Commit graph

13125 commits

Author SHA1 Message Date
Felix Fietkau
0aa46bf76a build: skip opkg host dependency within the SDK
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 20:43:40 +01:00
Felix Fietkau
2a1ee042cd ubox: update to the latest version
c553354 cmake: fix typo
8973576 kmodloader: fix not being able to find some modules
fce9382 cmake: Check for getrandom system call

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 16:09:32 +01:00
Felix Fietkau
709d10e220 px5g: replace px5g-standalone with a statically linked variant of px5g-mbedtls
px5g-standalone only supports SHA1 for certificates, which is strongly
deprecated. The new px5g-standalone is about 27k bigger (compressed),
and has identical behavior to px5g-mbedtls (it uses SHA256).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 16:05:42 +01:00
Felix Fietkau
7df0069bb5 mbedtls: add --function-sections and --data-sections to CFLAGS
This allows binaries that links these libraries statically to be reduced
by using --gc-sections on link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 16:05:03 +01:00
Felix Fietkau
adeae0e02a build: move opkg host dependency from package/install to package/compile
Improves parallel build behavior, since it allows opkg to be built at
the same time as other packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-21 13:03:20 +01:00
Jo-Philipp Wich
55ffc38004 opkg: re-enable usign support
The switch to cmake caused the -DHAVE_USIGN flag to get lost, disabling
compilation of the correspondinf support code.

Update to latest Git head which enables usign support by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-20 15:32:58 +01:00
Stijn Tintel
ca8aee0c57 Revert "px5g-standalone: provide px5g via PROVIDES"
This reverts commit cc66f819b4.

This commit causes opkg to install px5g-standalone instead of px5g when
installing luci-ssl. As luci-ssl depends on mbedtls, using
px5g-standalone makes no sense. Next to that, it creates deprecated SHA1
certificates. Revert the commit to avoid pxg5-standalone to be
installed by accident.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-20 15:16:28 +01:00
Felix Fietkau
315498c163 libubox: fix host build on macOS
Use the defaults instead of a custom non-portable Host/Install section

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-20 14:57:20 +01:00
Jo-Philipp Wich
aff2d5c856 hostapd: fix feature indication
- Fix eap test to work with standalone hostapd builds
 - Fix 11n test to check the correct define
 - Add 11ac, 11r and 11w tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-20 12:06:18 +01:00
Kevin Darbyshire-Bryant
0247314f7d dnsmasq: bump to dnsmasq v2.77test3
New test release (since test1) includes 2 LEDE patches that are
upstream and may be dropped, along with many spelling fixes.

Add forthcoming 2017 root zone trust anchor to trust-anchors.conf.

Backport 2 patches that just missed test3:

Reduce logspam of those domains handled locally 'local addresses only'
Implement RFC-6842 (Client-ids in DHCP replies)

Compile & run tested Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-20 10:21:42 +01:00
Hsing-Wang Liao
2cfc40a8ad kernel: add Chinese codepages
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-02-20 09:13:52 +01:00
Alexandru Gagniuc
a4def18f29 uboot-omap: Update to u-boot v2017.01
Specifying USE_PRIVATE_LIBGCC is no longer needed, as it is the
default.

Patch 001 is removed, since it was already merged upstream. Patches
100 and 101 are removed because they do not appear to be needed
anymore, and they do not conform with the sign-off and commit message
procedures.

Signed-off-by: Alexandru Gagniuc <alex.g@adaptrum.com>
2017-02-20 09:12:04 +01:00
Alexandru Gagniuc
b132d4fb91 uboot-omap: Do not hide bootloader packages
Because they were hidden, there was no way to disable the uboot
targets in menuconfig, so they had to be built every time. The omap
target is the only one to hide uboot packages. To be consistent with
the other targets, and have more control over the build, un-hide the
u-boot packages.

Note that the default behavior remains unchanged, as uboot will be
built unless explicitly disabled.

Signed-off-by: Alexandru Gagniuc <alex.g@adaptrum.com>
2017-02-20 09:12:04 +01:00
Jo-Philipp Wich
b65dc04712 opkg: switch to own fork to improve memory usage
Switch to our own fork of opkg to significantly reduce the required amount
of memory when updating lists or installing packages.

Preliminary tests showed a usage drop of about 90% during these operations,
from ~3.7MB with unmodified opkg to ~360KB with our custom fork.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-19 19:08:46 +01:00
Jo-Philipp Wich
84ceca5148 libubox: add host build
Our opkg fork requires libubox to build, so add a host build for it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-19 19:08:46 +01:00
Jo-Philipp Wich
08f9eb7954 firewall3: update to Git head to support xtables API level > 11
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-19 19:08:46 +01:00
Hans Dedecker
157b78779f odhcp6c: fix PKG_MIRROR_HASH
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-17 16:04:28 +01:00
Felix Fietkau
7df998bb6d uhttpd: use sha256 when generating certificates with openssl (FS#512)
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-17 14:42:13 +01:00
Felix Fietkau
6c44ac286b libpcap: remove feature dependencies on kmod-* packages
USB support could be built into the kernel as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-17 14:09:21 +01:00
Stijn Tintel
27040dbf89 dropbear: bump PKG_RELEASE
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-02-17 12:18:58 +01:00
Cezary Jackiewicz
af59d3bda3 ugps: fix typo
Removing redundant spaces from the name of the option. Without fix:

root@LEDE:~# opkg install ugps
Installing ugps (2016-10-24-32a6b2b7-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01-SNAPSHOT/packages/mips_24kc/base/ugps_2016-10-24-32a6b2b7-1_mips_24kc.ipk
Configuring ugps.
uci: Parse error (invalid character in name field) at line 3, byte 23
uci: Parse error (invalid character in name field) at line 3, byte 23
sh: out of range
root@LEDE:~# uci show gps
uci: Parse error (invalid character in name field) at line 3, byte 23

With this fix:

root@LEDE:~# uci show gps
gps.@gps[0]=gps
gps.@gps[0].tty='ttyACM0'
gps.@gps[0].adjust_time='1'

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2017-02-16 09:07:16 +01:00
Felix Fietkau
40374454f9 qos-scripts: fix module load commands (FS#438)
fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark
module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 14:01:15 +01:00
Rafał Miłecki
2a6fbce121 mdns: update and rename package to the umdns
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).

This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-15 11:52:57 +01:00
Ansuel Smith
d1a75c5161 ebtables: update to last commit
Refreshed patches

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-15 11:28:57 +01:00
John Crispin
946d1dfb87 procd: update to latest git HEAD
5f91241 procd: add cancel_timeout on rc scripts when a runtime_timeout is specified
961dc69 procd: stop service using SIGKILL if SIGTERM failed to do so

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-15 09:59:46 +01:00
Daniel Albers
cb801b052c hostapd: mv netifd.sh hostapd.sh
same name for the file on the host and target

Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
2017-02-15 09:38:57 +01:00
Denis Osvald
d9a358d562 procd: fix default timeout for reload trigger actions
Default trigger action timeout was added to procd.sh in commit f88e3a4c0
(procd: add default timeout for reload trigger actions)
However, the timeout value was not placed under the correct JSON-script
array nesting level and thus did not apply.

To fix this and make the timeout actually apply to the reload triggers,
we place it in the correct scope, that is the per-trigger array.

Fixes: f88e3a4c0a
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-02-15 09:33:13 +01:00
Felix Fietkau
9dcb921d90 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-14 14:18:35 +01:00
Alberto Bursi
3b90ed8c18 uboot-kirkwood: fix usb of nsa310b u-boot
fixes issue "nsa 310b u-boot can initialize usb but cannot
use usb storage so it cannot load files from usb"

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-14 12:26:20 +01:00
Pavel Kubelun
cdf51bf46a ath10k-firmware: update qca9984 firmware
Bump qca9984 firmware.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-02-14 12:18:51 +01:00
Sven Eckelmann
2696b0ec1e package/uboot-envtools: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-14 12:18:05 +01:00
Sven Eckelmann
86364178d6 package/om-watchdog: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-14 12:18:05 +01:00
Sven Eckelmann
bddb243640 package/uboot-envtools: add OpenMesh a60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-14 12:18:05 +01:00
Sven Eckelmann
6bd9ba8d6d package/om-watchdog: add OpenMesh A60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-14 12:18:05 +01:00
Sven Eckelmann
88aa7eeee5 package/uboot-envtools: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-14 12:18:05 +01:00
Sven Eckelmann
5035213dc8 package/om-watchdog: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-14 12:18:04 +01:00
Ulrich Weber
d5221d5a41 ppp: honor ip6table for IPv6 PPP interfaces
as we do for IPv4 PPP interfaces. When we create the
dynamic IPv6 interface we should inherit ip6table from
main interface.

Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
2017-02-13 18:48:33 +01:00
Florian Eckert
bb9d2aa868 ppp: add pppoe-discovery to an independent package
pppoe-discovery performs the same discovery process as pppoe, but does
not initiate a session

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-13 18:45:34 +01:00
David Pinilla Caparrós
a896611acd base-files: Added a deprecation notice on wifi detect
When running wifi detect, the user will be told on error output that
wifi detect is deprecated, that wifi config must be used instead. Also
the commit that changes it is referenced for further info.

Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
2017-02-13 10:24:32 +01:00
David Pinilla Caparrós
f6d3ea8c8a base-files: Add wifi config to wifi command usage
Since commit 5f8f8a3661 wifi detect does
not longer work and wifi config it's used to configure not yet
configured wireless devices.

This commit changes command usage to reflect that change.

Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
2017-02-13 10:24:32 +01:00
Hans Dedecker
4c09f99605 netifd: update to git HEAD version
f107656 netifd: Add option to configure locktime for each device
cdc0e80 interface: add prefix assignment priority support
6397f5e device: add veth support
6228d0f wireless: fix _wireless_add_process
7cc2f10 treewide: fix white space errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-12 18:12:47 +01:00
Felix Fietkau
f28eef4460 mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-12 15:57:37 +01:00
Koen Vandeputte
75216a76b0 mac80211: backport upstream fix for CSA in IBSS mode
Allows to change channels on-the-fly using CSA when using IBSS.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-02-12 15:57:37 +01:00
Felix Fietkau
764cd09dd8 ath9k: fix various issues in the airtime-fairness implementation
Effects of the bugs could include memory corruption, tx hangs, kernel
crahes, possibly other things as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-12 14:27:41 +01:00
Hauke Mehrtens
5c651b029e kernel: fix kmod-rxrpc with kernel 4.9
rxkad will be build into af-rxrpc now and is of type boolean.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-12 13:55:45 +01:00
Hauke Mehrtens
2eed1179be ltq-ptm: use netif_trans_update() only for kernel >= 4.7
This fixes a bug introduced in commit c7ce9908bd
"ltq-ptm: fix build with kernel 4.9"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-12 01:26:33 +01:00
Hauke Mehrtens
ca9b9969fb ltq-vmmc: fix build with kernel 4.9
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-11 23:31:47 +01:00
Hauke Mehrtens
c7ce9908bd ltq-ptm: fix build with kernel 4.9
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-11 23:31:47 +01:00
Alberto Bursi
add1dd0081 uboot-kirkwood: add Zyxel NSA325 uboot
add uboot for NSA325

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-11 21:16:28 +01:00
Alberto Bursi
760185972f uboot-envtools: add nsa325 envs
adding nsa325 envs for consistency with other kirkwoods

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-11 21:16:28 +01:00
Felix Fietkau
9827c3e9b9 gdb: update to version 7.12.1, fix glibc 2.25 build issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 20:34:33 +01:00
Felix Fietkau
dc4844b18b pppd: fix compile issues with glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 19:33:35 +01:00
Felix Fietkau
412e0bbf25 perf: avoid picking up a dependency on libunwind
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:37 +01:00
Felix Fietkau
9859a1d953 ugps: update to the latest version, fixes build error with glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:32 +01:00
Felix Fietkau
c22255e50e tcpdump: fix tcpdump-mini build on glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:24 +01:00
Felix Fietkau
de07a99447 fstools: update to the latest version
Fixes compatibility issues with glibc 2.25

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:18 +01:00
Felix Fietkau
2ffb80bc9f procd: update to the latest version
Fixes compatibility issues with glibc 2.25

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:11 +01:00
Alexey Brodkin
a3408a5271 toolchain/uclibc: Bump version to 1.0.22
Important change was made in 1.0.18: all sub-libs were merged
in one and only libc similarly to musl.

See [1] for more details.

To support that we had to remove refences to those sub-libs like
libpthread, libcrypt, libdl, libm, libutil etc.

[1] http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=29ff9055c80efe77a7130767a9fcb3ab8c67e8ce

Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
2017-02-11 15:38:39 +01:00
Tim Harvey
092f2c14bd imx6: move to Linux 4.9 kernel
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 15:38:11 +01:00
Joseph C. Sible
0bf85ef048 dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
2017-02-10 11:05:57 +01:00
Rafał Miłecki
368cc8ef47 mac80211: update brcmfmac backporting brcmf_err cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-10 00:40:49 +01:00
Hans Dedecker
be4842f5de odhcpd: update to git HEAD version (FS#396)
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:20:44 +01:00
Felix Fietkau
7096ed58fd kernel: remove kmod packages for bridge, stp, llc and 8021q
Remove CONFIG_VLAN_8021Q overrides for two targets
These features are built into the kernel image for all targets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-09 14:49:34 +01:00
Felix Fietkau
66a63d25c4 mac80211: fix build on linux 3.18
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-09 14:22:26 +01:00
Felix Fietkau
d826af2cbb build: make <subdir>/install opt-in, use it for target/ only
Fixes buildbot errors on running make target/install or
toolchain/install

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-09 13:51:35 +01:00
Ben Kelly
da0b9110fc uclibc++: patch bugfix erase() on derived __base_associative
When calling erase() on a containers derived from __base_associative
(e.g. multimap) and providing a pair of iterators a segfault will
occur.

Example code to reproduce:

	typedef std::multimap<int, int> testmap;
	testmap t;
	t.insert(std::pair<int, int>(1, 1));
	t.insert(std::pair<int, int>(2, 1));
	t.insert(std::pair<int, int>(3, 1));
	t.erase(t.begin(), t.end());

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-02-09 12:26:55 +01:00
Alberto Bursi
a9d347c11c uboot-kirkwood: fix goflexhome/net bootcommand
Goflexhome/net use uImage, and to boot an uImage the u-boot
must use bootm command, not bootz.

Fixes the "i cannot boot LEDE with this u-boot" issue that I
found out myself with my goflexnet.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-09 12:26:48 +01:00
Alberto Bursi
a6ef5933f8 uboot-kirkwood: remove obsolete patches
all patches for CONFIG_SYS_GENERIC_BOARD are obsolete for
uboot 2016 sources.

Run-tested with the uboot of goflexnet, also the md5sum of
all other uboots is the same with or without these patches.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-09 12:26:42 +01:00
Daniel Engberg
2faa1edd91 iperf3: Update to 3.1.6
Update to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-02-09 12:26:36 +01:00
Daniel Engberg
0af460b38c utils/e2fsprogs: Update to 1.43.4
* Update to 1.43.4
* Use xz tarball which saves about 2Mbyte in size

Changelog: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [use @KERNEL instead of hardcoded URL]
2017-02-09 12:26:25 +01:00
John Crispin
1f3de99547 procd: update to latest git HEAD
cdc3dab ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-09 09:14:45 +01:00
Daniel Golle
9eacb9d7fc rt2x00: mt7620: lots of improvements
This commit combines all the changes I've made on my staging tree
into a single commit fixing many issues with our patch for MT7620.

First of all, checkpatch.pl revealed numerous code style issues with
the patch, so fix all the white-space and commets. Also use
usleep_range instead of legacy timing and relax timing for VCO
calibration just like the vendor driver does.

Several line programming registers were commented out in the patch.
Originally this came from the features present but disabled by default
in the vendor's driver (RTMP_TEMPERATURE_CALIBRATION and
ADJUST_POWER_CONSUMPTION_SUPPORT). Remove the dead code for now, it can
easily be re-added if we actually intend to support those features.

Move values from mt7620_freqconfig type into the existing rf_channel
struct, this shouldn't be a new typedef and it is possible to use the
existing struct because rf_channel got 4 32-bit fields, so two of the
8-bit values from mt7620_freqconfig can easily be stored in the same
32-bit field.

Map values such that
Rdiv -> rf1
N    -> rf2
K    -> rf3[0:7]
D    -> rf3[8:15]
Ksd  -> rf4

This makes the channel switching logic already look a bit more like
what we are used to in rt2x00... Probably many of the read-modify-write
calls could still be replaced by macros intended for that.

iq calibration seems to be identical to RT5592, so just enable it.
Test shows that this improves things quite a lot, datarates went up
by a couple of megabits when running iperf, signal quality seems jumpy
in the first few seconds once a station connencts, the stabelizes on a
value significantly better than what it was before.

Add description to the patch and reference the original OpenWrt commit
by which it was added.

The patch now passes checkpatch.pl and can thus be discussed with the
upstream authors of the rt2x00 driver.

Funded-by: https://www.kickstarter.com/projects/1327597961/better-support-for-mt7620a-n-in-openwrt-lede/

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-02-08 22:21:26 +01:00
Hans Dedecker
b516b38f2f odhcp6c: update to GIT head version
cfd986c odhcp6c: fix possible stack corruption when parsing proc if_inet6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-08 11:12:39 +01:00
Álvaro Fernández Rojas
fd94fa61a7 mac80211: brcmfmac: update Raspberry Pi patches for linux 4.9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 23:16:26 +01:00
Álvaro Fernández Rojas
6b5c3fd055 kernel: of-mdio: add missing dependency for linux 4.9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 23:00:13 +01:00
Álvaro Fernández Rojas
deb15cb23c brcmfmac: improve Raspberry Pi 3 stability
- Really disable power management (wrong config flags).
- Disable internal roaming engine.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 15:17:44 +01:00
Felix Fietkau
2a4d2e4519 mac80211: fix ath9k kernel crash with linux 4.9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-07 11:38:54 +01:00
Hauke Mehrtens
985c90d102 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:33:58 +01:00
Álvaro Fernández Rojas
196509b489 brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-06 22:24:57 +01:00
Felix Fietkau
649e766a64 mac80211: update to wireless-testing 2017-01-31
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-06 12:27:12 +01:00
Kevin Darbyshire-Bryant
3bef96ef18 dnsmasq: update to dnsmasq 2.77test1
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.

Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.

A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included.  This mean dnsmasq tries all
configured servers before giving up.

A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature 9525743c

I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 22:26:23 +01:00
Eric Luehrsen
f9f6a21c81 dnsmasq: fix instances in dhcp_add()
ref commit 9525743c07
dnsmasq: make DHCPv6 viable for standalone dnsmasq install
Above commit broke instancing by missing filter_dnsmasq()
as part of the dhcp_add() execution.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 22:26:22 +01:00
Arjen de Korte
07d5fc7ada dnsmasq: honor quietdhcp option for DHCPv6
Do not spam the syslog with DHCPv6 lease info if quietdhcp option
is selected. This already works for DHCPv4, make it work in the same
way for DHCPv6.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
[Originally written by Arjen de Korte on GitHub but had issues providing
a SoB in correct format.]
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 20:57:39 +01:00
Felix Fietkau
785f2a70da ubus: update to the latest version
Adds the following fixes:

91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:42:30 +01:00
Felix Fietkau
da93c15fd2 libubox: update to the latest version
Adds the following changes:

de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:19:15 +01:00
Felix Fietkau
a5990b1a39 mt76: update to the latest version, fixes a MAC address handling regression
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:17:42 +01:00
Felix Fietkau
eccb2e5e59 acx-mac80211: fix scan API error that could lead to a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Brandon Koepke
9df777d181 openvpn: adding key_direction to append_params.
key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me.

Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
2017-02-03 05:10:09 +01:00
Jo-Philipp Wich
c26ff034fc ubox: support quiet modprobe, support millisecond log timestamp accuracy
Update ubox to latest Git HEAD in order to import the following fixes:

ac2d43e kmodloader: support '-q' quiet option
f8d3d16 ubox: Add an option for more accurate timestamps in log

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-02 18:37:53 +01:00
Felix Fietkau
47540afa5d ath9k: add a warning to the tx99 config option
Lots of users try random stuff when they encounter any kind of
difficulty. I've had to debug a number of cases where people had enabled
this option for no reason. Hopefully this warning will reduce the number
of useless support cases.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-02 12:44:38 +01:00
Rafał Miłecki
b622f40249 mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 11:35:46 +01:00
Rafał Miłecki
99d3774a3c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 10:04:57 +01:00
Rafał Miłecki
4491979dc9 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:59:23 +01:00
Rafał Miłecki
2a1d8c1f79 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:51:34 +01:00
Rafał Miłecki
863a06b0a4 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:49:35 +01:00
Rafał Miłecki
4e611ac5df mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:45:59 +01:00
Rafał Miłecki
52be05e190 mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:39:31 +01:00
Hannu Nyman
eaf3fef946 ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:14:03 +01:00
Eric Luehrsen
9525743c07 dnsmasq: make DHCPv6 viable for standalone dnsmasq install
dnsmasq has sufficient services to meet the needs of DHCP
and RA with IP6 for single router router users. This is
the most common use for consumer routers. Its reenforced
as most ISP tend to only DHCP-PD /64. dnsmasq has year
over year demonstrated great flexibility in its option
set, and support for off-standard DHCP clients.

odhcpd has enhanced capabilities focused on IP6 such
as DHCP/RA relay and NDP proxy. However, it is not as
flexible in its option set. odhcpd is not as forgiving
with off-standard DHCP clients. Some points may represent
a long term TODO list, but it is the state currently.

These changes make any such combination possible. Already
odhcpd can be set as the main dhcp server. Now odhcpd
can be removed or disabled and dnsmasq will take over
if DHCPv6 compiled in. The existing DHCPv6 and RA UCI
are translated into dnsmasq.conf. The changes focus on
'--dhcp-range', '--dhcp-host', and '--dhcp-options'.

DHCP host ID is least 16 bits [::1000-::FFFF], but
leaves low range for typical infrastructure assignments.
dnsmasq accepts DHCPv6 options in the tranditional
'--dhcp-option' put they must be prefixed 'option6:'.
dnsmasq will also discover SLAAC DNS entries from DHCPv4
clients MAC, and confirm with a ping at least renew.

Long term TODO include improving use of dnsmasq relay
options for DHCPv4 and DHCPv6 in parallel. It would also
be possible to preconfigure DHCP-PD in host-with-options
records for fixed infrastructure.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
[Jo-Philipp Wich: emit proper IPv6 hostid format in dhcp-host directive]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-02 00:13:49 +01:00
Eric Luehrsen
1b4e3eda1b dnsmasq: expand 'add_local_hostname' fexibility including FQDN
ref commit 612e2276b4
ref commit ec63e3bf13

'option add_local_hostname' scripted implementation statically assigns
this host in auto generated host file at init. If IFUP or other signals
do not occur, then address changes are not tracked. The script doesn't
apply all the addresses at an interface. This may make logs obscure.
The script only puts the bare host name (maybe not FQDN) in host file,
but if '--exapandhosts' is enabled, then /etc/hosts entries will be
suffixed, and "127.0.0.1 localhost" becomes "localhost.lan".

dnsmasq provides an option to perform this function, but it is rather
greedy. '--interface-name=<name>,<iface>' will assign the name to all
IP on the specified interface (except link local). This is a useful
feature, but some setups depend on the original restrictive behavior.

'option add_local_fqdn' is added to enhance the feature set, but
if not entered or empty string, then it will default to original
option and behavior. This new option has a few settings. At each
increased setting the most detailed name becomes the PTR record:
0 - same as add_local_hostname 0 or disabled
1 - same as add_local_hostname 1
2 - assigns the bare host name to all IP w/ --dnsmasq-interface
3 - assigns the FQDN and host to all IP w/ --dnsmasq-interface
4 - assigns <iface>.<host>.<domain> and above w/ --dnsmasq-nterface

'option add_wan_fqdn' is added to run the same procedure on
inferred WAN intefaces. If an interface has 'config dhcp' and
'option ignore 1' set, then it is considered WAN. The original
option would only run on DHCP serving interfaces.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-02 00:13:49 +01:00