Commit Graph

2834 Commits

Author SHA1 Message Date
Felix Fietkau
d25cc3207d iw: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
DENG Qingfang
eddbd68b6d iproute2: update to 5.3.0
Update iproute2 to 5.3.0

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-09-28 21:26:53 +02:00
Brandy Krueger
1fe1a200d9 wireguard: bump to 0.0.20190913
Changes since 0.0.20190702:

define conversion constants for ancient kernels
android: refactor and add incoming allow rules
enforce that unused bits of flags are zero
immediately rekey all peers after changing device private key
support running in OpenVZ environments
do not run bc on clean target
skip peers with invalid keys
account for upstream configuration maze changes
openbsd: fix alternate routing table syntax
account for android-4.9 backport of addr_gen_mode
don't fail down when using systemd-resolved
allow specifying kernel release
enforce named pipe ownership and use protected prefix
work around ubuntu breakage
support newer PaX
don't rewrite siphash when it's from compat
squelch warnings for stack limit on broken kernel configs
support rhel/centos 7.7

Signed-off-by: Brandy Krueger <krueger.brandy24@gmail.com>
2019-09-28 21:01:53 +02:00
Jo-Philipp Wich
ced4c0e635 iwinfo: update to latest Git HEAD
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-22 18:58:50 +02:00
Hauke Mehrtens
49cc712b44 hostapd: Add mesh support for wpad full
This increases the size of the binary slightly:

old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
998686364d hostapd: use getrandom syscall
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
0d86bf518a hostapd: Remove unneeded patch
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
9b4a27455c hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
Instead of patching the workaround away, just use the config option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
167028b750 hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:38 +02:00
Hauke Mehrtens
8af79550e6 hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-09-22 17:39:26 +02:00
Hauke Mehrtens
a6981604b3 hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Jo-Philipp Wich
d6bd3fd5c4 iwinfo: update to latest Git HEAD
02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:32:49 +02:00
Jo-Philipp Wich
abb4f4075e hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:28 +02:00
Jo-Philipp Wich
4209b28d23 hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:21 +02:00
Leon M. George
f974f8213b hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Leon M. George
a123df2758 hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Hans Dedecker
71cf4a272c curl: bump to 7.66.0
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0

Fixes CVEs:
    CVE-2019-5481
    CVE-2019-5482

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-19 22:23:01 +02:00
Jo-Philipp Wich
5ef9e4f107 firewall: update to latest Git HEAD
383eb58 ubus: do not overwrite ipset name attribute

Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-18 10:51:24 +02:00
Petr Štetiar
2cf209ce91 firewall: update to latest git HEAD
c26f8907d1d2 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Petr Štetiar
296e1f253c netifd,lldpd,rpcd,log: use generic service_running
commit eb204d14f75c ("base-files: implement generic service_running")
introduced generic service_running so it's not needed to copy&paste same
3 lines over and over again.

I've removed service_running from netifd/network init script as well,
because it was not working properly, looked quite strange and I didn't
understand the intention:

 $ /etc/init.d/network stop
 $ service network running && echo "yes" || echo "nope"
     ( have to wait for 30s )
 Command failed: Request timed out
 yes

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Hans Dedecker
a33d60c896 odhcpd: update to latest git HEAD
1d24009 netlink: rename netlink callback handlers
91a28e4 ndp: answer global-addressed NS manually
fd93e36 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-15 20:43:14 +02:00
Hans Dedecker
ce6311d301 odhcpd: fix update to git HEAD
Fixes commit 7ff5b12e90

e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:37:54 +02:00
Ingo Feinerer
ca0ad9e0e9 umbim: update to latest git HEAD
184b707 umbim: add home provider query support

Signed-off-by: Ingo Feinerer <feinerer@logic.at>
2019-09-12 22:29:47 +02:00
Hans Dedecker
7ff5b12e90 odhcpd: update to latest git HEAD (FS#2019)
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
d111809 router: make RA flags configurable (FS#2019)

Update odhcpd defaults according to the new RA flags implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:22:29 +02:00
David Bauer
7db2f1a71f iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-12 15:38:08 +02:00
Hauke Mehrtens
7bed9bf10f hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:41 +02:00
Hauke Mehrtens
9f34bf51d6 hostapd: Fix security problem
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:26 +02:00
Hauke Mehrtens
359bff6052 firewall: update to latest git HEAD
487bd0d utils: Fix string format message

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-08 18:39:13 +02:00
Hans Dedecker
7db6559914 firewal: update to latest git HEAD
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 21:23:43 +02:00
Hans Dedecker
1855c23794 odhcp6c: update to latest git HEAD
e199804 dhcpv6: sanitize oro options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 13:11:53 +02:00
Hauke Mehrtens
6658447534 iwinfo: update to latest Git HEAD
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:48:43 +02:00
Konstantin Demin
b74f1f335a nftables: bump to version 0.9.2
- exclude Python-related stuff from build
- drop patches:
  * 010-uclibc-ng.patch, applied upstream

ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Eneas U de Queiroz
7f2b230b3b uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:35:11 +02:00
Jo-Philipp Wich
b13f3300d5 iwinfo: update to latest Git HEAD
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-28 12:09:14 +02:00
DENG Qingfang
bd098231ba iproute2: update to 5.2.0
Remove upstream patches

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-24 21:58:13 +02:00
Kevin Darbyshire-Bryant
bd01346bb4 firewall: update to latest git HEAD
bf29c1e firewall3: ipset: Handle reload_set properly

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-22 09:31:57 +01:00
Christian Lamparter
cfd0748497 iftop: update to HEAD of 2018-10-03 - 77901c
Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183

git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c

77901c8 Support scales beyond 1Gbps

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Jo-Philipp Wich
d1f207ecc9 uhttpd: update to latest Git HEAD
6b03f96 ubus: increase maximum ubus request size to 64KB

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-18 20:00:06 +02:00
Alin Nastac
a6da3f9ef7 iproute2: add libcap support, enabled in ip-full
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
2019-08-18 14:44:10 +02:00
Hauke Mehrtens
928e893a11 mac80211: Update to version 5.3-rc4-1
The removed patches were applied upstream.
The type of the RT2X00_LIB_EEPROM config option was changed to bool,
because boolean is an invalid value and the new kconfig system
complained about this.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:41:16 +02:00
Hauke Mehrtens
1d4df52c21 hostapd: Allow CONFIG_IEEE80211W for all but mini variant
This commit will activate CONFIG_IEEE80211W for all, but the mini
variant when at least one driver supports it. This will add ieee80211w
support for the mesh variant for example.

Fixes: FS#2397
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:16:08 +02:00
Hauke Mehrtens
f34e825834 hostapd: Remove ROBO switch support
The driver was removed from OpenWrt a long time ago.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:16:08 +02:00
Kevin Darbyshire-Bryant
51ffce0694 firewall: improve ipset support
Bump to latest git HEAD

509e673 firewall3: Improve ipset support

The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.

Add support for reloading, or recreating, ipsets on firewall reload.  By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.

Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-16 11:27:24 +01:00
Hans Dedecker
63ced14048 dnsmasq: use nettle ecc_curve access functions
Fixes compile issues with nettle 3.5.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-09 21:40:13 +02:00
Vincent Wiemann
ccb4b96b8a comgt-ncm: add driver dependencies again
In the commit 623716dd43 ("comgt-ncm: Fix NCM protocol")
the dependencies to vendor NCM drivers were removed, because:

> comgt-ncm should not depend on the USB-serial-related kernel modules,
> as the cdc-wdm control device works without them. There is also no need
> to depend on kmod-huawei-cdc-ncm, since other manufacturers (like
> Ericsson and Samsung) which use other kernel modules should also be
> supported.

From a user-perspective this does not make sense, as installing comgt-ncm
(or luci-proto-ncm) should install all needed dependencies for using such
a device.

Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson
and Samsung devices can't be supported. By the way it seems that Ericsson
and Samsung devices never used NCM, but act as serial modems.

Thus this commit adds the dependencies again.

Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[fixed title capitalization, formatted commit message,
renamed Sony-Ericsson to Ericsson]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-08 21:33:34 +02:00
Hans Dedecker
d70a35c365 netifd: update to latest git HEAD
5e02f94 system-linux: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:55:52 +02:00
Rosen Penev
1b1c47577b linux-atm: Add missing headers
This fixes compilation with -Werror=implicit-function-declaration.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-05 23:22:26 +02:00
Jeffery To
e545fac8d9 build: include BUILD_VARIANT in PKG_BUILD_DIR
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.

This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-08-05 23:22:26 +02:00
Hans Dedecker
018395392c ethtool: bump to 5.2
379c096 Release version 5.2.
2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes
67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019
687152b ethtool.spec: Use standard file location macros

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-05 21:04:44 +02:00
Hans Dedecker
efb7b7a12a firewall: update to latest git HEAD
de94097 utils: coverity resource leak warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-05 14:18:27 +02:00