Commit Graph

38190 Commits

Author SHA1 Message Date
Alin Nastac
c86490605c netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(cherry picked from commit d8748e537f)
2017-12-13 16:23:38 +01:00
Daniel Golle
ea23ba9a25 bzip2: add symlink to binary
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit eb7c14d512)
2017-12-13 16:23:38 +01:00
Stijn Tintel
d413c75d24 dropbear: add option to set max auth tries
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 6371159b4a)
2017-12-13 16:23:38 +01:00
Kevin Darbyshire-Bryant
8693ab5152 dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit 9aaf3d3501)
2017-12-13 16:23:38 +01:00
Yury Shvedov
0e6a6c8487 hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 37c1513b1f)
2017-12-13 16:23:38 +01:00
Yury Shvedov
ef3649d90e hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 0e7bbcd43b)
2017-12-13 16:23:38 +01:00
Luiz Angelo Daros de Luca
3027a68093 valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 991899cc54)
2017-12-13 16:23:38 +01:00
Stefan Tomanek
3129db331c busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
(cherry picked from commit de6ff15129)
2017-12-13 16:02:53 +01:00
Yousong Zhou
86158ad37d libunwind: update to version 1.2.1
Changes since 1.2

    a77b0cd Bump version to v1.2.1
    5f354cb mips/tilegx: Add missing unwind_i.h header file
    620d1c3 Add aarch64 getcontext functionality.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 77dc6a2ae7)
2017-12-13 16:02:24 +01:00
Daniel Golle
59004433e9 imagebuilder: don't rewrite package list output
No longer rewrite opkg list output in package_list function, remove
the awk call in the pipe (which was intended for a single specific
use-case).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d80d1b6c42)
2017-12-13 16:00:57 +01:00
Daniel Golle
74eeb07817 imagebuilder: clean package_list
commit 19ac879954 (imagebuilder: add package_list function) introduced
a new function 'package_list' to the imagebuilder Makefile.
Unfortunately the package list was poluted by stdout noise of the
Makefile itself as well as opkg. Redirect those outputs to stderr to
make sure that the package_list returned doesn't contain progress
info output but really only packages.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 1b555e1d2b)
2017-12-13 16:00:57 +01:00
Felix Fietkau
7f3f2bc03b build: remove old kernel-headers build directories
Saves space after updating kernel versions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 76b62e6022)
2017-12-13 16:00:27 +01:00
Paul Spooren
c7234e3036 imagebuilder: add package_list function
The imagebuilder can now list all available packages by using make
package_list. This is usefull for scripts to retrieve a list of all
packages with versions (and size)

Signed-off-by: Paul Spooren <paul@spooren.de>
[daniel@makrotopia.org: fixed commit message]
(cherry picked from commit 19ac879954)
2017-12-13 15:59:35 +01:00
Jonas Gorski
9c3e4b5434 base-files: board.json's switch reset means existence, not argument
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit fd952c7a83)
2017-12-13 15:58:35 +01:00
Alexandru Ardelean
7d1f4073ce gdb: remove Build/Compile rule ; default one works
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ab485383fa)
2017-12-13 15:57:17 +01:00
Felix Fietkau
9a99039989 rb532: enable high-res timers, refresh kernel config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2dc23a7576)
2017-12-13 15:55:55 +01:00
Felix Fietkau
e802cbfc25 xburst: enable high-res timers, refresh kernel config
Helps with system performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f859a7b696)
2017-12-13 15:55:45 +01:00
Felix Fietkau
e01367e3af kernel: add CONFIG_SCHED_HRTICK=y to the generic config
It is used by pretty much every target

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from commit b47fd76563)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-13 15:54:53 +01:00
Alif M. Ahmad
6e1e2e7b96 package/grub2: update to 2.02
Update to version 2.02

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
(cherry picked from commit 415c47de79)
2017-12-13 15:54:12 +01:00
Sergey Ryazanov
13a5568d6e ip17xx: correct aneg_done return value
PHY core treats any positive return value as the auto-negotiation done
indication. Since we do not actually check any device register in this
callback then update it to return positive value with a neutral meaning
instead of the register flag to avoid  confusing for future readers.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit 2cc61e6e8e)
2017-12-13 15:53:16 +01:00
Sergey Ryazanov
816fb3433b mvswitch: fix autonegotiation issue
The Marvel 88E6060 switch has an MDIO interface, but does not emulate
regular PHY behavior for the host. The network core can not detect using
the generic code, whether the connection via the attached PHY can be
used or not. The PHY's state machine is stuck in a state of
auto-negotiation and does not go any further so the Ethernet interface
of the router stay forever in the not-runing state.

Fix this issue by implementing the aneg_done callback to be able to
inform the network core that the Ethernet interface link to which the
switch is connected can be marked as RUNNING.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit 913b2290ca)
2017-12-13 15:52:49 +01:00
Hans Dedecker
41ee45428b ppp: propagate master firewall zone to dynamic slave interface
Assign the virtual DHCPv6 interface the firewall zone of the parent interface
so fw3 knows the zone to which the virtual DHCPv6 interface belongs.
This guarantees the firewall settings are applied correctly for the virtual
DHCPv6 interface and allows to query the zone to which the virtual DHCPv6
interface belongs via the fw3 network option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 21f25bc4a3)
2017-12-13 15:50:45 +01:00
Julian Labus
a44c44077e usbmode: remove devices with unsupported modes
remove files which include the following mode options
BlackberryMode OptionMode PantechMode QuantaMode

Signed-off-by: Julian Labus <julian@labus-online.de>
(cherry picked from commit b757de65b3)
2017-12-13 15:50:37 +01:00
Felix Fietkau
e8bd0a606a tar: override symlink permissions
On Linux, symlink permissions cannot be altered and are always 0777.
On Mac OS X they can be 0755. Force 0777 here to keep tarballs
reproducible across systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e25cedd0b5)
2017-12-13 15:48:33 +01:00
Daniel Engberg
59a1c1675d tools/sparse: Update to snapshot 2017-03-31
Update sparse to snapshot 2017-03-31
Switch to HTTPS

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 9235a29e1a)
2017-12-13 15:46:46 +01:00
Florian Fainelli
a6e5943a2a elfutils: Pass -Wno-unused-result to silence warnings as errors
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:

dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
       strerror_r (error & 0xffff, s, sizeof(s));
                  ^
cc1: all warnings being treated as errors

Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 484f768dfa)
2017-12-13 15:43:49 +01:00
Felix Fietkau
08070221ed gcc: fix documentation entries added by 910-mbsd_multi.patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8851a18a88)
2017-12-13 15:42:08 +01:00
Felix Fietkau
ef43c04c34 scripts/download.pl: print the command used to download files
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit cbe0a7ecc0)
2017-12-13 15:42:08 +01:00
Hannu Nyman
6e09b20563 tools/libressl: update to 2.5.4
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit d7a3120cdc)
2017-12-13 15:42:08 +01:00
Syrone Wong
08be74f699 tools/isl: update to 0.18
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
(cherry picked from commit a0f4b4b3a2)
2017-12-13 15:42:08 +01:00
Stijn Tintel
26ea59cd01 lldpd: bump to 0.9.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 423a7a6b75)
2017-12-13 15:35:53 +01:00
Yousong Zhou
444b64f533 libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.

Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 5d48dc1146)
2017-12-13 15:35:33 +01:00
Hauke Mehrtens
e5612d6640 lantiq: spi: double time out tolerance
The generic SPI code calculates how long the issued transfer would take
and adds 100ms in addition to the timeout as tolerance. On my 500 MHz
Lantiq Mips SoC I am getting timeouts from the SPI like this when the
system boots up:

m25p80 spi32766.4: SPI transfer timed out
blk_update_request: I/O error, dev mtdblock3, sector 2
SQUASHFS error: squashfs_read_data failed to read block 0x6e

After increasing the tolerance for the timeout to 200ms I haven't seen
these SPI transfer time outs any more.
The Lantiq SPI driver in use here has an extra work queue in between,
which gets triggered when the controller send the last word and the
hardware FIFOs used for reading and writing are only 8 words long.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6153248052)
2017-12-13 15:35:07 +01:00
Alexandru Ardelean
28c350f2f0 base-files: fix default procd reload
Bug introduced with 6713694.

I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts

```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```

The service would be restarted regardless of any of those params.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit c7ee30d53a)
2017-12-13 15:33:48 +01:00
Michael Lee
108a42bcba ramips: support jumbo frame on mt7621 up to 2k
Signed-off-by: Michael Lee <igvtee@gmail.com>
(cherry picked from commit eee09bfe01)
2017-12-13 15:33:04 +01:00
Alexandru Ardelean
8d4c047dd1 lldpd: drop specific respawn params [use system-wide]
I think I added these respawn params [a while back],
when I did the conversion to procd init script format.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ce8bfa9407)
2017-12-13 15:32:39 +01:00
Luiz Angelo Daros de Luca
8ee15ed61a elfutils: bump to 0.169
Removed patches (now upstream):
- 004-maybe-uninitialized.patch
- 007-fix_TEMP_FAILURE_RETRY.patch

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit ccc54b2935)
2017-12-13 15:32:28 +01:00
Daniel Engberg
9754a9c606 devel/trace-cmd: Update to 2.6.1
Update trace-cmd to version 2.6.1
Switch to tarball download

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit b295966f87)
2017-12-13 15:32:00 +01:00
Giuseppe Lippolis
79def69047 comgt-3g: enable modem before to setpin
some modems needs to be enabled with CFUN=1 before to set the pin

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
(cherry picked from commit db776c01e1)
2017-12-13 15:31:52 +01:00
Daniel Engberg
070463fb61 devel/strace: Update to 4.16
Update strace to 4.16
Refresh patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 4b0a2ca9a4)
2017-12-13 15:31:28 +01:00
Daniel Engberg
67caf6bbce network/utils/ipset: Update to 6.32
Update ipset to 6.32

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit ea2927e1ea)
2017-12-13 15:31:27 +01:00
Jo-Philipp Wich
f0a493160c mac80211: gracefully handle preexisting VIF
Gracefully handle cases where the to-be-created wireless interface already
exists on the system which might commonly happen with non-multi-SSID capable
wireless drivers.

This fixes commit 8301e61365 which caused
previously ignored "Too many open files in system (-23)" errors to fail the
wireless setup procedure.

With the updated approach we'll still try recreating the vif after one
second if the first attempt to do so failed with ENFILE but we will now
consider the operation successfull if a second attempt still yields ENFILE
with the requested ifname already existing on the system.

Fixes FS#664, FS#704.

Suggested-by: Vittorio Gambaletta <openwrt@vittgam.net>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4a03347545)
2017-12-13 15:29:01 +01:00
Florian Fainelli
827f108b42 scripts: Probe external toolchains for libthread-db
libthread-db is a package that can be configured for external
toolchains, so let's have the script probe for it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 6704410b15)
2017-12-13 15:28:29 +01:00
Sergey Ryazanov
bb9eb2c96e build: new fixes for symlinked .config handling
When running "make {config|defconfig|oldconfig}" with symlinked .config
(e.g. to env/.config) it renames symlink to .config.old, creates new
.config file, and writes the updated configuration into it.

This breaks the desired workflow when changes in the configuration can
be checked using "scripts/env diff" and commited using "scripts/env
save". Since the env/.config file is not updated.

The things become even worse when working with feeds, since feeds script
quite often silently invokes "make {oldconfig|defconfig}" and breaks the
symlink.

Fix this issue by exporting KCONFIG_OVERWRITECONFIG=1, which forces
mconf to overwrite the .config content, instead of renaming it and
creating a new file. This variable is set only if .config is a symlink,
otherwise the variable is not exported and the old behaviour is
preserved.

This change uses the same behaviour as "make menucofig", which has
already been fixed in commit 5bf98b1acc.

Also make a tiny cosmetic update to the "make menuconfig" target code
layout to make it look like other config handling targets.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit e06d8f0f6f)
2017-12-13 15:27:36 +01:00
Felix Fietkau
4607007a86 build: allow val.% targets to bypass the prepare steps
Significantly reduces time spent processing those targets and should
also silence some log clutter which could confuse buildbot

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ddbb036bbb)
2017-12-13 15:27:16 +01:00
Daniel Golle
90575776b7 x86: keep /boot mounted for kexec
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 63571cb56c)
2017-12-13 15:24:47 +01:00
Abhilash Tuse
6b9eb0c73a hostapd: fix reload frequency change patch
When sta is configured, hostapd receives 'stop' and 'update' command from
wpa_supplicant. In the update command, hostapd gets sta parameters with
which it configures ap.

Problem is, with the default wireless configuration:
mode:11g freq:2.4GHz channel:1
If sta is connected to 5GHz network, then ap does not work. Ideally with
340-reload_freq_change.patch hostapd should reload the frequency changes
and start ap in 5GHz, but ap becomes invisible in the network.

This issue can be reproduced with following /etc/config/wireless:
config wifi-device  radio0
        option type     mac80211
        option channel  1
        option hwmode   11g
        option path     'virtual/uccp420/uccwlan'
        option htmode   'none'

config wifi-iface 'ap'
        option device 'radio0'
        option encryption 'none'
        option mode 'ap'
        option network 'ap'
        option ssid 'MyTestNet'
        option encryption none

config wifi-iface 'sta'
       option device radio0
       option network sta
       option mode sta
       option ssid TestNet-5G
       option encryption psk2
       option key 12345

This change updates current_mode structure based on configured hw_mode
received from wpa_supplicant. Also prepare rates table after frequency
selection.

Signed-off-by: Abhilash Tuse <Abhilash.Tuse@imgtec.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup, patch refresh]
(cherry picked from commit 41feba8c4a)
2017-12-13 15:23:59 +01:00
Bastian Köcher
040ff6fdbd build: remove absolute path to perl and replace with /usr/bin/env perl
Signed-off-by: Bastian Köcher <git@kchr.de>
(cherry picked from commit 5378c85677)
2017-12-13 15:21:02 +01:00
Felix Fietkau
98588273b1 kernel: allow selecting RTC drivers on targets without explicit RTC support
Keep them disabled by default to avoid pulling in extra kernel bloat

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 5afe9a054c)
2017-12-13 15:20:38 +01:00
Hans Dedecker
f30114c7c4 dropbear: fix procd interface trigger install
Install procd interface triggers only for interfaces which are enabled
so dropbear instances running on (an) enabled interface(s) are not
restarted due to an interface trigger of an interface which is disabled.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit e5bbead1a8)
2017-12-13 15:20:13 +01:00