Commit graph

10552 commits

Author SHA1 Message Date
Felix Fietkau
06556a8e6b hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45619
2015-05-06 09:45:39 +00:00
Felix Fietkau
1f689613b6 iptables: disable unused xml support to save some space
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45617
2015-05-06 00:59:41 +00:00
Felix Fietkau
a503023ec2 hostapd: enable 802.11w only for the full variants
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45616
2015-05-06 00:59:36 +00:00
Felix Fietkau
102522e0cd uboot-envtools: disable AES support, reduces code size
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45615
2015-05-06 00:59:28 +00:00
Steven Barth
d534883a52 firewall: Allow IGMP and MLD input on WAN
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.

RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

SVN-Revision: 45613
2015-05-05 13:22:41 +00:00
Steven Barth
336fc7a702 netsupport: l2tp-ip: only depend on IPv6 if IPv6 support is enabled
Before r45593 kmod-l2tp-ip did not depend on kmod-ipv6.
With r45593 support for L2TP IPv6 encapsulation was added and
included in the kmod-l2tp-ip package. This change also
added the dependency to kmod-ipv6 to kmod-l2tp-ip, regardless
of whether the user chose to generally include IPv6 support
or not.
Change this so L2TP over IPv6 and the resulting dependency
to kmod-ipv6 is only included in kmod-l2tp-ip if IPv6 support
is enabled.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45612
2015-05-05 13:22:33 +00:00
Jo-Philipp Wich
2a196a68cd procd: fix uid/gid changing for service instances
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45611
2015-05-05 11:00:53 +00:00
Felix Fietkau
334ad1d49f polarssl: include PKG_RELEASE in ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45610
2015-05-05 10:14:04 +00:00
Felix Fietkau
632ba15a56 curl: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45609
2015-05-05 10:12:49 +00:00
Felix Fietkau
5533a67e3a openvpn: replace polarssl run-time version check with a compile-time one
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45608
2015-05-05 10:09:16 +00:00
Felix Fietkau
34cacae2b9 polarssl: disable runtime version checks to save some space
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45607
2015-05-05 10:00:49 +00:00
Felix Fietkau
434bf8a90b polarssl: disable an unused random number generator
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45606
2015-05-05 10:00:36 +00:00
Jo-Philipp Wich
a28deda590 openvpn: disable CBC record splitting in PolarSSL/mbedTLS (#19101)
OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.

The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.

Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.

References:

 * https://dev.openwrt.org/ticket/19101
 * https://community.openvpn.net/openvpn/ticket/524
 * https://github.com/ARMmbed/mbedtls/pull/185

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 45602
2015-05-04 08:49:21 +00:00
Felix Fietkau
2659762e62 base-files: fix logic error in led default handling (patch from #19593)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45600
2015-05-03 18:04:27 +00:00
Steven Barth
4d9694981b nettle: bump to 3.1.1
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45595
2015-05-03 11:19:42 +00:00
Steven Barth
a132313238 dhcp: add option specifying overriding custom-routes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45594
2015-05-02 07:44:55 +00:00
Steven Barth
498e3a7fd4 netsupport: package L2TPv3 over IPv6 as well
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45593
2015-05-02 07:44:47 +00:00
Steven Barth
58f7d9676b map: shorten autogenerated sub-interface names to account for limits
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45590
2015-04-30 12:43:46 +00:00
Steven Barth
fc84123c2f dnsmasq: bump to 2.73rc7
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45587
2015-04-29 07:19:24 +00:00
Steven Barth
4fb99ec22f odhcpd: Remove prefix class config option as not supported anymore by odhcpd
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45586
2015-04-28 14:58:54 +00:00
Steven Barth
64aa0929b9 odhcp6c: Fix white space errors
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

SVN-Revision: 45585
2015-04-28 14:57:52 +00:00
Rafał Miłecki
63bb07b28c Revert "nvram: increase NVRAM size to 64 KiB"
This reverts commit ff84c27a281bc19df19bc62ee8688cca5586f6e3.
This tool has really broken size handling (many values hardcoded), it
crashes right now in case of NVRAM not filling whole MTD partition.

Conflicts:
	package/utils/nvram/src/nvram.h

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45579
2015-04-24 15:38:38 +00:00
Rafał Miłecki
97a0e165a6 nvram: fix regression in finding NVRAM beginning
The loop was giving up too early as it never expected NVRAM smaller
than 0x10000.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45578
2015-04-24 14:28:57 +00:00
Rafał Miłecki
84a3e668fc mac80211: backport brcmfmac to support multiple devices NVRAM
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45577
2015-04-24 10:53:11 +00:00
Rafał Miłecki
c1a7e13587 mac80211: update brcmfmac to the wireless-drivers-next-for-davem-2015-04-09
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45576
2015-04-24 10:45:33 +00:00
Steven Barth
62e7f07615 dnsmasq: bump to 2.73rc6
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45572
2015-04-23 13:05:15 +00:00
Felix Fietkau
4d58f0f4d9 Revert "ncurses: cleanup InstallDev"
This reverts r43204. The symlinks are faulty, as they point to a
temporary staging dir

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45569
2015-04-23 11:06:15 +00:00
Felix Fietkau
eba659cbba hostapd: backport fix for CVE-2015-1863, refresh patches
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45567
2015-04-23 08:01:51 +00:00
Rafał Miłecki
7e3272f422 nvram: increase NVRAM size to 64 KiB
For years Broadcom devices use 64 KiB NVRAM partition size and some of
them indeed have it filled in more than 50%. This change allows handling
whole NVRAM e.g. on Netgear WNDR4500 and Netgear R8000.

The same fix was applied to kernel in upstream commit 6ab7c29.

Reported-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45566
2015-04-22 19:07:24 +00:00
Rafał Miłecki
3931288caa nvram: refuse to open NVRAM for writing if it's too big to be handled
Otherwise writing anything will result in loosing data.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45565
2015-04-22 19:07:19 +00:00
Rafał Miłecki
d94fb398f6 nvram: drop check for WGT634U using /proc/diag/model
We don't have broadcom-diag for months or years now and the correct
solution is to simply don't have "nvram" partition on WGT634U anyway.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45564
2015-04-22 19:07:12 +00:00
Rafał Miłecki
0c4c05f0e7 nvram: use correct variable name for MTD partition size
Sytax of /proc/mtd is following:
dev:    size   erasesize  name
which means that sscanf "mtd%d: %08x" reads size, not erasesize.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45563
2015-04-22 19:07:06 +00:00
Rafał Miłecki
615fef1ab8 nvram: drop support for ancient /dev/mtdblock/%d
Path /dev/mtdblock%d is used for years now.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 45562
2015-04-22 19:06:58 +00:00
Nicolas Thill
05d28c47e8 hostapd: mark wpa-supplicant & wpad-mesh as broken on uml
Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 45561
2015-04-22 15:36:00 +00:00
Imre Kaloz
2b6db94fdc mwlwifi: upgrade to the latest revision
New revision adds transmit frame rate info

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 45560
2015-04-22 09:57:32 +00:00
John Crispin
f03226afe7 uqmi: auto retry when bringup fails
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45556
2015-04-21 13:18:46 +00:00
John Crispin
acf74d9b6a umbim: auto retry when bringup fails
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45555
2015-04-21 13:18:40 +00:00
Felix Fietkau
fe14e2a674 netifd: update to the latest version, fixes retry when proto handlers exit without changing the state
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45550
2015-04-21 12:11:07 +00:00
Felix Fietkau
ad44c2d101 mt76: remove specific firmware versions from makefile
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45549
2015-04-21 12:10:44 +00:00
Steven Barth
c6cd1f1632 odhcpd: minor fixes
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45539
2015-04-21 07:45:49 +00:00
John Crispin
fea3e1cedc kernel: remove module checks for 3.15/3.16/3.17
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45534
2015-04-21 06:59:41 +00:00
John Crispin
cde596abea kernel: remove usb-serial-motorola-phone
replaced by usb-serial-simple (see r45233)

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45533
2015-04-21 06:59:35 +00:00
John Crispin
6bb20ea6d6 wpan: remove duplicate DEPENDS
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45532
2015-04-21 06:59:29 +00:00
John Crispin
a560493ad7 kernel: add bluetooth symbols from Kernel 4.0
upstream commit: Bluetooth: Introduce BT_BREDR and BT_LE config options
id: 65efd2bf4885312b42de9829159789199221cc60

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45531
2015-04-21 06:59:23 +00:00
John Crispin
87ef12fad3 wpan: rework bluetooth / wpan and 6lowpan dependencies
- remove/rename of 6lowpan-iphc
upstream change in 3.17: 6lowpan: introduce new net/6lowpan directory
id: 2c6bed7cfcd3f594ed9e4d6919fa2ebea2243d19

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45529
2015-04-21 06:59:10 +00:00
Steven Barth
18f55ddf7d nettle: bump to 3.1
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45526
2015-04-20 20:47:42 +00:00
Felix Fietkau
ecbb0d9d4e binutils/oprofile: disable mips16 to fix build errors (#19522)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 45525
2015-04-20 15:01:21 +00:00
Felix Fietkau
e2e2fb168b mac80211: fallback to wpa_supplicant to setup encrypted mesh
instead of failing when authsae is not installed, also try using
wpa_supplicant as the newly added -mesh variants support mesh mode
and SAE encryption.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45520
2015-04-20 15:00:13 +00:00
Felix Fietkau
ce0eddc2fb hostapd/netifd: encrypted mesh with wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 45519
2015-04-20 15:00:07 +00:00
Steven Barth
42c75c690e odhcp6c: fix SOL_MAX_RT to match RFC 3315
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45514
2015-04-20 09:17:13 +00:00