FS#1124

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-03 20:04:40 +01:00
Felix Fietkau
eb58eba08b uclient: update to the latest version, fixes fetch of multiple files
4b87d83 uclient-fetch: fix overloading of output_file variable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-02 22:54:09 +01:00
Tero Jänkä
82a4b8dd6a netifd: fix dns and domain variables pollution in dhcp.script
Unmodified dns and domain variables could be needed in user script (/etc/udhcpc.user).

Signed-off-by: Tero Jänkä <tero.janka@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cleanup)
2017-11-02 18:20:55 +01:00
Hans Dedecker
f90f94d2c1 nghttp2: switch to release tarball
Switch from git to xz release tarball as there's no good reason to keep
using git when release tarballs are provided.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-01 22:08:14 +01:00
Baptiste Jonglez
098afa1e1b openssl: Enable assembler optimizations for aarch64
OpenSSL is built with the generic linux settings for most targets,
including aarch64.  These generic settings are designed for 32-bit CPU and
provide no assembler optmization: this is widely suboptimal for aarch64.

This patch simply switches to the aarch64 settings that are already
available in OpenSSL.

Here is the output of "openssl speed" before the optimization, with
"(...)" representing build flags that didn't change:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)

And after this patch, OpenSSL uses 64 bit mode and assembler optimizations:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)  -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM

Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3:

    before# openssl speed sha aes blowfish
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3918.89k     9982.43k    19148.03k    24933.03k    27325.78k
    sha256            4604.51k    10240.64k    17472.51k    21355.18k    22801.07k
    sha512            3662.19k    14539.41k    21443.16k    29544.11k    33177.60k
    blowfish cbc     16266.63k    16940.86k    17176.92k    17237.33k    17252.35k
    aes-128 cbc      19712.95k    21447.40k    22091.09k    22258.35k    22304.09k
    aes-192 cbc      17680.12k    19064.47k    19572.14k    19703.13k    19737.26k
    aes-256 cbc      15986.67k    17132.48k    17537.28k    17657.17k    17689.26k

    after# openssl speed sha aes blowfish
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              6770.87k    26172.80k    86878.38k   205649.58k   345978.20k
    sha256           20913.93k    74663.85k   184658.18k   290891.09k   351032.66k
    sha512            7633.10k    30110.14k    50083.24k    71883.43k    82485.25k
    blowfish cbc     16224.93k    16933.55k    17173.76k    17234.94k    17252.35k
    aes-128 cbc      19425.74k    21193.31k    22065.74k    22304.77k    22380.54k
    aes-192 cbc      17452.29k    18883.84k    19536.90k    19741.70k    19800.06k
    aes-256 cbc      15815.89k    17003.01k    17530.03k    17695.40k    17746.60k

For some reason AES and blowfish do not benefit, but SHA performance
improves between 1.7x and 15x.  SHA256 clearly benefits the most from the
optimization (4.5x on small blocks, 15x on large blocks!).

When using EVP (with "openssl speed -evp <algo>"):

    # Before, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3824.46k    10049.66k    19170.56k    24947.03k    27325.78k
    sha256            3368.33k     8511.15k    16061.44k    20772.52k    22721.88k
    sha512            2845.23k    11381.57k    19467.69k    28512.26k    33008.30k
    bf-cbc           15146.74k    16623.83k    17092.01k    17211.39k    17249.62k
    aes-128-cbc      17873.03k    20870.61k    21933.65k    22216.36k    22301.35k
    aes-192-cbc      16184.18k    18607.15k    19447.13k    19670.02k    19737.26k
    aes-256-cbc      14774.06k    16757.25k    17457.58k    17639.42k    17686.53k

    # After, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              7056.97k    27142.10k    89515.86k   209155.41k   347419.99k
    sha256            7745.70k    29750.06k    95341.48k   211001.69k   332376.75k
    sha512            4550.47k    18086.06k    39997.10k    65880.75k    81431.21k
    bf-cbc           15129.20k    16619.03k    17090.56k    17212.76k    17246.89k
    aes-128-cbc      99619.74k   269032.34k   450214.23k   567353.00k   613933.06k
    aes-192-cbc      93180.74k   231017.79k   361766.66k   433671.51k   461731.16k
    aes-256-cbc      89343.23k   209858.58k   310160.04k   362234.88k   380878.85k

Blowfish does not seem to have assembler optimization at all, and SHA
still benefits (between 1.6x and 14.5x) but is generally slower than in
non-EVP mode.

However, AES performance is improved between 5.5x and 27.5x, which is
really impressive!  For aes-128-cbc on large blocks, a core i7-6600U
@2.60GHz is only twice as fast...

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-10-31 10:43:10 +08:00
Jonas Gorski
5302abe745 acx-mac80211: allow compilation on 4.9
acx-mac80211 compiles fine with 4.9, so no reason to not allow it.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Jonas Gorski
c77ba7df09 ar7-atm: fix function signatures with expected ones
Newer kernels treat differing signatures an error, not just a warning,
so fix the signatures to match.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Jonas Gorski
fce2664f19 ar7-atm: fixup proc fixes
They were incomplete, so fix them to properly update the function signatures
to what is expected.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Jonas Gorski
889b21f954 ar7-atm: drop LINUX_VERSION tests
Minimum supported kernel is 3.18, so we don't need to test for anything
older. In addition, the API hasn't changed since then, so we don't need
to check for any kernel version at all.  This helps to keeps the amount
of changes more managable.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Hans Dedecker
b00cf0e58e curl: bump to 7.56.1
Refresh patches
Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as
integrated upstream

See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and
7.56.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:07:43 +01:00
Hans Dedecker
f6c01306cb nghttp2: bump to 1.27.0
Changes in v1.27.0 :

build: Fixed accidental compiler flags concatenation for MSVC (Patch from LazyHamster) (GH-1029)
build: Reduce libxml2 version requirement to 2.6.26 (Patch from Mike Lothian) (GH-1020)
asio: Support for Windows / MinGW (Patch from Daniel Evers) (GH-1027)
h2load: Print out h2 header fields with --verbose option (GH-1015)
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only (GH-1016)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:05:33 +01:00
Hauke Mehrtens
1e5e005841 ltq-atm: Add missing dependency to kmod-ltq-adsl-ase-mei
Commit 2e496876c6 fixed the generation of the depends line for external
kernel modules which makes it possible for the build system to
automatically detect this missing dependency. This fixes the build bot
build of the lantiq/aes target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-29 17:01:26 +01:00
Karl Vogel
76378c6b9f build: use KERNEL_MAKE_FLAGS for kernel file compilations
The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS.
Make use of this variable for kernel makefiles.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
2017-10-29 16:17:05 +01:00
Matt Mets
851644bf5b adb: fix package description
Signed-off-by: Matt Mets <matt@blinkinlabs.com>
2017-10-29 16:16:35 +01:00
Jonas Gorski
471d5dc6e3 mwlwifi: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5df30a169c mt76: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
3689f7c8ef mac80211: ath10k: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
7eda0d2272 broadcom-wl: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5cee71904f broadcom-wl: reorder kmod build and pass EXTRA_VERSIONS
Reoder the build to build the glue module first and pass the glue module's
Module.symvers to the wl driver builds.

This allows modpost to properly store a wl_glue dependency in the driver.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
557e98ebcc broadcom-wl: define module directories
Define the module subdirs so our build system properly picks up the
Module.symvers.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5172f799a3 ath10k-ct: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
dd9df74dfa ath10k-ct: define module directories
Define the module subdir so our buildsystem properly picks up the
Module.symvers.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
70e7efb12f acx-mac80211: drop PKG_BUILD_DEPENDS
We already have a DEPENDS on mac80211, which should be enough to ensure
headers are available before build.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
860aba9e48 acx-mac80211: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jo-Philipp Wich
75021e9411 Revert "wpa_supplicant: log to syslog instead of stdout"
This reverts commit e7373e489d.

Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which
is not enabled for all build variants.

Revert the change for now until we can properly examine the size impact of
CONFIG_DEBUG_SYSLOG.

Fixes FS#1117.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 11:43:59 +02:00
Jo-Philipp Wich
d4e7af5278 mdadm: fix parameter quoting
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 03:26:37 +02:00
Rosen Penev
8eadec40bd mdadm: Fix config generation
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.

Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.

Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 02:32:32 +02:00
Martin Wetterwald
378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Henryk Heisig
f774d68fff ath10k-firmware: qca9888 firmware: remove board.bin
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-10-27 00:45:32 +02:00
Jonas Gorski
1dcd8e7cf1 mac80211: backport fixes for fix for CVE-2017-13080
Backport two fixes for the fix of CVE-2017-13080, preventing side channel
attacks and making it work for TKIP.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-26 15:41:07 +02:00
John Crispin
21e59ee3a2 hostapd: fix up ubus support
Signed-off-by: John Crispin <john@phrozen.org>
2017-10-25 21:45:31 +02:00
Kevin Darbyshire-Bryant
240d4b1b6e ltq-xdsl-app: script style nit
Fix missing space style nit.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-25 18:48:51 +02:00
Mathias Kresin
dacf6db2ee ltq-adsl-app: add more script notifications
Backport HANDSHAKE and TRAINING notification from ltq-vdsl-app. It
unifies the dsl led blinking pattern accross all subtargets and allows
to get the current line status from the dsl led.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
63c436ea4b ltq-atm: remove xrx200 special handling
The lantiq ATM driver is load for all subtargets on demand now. There
is not need to handle the xrx200 ATM driver in a special way any
longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
b02b7004f8 lantiq: xway: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

By using dsl0 as interface name as for the xrx200 we can get rid of a
few conditionals which were introduced because of the different default
TC-Layer in xway and xrx200.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
1470c79ceb ltq-adsl-app: use notification based ATM/PTM driver load
This patch removes the fixed atm/ptm driver loading and
switches to notification based driver loading.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
d456a888d0 ltq-adsl-app: convert init script to procd
Use the procd features for the init script.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Stefan Oberhumer
06e41056aa libs/lzo: Reenable unaligned access on ARM, PPC, ...
Due a compiler bug on ARM targets
 ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit 061319ec3d .

A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.

Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
2017-10-24 13:24:04 +02:00
Florian Fainelli
1a53315951 uboot-sunxi: Backport fix for stale CONFIG_SUNXIG_GMAC references
This backports the upstream commit fixing stale references to
CONFIG_SUNXI_GMAC which have been later replaced by CONFIG_SUN7I_GMAC.
This fixes the designware MAC pinmuxing on e.g: Lamobo R1.

Refresh patches while we are at it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:42:25 -07:00
Stijn Tintel
683350873e kernel: add kmod-iio-bmp280
This driver supports the Bosch Sensortec BMP180/BMP280 pressure and
temperature sensors. It also supports the BME280 sensors with an
additional humidity channel.

Tested I2C and SPI modes with a BME280 sensor on a Raspberry Pi Zero W.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Stijn Tintel
19a7f44a5a kernel: move IIO modules to iio.mk
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Hans Dedecker
fbde9ac718 netifd: bump to git HEAD version (FS#1037)
0f96606 proto: add point-to-point IPv4 address config support (FS#1037)
1ee788d ubus: display the point-to-point IPv4 address

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-19 21:48:49 +02:00
Felix Fietkau
184c92e7fb uboot-envtools: add support for Nokia WI2A-AC200i
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-19 12:27:44 +02:00
Hauke Mehrtens
db4550c4c8 broadcom-wl: fix compile with kernel 4.9
ENOENT could not be found by the compiler when compiling again kernel
4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-18 23:26:15 +02:00
Stijn Tintel
060e37567e hostapd: bump PKG_RELEASE
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-18 13:02:12 +03:00
Jason A. Donenfeld
f6c4a9c045 wireguard: version bump to 0.0.20171017
This is a simple version bump. Changes:

  * noise: handshake constants can be read-only after init
  * noise: no need to take the RCU lock if we're not dereferencing
  * send: improve dead packet control flow
  * receive: improve control flow
  * socket: eliminate dead code
  * device: our use of queues means this check is worthless
  * device: no need to take lock for integer comparison
  * blake2s: modernize API and have faster _final
  * compat: support READ_ONCE
  * compat: just make ro_after_init read_mostly

  Assorted cleanups to the module, including nice things like marking our
  precomputations as const.

  * Makefile: even prettier output
  * Makefile: do not clean before cloc
  * selftest: better test index for rate limiter
  * netns: disable accept_dad for all interfaces

  Fixes in our testing and build infrastructure. Now works on the 4.14 rc
  series.

  * qemu: add build-only target
  * qemu: work on ubuntu toolchain
  * qemu: add more debugging options to main makefile
  * qemu: simplify shutdown
  * qemu: open /dev/console if we're started early
  * qemu: phase out bitbanging
  * qemu: always create directory before untarring
  * qemu: newer packages
  * qemu: put hvc directive into configuration

  This is the beginning of working out a cross building test suite, so we do
  several tricks to be less platform independent.

  * tools: encoding: be more paranoid
  * tools: retry resolution except when fatal
  * tools: don't insist on having a private key
  * tools: add pass example to wg-quick man page
  * tools: style
  * tools: newline after warning
  * tools: account for padding being in zero attribute

  Several important tools fixes, one of which suppresses a needless warning.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17 19:43:06 +02:00
Stijn Tintel
c5f97c9372 hostapd: add wpa_disable_eapol_key_retries option
Commit 2127425434 introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.

Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:25:05 +03:00
Stijn Tintel
2127425434 hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:24:47 +03:00
Stijn Tintel
5fff2f44d5 hostapd: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the
fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 02:13:34 +03:00
Stijn Tintel
2f701194c2 mac80211: backport kernel fix for CVE-2017-13080
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 01:56:31 +03:00
Hauke Mehrtens
a29848c671 ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.

Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-16 20:08:56 +02:00
Jason A. Donenfeld
699c6fcc31 wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.

This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.

WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 14:01:21 +03:00
Felix Fietkau
bbda81ce30 hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088

For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 12:01:57 +02:00
Hauke Mehrtens
f40fd43ab2 ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:19:49 +02:00
Martin Schiller
2dc9c8206b lantiq: xrx200: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-15 11:11:29 +02:00
Hauke Mehrtens
08bbb804c8 mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usb
This fixes a build problem with many targets.

Fixes 618ed77a17 ("mac80211: add ath6kl kernel modules")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 10:53:46 +02:00
Christian Lamparter
81e28be824 kernel: kmod-macsec module for 4.9
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.

Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.

http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf

Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-10-15 00:24:22 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Florian Eckert
2e6d4c362b package/kernel/leds-apu2: add apu3 board detection
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Florian Eckert
2af41487e0 package/kernel/leds-apu2: fix whitespaces
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Yunhui Fu
0f061af98e wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.

Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
2017-10-15 00:24:22 +02:00
Ben Whitten
618ed77a17 mac80211: add ath6kl kernel modules
Allow board to include the ath6kl kernel modules.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
76662637fa linux-firmware: add ath6k firmware to package
Systems which include the ath6k chipset need to have the firmware included
in the image.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Hans Dedecker
1cec4d4ef0 busybox: provide "ip"
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-14 20:23:55 +02:00
Sandeep Sheriker Mallikarjun
0a919afae4 at91bootstrap: remove manual copy of binaries to BIN_DIR
removed copying of binaries to BIN_DIR during install and using
default/install to install binaries to BIN_DIR folder.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Sandeep Sheriker Mallikarjun
cc443e894a at91bootstrap: Add BUILD_SUBTARGET variable
Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap
menu options in bootloader menu only when SAMA5 devices are selected as
SUBTARGET and to avoid showing up this menu when legacy device is
selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Hauke Mehrtens
b4c3570666 uboot-at91: multiple build fixes
This fixes the following problems:
 * Add BUILD_DEVICES for legacy subtarget
 * Use features from u-boot.mk for sama5 subtarget This is mainly done
   by changing the prefix from uboot to U-Boot. This makes them depend
   on the sama5 subtarget and not selectable for the legacy subtarget
   any more

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-14 00:13:35 +02:00
Hans Dedecker
db18cee2d7 iproute2: bump to 4.13
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-13 21:48:44 +02:00
Felix Fietkau
5bd006aa26 mac80211: fix tx power regression
Revert an accidental change that was introduced by having an old version
of the patch in my git tree, which was merged in 609208597b

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 20:28:47 +02:00
Christian Lamparter
7ffb707576 dnsmasq: add listen_address parameter
This patch adds a parser for the uci representation of
dnsmasq's "-a | --listen-address" option.

In summary, this option forces dnsmasq to listen on the
given IP address(es). Both interface and listen-address
options may be given, in which case the set of both
interfaces and addresses is used.

Note that if no interface option is given, but listen_address is,
dnsmasq will not automatically listen on the loopback interface.
To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1
must be explicitly added.

This option is useful for ujailed dnsmasq instances, that would
otherwise fail to work properly, because listening to the
"This host on this network" address (aka 0.0.0.0 see rfc1700 page 4)
may not be allowed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-10-13 16:54:58 +02:00
Felix Fietkau
878456caf6 mt76: update to the latest version
e781569 update to latest mac80211/cfg80211 API changes
37654d7 mt76x2: fix tx status ampdu length corner case

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Felix Fietkau
609208597b mac80211: update to wireless-testing 2017-10-06
Rework the code to get rid of some extra kernel module dependencies
introduced in the last update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Hauke Mehrtens
efbd4e721d ath10k-ct: activate user space firmware loading again
This backports a patch from kernel 4.14 to the ath10k-ct version based
on kernel 4.13.
Some devices are using a user space script to load the calibration data
from the flash and this was not trigged any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-12 23:40:27 +02:00
Ben Greear
3888e77c1c ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver
This should help ath10k work on systems with little or no IOMMU
memory.  apu2 can boot two 9888 NICs now, for instance.  From
upstream patch by Adrian Chadd.

And, start building the 4.13 based CT ath10k driver.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Ben Greear
d8c559d614 ath10k-ct firmware: Tx-hang and EAPOL handling fixes for wave-2 firmware.
Changes since last LEDE release include:

  *  Fix key-setting bug that broke sending the EAPOL 2/4 in some cases.  This was a
     bug I introduced some time back while trying to fix .11r and simplify the key
     handling logic.  (Patch to wpa_supplicant fixed the race with sending the 4/4
     and setting the key...un-patched supplicant will still have this race and the 4-way
     auth will not work as reliably.)

  *  Increase amount of active-tids that can be scheduled.  This fixes a tx-stall
     seen with many station vdevs.

  *  Fix bug in upstream code that would cause the maximum peer to never be scheduled
     for tx.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Alexandru Ardelean
a5d016f361 net: uqmi: fix blocking in endless loops when unplugging device
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-10-09 16:07:42 +02:00
Stijn Tintel
f8595a51d9 conntrack-tools: switch to git
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.

7e7748d src/main: refresh help message
fe32043 conntrackd.8: refresh file
47a4dda conntrackd.8: add reference to systemd
0cfe7ff doc/manual: include some bits about init systems
74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
d833bed conntrackd: cthelper: ftp: Fix debug print
dd4b5a1 conntrackd: cthelper: Add new mdns helper
498d698 Link nfct and helper modules with `-z lazy`
9e94e85 sync-mode: print errno message on failure
ab81c35 log: print messages to stdout/sderr if running in console mode
631d92b log: introduce a mechanism to know if log was initialized
ccb1c8b conntrackd: replace error reporting in the config parser with dlog()
bee121e conntrackd: replace fprintf calls with dlog()
5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address
abb9984 helper: remove copy and paste from uapi kernel header
a91a004 src: add log message when resync is requested by other node
c2d8be1 systemd: fix missing log.h include
f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options
8b83771 conntrack: send mark filter to kernel iff set
1ba5e76 conntrackd: cthelper: Don't leak nat_tuple
832166d conntrackd: cthelper: Free pktb after use
ff843bc conntrackd: config: Do not strdup() tokens
b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing
8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option
39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On
29b390a conntrack: Support IPv6 NAT
381827a conntrackd: factorice tx_queue functions
131df89 conntrackd: factorize resync operations
d31bacc conntrackd: consolidate more code to use resync_send()
3d98496 conntrackd: request resync at startup
ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6
9d38445 conntrackd: evaluate configuration earlier
6feded7 conntrackd: cleanup if failed forking
dbfdea7 conntrackd: deprecate unix backlog configuration
210f542 conntrackd: make the daemon run in RT mode by default
37cc7f0 conntrackd: remove warning for -S
d2849d1 conntrack: Show multiple CPUs stats from proc
bc0b49a conntrackd: cthelper: ssdp: fix build with musl
0c77a25 tests: don't fail on modprobe since the driver might be built-in
eefe649 conntrack.8: refresh manpage

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:15:14 +03:00
Stijn Tintel
7695f144eb libnetfilter_conntrack: switch to git
In order to build conntrack-tools from git, a newer version of
libnetfilter_conntrack is required. As 1.0.6 is currently the latest
release, switch to git.

b0a7cf7 include: expose a copy of nf_conntrack_common.h
f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat()
79dac5a conntrack: revert getobjopt_is_nat() condition
b266523 libnetfilter_conntrack: bump version to 1.0.7
e870432 labels: don't crash on NULL labelmap

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:12:00 +03:00
Stijn Tintel
bcfc39b763 libnetfilter_queue: bump to git HEAD
b39cac7 src: Correct typo in the location of internal.h in #include
58cb066 src: Declare the define visibility attribute together
e84b559 Revert "src: Declare the define visibility attribute together"
003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute
63973da doc: extend the doxygen section about NFQA_CFG_F_GSO
d7f74c7 build: bump version to 1.0.3
3f9eb57 build: bump library release version too
601abd1 doc: Add information about retrieving UID/GID/SECCTX fields

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:06:06 +03:00
Stijn Tintel
9e9696afc8 treewide: switch git.netfilter.org to HTTPS
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 21:10:36 +03:00
Stijn Tintel
6b533fd4bc ipset-dns: bump to git HEAD
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Daniel Golle
b80f6a5876 uboot-sunxi: build for NanoPi NEO
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-10-08 17:16:39 +02:00
Yangbo Lu
2e2203ff72 layerscape: update packages with LSDK git trees
NXP Layerscape LSDK had set up its own open source web site
and github for release.

https://lsdk.github.io
https://github.com/qoriq-open-source

This patch is to update rcw/fman_ucode/u-boot packages with LSDK
git trees. Also add some patches of packages to support LEDE.
Since ARMv8 32-bit u-boot images are same with ARMv8 64-bit images
but 64-bit toolchain couldn't be used for 32-bit targets, we still
use a private tree for ARMv8 32-bit u-boot images. This is in plan
to move this private tree to NXP Layerscape github.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-07 23:13:22 +02:00
Yangbo Lu
806624add5 layerscape: rename subtargets and update makefile files
Rename subtargets 32b/64b with armv8_32b/armv8_64b which are
more proper, and update makefile files. There also will be other
subtargets added in the future, like armv7.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-07 23:13:22 +02:00
Hans Dedecker
778970735b curl: add nghttp2 support
Add config option support for nghttp2

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Hans Dedecker
0e265dc0c7 nghttp2: add libnghttp2 package
The nghttp2 library is an implementation of the Hypertext Transfer
Protocol version 2 in C; it supports RFC7540 and RFC7541.
The package enables only the reusable C library; binary size is 130K (X86)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Thibaut VARENE
2be307c998 rbcfg: Implement CPU frequency control
This patch implements CPU frequency control as found on several
routerboard devices.

Supported SoCs:
- QCA953X
- AR9344

Tested on hAP lite and mAP lite (QCA953x): steps of 50MHz
Tested on LHG 5 (AR9344): steps of 50MHz

On unsupported hardware, this patch is a NOP: it will not alter the
new field.
"rbcfg help" will display an empty "cpu_freq" help listing.
"rbcfg show" will not show the cpu_freq field.
"rbcfg set/get cpu_freq" will return an error code.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
[adjusted subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-07 15:00:26 +02:00
Stijn Tintel
c088203535 hostapd: escape double quoutes in wpad CFLAGS
A recent commit in hostapd added a build option to specify the default
TLS ciphers. This build option is passed via CFLAGS. Due to the way
CFLAGS are handled when building wpad, the compiler tries to recursively
expand TLS_DEFAULT_CIPHERS, resulting in the following error:

../src/crypto/tls_openssl.c: In function 'tls_init':
<command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function)
../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS'
   ciphers = TLS_DEFAULT_CIPHERS;
             ^

Escape double quotes in the .cflags file to avoid this.

Fixes: 2f78034c3e ("hostapd: update to version 2017-08-24")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 05:49:22 +03:00
Koen Vandeputte
2f78034c3e hostapd: update to version 2017-08-24
- Deleted upstreamed patches & parts
- Refreshed all

Compile tested: full-option package + tools (hostapd + wpa_supplicant)
Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link

Targets: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-07 05:46:04 +03:00
Hans Dedecker
bd27331eea netifd: update to latest git HEAD version (FS#1030)
5df3f01 config: suppress error if no wireless config present (FS#1030)
3429bd8 system-linux: add support for hotplug event 'move'

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-06 22:12:33 +02:00
Hans Dedecker
834c93e00b dropbear: fix PKG_CONFIG_DEPENDS
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-06 09:38:00 +02:00
Hans Dedecker
7d905f1e95 uci: bump to git HEAD version
5ad59ad Add bitfield_set function from libubox

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:34 +02:00
Hans Dedecker
470b13975d libubox: bump to git HEAD version
632688e utils: nuke bitfield functions and macros
f714be1 uloop: make SIGCHLD signal handling optional

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:00 +02:00
Mathias Kresin
d07f924978 ltq-vmmc: disable for falcon
The module fails to compile with falcon. Remove the falcon depends from
the module to not (try to) compile it for falcon any longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-04 20:08:15 +02:00
Mathias Kresin
bd523d4573 ltq-ptm: mark AmazonSE support as broken
Albeit ltq-ptm is supported on AmazonSE, the package fails to compile.
Mark the AmazonSE variant as broken to not mark it unnecessary harder
to fix (and test) the compile error.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-04 20:08:15 +02:00
Hans Dedecker
a37655baca procd: use LN macro
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-03 11:07:26 +02:00
Kevin Darbyshire-Bryant
67ac017fef dnsmasq: bump to v2.78
Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-10-02 18:26:53 +02:00
Hauke Mehrtens
5508510e74 sunxi: add Orange Pi R1 support
The following features are working and tested:
* both Ethernet ports
* MMC
* LED

The following features are not working:
* Wifi (There is a crappy driver we could port)
* SPI flash (I haven't looked into this)

I haven't tried out the rest.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 17:10:33 +02:00
Hauke Mehrtens
ba1aedafeb mac80211: fix compile error on PowerPC (PPC_85xx)
Including linux/interrupt.h in linux/hrtimer.h causes this error message
on PowerPC builds on x86, ARM and MIPS it works:

  CC [M]  /backports-4.14-rc2-1/compat/main.o
In file included from /backports-4.14-rc2-1/backport-include/linux/printk.h:5:0,
                 from ./include/linux/kernel.h:13,
                 from /backports-4.14-rc2-1/backport-include/linux/kernel.h:3,
                 from ./include/linux/list.h:8,
                 from /backports-4.14-rc2-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /backports-4.14-rc2-1/backport-include/linux/module.h:3,
                 from /backports-4.14-rc2-1/compat/main.c:1:
./include/linux/ratelimit.h: In function 'ratelimit_state_exit':
./include/linux/ratelimit.h:62:11: error: dereferencing pointer to incomplete type 'struct task_struct'
    current->comm, rs->missed);
           ^
./include/linux/printk.h:279:37: note: in definition of macro 'pr_warning'
  printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
                                     ^
./include/linux/ratelimit.h:61:3: note: in expansion of macro 'pr_warn'
   pr_warn("%s: %d output lines suppressed due to ratelimiting\n",
   ^

The backport of the hrtimer_start() functions needs the
linux/interrupt.h because some parts are defined there. Fix this by
moving the hrtimer_start() backport to the linux/interrupt.h backport
header file.

Fixes: a8f63a0717: ("mac80211: update to backports-4.14-rc2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 16:41:19 +02:00
Hauke Mehrtens
a8f63a0717 mac80211: update to backports-4.14-rc2
This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.

To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1

Then run this:
./gentree.py --git-revision v4.14-rc2 --clean  <path to linux repo> ../backports-4.14-rc2-1

This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 12:49:11 +02:00
Lucian Cristian
1114f5dc10 sunxi: improve A20 Lime2 upload speed
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-09-30 23:50:57 +02:00
Daniel Engberg
c4562a9069 package/utils/f2fs-tools: Update to 1.9.0
Update f2fs-tools to 1.9.0
Remove patch as its been committed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-30 22:43:17 +02:00
Ryan Mounce
6a5a58ed27 util-linux: update to 2.30.2
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-09-30 22:41:43 +02:00
Hauke Mehrtens
3adafda07c base-files: create /etc/config/ directory
The /bin/config_generate script and some other scripts are assuming the
/etc/config directory exists in the image. This is true in case for
example the package firewall, dropbear or dnsmasq are included, which
are adding the files under /etc/config/. Without any of these package
the system will not boot up fully because the /etc/config/ directory is
missing and some init scripts just fail.

Make sure all images with the base-files contain a /etc/config/
directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2017-09-30 22:22:38 +02:00
Mathias Kresin
fe36f7b0a6 ltq-vdsl-mei: revert disable optimized firmware download
This reverts commit b428f45c06.

If the optimized firmware download is disabled, the xdsl subsystem
hangs in the "idle request" state after physically disconnecting and
reconnecting the xdsl modem from the line.

It might fix the failing line init on boot as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-30 20:36:48 +02:00
Stijn Tintel
c317af777b iw: fix build on musl host
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found

Adding a shebang line in version.sh seems to solve it.

Fixes FS#977.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 14:59:06 +03:00
Felix Fietkau
e64463ebde util-linux: avoid using the getrandom syscall
getrandom blocks until the random pool is being initialized.
Unfortunately, this code is being called early during init to create the
overlay filesystem, on some devices leaving little chance for a
successful random pool init.
True randomness is not that important here, so fix this issue by
sticking to using /dev/urandom, like in older versions of this code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-29 12:32:44 +02:00
Stijn Tintel
1d7042231b gdb: bump to 8.0.1
Add -static-libstdc++ to TARGET_LDFLAGS to avoid a hard dependency on
libstdc++, and -Wl,--gc-sections to further reduce the size on platforms
that support it.

Fixes CVE-2017-9778.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 06:33:39 +03:00
Felix Fietkau
6919f95bb3 mt76: update to the latest version, improves mt7603 stability
cb83f33 mt7603: mac: fix logic in mt7603_tx_hang()
21f20b4 mt7603: mac: fix register configuration in mt7603_rx_dma_busy()
d5e945e mt7603: mcu: fix indentation of mcu command definition

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:57:48 +02:00
Felix Fietkau
afe83f6151 linux-firmware: fix intel wireless-n 100 firmware package name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:57:46 +02:00
Felix Fietkau
79216243d7 hostapd: add support for accessing 802.11k neighbor report elements via ubus
This API can be used to distribute neighbor report entries across
multiple APs on the same LAN.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:46:26 +02:00
Felix Fietkau
9f5f5d250e hostapd: add support for specifying device config options directly in uci
This is useful for tuning some more exotic parameters where it doesn't
make sense to attempt to cover everything in uci directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:45:59 +02:00
Marcin Jurkowski
a816e1eac7 dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
2017-09-28 21:47:16 +02:00
John Crispin
00e9a7aacb umdns: update to latest git HEAD
b84fdac Add debug output for service_timeout
8f7e3bc Remove incorrect comma in http service json config
9f40133 Remove ttl==255 restriction for queries

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-28 09:29:31 +02:00
Michal Sojka
1a5bf778fb procd: Install seccomp-trace symlink
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-09-28 09:22:02 +02:00
John Crispin
3398e8e94d procd: update to latest git HEAD
ee582d1 instance: properly compare and reload respawn config
260a4cd utrace: Start the tracee only after uloop initialization
520ad3c utrace: Switch all logging to ulog
1c48104 utrace: Support non-contiguous syscall numbers
582cf97 utrace: Forward SIGTERM to the traced process
32534f7 utrace: Report ptrace errors
ccde3fb seccomp: Improve error message
7f9b174 preload-seccomp: Use proper log level for error messages
e3c4302 Start seccomp-enabled services via seccomp-trace
5e4ad02 seccomp: Log seccomp violations with utrace
2661b2f utrace: Use PTHREAD_SEIZE instead of PTHREAD_TRACEME
b5d53c6 utrace: Deliver signals to traced processes
b416ed9 utrace: Support tracing multi-threaded processes and vfork
8b7d47a utrace: Trace processes across forks
c6b6ec6 utrace: Sort syscalls by number of invocations
592c532 Update trace attribute
c8faedc Do not disable seccomp when configuration is not found
017f3a1 utrace: Fix off-by-one errors
5acaf15 utrace: Fix environment initialization

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-28 09:22:02 +02:00
Kevin Darbyshire-Bryant
f2107fc328 ramips: improve Xiaomi Mi Router 3G support
This commit improves support for the Xiaomi Mi Router 3G originally
added in commit 6e283cdc0d

Improvements:

- Remove software watchdog as hardware watchdog now working as per
  commit 3fbf3ab44f for all mt7621
  devices.

- Reset button polarity corrected - length of press determines reboot
  (short press) vs. reset to defaults (long press) behaviour.

- Enable GPIO amber switch port LEDs on board rear - lit indicates 1Gbit
  link and blink on activity.  Green LEDs driven directly by switch
  indicating any link speed and tx activity.

- USB port power on/off GPIO exposed as 'usbpower'

- Add access to uboot environment settings for checking/setting uboot
  boot order preference from user space.

Changes:

- Front LED indicator is physically made of independent Yellow/Amber,
  Red & Blue LEDs combined via a plastic 'lightpipe' to a front panel
  indicator, hence the colour behaviour is similar to an RGB LED. RGB
  LEDs are not supported at this time because they produce colour results
  that do not then match colour labels, e.g. enabling 'mir3g:red' and
  'mir3g:blue' would result in a purple indicator and we have no such
  label for purple.
  The yellow, red & blue LEDs have been split out as individual yellow,
  red & blue status LEDs, with yellow being the default status LED as
  before and with red's WAN and blue's USB default associations removed.

- Swapped order of vlan interfaces (eth0.1 & eth0.2) to match stock vlan
  layout. eth0.1 is LAN, eth0.2 is WAN

- Add 'lwlll' vlan layout to mt7530 switch driver to prevent packet
  leakage between kernel switch init and uci swconfig

uboot behaviour & system 'recovery'

uboot expects to find bootable kernels at nand addresses 0x200000 &
0x600000 known by uboot as "system 1" and "system 2" respectively.
uboot chooses which system to hand control to based on 3 environment
variables: flag_last_success, flag_try_sys1_failed & flag_try_sys2_failed

last_success represents a preference for a particular system and is set
to 0 for system 1, set to 1 for system 2.  last_success is considered *if*
and only if both try_sys'n'_failed flags are 0 (ie. unset) If *either*
failed flags are set then uboot will attempt to hand control to the
non failed system. If both failed flags are set then uboot will check
the uImage CRC of system 1 and hand control to it if ok.  If the uImage
CRC of system is not ok, uboot will hand control to system 2
irrespective of system 2's uImage CRC.

NOTE: uboot only ever sets failed flags, it *never* clears them. uboot
sets a system's failed flag if that system's was selected for boot but
the uImage CRC is incorrect.

Fortunately with serial console access, uboot provides the ability to
boot an initramfs image transferred via tftp, similarly an image may
be flashed to nand however it will flash to *both* kernels so a backup
of stock kernel image is suggested. Note that the suggested install
procedure below set's system 1's failed flag (stock) thus uboot ignores
the last_success preference and boots LEDE located in system 2.

Considerable thought has gone into whether LEDE should replace both
kernels, only one (and which one) etc. LEDE kernels do not include a
minimal rootfs and thus unlike the stock kernel cannot include a
method of controlling uboot environment variables in the event of
rootfs mount failure. Similarly uboot fails to provide an external
mechanism for indicating boot system failure.

Installation - from stock.

Installation through telnet/ssh:
- copy lede-ramips-mt7621-mir3g-squashfs-kernel1.bin and
  lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin to usb disk or wget it
  from LEDE download site to /tmp
- switch to /extdisks/sda1/ (if copied to USB drive) or to /tmp if
  wgetted from LEDE download site
- run: mtd write lede-ramips-mt7621-mir3g-squashfs-kernel1.bin kernel1
- run: mtd write lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin rootfs0
- run: nvram set flag_try_sys1_failed=1
- run: nvram commit
- run: reboot

Recovery - to stock.

Assuming you used the above installation instructions you will have a
stock kernel image in system 1. If it can be booted then it may be used
to perform a stock firmware recovery, thus erasing LEDE completely. From
a 'working' LEDE state (even failsafe)

Failsafe only:
- run: mount_root
- run: sh /etc/uci-defaults/30_uboot-envtools
Then do the steps for 'All'

All:
- run: fw_setenv flag_try_sys2_failed 1
- run: reboot

The board will reboot into system 1 (stock basic kernel) and wait with
system red light slowly blinking for a FAT formatted usb stick with a
recovery image to be inserted.  Press and hold the reset button for
around 1 second. Status LED will turn yellow during recovery and blue
when recovery complete.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-28 09:20:36 +02:00
Mathias Kresin
36fd53f9a9 ltq-vdsl-mei: disable optimized firmware download
With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and
enabled by default. As soon as the optimized firmware download is
enabled, a watchdog based reboot is trigger between 24h to 48h of
uptime if the board isn't connected to a xdsl line.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-28 07:23:18 +02:00
Martin Schiller
f1ae982f8d ltq-vdsl: fix PM thread suspend and resume handling
This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM
thread handling issues which lead to high system load and watchdog
trigger within 1h of uptime for boards not connected to a xdsl line.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-09-28 07:23:18 +02:00
Magnus Kroken
a9a37526a9 openvpn: update to 2.4.4
Fixes CVE-2017-12166: out of bounds write in key-method 1.

Remove the mirror that was temporarily added during the
2.4.3 release.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-09-28 04:05:44 +03:00
Lorenzo Santina
c14cc531e5 hostapd: update wpa_supplicant p2p config
Update the config file to the latest version.

Added CONFIG_EAP_FAST=y because it was the only
missing flag about EAP compared to full config.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Other flags are the same as before.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:36 +03:00
Lorenzo Santina
1cde4395d0 hostapd: update wpa_supplicant mini config
Update the config file to the latest version.
Enabled flags are the same as before.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:26 +03:00
Lorenzo Santina
65113799d7 hostapd: update wpa_supplicant full config
Update the config file to the latest version.
Enabled flags are the same as before.

Commented CONFIG_IEEE80211W=y flag because it is
set in the Makefile, only if the driver supports it.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:14 +03:00
Lorenzo Santina
70ade53692 hostapd: update hostapd mini config
Update the config file to the latest version.
Enabled flags are the same as before.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:01 +03:00
Lorenzo Santina
7865e86b0e hostapd: update hostapd full config
Update the config file to the latest version.
Enabled flags are the same as before.

Removed flag CONFIG_WPS2 because it is no more
needed due to this changelog (2014-06-04 - v2.2):
"remove WPS 1.0 only support, i.e., WSC 2.0
support is now enabled whenever CONFIG_WPS=y is set".

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:26:11 +03:00
Hans Dedecker
754659ddb5 curl: fix disable threaded resolver
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-27 17:33:48 +02:00
Stijn Tintel
456de21297 ipset: replace patch that was reverted upstream
Use the correct prefix for backports while at it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-26 18:18:44 +03:00
Marko Ratkaj
56348c95e9 uboot-mvebu: add OpenSSL compat patches
Fixes the following build issue: "undefined reference to `EVP_MD_CTX_create'"

From: Jelle van der Waa <jelle@vdwaa.nl>

The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-09-25 23:08:33 +02:00
Marko Ratkaj
49e6e9ca39 uboot-mvebu: fix SETEXPR redefinition warning
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-09-25 23:08:32 +02:00
Marko Ratkaj
ad0e107c23 uboot-mvebu: add missing UBOOT_MAKE_FLAGS variable
This patch removes "/bin/sh: HOSTCPPFLAGS: command not found" errors douring build.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-09-25 22:38:29 +02:00
Stijn Tintel
b0f8b13331 samba36: add Package/samba/Default
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 22:53:59 +03:00
Stijn Tintel
7e58392bcb ipset: bump to 6.34
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 22:52:46 +03:00
Stijn Tintel
d9beae9b9e curl: bump to 7.55.1
Update 200-no_docs_tests.patch.
Refresh patches.

Fixes the following CVEs:
- CVE-2017-1000099
- CVE-2017-1000100
- CVE-2017-1000101

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Stijn Tintel
2ad649d134 iperf: bump to 2.0.10
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Lucian Cristian
a7465f375a sunxi: add Olimex A20-OLinuXino-LIME2-eMMC
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[replaced u-boot patch with original version from u-boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-24 16:28:28 +02:00
James Christopher Adduono
82739648c0 kernel: kmod-usb-storage-uas
This will allow you to build and package the uas.ko module.
With more routers supporting USB 3.0 host this could help
speed up activities like DLNA and Samba, as well as reduce
CPU utilization over BOT mass storage drivers.

Signed-off-by: James Christopher Adduono <jc@adduono.com>
2017-09-22 19:16:54 +02:00
Adrian Panella
ab26fc6c8d uhttp: update to latest version
3fd58e9 2017-08-19 uhttpd: add manifest support
88c0b4b 2017-07-09 file: fix basic auth regression
99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info
c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
ad93be7 2017-07-02 auth: store parsed username and password
fa51d7f 2017-07-02 proc: do not declare empty process variables
a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash

Signed-off-by: Adrian Panella <ianchi74@outlook.com>
2017-09-21 23:03:46 +02:00
Hans Dedecker
47f3645930 libubox: fix uloop race condition
7a10576 uloop: Fix race condition in SIGCHLD handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-21 23:03:36 +02:00
Stijn Tintel
6c32e05218 arm-trusted-firmware-sunxi: depend on sunxi target
The arm-trusted-firmware-sunxi package is only used by the Allwinner
A64, so only make it selectable for its subtarget sunxi/cortexa53.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-09-20 23:49:36 +03:00
Sandeep Sheriker Mallikarjun
670448a002 at91bootstrap: New package at91bootstrap
at91bootstrap is a second-level bootloader for Microchip(Atmel AT91) SoCs.
It provides a set of algorithms to manage the hardware initialization and
to download the main application or a third-level bootloader(i.e. uboot)
from specified boot media to main memory and execute it.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:46 +02:00
Sandeep Sheriker Mallikarjun
5b9cff921e uboot-at91: Add support for SAMA5D4 Xplained board
Add support for SAMA5D4 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:38 +02:00
Sandeep Sheriker Mallikarjun
dacab6472d uboot-at91: Add support for SAMA5D2 Xplained board
Add support for SAMA5D2 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:31 +02:00
Sandeep Sheriker Mallikarjun
8f1764b98a uboot-at91: Add support for SAMA5D3 Xplained board
Add support for SAMA5D3 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:24 +02:00
Sandeep Sheriker Mallikarjun
71a93a22fd uboot-at91: move BUILD_SUBTARGET from U-Boot/Default to devices
currenlty U-Boot/Default supports only at91 legacy devices.To add
sama5 support, moving BUILD_SUBTARGET from U-Boot/Default to target
devices.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:16 +02:00
Chen Minqiang
40fd77fd10 ipq-wifi: fix missing define of PKG_NAME
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2017-09-20 08:49:49 +02:00
Philip Prindeville
3008fc9a7b usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-20 02:08:09 +02:00
Sven Roederer
ce53c0e718 openvpn: add "extra-certs" option
This option is used to specify a file containing PEM certs, to complete the
local certificate chain. Which is quite usefull for "split-CA" setups.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-09-19 20:05:57 +08:00
Lucian Cristian
f295db6e46 sunxi: add Olimex A20-OlinuXino-LIME2
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-09-18 21:29:16 +02:00
Lorenzo Santina
b0d2c4ac41 hostapd: ft_over_ds support
Add support for ft_over_ds flag in ieee80211r

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
2017-09-18 21:24:10 +02:00
Lorenzo Santina
70593acdd5 hostapd: ft_psk_generate_local support
Add support for ft_psk_generate_local flag in ieee80211r

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[original author]
Signed-off-by: Sergio <mailbox@sergio.spb.ru>
2017-09-18 21:23:35 +02:00
Hauke Mehrtens
2a2b32a77f ath10k-firmware: use firmware from git instead of extra download
Instead of manually downloading the files again we can also take the
same files directly from the ath10k-firmware git which was cloned
before.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 20:56:56 +02:00
Hauke Mehrtens
e080a7ce07 uboot-sunxi: build A64 SoC and pine64 U-Boot
This creates a U-Boot for the aarch64 SoC A64 on the pine64 board.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:27 +02:00
Hauke Mehrtens
ea46d386e0 arm-trusted-firmware-sunxi: add new package
This is needed for the Boot loader of the A64 SoC.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
41e7d2e2e8 sunxi: split into cortex A8 and A7 subtarget
Now we can activate some compiler optimizations for the cortex A7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
b9a35920bf uboot-sunxi: revert the usage of binman
This will avoid the usage of swig.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
85b7d780c5 uboot-sunxi: do not depend on dtc being install on host
make mkimage check the DTC environment variable first.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
1422d4435b uboot-sunxi: update to version 2017.07
The deleted patches are already integrated in the upstream U-Boot
version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Marcin Jurkowski
feab5fa51e dnsmasq: fix dhcp "ignore" option on wwan interfaces
Init script won't append --no-dhcp-interface option if interface
protocol is one of: ncm, directip, qmi, mbim.
This is caused by IP address assigned to dynamically created netifd
interfaces. As a result there's no netmask assigned to the main
interface and dhcp_add() function returns prematurely.

By moving network subnet check we can ensure that --no-dhcp-interface is
properly generated for wwan interfaces.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
2017-09-18 10:14:34 +02:00
Hans Dedecker
400c5f03c3 base-files: fix wan6 interface config generation for pppoe
Setting ipv6 to auto in case of a pppoe interface will trigger the
creation of a dynamic wan_6 interface meaning two IPv6 interfaces
(wan6 and wan_6) will be active on top of the pppoe interface.
This leads to unpredictable behavior in the network; therefore set
ipv6 to 1 which will prevent the dynamic creation of the wan_6
interface.
Further alias the wan6 interface on top of the wan interface for pppoe
as the wan6 interface can only be started when the link local address is
ready. In case of pppoe the link local address is negotiated during the
Internet Protocol Control Protocol when the PPP link is setup meaning
all the IP address info is only available when the wan interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-18 09:57:34 +02:00
Stijn Tintel
2375e279a7 tcpdump: noop commit to refer CVEs fixed in 4.9.2
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.

The following CVEs were fixed in 21014d9708:

CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-18 01:33:40 +03:00
Hauke Mehrtens
45d0b88e44 mac80211: make iwlwifi select AC support
Some NICs supported by this driver support ieee80211 AC.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 15:08:53 +02:00
Hauke Mehrtens
aa00d11526 linux-firmware: pack Intel iwl FW separately
Do not create one big package with all the Intel firmware files
supported by the iwlwifi driver, but use a separate package for each
chip.

This also updates some 7000 and 8000 series firmware files to more
recent version. The older versions shipped are not supported by the
current driver any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 15:08:52 +02:00
Hauke Mehrtens
1b2c93988f mac80211: add dev_coredumpm() function
dev_coredumpm() was added with kernel 4.7, but it is used by iwlwifi.
When the dev coredump framework form compat-wireless is used this is not
a problem because it already contains this, but this is deactivated if
the build system finds out that it is already included in the kernel we
compile against. This option was now activated by the bluetooth driver
btmrvl. Having dev coredump in the kernel adds about 400 bytes to the
lzma compressed kernel for brcm47xx.

This is copied from a more recent backports version to add the
dev_coredumpm() function when the internal core devdump is not used.

Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 14:54:28 +02:00
Daniel Engberg
692aa82981 kernel: kmod-btmrvl: Add kmod-mmc as dependency
This fixes the build of this module and should fix the build bots.

Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[removed mveub dependency and update commit comment]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 10:42:07 +02:00
Florian Fainelli
ef485bb23d dnsmasq: Pass TARGET_CPPFLAGS to Makefile
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.

Fixes: 34a206bc11 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-09-16 16:38:19 -07:00
Henryk Heisig
a5922f6c46 kernel: bluetooth: add marvell sdio bluetooth module
This commit add support for Marvell bluetooth with SDIO interface.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[Fix KCONFIG and FILES option]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 00:59:55 +02:00
Henryk Heisig
8637110189 linux-firmware: update to the commit from 2017-09-06
update firmware mrvl/sd8887_uapsta.bin

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[update to version 2017-09-06]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 00:59:41 +02:00
Daniel Engberg
5b1660a538 utils/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-17 00:26:52 +02:00
Philip Prindeville
344fde35e3 kernel: add packaging for Xeon iTCO watchdog timer
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-17 00:08:00 +02:00
Kabuli Chana
010cddc2b0 mwlwifi: update to version 10.3.4.0 / 2017-08-10
Update mwlwifi

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-09-17 00:07:36 +02:00
Alexandru Ardelean
7bc80364b7 libs/wolfssl: bump to version 3.12.0 ; add myself as maintainer
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
41706d05b9 libs/wolfssl: adjust symbol defaults against libwolfssl defaults
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
8334a23679 libs/wolfssl: disable hardening check in settings.h
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.

```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[  2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"

```

Hardening is enabled by default in libwolfssl at build-time.

However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).

This looks like a small bug/issue with wolfssl.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
d03c23c8d4 cyassl,curl,libustream-ssl: rename every cyassl to wolfssl
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
560b7334ec libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
ad510c4d62 wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```

Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```

Thanks to @lynxis for pointing out the commas.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-16 23:04:46 +02:00
Karl Palsson
ae57675bba odhcpd: don't enable server mode on non-static lan port
Instead of blindly enabling the odhcpd v6 server and RA server on the
lan port, only do that if the lan port protocol is "static"

This prevents the unhelpful case of a device being a dhcpv4 client and
v6 server on the same ethernet port.

Signed-off-by: Karl Palsson <karlp@etactica.com>
[PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-16 09:37:50 +02:00
Hans Dedecker
c88770c766 odhcpd: update to git HEAD version
f0bce9c dhcpv4: fix memset compile issue
0ba3278 dhcpv4: rework assignment lookup
e3b49f3 dhcpv4: cleanup dhcpv4_test usage
47fe122 dhcpv4: rework lease expire handling logic
028ab85 dhcpv4: force renew nonce authentication support
a827fca dhcpv4: avoid segfault when there's no IPv4 prefix
bea088b ndp: detect ifindex changes via interface netlink events
f66103e ubus: display accept reconf status for DHCPv6 assignments
f0e354b treewide: replace RELAYD prefix naming in macros
1a313f9 dhcpv4: fix possible segfault when lease is not created
e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-13 22:32:52 +02:00
Lorenzo Santina
fd84ecda7d treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
2017-09-13 08:07:54 +02:00
Kevin Darbyshire-Bryant
7765e442d0 basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2

This allows suid processes to dump core according to kernel.core_pattern
setting.  LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)

Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core.  This setting removes an
obscure stumbling block along the way.

>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt

suid_dumpable:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour. Any process which has changed
	privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
	owned by the current user and no security is applied. This is
	intended for system debugging situations only. Ptrace is unchecked.
	This is insecure as it allows regular users to examine the memory
	contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
	anyway, but only if the "core_pattern" kernel sysctl is set to
	either a pipe handler or a fully qualified path. (For more details
	on this limitation, see CVE-2006-2451.) This mode is appropriate
	when administrators are attempting to debug problems in a normal
	environment, and either have a core dump pipe handler that knows
	to treat privileged core dumps with care, or specific directory
	defined for catching core dumps. If a core dump happens without
	a pipe handler or fully qualifid path, a message will be emitted
	to syslog warning about the lack of a correct setting.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-09-12 22:18:45 +02:00
Toke Høiland-Jørgensen
76c3a033f6 ath10k: Re-enable intermediate softqueues for all devices
The upstream ath10k driver disables the intermediate softqueues for some
devices. This patch reverts that behaviour and always enables the
softqueues (and associated bufferbloat fixes). We have had reports of people
running this with good results:
https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html

This also refreshes mac80211 patches.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-09-11 17:16:17 +02:00
Stijn Tintel
c11762e435 strace: bump to 4.19
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant
69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
2017-09-11 01:56:14 +02:00
Stijn Tintel
21014d9708 tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Stijn Tintel
910e3bed12 lldpd: bump to 0.9.8
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Lorenzo Santina
bd24d53ea2 hostapd: fix iapp_interface option
ifname variable were not assigned due to syntax error
causing the hostapd config file to have an empty iapp_interface= option

Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
2017-09-10 08:30:32 +02:00
Kevin Darbyshire-Bryant
5629904ea8 dnsmasq: backport arcount edns0 fix
Don't return arcount=1 if EDNS0 RR won't fit in the packet.

Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in received EDNS0.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-08 10:07:04 +02:00
Kevin Darbyshire-Bryant
9a753c49ea dnsmasq: backport official fix for CVE-2017-13704
Remove LEDE partial fix for CVE-2017-13704.

Backport official fix from upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-09-07 08:09:54 +02:00
Matthias Schiffer
f12a5b8f6d
uclient: update to 2017-09-06
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-06 15:46:03 +02:00
Hans Dedecker
995193ccdb odhcp6c: add workaround for broken extendprefix scenario
Extendprefix is typically used to extend an IPv6 RA prefix from a mobile
wan link to the LAN; such scenario requires correct RA prefix settings
like the on link flag not being set.
However some mobile manufacter set the RA prefix on link flag which breaks
basic IPv6 routing.
Work around this issue by filtering out the route being equal to the
extended prefix.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-05 14:46:18 +02:00
John Crispin
5117911d91 ramips: fix mt76x8 dependencies
The commit merging mt7628 and mt7688 failed to update some
dependencies.

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-05 08:08:36 +02:00
Hans Dedecker
05c3647d35 odhcp6c: add ra_holdoff config option and update to git HEAD version (FS#964)
51733a6 ra: align RA update interval with RFC4861 (FS#964)

Add ra_holdoff config option which allows to configure the RA minimum
update interval which is by default 3 seconds as stated in RFC4861.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-03 21:34:48 +02:00
Stijn Tintel
ef255fc57e base-files: add /etc/profile.d to conffiles
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Stijn Tintel
8446d3de05 base-files: order conffiles alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Hans Dedecker
80e2ee3e64 ubox: update to git HEAD version
b1bc8d5 kmodloader: log error message in case of out of memory
f346111 kmodloader: lift restriction on module alias info
f1ef2c3 kmodloader: fix possible segfaults
9cb63df kmodloader: fix endianess check
2cff779 kmodloader: Check module endian before loading
d54f38a kmodloader/get_module_info: initialized aliases to make it more clean
a0b6fef kmodloader: insmod: fix a memoryleak in error case
278c4c4 kmodloader/get_module_name: null-terminate the string
16f7e16 syslog: remove unnecessary sizeof struct between messages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-01 16:05:59 +02:00
Karl Palsson
7a423c389a procd: mdns: Support txt values with spaces
Properly quote the arguments so that you can register a service with TXT
entries that contains spaces.

Example:
   procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \
         "another=something equally verbose"

Output before:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"]

Output now:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["another=something equally verbose" "key=descriptive text field 1"]

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-09-01 08:58:09 +02:00
John Crispin
12930fc045 Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"
This reverts commit f7528ed0a8.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-31 21:09:13 +02:00
Rosen Penev
f7528ed0a8 dropbear: Link ssh and scp command to /bin instead of /usr/bin
ssh and scp commands interfere with OpenSSH when installed in /usr/bin .

One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-08-31 19:14:43 +02:00
Magnus Kroken
89f8a01dab busybox: update to 1.27.2
Refresh patches, delete patches backported from upstream.

This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-30 22:34:41 +02:00
Ram Chandra Jangir
9adfeccd84 uboot-envtools: Add support for IPQ806x AP148 and DB149
IPQ806x AP148 and DB149 boards didn't have the UCI ubootenv
section initialized, so the usage of fw_printenv required manual
configuration. With this change, the "fw_printenv" and "fw_setenv"
command will automatically work on NOR and NAND based platforms.

Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
2017-08-30 18:12:48 +02:00
Daniel Golle
a3c0d5f70a busybox: move passwd applet to /bin
busybox currently installs passwd into /usr/bin which prevents its
'full' shadow-utils variant from being installed.
Move the passwd applet to /bin to avoid that collision.
shadow also provides /usr/bin/login which doesn't collide with busybox
as the busybox login applet is installed at /bin/login.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-30 18:12:48 +02:00
Daniel Golle
a63eb74bce busybox: move traceroute applets to /bin
busybox currently installs traceroute and traceroute6 into /usr/bin
which prevents their 'full' iputils variants from being installed.
Move those applets to /bin so they can coexist with their iputils
siblings using the same PATH convention already applied for coreutils
and other drop-in 'full' versions.
Refresh existing patch while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-30 18:12:48 +02:00
Rosen Penev
343e3d2ba8 samba36: Remove syslog and load printers lines.
printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-08-30 18:12:48 +02:00
Rosen Penev
b2f60e6a72 samba36: Don't resolve interfaces.
It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-30 17:05:10 +02:00
Rosen Penev
ccb79a310c samba36: Remove guest ok since LuCI configures it.
guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-08-30 17:05:10 +02:00
Kevin Darbyshire-Bryant
ca79337306 dnsmasq: forward.c: fix CVE-2017-13704
Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset()
is called with header & limit pointing at the same address and thus
tries to clear memory from before the buffer begins.

answer_request() is called with an invalid edns packet size provided by
the client.  Ensure the udp_size provided by the client is bounded by
512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512
MUST be treated as equal to 512"

The client that exposed the problem provided a payload udp size of 0.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-30 17:05:10 +02:00
Hans Dedecker
7a9410618d netifd: update to git HEAD version
7d94ede system-linux: parse map-e fmrs parameters as nested data json object

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-29 21:19:29 +02:00
Hans Dedecker
1b3ded7225 map: use nested json data object to store map-e fmrs parameters
Replace the string array containing the fmrs parameters by a nested data
json object holding an array of fmrs parameters

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-29 21:10:39 +02:00
Daniel Golle
289d190f66 lantiq: ltq-ptm: fix ADSL showtime handler
commit 2d6c7c2526 introduced a reference to g_xdata_addr which isn't
defined in that context. Use xdata_addr here instead.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-08-29 02:20:45 +02:00
Hans Dedecker
4b3ffecf2b map: fix boolean argument passed to blobmsg_check_attr in mapcalc
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-26 23:34:14 +02:00
Hans Dedecker
6c9e2d4a68 dnsmasq: fix indentation
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-25 14:29:19 +02:00
Kuang Rufan
1e6e37c4f6 dnsmasq: add support for multiple tags for each host.
Currently, dnsmasq support assigning multiple tags to a host record
(--dhcp-host), but we only support only 1 tag for a host. The commit
makes the following config to be valid:

  config host
      option name 'computer'
      option mac '00:11:22:33:44:55'
      option ip '192.168.1.100'
      list tag 'vendor_class'
      list tag 'vendor_id'

  config tag 'vendor_class'
      list dhcp_option 'option:vendor-class,00:...<omitted>'

  config tag 'vendor_id'
      option force '1'
      list dhcp_option 'option:vendor-id-encap,00:...<omitted>'

Signed-off-by: Kuang Rufan <kuangrufan@pset.suntec.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-25 14:28:49 +02:00
Stijn Tintel
cdb494fdc2 f2fs-tools: fix mkfs.f2fs on big-endian systems
Fixes: FS#749

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-25 10:19:06 +03:00
Stijn Tintel
252c8ddf14 f2fs-tools: drop musl compat patch
It is no longer needed since version 1.4.1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-25 10:19:06 +03:00
Stijn Tintel
d87f27af54 f2fs-tools: drop patch in favour of CONFIGURE_VARS
Override the failing check in configure with CONFIGURE_VARS instead of
carrying a patch that's unlikely to be accepted by upstream.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2017-08-25 10:19:06 +03:00
Hans Dedecker
7a8909411c map: add ealen as configurable uci parameter
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-24 20:56:07 +02:00
Koen Vandeputte
f47c41cff9 xtables-addons: update to version 2.13
Changes:

89d1b80 xt_condition: namespace support #2
c839e87 xt_geoip: check for allocation overflow
a587f95 compat_xtables: use more accurate printf format for NIPQUAD
1874fcd xt_DNETMAP: fix a buffer overflow
21ea7b7 xt_LOGMARK: resolve new gcc7 warnings
ee8da2b build: support for Linux 4.12
19a4359 xt_condition: add support for namespaces
1b37966 xt_psd: resolve compiler warning

Tested on cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-24 08:38:39 +02:00
John Crispin
d99c52765d Revert "iputils: switch to new upstream"
This reverts commit 77d3ac8e3e.
This reverts commit e665b3df2a.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-24 08:09:14 +02:00
Philip Prindeville
fc48aebdc1 iperf3: add SSL variant for iperf_auth feature
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 20:35:16 +02:00
Philip Prindeville
d55fff4ae7 iperf3: update to 3.2
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 20:35:16 +02:00
John Crispin
e665b3df2a iputils: update sha256sum
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 19:34:24 +02:00
Philip Prindeville
5c2c0f8a32 util-linux: don't need to build NLS support
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 18:36:22 +02:00
Andreas Ziegler
b69705b38a ath10k-firmware: update qca9887 firmware to 10.2.4-1.0-00029
Signed-off-by: Andreas Ziegler <github@andreas-ziegler.de>
2017-08-23 16:34:21 +02:00
John Crispin
77d3ac8e3e iputils: switch to new upstream
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 16:31:35 +02:00
Ansuel Smith
f099803eb5 samba36-net: new package
Samba could also be usefull for sending commands to windows pc (like shoutdown command). This new package add the bin to include this kind of command to the samba package.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-08-23 15:08:39 +02:00
Jo-Philipp Wich
4fce22e88f util-linux: add missing dependencies
Commit e505f59bd9 "utils/util-linux: Update to 2.30.1" bumped util-linux
without properly adjusting the dependencies of all applets.

Add missing ncursesw dependencies to sfdisk and dmesg applets to fix
packaging issues.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-23 11:34:25 +02:00
Rafał Miłecki
8de57c9746 iwinfo: update to the latest git HEAD
c1a03e8 nl80211: request split information about frequencies
5638567 nl80211: store info about freq being not available for some bandwidths
ce51cb8 Allow storing more info about each frequency
5c10efa nl80211: support receiving split frequencies
335967c nl80211: improve error handling
ab089dd nl80211: propagate netlink errors to callers
7bba117 nl80211: handle netlink errors in nl80211_wait()
d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-23 11:19:28 +02:00
Jo-Philipp Wich
0168ba2e07 Revert "busybox: ash/hush fix for read-builtin command"
Revert this commit as it introduces a patchfile at a wrong location.
Since the patch was never effective, we can assume that this particular
commit was not properly tested.

This reverts commit dde9da46c1.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-08-23 10:58:10 +02:00
John Crispin
4cac13f8e2 Revert "xtables-addons: fix nathelper-rtsp dependencies"
This reverts commit e2ef80130e.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 09:54:53 +02:00
Philip Prindeville
e2ef80130e xtables-addons: fix nathelper-rtsp dependencies
Both nf_conntrack and nf_nat need to be called out.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-22 21:31:39 +02:00
John Crispin
6b44d9785f procd: update to latest git HEAD
54b46a3 procd: send ubus notify when a config file has changed

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-22 21:31:39 +02:00
John Crispin
34a206bc11 dnsmasq: add ubus notifications for new leases
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-22 21:31:39 +02:00
John Crispin
d18e0dc7d1 hostapd: add additional ubus notifications
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-22 21:31:39 +02:00
BangLang Huang
69da83d9f1 nvram: add help message for nvram magic not found
The program would failed if nvram magic not found
in specific partition.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
BangLang Huang
c7e2a6fe92 nvram: improve argument check when program start
print help message when argument count is less
than 2.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
BangLang Huang
2a253e7cdb nvram: add usage() function
Merge the help message into a single function,
so that we can use it somewhere else.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
BangLang Huang
1948d8e08c nvram: fix memory leak
Fix memory leak on nvram_open() and nvram_open_rdonly().

For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.

For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
2017-08-22 14:31:32 +02:00
John Crispin
e622b30730 netifd: update to latest git HEAD
b5731bf allow setting rps/xps defualt values via uci
2a29d1a system: remove unused 6rd tunnel attributes
e627542 netifd: allow negative neighlocktime values
e41382c system-linux: parse ipv6 specific tunnel settings as nested data json object

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-22 09:17:14 +02:00
Furong Xu
5a22df69e4 gpio-button-hotplug: leave platform_device.dev.platform_data untouched
get platform_data from gpio_keys_button_dev.pdata, and fix a illegal pointer
dereference like this:

[   51.143776] gpio-keys-polled gpio-keys-polled: missing poll_interval value
[   51.150852] gpio-keys-polled: probe of gpio-keys-polled failed with error -22
[  828.159993] gpio-keys-polled gpio-keys-polled: no memory for button data
[  828.166821] gpio-keys-polled: probe of gpio-keys-polled failed with error -12

Signed-off-by: Furong Xu <xfr@outlook.com>
2017-08-21 21:29:52 +02:00
Daniel Engberg
e505f59bd9 utils/util-linux: Update to 2.30.1
Refresh patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-08-21 21:29:45 +02:00
Carl-Daniel Hailfinger
3e6d303d61 uboot-lantiq: Enable TFTP PUT support for backups
Backing up the current firmware from U-Boot over serial can take hours.
Booting a working Linux image for backup purposes is not always an option.
Using the tftpput command in U-Boot is the fastest and easiest way.

tftpput will upload the contents of a memory region to the TFTP server.
The IP address of the server is stored in the serverip variable.

Usage:
tftpput <memaddr> <length> <filename>

Example for a complete flash backup of an o2 Box 6431 (VGV7510KW22):
VGV7510KW22 # tftpput 0xB0000000 0x1000000 o2boxbackup.bin

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
2017-08-18 18:47:27 +02:00
Christian Schoenebeck
a2a226e6e8 ca-certificates: Update to 20170717
Update to 20170717

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-08-18 18:44:38 +02:00
Florian Eckert
5209cfa534 procd: fix hotplug.json syntax
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-08-18 18:43:54 +02:00
Florian Eckert
a307480e2d procd: fix hotplug-preinit.json syntax
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-08-18 18:43:54 +02:00
Hans Dedecker
736950e947 odhcpd: update to latest git HEAD
94e65ee ndp: use IPv4 address list when comparing IPv4 addresses
ff5020d dhcpv6-ia: rework reconfigure accept logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-16 21:25:16 +02:00
Stijn Tintel
e7373e489d wpa_supplicant: log to syslog instead of stdout
While debugging an issue with a client device, wpa_supplicant did not
seem to log anything at all. Make wpa_supplicant log to syslog instead
of stdout, to make debugging easier and to be consistent with hostapd.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-10 16:35:53 +02:00
Stijn Tintel
3e9c06d78c brcm2708-gpu-fw: update to latest version
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-08-10 16:34:15 +02:00
Rafał Miłecki
1e13c6f77f base-files: drop unused preinit_echo function
It isn't used for years since the old 99_10_run_init has been dropped.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-09 23:23:06 +02:00
Hauke Mehrtens
779227d5ee nftables: remove date from version
We are using the normal 0.7 version of nftables, do not add an
additional date to the version number.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-08-09 23:20:56 +02:00
Daniel Engberg
10c443728d utils/e2fsprogs: Update to 1.43.5
Update e2fsprogs to 1.43.5

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-08-09 23:20:56 +02:00
Rafał Miłecki
f41dd32722 base-files: don't setup network in preinit if failsafe is disabled
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.

A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-09 23:18:59 +02:00
Hans Dedecker
0b7f7606dd procd: update to the latest git HEAD
a17e1e8 watchdog: fix inline watchdog_get_magicclose function prototype

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-08 14:52:56 +02:00
Martin Schiller
2da6c85c80 ltq-vdsl-app: add support for auto xfer_mode and auto line_mode
If xfer_mode is set to auto the vdsl_cpe_control daemon assumes that
ATM should be used for ADSL and PTM for VDSL.

xfer_mode and line_mode can be set to fixed value independantly from
each other.

The syntax for the tc_layer argument of vdsl_cpe_control is as follow:

-T<TcADSL>:<TcCfgUsADSL>:<TcCfgDsADSL>_<TcVDSL>:<TcCfgUsVDSL>:<TcCfgDsVDSL>

where TcADSL and TcVDSL can be: 1=ATM, 2=PTM/EFM, 4=Auto TC-Layer

and TcCfgUsADSL, TcCfgUsVDSL, TcCfgDsADSL, TcCfgDsVDSL can be:
1=64/65-octet encapsulation supported
2=64/65-octet encapsulation with pre-emption
3=64/65-octet encapsulation with short packets

Default: In case of no '-T' option is given, ADSL will be configured
in ATM and VDSL in PTM/EFM: -T1:0x1:0x1_2:0x1:0x1

The '-M' argument of dsl_cpe_control defines the initial DSL mode
(NextMode) for ADSL/VDSL multimode handling.

Possible Values: 0=API-default, 1=ADSL, 2=VDSL

Default: In case of no '-M' option is given, '0' (API-default) will
be selected.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-08-06 09:22:03 +02:00
Martin Schiller
f6254a215e ltq-vdsl-app: mask out ADSL bits when VDSL is requested
If the line_mode is fixed configured to vdsl, than only G.993 VDSL
should be used.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-08-06 09:22:03 +02:00
Martin Schiller
c6504327d1 ltq-vdsl-app: use notification based ATM/PTM driver load
This patch removes the fixed atm/ptm driver loading and
switches to notification based driver loading.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-08-06 09:22:03 +02:00
Martin Schiller
2d6c7c2526 lantiq: ltq-atm/ltq-ptm: fix showtime handling on driver load
This is needed to be able to load the ltq-atm/ltq-ptm driver
from a notify script during synchronization, because the line can
reach showtime state before the driver is fully loaded.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-08-06 09:22:03 +02:00
Mathias Kresin
a94555ce24 ltq-xdsl-app: drop esi call
The esi call was added to workaround a race condition between applying
a configured mac address to the wan interface and starting the protocol
(handler) as it was observed in a DHCP over ATM bridge configuration.

Martin Schiller, TDT GmbH was so kind to test with their local
infrastructure if the race condition still exists. The provided package
dumps captured behind the DSLAM shows that it doesn't. It was most
likely fixed with adding carrier support to the lantiq ptm/atm driver.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-08-06 09:22:03 +02:00
Florian Eckert
c31f0421ce base-files: suppress uci not found output in login.sh
Fix "uci: Entry not found" output if "ttylogin" is not set in
"etc/config/system"

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-08-04 23:11:19 +02:00
Hans Dedecker
fea89fa25b odhcpd: update to latest git HEAD (FS#402, FS#524)
296b4a0 dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524)
f4d38e0 treewide: reflect managed mode is related to RA

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-08-03 21:25:32 +02:00
Mathias Kresin
60f6c2b2eb ramips: drop Edimax BR-6425 support
Code to build an image for the Edimax BR-6425 never existed.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-08-03 00:07:56 +02:00
John Crispin
d0fb048b0e procd: update to latest git HEAD
f062b30 procd: Do not leak pipe file descriptors to children

Signed-off-by: John Crispin <john@phrozen.org>
2017-07-31 19:20:16 +02:00
John Crispin
0c1420b3fe fstools: update to latest git HEAD
8ab4fda fstools: add btrfs support

Signed-off-by: John Crispin <john@phrozen.org>
2017-07-31 19:16:39 +02:00
Lucian Cristian
b90fb5ffe1 openssl: update to version 1.0.2l
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-07-28 23:07:17 +02:00
Daniel Engberg
911331ad0f tcpdump: Update to 4.9.1
Update tcpdump to 4.9.1

Fixes:
 * CVE-2017-11108: Fix bounds checking for STP.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-07-28 23:07:00 +02:00
Jo-Philipp Wich
eb43a817f7 opkg: bump to version 2017-07-28
Commits since last 2017-07-11:

4bd8601 pkg_parse: fix segfault when parsing descriptions with leading newlines

Fixes FS#933.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-28 13:21:30 +02:00
Uwe Arnold
ecfca0eda2 kernel: netfilter: fix nf-nathelper(-extra) description
The tftp and irc netfilter modules are provided by nf-nathelper-extra
and not by nf-nathelper.

Signed-off-by: Uwe Arnold <donvipre@gmail.com>
[move the irc module as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-25 21:02:53 +02:00
Felix Fietkau
ea72f22bdf ath9k: fix regression in multicast buffering fix
Update the more data flag on the last frame, but tx from the first frame
on.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-25 19:48:18 +02:00
Felix Fietkau
35868234e7 ath9k: fix typo in US tx power reduction fix
Use max_t instead of min_t to prevent the value from going below zero

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-25 09:14:05 +02:00
Felix Fietkau
22a74ed310 ath9k: fix more-data flag for buffered multicast packets
The flag needs to be cleared for the last packet in the list, not the
first one. Fixes some issues with multicast packet loss for powersave
clients connected to an ath9k AP.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-24 10:48:26 +02:00
Felix Fietkau
9b6585b11a ath9k: adjust tx power reduction for US regulatory domain
FCC regulatory rules allow for up to 3 dBi antenna gain. Account for
this in the EEPROM based tx power reduction code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-24 10:47:55 +02:00
Piotr Dymacz
8223dac99a uboot-envtools: add support for ALFA Network AP121F
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-07-22 23:14:06 +02:00
Rosen Penev
9dcb3fe7eb samba36: Remove legacy options
Browseable is now set through LuCI per share, so remove it. Same with
writeable (inverted synonym for read only). domain master and preferred
master seem to be legacy settings for Windows 9x. encrypt passwords
defaults to yes. Probably should not be disabled either.

Also reordered alphabetically.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message, fix SoB, fix author, bump pkg revsion]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-22 16:55:01 +02:00
Jo-Philipp Wich
636dc8750b mwlwifi: update to version 10.3.4.0 / 2017-07-13
Ref: https://github.com/lede-project/source/pull/1217
Reported-by: Kabuli Chana <newtownBuild@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-22 16:19:00 +02:00
Stijn Tintel
97eb8abec0 netifd: update to git HEAD
d397e8c netifd: Fix printf calls + function declarations.
34afb76 system-linux: fix GRE ikey/okey endianness

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-07-21 22:00:37 +02:00
Felix Fietkau
e3d135ab56 mt76: update to the latest version, fixes stability issues
8a649c3 mt7603: mac: code optimization
8dee788 mt7603: mac: stop netdev queues during watchdog reset
3c4c9a6 tx: move state check in mt76_txq_send_burst()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-21 18:53:56 +02:00
Alexandru Ardelean
d9f7ae6cdb ipset: split libipset as a subpackage
Intent is to link against it, and have the option to
not install the ipset utility (if needed).

One example/use-case is keepalived (from package)
feeds, where it would be nice to just depend on a
`libipset` (sub)package.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-07-21 15:12:48 +02:00
Jo-Philipp Wich
d0f6a514b1 dnsmasq: introduce config support for forced DHCP options
Introduce a new UCI list setting `list dhcp_option_force` which is available
in sections of type `dnsmasq` and `dhcp`.

The `dhcp_option_force` setting has the same semantics as `dhcp_option` but
generates `dhcp-option-force` directives instead of `dhcp-option` ones in
emitted native configuration.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-21 08:09:45 +02:00
Matthias Schiffer
1ab227d688
base-files: upgrade: don't loop forever trying to kill processes
When processes don't die on SIGKILL (usually because of kernel bugs), it's
better to give up instead of looping forever.

upgraded will trigger a reboot in this case (and if this fails, a hardware
watchdog will eventually time out and reset the system, if present).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-20 21:41:33 +02:00
Matthias Schiffer
ae30673b10
procd: update to latest version
17026f4 system: return ubus error when sysupgrade_exec_upgraded() has failed
13f252f upgraded: Check chroot() return value
85ccb95 init: Check chroot return value in sysupgrade_exec_upgraded()
76dcbee upgraded: improve error handling
d749b2a upgraded: register stage2 process in uloop as intended

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-20 21:41:06 +02:00
Evgeniy Didin
8647f4f018 toolchain/arc: update to the most recent release arc-2017.03
arc-2017.03 is the most recent release toolchain for ARC cores
and it is based on upstream Binutils 2.28 and GCC 6.3.0

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: John Crispin <john@phrozen.org>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
2017-07-18 23:23:27 +02:00
Hans Dedecker
6f133a4402 dnsmasq: backport remove ping check of configured dhcp address
Remove ping check in DHCPDISCOVER case as too many buggy clients leave
an interface in configured state causing the ping check to fail.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-07-18 23:17:37 +02:00
Daniel Golle
cb2a3911e1
fstools: update to latest
0dfe61a block: support /dev/xvd* nodes
f038a61 libfstools: fix matching device name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-07-16 22:32:46 +02:00
Mathias Kresin
f12a32630f treewide: use the generic board_name function
Use the generic function instead ot the target specific ones.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Mathias Kresin
ac3e05c5d7 treewide: populate boardname and model earlier
For targets using the generic board detection and board specific
settings in diag.sh, the board name is still unset at the time the
set_state() provided by diag.sh is called by 10_indicate_preinit.

Change the execution order to ensure the boardname is populated before
required the first time. Do the target specific board detection as
early as possible, directly followed by the generic one to allow a
seamless switch to the generic function for populating /tmp/sysinfo/.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-15 23:13:34 +02:00
Kevin Darbyshire-Bryant
c7f8bcede6 kmod-sched-cake: drop maintainer
Drop myself from maintainership of 'cake'.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-07-15 22:07:05 +02:00
Nick Brassel
eaf6f1532d nftables: Update to 0.7
Updated nftables to latest.

Signed-off-by: Nick Brassel <nick@tzarc.org>
2017-07-15 00:17:49 +02:00
Stijn Tintel
462ca4e059 zlib: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-07-14 08:45:55 +02:00
Stijn Tintel
b3cba687a4 lzo: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-07-14 08:45:40 +02:00
Alif M. Ahmad
683e73735e
curl: bump to version 7.54.1
Upgrade the curl package to latest version. Patches refreshed.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-07-14 03:10:38 +02:00
Yousong Zhou
254f0da6d2 opkg: bump to version 2017-07-11
Commits since last 2017-05-03

    52fc006 pkg_alternatives: pass if the desired symlink already exists
    c668fce opkg: add --no-check-certificate argument

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-07-12 11:18:24 +08:00
Alin Nastac
d8748e537f netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2017-07-11 22:09:57 +02:00
Hans Dedecker
a35a27e8ef uci: update to the latest version
c4df32b file: remove redundant NULL check on return value of uci_realloc()
5d08b7f build: fix BUILD_STATIC
49ec6ef Fix skipping directories in uci_list_config_files
c203c2f Revert "mandatory anonymous section identifier"
0a1a2fc uci/lua: add explicit close() method
7daf942 uci/lua: add list_configs() function
fe45f97 test: adjust for auto-naming anonymous sections
2eb9c09 cli: remove now-defunct UCI_FLAG_EXPORT_NAME support
df72af4 mandatory anonymous section identifier

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-07-11 22:09:57 +02:00
Matthias Schiffer
438dcbfe74
base-files: automatically handle paths and symlinks for RAMFS_COPY_BIN
Depending on busybox applet selection, paths of basic utiilties may differ,
and may not work as symlinks to busybox. Simply using whatever binary is
found in PATH and detecting symlinks automatically is more robust and
easier to maintain.

The list of binaries is also slightly cleaned up and duplicates are
removed.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-11 17:26:32 +02:00
Matthias Schiffer
73f675415c
bcm53xx: upgrade: fix RAMFS_COPY_*
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-11 17:19:23 +02:00
Matthias Schiffer
7a29e44f90
base-files: upgrade: correctly handle nand_do_upgrade argument passed from preupgrade
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-11 17:19:23 +02:00
Jo-Philipp Wich
a89c36b508 dnsmasq: restore ability to include/exclude raw device names
Commit 5cd88f4 "dnsmasq: remove use of uci state for getting network ifname"
broke the ability to specify unmanaged network device names for inclusion
and exclusion in the uci configuration.

Restore support for raw device names by falling back to the input value
when "network_get_device" yields no result.

Fixes FS#876.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-07-10 11:02:27 +02:00
Daniel Golle
2be603783b ncurses: add libnucrses-dev package
It's needed to use the SDK and IB on an OpenWrt/LEDE host.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-07-08 23:19:31 +02:00
Matthias Schiffer
a81a082f5b
mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDS
PKG_BUILD_DEPENDS should always refer to source package names.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-07-08 22:51:34 +02:00
Mathias Kresin
0b493ede1e acx-mac80211: remove cobalt reference
The cobalt target was removed with 22b38f145d.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-07 08:29:41 +02:00
Mathias Kresin
ad02f5618d acx-mac80211: disable for kernel 4.9+
Due to changes in the PCI subsystem this driver doesn't compile with
kernel 4.9.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-07-07 08:27:23 +02:00
Thomas Nixon
08cd5b769d lantiq: set up DSL front-end GPIOs if they exist
This is necessary for devices using the PSB80108/VRX220LD front-end
(currently only known on the Netgear DM200).

Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
2017-07-07 07:13:24 +02:00
Hans Dedecker
e227bade26 odhcpd: update to the latest version
f0d78e7 ndp: optimize check_addr6_updates code
94afe3b ndp: fix syslog tracing for netlink neigbor and address events
18df6cc treewide: rework logic to retrieve IPv6 interface addresses
803b83e router: use enum to specify order and index of iov struct
5dad295 treewide: rework code to get rid of fixed IPv6 address arrays
3e4c8ad config: rework code to get rid of IFNAMSIZ usage
ab7813e treewide: use angle-brackets to include libubox header files

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-07-06 19:19:13 +02:00
Felix Fietkau
05d6e92594 mt76: update to the latest version
Fixes mt7603 stablity and performance issues

af32615 mt7603: change auto rate control register initialization
01fb9ba mt7603: fix control/status retries count estimation
cf4ba12 mt7603: avoid tx rate sampling using no retransmissions
32eab50 mt7603: set wtbl entry vif index
c4e3dea mt7603: use the real vif index in txwi header for normal tx.
e90a81a mt7603: fix channel width fall back in TXWI

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-07-05 20:30:30 +02:00
Daniel Golle
eb7c14d512 bzip2: add symlink to binary
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-07-05 16:27:40 +02:00
DUPONCHEEL Sébastien
f3ae0f80bd dnsmasq: dnsmasq --rev-server support
This is functionally the same as --server, but provides some syntactic sugar to
make specifying address-to-name queries easier.

For example --rev-server=1.2.3.0/24,192.168.0.1 is exactly equivalent to
--server=/3.2.1.in-addr.arpa/192.168.0.1

Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
2017-07-03 22:08:21 +02:00
Camille Bilodeau
bdd3c94872 uboot-envtools: add Arduino Yun support
Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
2017-06-29 10:37:36 +02:00
Hans Dedecker
1d45ec2784 dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-29 09:56:19 +02:00
Hans Dedecker
7d31fe6068 dnsmasq: backport patch fixing DNS failover (FS#841)
Backport upstream dnsmasq patch fixing DNS failover when first servers
returns REFUSED in strict mode; fixes issue FS#841.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-28 11:33:42 +02:00
Stijn Tintel
6371159b4a dropbear: add option to set max auth tries
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Kevin Darbyshire-Bryant
9aaf3d3501 dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-28 02:18:20 +02:00
Yury Shvedov
37c1513b1f hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
Yury Shvedov
0e7bbcd43b hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-06-28 02:18:20 +02:00
John Crispin
6da4f03f02 ath10k-firmware: add qca9888 firmware
ath10k-firmware: add qca9888 firmware

the firmware files for qca9888 were previously not packaged. add the meta
information for doing so.

Signed-off-by: John Crispin <john@phrozen.org>
2017-06-27 11:47:07 +02:00
Hans Dedecker
f33de80232 dnsmasq: backport tweak ICMP ping logic for DHCPv4
Don't start ping-check of address in DHCP discover if there already
exists a lease for the address. It has been reported under some
circumstances android and netbooted windows devices can reply to
ICMP pings if they have a lease and thus block the allocation of
the IP address the device already has during boot.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-26 10:49:13 +02:00
Jo-Philipp Wich
2c5f16ecac procd: support term_timeout parameter
Expose "term_timeout" parameter in procd.sh to allow init scripts to
request a longer termination timeout.

This is required to fix FS#859 in a later commit.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Jo-Philipp Wich
124ab1dc0a procd: assign /dev/tty* nodes to "tty" group
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Jo-Philipp Wich
5523ee3459 base-files: add "tty" user group
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-26 10:02:20 +02:00
Magnus Kroken
45f4f6649a openvpn: update to 2.4.3
Fixes for security and other issues. See security announcement for more details:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

* Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508)
* Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520)
* Potential double-free in --x509-alt-username (CVE-2017-7521)
* Remote-triggerable memory leaks (CVE-2017-7512)
* Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522)
* Null-pointer dereference in establish_http_proxy_passthru()
* Restrict --x509-alt-username extension types
* Fix potential 1-byte overread in TCP option parsing
* Fix mbedtls fingerprint calculation
* openssl: fix overflow check for long --tls-cipher option
* Ensure option array p[] is always NULL-terminated
* Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6)

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Magnus Kroken
329f6a96b7 mbedtls: update to 2.5.1
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released

* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-06-26 09:56:07 +02:00
Florian Eckert
4482063c34 treewide: add license tags
Add licence tags where missing.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-06-24 22:36:38 +02:00
Mathias Kresin
7e12863252 fritz_tffs_read: get tffs size from input file
Use the size of the input file as maximum tffs size instead of a fixed
value. The tffs on a AVM Fritz 300E can be up to 512KByte for example.

Fixes a read error for the AVM Fritz 3370 where the tffs partition size
is 64Kbyte and smaller than the former default value of 256KByte.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-24 22:36:38 +02:00
Daniel Golle
04063820e8 libreadline: add host-build
Also make sure that the PKG_NAME and folder name are equal.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-24 14:38:14 +02:00
Luiz Angelo Daros de Luca
991899cc54 valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-06-24 14:11:06 +02:00
Christian Schoenebeck
7d7356df64 ca-certificates: Update to version 20161130+nmu1
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-06-24 14:11:06 +02:00
Bastian Bittorf
dde9da46c1 busybox: ash/hush fix for read-builtin command
this is a cherrypick from busybox-git HEAD:
f5470419404d643070db99d058405b714695b817

and can be removed when upgrading to
next busybox release. discussion here:
http://lists.busybox.net/pipermail/busybox/2017-May/085439.html

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-06-24 13:11:19 +02:00
Kevin Darbyshire-Bryant
4ed40be3e3 hostapd: add support for acs_chan_bias option
During auto channel selection we may wish to prefer certain channels
over others.

e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8
13:0.8' does that.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-24 13:11:19 +02:00
Stefan Tomanek
de6ff15129 busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
2017-06-24 13:11:19 +02:00
Hans Dedecker
a1c1f6ea7b procd: update to latest version
e5e99c4 watchdog: add support for starting/stopping kernel watchdog

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-23 22:48:04 +02:00
Rafał Miłecki
b91a38d647 base-files: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-06-22 10:05:23 +02:00
Grégoire Delattre
680a5c5d3e dnsmasq: add dhcp-range tags configuration
dnsmasq can match tags in its dhcp-range configuration, this commit adds
the option to configure it in the dhcp section

uci configuration:
config dhcp 'lan'
        option interface 'lan'
        list tag 'blue'
        list tag '!red'
        option start '10'
        option limit '150'
        option leasetime '12h'

generated dnsmasq configuration:
dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h

Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
2017-06-20 22:33:41 +02:00
Daniel Golle
e3d09e7898 procd: update to latest git HEAD
453116e system: introduce new attribute board_name
e5b963a preinit: define _GNU_SOURCE
e5ff8ca upgraded: cmake: Find and include uloop.h
f367ec6 hotplug: fix a memory leak in handle_button_complete()
796ba3b service/service_stopped(): fix a use-after-free
79bbe6d system: return legacy board name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-19 22:12:51 +02:00
Yousong Zhou
77dc6a2ae7 libunwind: update to version 1.2.1
Changes since 1.2

    a77b0cd Bump version to v1.2.1
    5f354cb mips/tilegx: Add missing unwind_i.h header file
    620d1c3 Add aarch64 getcontext functionality.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-19 14:43:09 +08:00
Hans Dedecker
c885482080 netifd: update to the latest version
ef5f7a0 ubus: remove superfluous error check in netifd_add_dynamic
5a68693 iprule: coding style line up
90e2e2c iprule: Add option to suppress unspecific routing lookups

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-18 22:22:03 +02:00
Yousong Zhou
f334a0cdb8 base-files: allocate uid/gid starting from 65536
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids.  Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other

While at it, fix the scan command checking existence of uid/gid

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-06-18 10:39:35 +08:00
Mathias Kresin
4cdbf4014b base-files: make ucidef_set_led_rssi offset and factor optional
The offset and factor are only related for LEDs which can have
different brightness values. But binary LEDs are more common and don't
require any further configuation than setting the factor to 1.

Use offset = 0 and factor = 1 in case nothing else is specified.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-06-17 15:38:19 +02:00
Felix Fietkau
77a64e8bff mt76: update to the latest version, fixes rate control issues
Should improve performance considerably in many cases

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 12:17:33 +02:00
Felix Fietkau
98634205fd libubox: update to the latest version, fixes a runqueue use-after-free bug
7237302 md5: add "const" qualifier to the "file" argument
fa9937c json_script: enable custom expr handler callback
368fd26 uloop: allow specifying a timeout for uloop_run()
6a7fb7d runqueue: fix use-after-free bug
4bc3dec uloop: fix a regression in timeout handling
fd57eea uloop: allow passing 0 as timeout to uloop_run

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 11:51:41 +02:00
Felix Fietkau
45572fe831 mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-17 11:51:41 +02:00
Pavel Kubelun
189239ade3 ipq806x: qca99xx: fix wifi calibration
As of now OTP is being correctly parsed and the driver requires to parse pre-caldata to follow corresponding routine.

Rename cal file into pre-calfile so the board initialized correctly with API 2 board data (board-2.bin).

Also remove the now unneeded for qca9984 board.bin symlink to 5GHz calfile.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-06-17 11:51:41 +02:00
Pavel Kubelun
025cb640cd ath10k: increase bmi timeout to fix OTP on qca99xx boards and add bmi identification through pre-cal file
Backporting upstream patches.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh, rename patches]
2017-06-17 11:51:41 +02:00
Kevin Darbyshire-Bryant
8f4085e2fd dropbear: fix service trigger syntax error
The classic single '&' when double '&&' conditional was meant.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-16 12:05:25 +02:00
Hans Dedecker
8180bbac7c Revert "dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53"
This reverts commit a53f8ba677.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-14 22:51:08 +02:00
Paul Oranje
a53f8ba677 dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53
With this patch the dnsmasq init script manages resolv.conf if and only if
when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance).
Also, resolvfile is now set irrespective of the value of noresolv.

Fixes (partially) FS#785

Signed-off-by: Paul Oranje <por@xs4all.nl>
2017-06-12 11:08:21 +02:00
Kevin Darbyshire-Bryant
16a905b322 dnsmasq: make bind-dynamic 'non-wildcard' interfaces default
'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode.  This
binds to interfaces rather than wildcard addresses *and* keeps track of
interface comings/goings via a unique Linux api.

Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep
up with changes in interface config) ... On linux, there's actually no
sane reason not to use --bind-dynamic, and it's only not the default for
historical reasons."

Let's change history, well on LEDE at least, and change the default!

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-11 14:50:04 +02:00
Jonas Gorski
fd952c7a83 base-files: board.json's switch reset means existence, not argument
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-06-11 12:50:14 +02:00
Daniel Golle
5e4bb476c0 kexec-tools: bump version and add support for crashdump kernel
split kexec-tools into two packages, kexec and kdump.
* kexec to simply execute a new kernel
* kdump is for loading and collecting debris of a crashed kernel with
  support for kdump forensics.

In order to properly support booting into a crashkernel, an init script
as well as UCI configuration has been added.
As modifying the kernel cmdline is required for this to work in x86
platforms use an uci-defaults script to modify /boot/grub/grub.cfg.

To test collecting crash information, use the 'c' sysrq-trigger, ie.
echo c > /proc/sysrq-trigger

This should result in the crash kernel being executed and (depending
on the configution) dmesg and/or vmcore getting saved.

To check if the crash kernel was loaded properly, use the 'status'
command of the kdump init script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-09 22:21:25 +02:00
Hans Dedecker
8b486ec2b5 dnsmasq: add dhcp-script hook conditionally
Commit b32689afd6 added support for dhcp-script hook.
Adding dhcp-script config option results into two instances of dnsmasq being run
which triggered oom issues on platforms having low memory.

The dnsmasq dhcp-script config option will now only be added if at least one of the
dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci
config option is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-06-09 16:44:04 +02:00
Jo-Philipp Wich
6426e4edef base-files: network.sh: fix a number of IPv6 logic flaws
* Change network_get_subnet6() to sensibly guess a suitable prefix

  Attempt to return the first non-linklocal, non-ula range, then attempt
  to return the first non-linklocal range and finally fall back to the
  previous behaviour of simply returning the first found item.

* Fix network_get_ipaddrs_all()

  Instead of replicating the flawed logic appending a fixed ":1" suffix
  to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
  to build a single list of all interface addresses.

* Fix network_get_subnets6()

  Instead of replicating the flawed logic appending a fixed ":1" suffix
  to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
  field to figure out the proper network address.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 20:12:52 +02:00
Jo-Philipp Wich
d264464404 mwlwifi: update to version 10.3.4.0 / 2017-06-06
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 19:56:12 +02:00
Jo-Philipp Wich
7f91cabd0d base-files: network.sh: properly report local IPv6 addresses
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.

Fixes FS#829.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-08 12:06:01 +02:00
Alexandru Ardelean
079d57b0f2 gdb: disable simulator ; it's broken on ppc
Error is:
```
ompile-loc2c.o compile-c-support.o inflow.o    init.o \
	  ../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz  ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a    -lncurses -lm     ../libiberty/libiberty.a  build-gnulib/import/libgnu.a  -ldl -Wl,--dynamic-list=./proc-service.list
../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event':
idecode.c:(.text+0x170): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick':
idecode.c:(.text+0x1cc): undefined reference to `error'
idecode.c:(.text+0x28c): undefined reference to `error'
idecode.c:(.text+0x318): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6':
idecode.c:(.text+0x398): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow
collect2: error: ld returned 1 exit status
Makefile:1420: recipe for target 'gdb' failed
make[5]: *** [gdb] Error 1
```

Seems others are running into this as well.
The problem seems to be that some code may be built
as C++ and not C, which may explain the linker error.

On this thread reply:
   https://sourceware.org/ml/gdb/2016-11/msg00045.html
it mentions that the simulator should not call GDB's
"error" function directly, but rather use the "host_callback"
struct.

I have no idea about the use of the GDB simulator within
the OpenWrt/LEDE community.

So, I took the easier route, which is to disable the simulator.
(Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html )

If needed, I can make an effort to fix the simulator for PPC.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-06-07 18:31:10 +02:00
Alexandru Ardelean
ab485383fa gdb: remove Build/Compile rule ; default one works
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-06-07 18:31:10 +02:00
Alif M. Ahmad
415c47de79 package/grub2: update to 2.02
Update to version 2.02

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-06-07 18:31:10 +02:00
Felix Fietkau
c6c1f6a548 mac80211: use KERNEL_MAKEOPTS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-07 18:31:10 +02:00
Felix Fietkau
0aed054bec build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mk
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-06-07 18:31:10 +02:00
Florian Fainelli
f50079985c perf: Depend on KERNEL_PERF_EVENTS
The kernel needs to have PERF_EVENTS built otherwise we will run into
the following:

root@(none):/# perf top
perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error
89 (Function not implemented)
perf_event_open(..., 0) failed unexpectedly with error 89 (Function not
implemented)
Error:
The sys_perf_event_open() syscall returned with 89 (Function not
implemented) for event (cycles).
/bin/dmesg may provide additional information.
No CONFIG_PERF_EVENTS=y kernel support configured?

Make sure this functional dependency is captured.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-06-05 12:30:05 -07:00
Florian Fainelli
5229c45363 mdadm: Do not check RUN_DIR
Fixes build failure on hosts that do not have mdadm
installed/configured:

make[3]: Entering directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
***** Parent of /run/mdadm does not exist.  Maybe set different RUN_DIR=
*****  e.g. make RUN_DIR=/dev/.mdadm
***** or set CHECK_RUN_DIR=0
make[3]: *** [check_rundir] Error 1
make[3]: Leaving directory
`/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0'
make[2]: ***
[/local/users/fainelli/openwrt/trunk/build_dir/target-mipsel-linux-gnu_glibc/mdadm-4.0/.built]
Error 2
make[2]: Leaving directory
`/local/users/fainelli/openwrt/trunk/package/utils/mdadm'
make[1]: *** [package/utils/mdadm/compile] Error 2
make[1]: Leaving directory `/local/users/fainelli/openwrt/trunk'
make: *** [package/mdadm/compile] Error 2

Fixes: 980c41f8e0 ("utils/mdadm: Update to 4.0")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-06-05 12:24:01 -07:00
Tino Reichardt
5ca2033d33 lantiq: fix lantiq_mei.c and amazonse.dsti for adsl modem firmware
The ltq-adsl-mei package is used for 3 lantiq device types:
danube, amazon-se and ar9.

These different SoC's need also different definitions.

Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
[fix LTQ_USB_OC_INT for AR9 to match documentation]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-03 21:34:59 +02:00
Tino Reichardt
743be70d5b lantiq: fix ifxmips_atm_amazon_se.c
Remove 6 defines, which were defined already some lines above.

Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
2017-06-03 21:14:07 +02:00
Daniel Golle
aef39358e6 kernel: properly package 8250 serial PCI module
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-03 20:45:50 +02:00
Andrea Merello
860e053b29 Lantiq: make possible to tweak DSL SRN from UCI
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.

The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.

The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.

Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.

I have also a patch for LUCI about this, that I could submit.

Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
2017-06-03 17:48:57 +02:00
Jo-Philipp Wich
6db1d13084 umdns: remove superfluous include in init script
The umdns init script includes function/network.sh globally, outside of any
service procedure. This causes init script activation to fail in buildroot
and IB context if umdns is set to builtin.

Additionally, the network.sh helper is not actually used.

Drop the entire include in order to repair init script activation in build
host context. Fixes FS#658.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-02 01:29:32 +02:00
Kevin Darbyshire-Bryant
1fe41c4089 dnsmasq: bump to 2.77
Bump to the 2.77 release after quite a few test & release candidates.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-01 23:50:52 +02:00
Matthias Schiffer
5654a03768
mvebu: fix sysupgrade
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.

As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.

Config copying is moved to a function called by platform_copy_config, where
it belongs.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
2017-06-01 20:41:19 +02:00
Hans Dedecker
21f25bc4a3 ppp: propagate master firewall zone to dynamic slave interface
Assign the virtual DHCPv6 interface the firewall zone of the parent interface
so fw3 knows the zone to which the virtual DHCPv6 interface belongs.
This guarantees the firewall settings are applied correctly for the virtual
DHCPv6 interface and allows to query the zone to which the virtual DHCPv6
interface belongs via the fw3 network option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-31 16:49:59 +02:00
Julian Labus
b757de65b3 usbmode: remove devices with unsupported modes
remove files which include the following mode options
BlackberryMode OptionMode PantechMode QuantaMode

Signed-off-by: Julian Labus <julian@labus-online.de>
2017-05-31 09:55:08 +02:00
Christian Lamparter
7783f31359 base-files: nand: use CI_KERNPART whenever the kernel volume is needed
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch is in continuation of: commit 93aa860405
"procd: nand: make it possible to configure kernel and ubi partition"

The $CI_KERNPART variable should be used in place
of the fixed "kernel" partition name. This allows
targets to specifiy alternate names for the kernel
partition.

Cc: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2017-05-31 09:55:01 +02:00
Martin Schiller
d189fe62cd uboot-lantiq/spl: fixed uninitialized variable len in spl_uncompress_lzo
This fix is taken from uboot-lantiq v2014.07 (Daniel Schwierzeck)

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-05-31 08:41:31 +02:00
Martin Schiller
bbb27b1b22 uboot-lantiq: Support newer versions of the PEF7071 ethernet
This fix is taken from uboot-lantiq v2014.07 (Daniel Schwierzeck)

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-05-31 08:41:16 +02:00
Luiz Angelo Daros de Luca
b4f463d969 openvpn-easy-rsa: update to 3.0.1
easy-rsa v3 is now a single script. It expects a 'vars'
configuration file which path can be set using easy-rsa
options, environment variables or just looking in the
current directory.

The default usage would be:

 # cd /etc/easy-rsa
 # easy-rsa COMMAND [command-options]

Following upstream changes, /etc/easy-rsa/pki replaces
/etc/easy-rsa/keys directory.

The default /etc/easy-rsa/pki dir is marked to be kept during
upgrade (WARN: priv keys are saved in the system backup)
/etc/easy-rsa/openssl.1.0.cnf is now marked as config file while
index and serial got removed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-05-31 00:28:26 +02:00
Felix Fietkau
09c2f4a176 mt76: update mirror hash after tar portablity fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-30 15:40:51 +02:00
Marty Plummer
558d86923e ar71xx: add support for EnGenius ENS202EXT
EnGenius ENS202EXT is an outdoor wireless access point with
2-port 10/100 switch, detachable antennas and proprietery PoE.

The device is based on Qualcomm/Atheros AR9341 v1.

Specifications:
- 535/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM
- 16 MB of FLASH
- UART (J1) header on PCB (unpopulated)
- 2x 10/100 Mbps Ethernet
- 2.4 GHz, up to 26dBm
- 2x external, detachable antennas
- 7x LED, 1x button

Flash instructions:

You have three options:

- Use the vendor firmware upgrade page on the web interface and give
it the factory.img. This is the easiest way to go about it.

- If you have serial access during u-boot, interrupt the normal boot
(any key before timeout) and run 'run failsafe_boot'; this will bring
you to a minimal openwrt luci image on ip 192.168.1.1 useful if you've
bricked the normal firmware.

- Use the vendor's management cli, which can be accessed via telnet
with the same credentials as the web login (default admin:admin), then
issue the following commands:

*** Hi admin, welcome to use cli(V-1.6.7) ***
---========= Commands Help =========---
      stat -- Status
       sys -- System
    wless2 -- 2.4G-Wireless
      mgmt -- Management
      tree -- Tree
      help -- Help
    reboot -- Reboot
ens202ext>mgmt
  Management
---========= Commands Help =========---
     admin -- Administration
     mvlan -- Management VLAN settings
      snmp -- SNMP settings
    backup -- Backup/Restore settings
    autorb -- Auto reboot settings
   fwgrade -- Firmware upgrade
      time -- Time settings
   wifisch -- Wifi schedule
       log -- Log
      diag -- Diagnostics
      disc -- Device Discovery
    logout -- Logout
      help -- Help
      exit -- Exit
ens202ext/mgmt>fwgrade
  Management --> Firmware upgrade
---========= Commands Help =========---
      fwup -- Firmware upgrade
      help -- Help
      exit -- Exit
ens202ext/mgmt/fwgrade>fwup http://web.server/lede-ar71xx-generic-ens202ext-squashfs-factory.bin

Signed-off-by: Marty Plummer <ntzrmtthihu777@gmail.com>
2017-05-30 14:15:25 +02:00
Kevin Darbyshire-Bryant
a4198f8c8d iproute2: bump to 4.11
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-30 14:00:31 +02:00
Josua Mayer
e2814f6416 u-boot-mvebu: clearfog: enable setexpr command
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2017-05-30 14:00:30 +02:00
Josua Mayer
c4f9474059 u-boot-mvebu: clearfog: implement distro-boot
Add a patchfile that implements distro-boot and is meant to go upstream
Also make the other patches git-am'able for easier maintenance.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2017-05-30 14:00:30 +02:00
Josua Mayer
86c4144571 u-boot-mvebu: update to 2017.03
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2017-05-30 14:00:30 +02:00
Ansuel Smith
e783f588eb mwlwifi: update to the latest version
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-05-30 13:59:38 +02:00
Felix Fietkau
6773561748 mt76: update to the latest version, fixes a mt7603 beacon issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-30 08:52:00 +02:00
Matthias Schiffer
df5e80eb26
procd: update to latest git HEAD
e7bb2c8 upgraded: define __GNU_SOURCE

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-30 07:29:25 +02:00
Matthias Schiffer
a5428244d9
base-files: add support for staged sysupgrades from failsafe mode
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
b2adb9a7b5
base-files: sysupgrade cleanup
Some functions only used by stage2 are moved there from common.sh.

One piece that could still use more cleanup is platform_pre_upgrade: many
targets reference files from there are aren't available in the ramfs, so
we need to evaluate it before the switch; conversely, flash writes happen
in that function on some targets. Targets that do the latter should be
fixed eventually to use platform_do_upgrade for that purpose.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
218af1957e
fstools: snapshot: handle jffs2 conversion using upgraded
We can reuse the kill_remaining and run_ramfs facilities of the stage2 run
by upgraded.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
6bbb3a2b0a
fstools: clean up trailing whitespace in snapshot script
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
30f61a34b4
base-files: always use staged sysupgrade
Support for the -d and -p options is dropped; it may be added again at some
point by adding these flags to the ubus sysupgrade call.

A downside of this is that we get a lot less information about the progress
of the upgrade: as soon as the actual upgrade starts, all shell sessions
are killed to allow unmounting the root filesystem.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:32 +02:00
Matthias Schiffer
393817df5d
procd: remove procd-nand package
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.

The procd-nand-firstboot package is removed for now, it may return later
as a separate package.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:32 +02:00
Matthias Schiffer
8008765f1f
procd: update to latest git HEAD
992b796 rcS: add missing fcntl.h include
63789e5 init: add support for sysupgrades triggered from preinit
5b1fb35 Remove code that has become unnecessary after sysupgrade changes
5918b6d upgraded: add support for passing a "command" argument to stage2
056d8dd upgraded: link dynamically, chroot during exec
7c6cf55 system: always support staged sysupgrade
d42b21e procd/rcS: Use /dev/null as stdin
e0098d4 service/instance: add an auto start option
1247db1 procd: Log initscript output prefixed with script name
8d720b2 procd: Don't use syslog before its initialization
2555474 procd: Add missing \n in debug message

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:49:50 +02:00
Matthias Schiffer
49328cecdf
procd: prepare NAND sysupgrade for making upgraded dynamically linked
Use install_bin to copy upgraded with all dependencies. The old name
/tmp/upgraded is temporarily retained as a symlink to avoid breaking
things.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:08:32 +02:00
Matthias Schiffer
25d1a24e58
procd: clean up trailing whitespace in nand.sh
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:08:22 +02:00
Felix Fietkau
aaeb42b3e2 mt76: update to the latest version, improves mt7603/7628 stability
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-29 14:42:49 +02:00
Jo-Philipp Wich
61eb18d3f7 firewall: fix stray continue statement
The previous commit introduced a faulty continue statement which might
lead to faulty rules not getting freed or reported.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-27 16:16:15 +02:00
Hans Dedecker
1422dab66e netifd: fix 6rd regression (FS#812)
08f1875 system-linux: fix 6rd regression

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-27 13:26:39 +02:00
Jo-Philipp Wich
6e46f6edc4 firewall: extend ubus support, exception handling, parse fixes
Update to latest Git HEAD in order to import a number of fixes and other
improvements:

3d2c18a options: improve handling of negations when parsing space separated values
0e5dd73 iptables: support -i, -o, -s and -d in option extra
4cb06c7 ubus: increase ubus network interface dump timeout
e5dfc82 iptables: add exception handling
f625954 firewall3: add check_snat() function
7d3d9dc firewall3: display the section type for UBUS rules
53ef9f1 firewall3: add UBUS support for include scripts
5cd4af4 firewall3: add UBUS support for ipset sections
02d6832 firewall3: add UBUS support for forwarding sections
0a7d36d firewall3: add UBUS support for redirect sections
d44f418 firewall3: add fw3_attr_parse_name_type() function
e264c8e firewall3: replace warn_rule() by warn_section()
6039c7f firewall3: check the return value of fw3_parse_options()

Fixes FS#548, FS#806, FS#811.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-27 12:19:48 +02:00
Jo-Philipp Wich
52e36cf80a samba: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the
fixed samba package does not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-27 12:17:40 +02:00
Filip Moc
43e4e1f4a5 Move enablemodem from ramips to new package adb-enablemodem and make it used also by TL-MR6400
Signed-off-by: Filip Moc <lede@moc6.cz>
2017-05-27 07:54:40 +02:00
Julian Labus
a9206ac26c usbmode: update usb-modeswitch-data to 20170205
add support for new hardware

Signed-off-by: Julian Labus <julian@labus-online.de>
2017-05-27 07:01:39 +02:00
Julian Labus
b09ee2dc01 usbmode: update to latest version
453da8e convert-modeswitch.pl: fix message indices

Signed-off-by: Julian Labus <julian@labus-online.de>
2017-05-27 07:01:39 +02:00
Florian Fainelli
484f768dfa elfutils: Pass -Wno-unused-result to silence warnings as errors
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:

dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
       strerror_r (error & 0xffff, s, sizeof(s));
                  ^
cc1: all warnings being treated as errors

Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:03 -07:00
Nick Brassel
b32689afd6 dnsmasq: add dhcp-script hook for other packages
Adds a script which acts as a hook for when dnsmasq creates/destroys a
lease, or completes a TFTP file transfer. The hook loops through scripts
in appropriate directories inside '/etc/hotplug.d', executing each one with
the same arguments supplied by dnsmasq.

In case dnsmasq is jailed by ujail the dhcp-script hook will not work as
expected as ujail does not yet support executing a script within a jail.

Signed-off-by: Nick Brassel <nick@tzarc.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-26 21:28:30 +02:00
Jo-Philipp Wich
361c8b4ee4 Revert "sysupgrade: run only one instance at a time."
This reverts commit e96a9a9af8.

The change breaks sysupgrade through LuCI and two-stage sysupgrade on
NAND targets. There is also a mismatch of file paths in lock and unlock
operations.

This commit was apparently neither properly tested, nor reviewed, so
drop it for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-26 14:49:08 +02:00
Felix Fietkau
c2dc7321d7 iptables: fix typos in 600-shared-libext.patch (FS#711)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:30:36 +02:00
Giuseppe Lippolis
4ba2f4dc63 DWR-512: adding wwan support for the dwr-512 3G modem
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-25 19:01:08 +02:00
Felix Fietkau
3c7a99ea90 xfsprogs: update to 4.11.0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau
e6d4235ae5 json-c: disable implicit fallthrough warning (gcc 7)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau
60241e52db firewall: update to the latest version, fixes a gcc7 build error
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Yousong Zhou
a76cbc0d7e kernel: fix autoloading arch-specific modules
Fixes FS#745

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-25 22:52:07 +08:00
Yousong Zhou
e250acab26 backlight-pwm: fix module description
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-25 22:52:06 +08:00
Kenneth Johansson
e96a9a9af8 sysupgrade: run only one instance at a time.
Things do not work well if running multiple instances of
upgrade at the same time.

Signed-off-by: Kenneth Johansson <kenneth.johansson@inteno.se>
2017-05-25 09:22:43 +02:00
Roman Spychała
855f2ae4da kernel: add kmod-usb-net-pl package
Kernel support for Prolific PL-2301/2302/25A1 based cables

Signed-off-by: Roman Spychała <roed@onet.eu>
2017-05-25 09:22:42 +02:00
Stijn Tintel
423a7a6b75 lldpd: bump to 0.9.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-05-24 14:56:22 +02:00
Stijn Tintel
3f0d3d12da samba: fix CVE-2017-7494
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-05-24 14:44:03 +02:00
Hans Dedecker
43cc399871 dnsmasq: bump to 2.77rc5
Some small tweaks and improvements :

9828ab1 Fix compiler warning.
f77700a Fix compiler warning.
0fbd980 Fix compiler warning.
43cdf1c Remove automatic IDN support when building i18n.
ff19b1a Fix &/&& confusion.
2aaea18 Add .gitattributes to substitute VERSION on export.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-22 23:08:06 +02:00
Hans Dedecker
c0a9a73393 6rd: add 6rd specific settings as nested json object
Add 6rd specific settings prefix, relay-prefix as a nested data json object

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-22 21:40:19 +02:00
Hans Dedecker
5f2408dbc5 netifd: update to git HEAD version
7573880 system-linux: parse 6rd specific settings as nested json data object
a063705 system-linux: remove redundant check for strtoul() return value
e6ebe0b build: disable unknown warning option error in clang
08d8f47 interface: add new "ifup-failed" hotplug event
20a1bac bridge: reset primary only after marking the member not present
6b9c267 build: suppress format truncation warnings to avoid errors with gcc7

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-22 21:40:19 +02:00
Rafał Miłecki
aaabf47ede umdns: update to the version 2017-05-22
This includes following changes:
0e8b948 Support specifying instance name in JSON file
49fdb9f Support PTR queries for a specific service
26ce7dc Allow filtering with instance name in service_reply
920c62a Store instance name in the struct service
ff09d9a Rename service_name function to the service_instance_name
64f78f1 Rename mdns_hostname variable to the umdns_host_label

Previous package update pulled commit 70c66fbbcde86 ("Fix sending
replies to PTR questions") which introduced a regression which this
update fixes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-22 12:04:01 +02:00
Felix Fietkau
65a3dc277f fstools: update to the latest version
88d48d5 libfstools: silence mkfs.{ext4,f2fs}
a19f2b3 build: disable the format-truncation warning error to fix gcc 7 build errors
633a8d0 libfstools: fix multiple volume_identify usages with the same volume
c43ae11 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-22 11:12:36 +02:00
Yousong Zhou
5d48dc1146 libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.

Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-22 11:07:40 +08:00
Kevin Darbyshire-Bryant
6e10fc74fd dropbear: bump to 2017.75
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user.  Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c

- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink.  Dropbear parsed authorized_keys as root, even if it were a
symlink.  The fix is to switch to user permissions when opening
authorized_keys

A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123

Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-21 23:56:17 +02:00
Hans Ulli Kroll
ce7681d328 mac80211: add support for rtl8821ae pcie adapter
Add support for Realtek RTL8821AE/RTL8812AE PCIe adapter.
This device supports 802.11ac and bluetooth

testet on PC Engines APU with AP and STA mode

Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
2017-05-21 23:51:21 +02:00
Hans Ulli Kroll
fd7b2559e2 linux-firmware: add firmware for rtl8821ae support
Add needed firmware to support rtl8821ae pcie adapter

Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
2017-05-21 23:51:08 +02:00
Alexandru Ardelean
c7ee30d53a base-files: fix default procd reload
Bug introduced with 6713694.

I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts

```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```

The service would be restarted regardless of any of those params.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-05-20 20:43:45 +02:00
Daniel Engberg
ec987e59c4 f2fs-tools: Switch to gz tarball
At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-18 14:23:26 +02:00
Daniel Golle
5e5499c612 mac80211: rt2x00: remove unneccessary code
Use chanreg and dccal helpers to reduce the size of ePA code.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed white-space so patch applies]
2017-05-18 13:51:28 +02:00
Alexandru Ardelean
ce8bfa9407 lldpd: drop specific respawn params [use system-wide]
I think I added these respawn params [a while back],
when I did the conversion to procd init script format.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-05-18 08:14:26 +02:00
Luiz Angelo Daros de Luca
ccc54b2935 elfutils: bump to 0.169
Removed patches (now upstream):
- 004-maybe-uninitialized.patch
- 007-fix_TEMP_FAILURE_RETRY.patch

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-05-18 07:59:56 +02:00
Ben Greear
e00cc98045 ath10k-ct-firmware: Add support for QCA9886/QCA9888 firmware.
This firmware shoul have the same general feature set as the
rest of the 10.4 CT firmware (9984, 9980, etc).  Build-tested
only in LEDE, but firmware has been tested with ath10k-ct driver
on other OSs, so likely works just fine.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-05-18 07:59:33 +02:00
Ben Greear
7a343dafbb ath10k-ct-firmware: Update to latest.
The 988x and 9887 firmwares include a bugfix for a case where blockack
did not work sometimes, and many fixes for compiler warnings detected
by newer gcc compilers.

The 9980 and 9984 firmware includes a large backport of upstream QCA
firmware changes to bring it up to date.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-05-18 07:59:31 +02:00
Ben Greear
1fc0a45558 ath10k-ct: Update to latest ath10k-ct driver.
Supports disabling firmware hex logging that many found too verbose.

Increase BMI timer so system works more often with 9888 Compex NIC
(and maybe others).

Allow configuring a specific board-file per NIC using fwcfg file.

Maybe fix a scan-busy problem when using CT firmware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-05-18 07:59:26 +02:00
Daniel Engberg
b295966f87 devel/trace-cmd: Update to 2.6.1
Update trace-cmd to version 2.6.1
Switch to tarball download

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-18 07:58:59 +02:00
Giuseppe Lippolis
db776c01e1 comgt-3g: enable modem before to setpin
some modems needs to be enabled with CFUN=1 before to set the pin

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-18 07:07:00 +02:00