Commit Graph

13270 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
ceea0ac25d wireguard: bump to 20171211
Bump to latest WireGuard snapshot release:

44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch

Refresh patches.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 17:48:56 +01:00
Rosen Penev
e719a08cc1 usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fc4e7bdca7)
2017-12-13 16:54:29 +01:00
Leon M. George
4cfcfecf76 hostapd: remove unused local var declaration
Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit 63462910dd)
2017-12-13 16:53:53 +01:00
Leon M. George
796bc21023 hostapd: don't set htmode for wpa_supplicant
no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit cc0847eda3)
2017-12-13 16:53:48 +01:00
Felix Fietkau
50147d41b9 libnl-tiny: use fixed message size instead of using the page size
Simplifies the code and reduces size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d5bcd0240a)
2017-12-13 16:52:12 +01:00
Zhai Zhaoxuan
0625814426 packages: nvram: fix memory leak in _nvram_free
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.

Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
(cherry picked from commit c382237ac3)
2017-12-13 16:51:59 +01:00
Antonio Quartulli
0f175041ad mac80211: don't pass the hostapd ctrl iface in adhoc
Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
(cherry picked from commit 0da54fa642)
2017-12-13 16:51:12 +01:00
Sven Eckelmann
05f0fac189 hostapd: explicitly set beacon interval for wpa_supplicant
The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.

This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.

Fixes: 1a16cb9c67 ("mac80211, hostapd: always explicitly set beacon interval")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
(cherry picked from commit 772afef61d)
2017-12-13 16:50:06 +01:00
Sven Eckelmann
7f78a86254 hostapd: set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.

This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
(cherry picked from commit 43f66943d0)
2017-12-13 16:49:59 +01:00
Hans Dedecker
c315843f88 igmpproxy: remove firewall rules when service is stopped
Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 31ebbe34cc)
2017-12-13 16:49:13 +01:00
Martin Schiller
91e48304a9 openvpn: add support to start/stop single instances
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
(cherry picked from commit e2f25e607d)
2017-12-13 16:48:57 +01:00
Alexander Couzens
e5c284bb81 package/elfutils: add CFLAG -Wno-format-nonliteral
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 6ab4521464)
2017-12-13 16:48:35 +01:00
Jo-Philipp Wich
2f75641b1f uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.

a235636 2017-11-04 file: fix query string handling

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 05a4200d56)
2017-12-13 16:46:36 +01:00
Ralph Sennhauser
79024cd3be openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
(cherry picked from commit f5468d2486)
2017-12-13 16:46:02 +01:00
Koen Vandeputte
bead60c2d3 uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 06d5d01e8a)
2017-12-13 16:45:11 +01:00
Michal Sojka
5872c19c63 procd: Always tell cmake whether to include seccomp support or not
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit 0e300a3a71)
2017-12-13 16:44:07 +01:00
Yousong Zhou
cd901ef1a6 libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches.  This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.

The error message:

    OpenWrt-libtool: link: ccache_cc -shared  -fPIC -DPIC  .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o  -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive  -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc  -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib   -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
    .libs/os-linux.o: In function `_Ux86_get_elf_image':
    os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
    Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lresume.o: In function `_ULx86_resume':
    Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
    collect2: error: ld returned 1 exit status
    Makefile:2249: recipe for target 'libunwind.la' failed

The snippet from gcc -dumpspecs

    %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit f0c37f6ceb)
2017-12-13 16:43:37 +01:00
Hauke Mehrtens
7fa70027d4 ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.

Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a29848c671)
2017-12-13 16:40:21 +01:00
Hauke Mehrtens
d63eb474b3 ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f40fd43ab2)
2017-12-13 16:40:21 +01:00
Hans Dedecker
9bd667fc24 dropbear: fix PKG_CONFIG_DEPENDS
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 834c93e00b)
2017-12-13 16:38:28 +01:00
Marcin Jurkowski
9d1bfb8f4d dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
(cherry picked from commit a816e1eac7)
2017-12-13 16:37:14 +01:00
Michal Sojka
ed4f4f1a8e procd: Install seccomp-trace symlink
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit 1a5bf778fb)
2017-12-13 16:36:38 +01:00
Magnus Kroken
77e79b2dd0 openvpn: update to 2.4.4
Fixes CVE-2017-12166: out of bounds write in key-method 1.

Remove the mirror that was temporarily added during the
2.4.3 release.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit a9a37526a9)
2017-12-13 16:36:02 +01:00
Philip Prindeville
eff1f7e7ef usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 3008fc9a7b)
2017-12-13 16:34:10 +01:00
Florian Fainelli
9cf371c1f4 dnsmasq: Pass TARGET_CPPFLAGS to Makefile
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.

Fixes: 34a206bc11 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit ef485bb23d)
2017-12-13 16:33:33 +01:00
Alexandru Ardelean
2f80d84638 wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```

Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```

Thanks to @lynxis for pointing out the commas.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(cherry picked from commit ad510c4d62)
2017-12-13 16:32:39 +01:00
Stijn Tintel
c61cf4a447 base-files: add /etc/profile.d to conffiles
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ef255fc57e)
2017-12-13 16:30:13 +01:00
Stijn Tintel
bdc998c696 base-files: order conffiles alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 8446d3de05)
2017-12-13 16:30:12 +01:00
Karl Palsson
c58e824acc procd: mdns: Support txt values with spaces
Properly quote the arguments so that you can register a service with TXT
entries that contains spaces.

Example:
   procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \
         "another=something equally verbose"

Output before:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"]

Output now:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["another=something equally verbose" "key=descriptive text field 1"]

Signed-off-by: Karl Palsson <karlp@etactica.com>
(cherry picked from commit 7a423c389a)
2017-12-13 16:29:22 +01:00
Rosen Penev
80a22eee4b samba36: Remove syslog and load printers lines.
printer support is removed using 200-remove_printer_support.patch. the syslog parameter requires samba to be compiled with --with-syslog. Currently samba does not log to syslog and probably has not for a long time.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 343e3d2ba8)
2017-12-13 16:29:22 +01:00
Rosen Penev
71797b6eca samba36: Don't resolve interfaces.
It's redundant and also buggy. IPv6 link local addresses and ::1 are not resolved for example. Doesn't matter since lo and br-lan for example, resolve to them.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit b2f60e6a72)
2017-12-13 16:29:22 +01:00
Rosen Penev
1458bc2d9c samba36: Remove guest ok since LuCI configures it.
guest ok is set per share and as such, don't override it. also, fix an error introduced in the last commit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit ccb79a310c)
2017-12-13 16:29:22 +01:00
BangLang Huang
2b88309335 nvram: add help message for nvram magic not found
The program would failed if nvram magic not found
in specific partition.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 69da83d9f1)
2017-12-13 16:23:40 +01:00
BangLang Huang
118a2ea0bc nvram: improve argument check when program start
print help message when argument count is less
than 2.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit c7e2a6fe92)
2017-12-13 16:23:39 +01:00
BangLang Huang
c446ee4ad4 nvram: add usage() function
Merge the help message into a single function,
so that we can use it somewhere else.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 2a253e7cdb)
2017-12-13 16:23:39 +01:00
BangLang Huang
9e84d333b1 nvram: fix memory leak
Fix memory leak on nvram_open() and nvram_open_rdonly().

For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.

For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 1948d8e08c)
2017-12-13 16:23:39 +01:00
Christian Schoenebeck
3b6b892d67 ca-certificates: Update to 20170717
Update to 20170717

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
(cherry picked from commit a2a226e6e8)
2017-12-13 16:23:39 +01:00
Rafał Miłecki
23b9dc2eca base-files: drop unused preinit_echo function
It isn't used for years since the old 99_10_run_init has been dropped.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1e13c6f77f)
2017-12-13 16:23:39 +01:00
Florian Eckert
75d8127338 base-files: suppress uci not found output in login.sh
Fix "uci: Entry not found" output if "ttylogin" is not set in
"etc/config/system"

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c31f0421ce)
2017-12-13 16:23:39 +01:00
Rosen Penev
a37f8b0c6e samba36: Remove legacy options
Browseable is now set through LuCI per share, so remove it. Same with
writeable (inverted synonym for read only). domain master and preferred
master seem to be legacy settings for Windows 9x. encrypt passwords
defaults to yes. Probably should not be disabled either.

Also reordered alphabetically.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message, fix SoB, fix author, bump pkg revsion]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9dcb3fe7eb)
2017-12-13 16:23:39 +01:00
Kevin Darbyshire-Bryant
0a976262a5 kmod-sched-cake: drop maintainer
Drop myself from maintainership of 'cake'.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit c7f8bcede6)
2017-12-13 16:23:39 +01:00
Stijn Tintel
610e2afdcc zlib: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 462ca4e059)
2017-12-13 16:23:39 +01:00
Stijn Tintel
cf11a41af6 lzo: use default Build/Configure rule
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit b3cba687a4)
2017-12-13 16:23:38 +01:00
Alin Nastac
c86490605c netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(cherry picked from commit d8748e537f)
2017-12-13 16:23:38 +01:00
Daniel Golle
ea23ba9a25 bzip2: add symlink to binary
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit eb7c14d512)
2017-12-13 16:23:38 +01:00
Stijn Tintel
d413c75d24 dropbear: add option to set max auth tries
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 6371159b4a)
2017-12-13 16:23:38 +01:00
Kevin Darbyshire-Bryant
8693ab5152 dropbear: server support option '-T' max auth tries
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.

A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
(cherry picked from commit 9aaf3d3501)
2017-12-13 16:23:38 +01:00
Yury Shvedov
0e6a6c8487 hostapd: configure NAS ID regardless of encryption
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 37c1513b1f)
2017-12-13 16:23:38 +01:00
Yury Shvedov
ef3649d90e hostapd: add acct_interval option
Make an ability to configure Accounting-Interim-Interval via UCI

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[add hostapd prefix, cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 0e7bbcd43b)
2017-12-13 16:23:38 +01:00
Luiz Angelo Daros de Luca
3027a68093 valgrind: bump to 3.13.0
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 991899cc54)
2017-12-13 16:23:38 +01:00