Commit graph

12151 commits

Author SHA1 Message Date
Jo-Philipp Wich
4e8c6f3407 dropbear: security update to 2016.74
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

  The security issues were reported by an anonymous researcher working with
  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-12 11:45:47 +02:00
Imre Kaloz
f76f83de71 mwlwifi: upgrade to 10.3.0.18-20160804
adds support for the Linksys WRT1900ACSv2 and WRT1200ACv2

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
2016-08-11 21:04:42 +02:00
Felix Fietkau
08a27b99a2 kernel: add missing config symbol
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-11 18:33:02 +02:00
Ben Greear
4d39726b21 ath10k-firmware: Update to latest 99X0 CT firmware.
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.

Briefly tested on ea8500.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-08-11 10:55:22 +02:00
Ben Greear
f85c12e07d ath10k-ct: Fix loading 9980 firmware.
ath10k-ct driver was using bad defaults for 9980 if user
had not specified a fwcfg file to over-ride them.

Also, support configurable station-kickout-threshold,
which might work around issues with flakey connections.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix PKG_VERSION]
2016-08-11 10:54:50 +02:00
Matteo Croce
1645abffea kernel: add plan 9 fs package
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.

Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
2016-08-11 10:45:33 +02:00
Petko Bordjukov
dff6df9625 hostapd: Allow RADIUS accounting without 802.1x
RADIUS accounting can be used even when RADIUS authentication is not
used. Move the accounting configuration outside of the EAP-exclusive
sections.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-08-11 10:45:33 +02:00
Mathias Kresin
5fadd4397b preinit: use only the image config options
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.

All other fs_ variables were never used.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-08-10 03:04:08 +02:00
Mathias Kresin
14e0f057c8 ltq-hcd: fix xway dependency
Due to missing parameter the package wasn't build for the xway target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-08-10 03:04:08 +02:00
Felix Fietkau
7ee9222770 openssl: re-enable CMAC support
Needed by a few packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-09 07:18:03 +02:00
Jo-Philipp Wich
27dffa0b0c uclient: change SSL support error message
Change the error message about missing SSL support to be more explicit by
mentioning required package names.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-08-08 12:20:15 +02:00
Petko Bordjukov
b34ccf45df mac80211: Update the regdb to master-2016-06-10
Changes include:

* Higher maximum transmit power in the 5170-5250 band of the BG
  regdomain
* Introduction of the CU regdomain
* Introduction of the 5725-5875 band (short-range devices) in the DE
  regdomain
* Introduction of 60 GHz channels 1-4 in the KR regdomain
* Introduction of the 5725-5875 band (short-range devices) in the NL
  regdomain

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-08-07 23:55:38 +03:00
Felix Fietkau
51e70267bd hostapd: remove unused hostapd-common-old package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-05 11:02:57 +02:00
Felix Fietkau
ac642a7514 ath9k: improve powersave filter handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 23:10:41 +02:00
Felix Fietkau
4701fd3190 ath9k: improve performance in tx status handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 23:10:41 +02:00
Felix Fietkau
1b9dbb8532 Revert "kernel: remove long obsolete gpio spi controller driver patch"
This reverts commit 9e62a7668c.
2016-08-04 23:10:15 +02:00
Felix Fietkau
7c874d18f5 kernel: mark compression modules as hiddden to obsolete the compressor kconfig hack
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 20:53:02 +02:00
Felix Fietkau
93fb6ce05b kernel: mark kmod-udptunnel as hiddden to replace the NET_UDP_TUNNEL kconfig hack
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 20:53:02 +02:00
Felix Fietkau
577f873daf kernel: remove unused morse led trigger driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 20:53:02 +02:00
Felix Fietkau
9e62a7668c kernel: remove long obsolete gpio spi controller driver patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 20:53:02 +02:00
Felix Fietkau
56cf1adc50 kernel: remove esfq qdisc
It has been obsolete for years now

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-04 18:27:54 +02:00
Mathias Kresin
3004298e62 sysupgrade: unmount filesystems before reboot
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:

FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.

Although a data corruption during read operations is unlikely, there is
no need to scare the users.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-08-04 18:19:46 +02:00
Daniel Golle
877168993a base-files: remove dead code
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-08-04 18:19:46 +02:00
Felix Fietkau
fa85ee1d4e kernel: modularize bridge netfilter support a bit further to get rid of some kernel bloat
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-03 19:16:32 +02:00
Felix Fietkau
a5c32a1f19 kernel: remove switch driver kmod packages
Targets that need switch drivers should select them in their kernel
config. This prevents some bloat from creeping into targets that don't
need switchdev/dsa

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-03 19:16:32 +02:00
Lucian Cristian
6e68a5dd11 linux/modules: Add SCH5627 Super I/O chips
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2016-08-03 15:30:13 +02:00
John Crispin
2feb9433e2 rtc-rv5c386a: package does not build inside the SDK
the packages failed to build inside the SDK due to missing header
files.

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-03 15:30:13 +02:00
John Crispin
10f9ea0bc6 uboot-lantiq: package does not build inside the SDK
the packages failed to build inside the SDK due to missing ethernet
firmware files.

Signed-off-by: John Crispin <john@phrozen.org>
2016-08-03 15:30:13 +02:00
Felix Fietkau
2f8c355850 mkelfimage: remove package, it is a host tool that has been unused for years
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-02 13:54:56 +02:00
Felix Fietkau
cc7029f8a9 uboot-ar71xx: fix default selection for NBG460N/550N/550NH
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-02 13:50:43 +02:00
Felix Fietkau
0cd13c53c1 mac80211: fix minor memleak on AP restart / warning on driver unload
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-02 13:08:05 +02:00
Felix Fietkau
18373e24cf ath9k: fix sta initialization bug leading to stability issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-02 13:07:59 +02:00
Hauke Mehrtens
2694d43b05 gdb: fix build with gcc 4.1.2 as host compiler
The additional warnings are causing compile errors on gcc version 4.1.2
as a host compiler.

cc -c  -Wall -Wdeclaration-after-statement -Wpointer-arith
-Wpointer-sign -Wno-unused -Wunused-value -Wunused-function -Wno-switch
-Wno-char-subscripts -Wmissing-prototypes -Wdeclaration-after-statement
-Wempty-body -Wmissing-parameter-type -Wold-style-declaration -Wold-
style-definition -Wformat-nonliteral  -I. -I. -I./../../include
filter_host.c
cc1: error: unrecognized command line option "-Wempty-body"
cc1: error: unrecognized command line option "-Wmissing-parameter-type"
cc1: error: unrecognized command line option "-Wold-style-declaration"
cc1: error: unrecognized command line option "-Wempty-body"
cc1: error: unrecognized command line option "-Wmissing-parameter-type"
cc1: error: unrecognized command line option "-Wold-style-declaration"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-08-01 22:25:54 +02:00
Felix Fietkau
5c9cc7b7f8 base-files: increase vm.min_free_kbytes
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-01 14:53:27 +02:00
Florian Eckert
109c55aea1 uqmi: add metric option to interface config
It is now possible to add an metric option for the qmi proto in dhcp mode.

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-07-26 08:39:36 +02:00
Florian Eckert
15867deac8 uqmi: fix option ipv6
If option ist not set then ipv6 is still enabled on this Interface.
Check if variable is zero will fix this issue.

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-07-26 08:39:36 +02:00
Felix Fietkau
180465c38f build: create a package feed directory containing all packages
Needed for proper dependency handling for per-device rootfs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-01 11:13:38 +02:00
Felix Fietkau
5e41c1d447 perf: prevent build from within the sdk and mark as nonshared
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-31 12:25:25 +02:00
Felix Fietkau
9201e88f51 kernel: remove hostap driver
It has been marked as broken for well over a month now and nobody has
complained.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-31 12:25:24 +02:00
Felix Fietkau
b2ddfbc1c7 dnsmasq: drop --interface and --except-interface options when the interface cannot be found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 20:58:14 +02:00
Felix Fietkau
009d6d6024 netifd: update to the latest version, adds an event handling fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 19:51:31 +02:00
Felix Fietkau
5cd88f4812 dnsmasq: remove use of uci state for getting network ifname
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 19:48:22 +02:00
Felix Fietkau
a1681ce39b dnsmasq: replace the iface hotplug script with a procd trigger
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
6916ca8d33 dnsmasq: make the check for existing DHCP servers more reliable
If there is no carrier yet, wait for 2 seconds (STP forwarding delay)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Ulrich Weber
712b6fdc5c dnsmasq: write atomic config file
multiple invocation of dnsmasq script (e.g. by procd and hotplugd)
might cause procd to restart dnsmasq with an incomplete config file.
Config file generation might take quite a long time on larger configs
due ubus calls for each listening interface...

Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
2016-07-29 16:41:09 +02:00
Felix Fietkau
d9ff187003 netifd: update to the latest version
Emits an initial event after the first link-up of a force_link
interface. This is needed for making the dnsmasq dhcp check more
reliable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
f88e3a4c0a procd: add default timeout for reload trigger actions
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
c02f41c1d2 igmpproxy: remove procd_open_trigger/procd_close_trigger calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:09 +02:00
Felix Fietkau
8299737428 dropbear: remove procd_open_trigger/procd_close_trigger calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:08 +02:00
Felix Fietkau
88304ea6e5 sysntpd: remove procd_open_trigger/procd_close_trigger calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-29 16:41:08 +02:00