Commit graph

12309 commits

Author SHA1 Message Date
Matthias Schiffer
cea09329e5
netfilter: fix file conflicts between kmod-ipt- and kmod-nft- packages
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-30 23:32:05 +02:00
Matthias Schiffer
c50ba61caf
kernel: fix module dependency checking
Since the kernel makefile is using .ONESHELL, we need to add -e to
.SHELLFLAGS so errors are not ignored.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-30 23:32:04 +02:00
Felix Fietkau
fc88eb3fdf ath9k: remove patch causing stability issues with powersave devices (FS#176)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-30 10:50:20 +02:00
Kevin Darbyshire-Bryant
34c2726ca7 iproute2: fix no fortify build failure
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.

Solves FS #194

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-09-30 10:15:28 +02:00
Álvaro Fernández Rojas
c3d3111831 brcmfmac43430-firmware: remove package and switch to linux-firmware
Now that the firmware for BCM43430 has been submitted to linux-firmware use it
and remove RPiDistro package.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-29 21:24:45 +02:00
Felix Fietkau
31e0f0aec0 kernel: do not enable the unpackaged rfkill-gpio driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-29 18:25:49 +02:00
John Crispin
72e9d19f6e mac80211: fix rfkill dependency
Signed-off-by: John Crispin <john@phrozen.org>
2016-09-29 11:39:41 +02:00
Álvaro Fernández Rojas
c795794eef mac80211: use upstream patches for rtl8xxxu
Also improves rtl8188eu support.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-09-29 10:32:41 +02:00
John Crispin
97c38e7f22 procd: update to latest git HEAD
this adds 2 new inittab handlers
* askconsolelate
* respawnlate

Signed-off-by: John Crispin <john@phrozen.org>
2016-09-28 12:07:47 +02:00
Felix Fietkau
76af0eff3f netifd: update to the latest version, adds various fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-28 09:56:32 +02:00
Stijn Segers
fb586939cc ath10k-firmware: move to firmware section in buildroot
This patch moves the ath10k firmware packages to the firmware submenu
in the buildroot, where it belongs.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
2016-09-28 08:39:01 +02:00
Martin Blumenstingl
3fbd235fb5 ath10k-firmware: update the qca988x firmware to 10.2.4.70.54
Use firmware version 10.2.4.70.54 from kvalo's git repository. The old
version (even though it's version number is greater) is an old version
from September 2015.
Using only the firmware versions from kvalo's git repo is recommended,
because those are tested by QCA's internal QCA.

The QCA988X directory received a small reorganization as a "hw2.0"
subdirectory was added - this patch also takes care of that as
board.bin was moved to that subdirectory.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2016-09-28 08:39:01 +02:00
Florian Fainelli
493b0f3f57 toolchain: Force installation into /lib
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-09-28 08:39:00 +02:00
John Crispin
986ec56507 rfkill: add fake rfkill support
allow building of modules depending on RFKILL even if RFKILL is not enabled.

Signed-off-by: John Crispin <john@phrozen.org>
2016-09-27 20:27:26 +02:00
Matthias Schiffer
376944c0ab
perf: fix build with musl on PowerPC
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-28 06:26:35 +02:00
Matthias Schiffer
82aa061251
kernel: remove echainiv.ko from kmod-crypto-iv
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-28 02:39:18 +02:00
Rafał Miłecki
a0ce6982d8 mac80211: backport brcmfmac changes from 2016-09-27
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-27 18:23:53 +02:00
Magnus Kroken
b1f39d3d7e openssl: update to 1.0.2j
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-09-27 17:50:22 +02:00
diizzyy
0d4f02dfd6 linux-firmware: Add mirrors
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:22 +02:00
Rosen Penev
c0b15b3072 openssl: Make DTLS configurable.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Rosen Penev
aaa067ab0b openssl: Remove J-PAKE. Nothing uses it.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Kevin Darbyshire-Bryant
78ae7d8efd busybox: v1.25.0 upstream patches
Include upstream patches for gzip, ip & ntpd.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-09-27 17:50:22 +02:00
Daniel Engberg
edbc8fec8a libjson-c: Update to 0.12.1
Updates libjson-c and removes backport patch.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:21 +02:00
diizzyy
509708889c libunwind: use url alias
Use alias instead of hardcoded URL

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2016-09-27 17:50:21 +02:00
Jo-Philipp Wich
875cddd94c iwinfo: fix WPA cipher reporting
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.

This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-27 16:23:48 +02:00
Jo-Philipp Wich
8badcba229 iproute: properly support high routing table IDs
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.

If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.

This commit adds a patch which...
 - switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
   sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
   order to support IDs up to 65535
 - adds proper handling of high table IDs to iprule.c and iproute.c when
   adding, removing and dumping ip rules and network routes

After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-27 16:23:06 +02:00
Jo-Philipp Wich
864b2d113a 6in4: fix invalid local variable declaration (FS#188)
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-27 16:23:06 +02:00
Rafał Miłecki
45b73af7f6 mac80211: backport brcmfmac changes from 2016-09-26
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-27 07:00:53 +02:00
Matthias Schiffer
26b4216f95
base-files: make default_prerm work offline
IPKG_INSTROOT must be respected for offline removal (used for per-device
rootfs).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:57 +02:00
Matthias Schiffer
6c1542787d
base-files: fix check for empty password warning
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root' and 'root:!:' allow no
password login at all.

This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Matthias Schiffer
77f54eae45
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-26 17:57:56 +02:00
Felix Fietkau
da4e81960d mac80211: fix crash in mac80211_hwsim
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 16:19:58 +02:00
Jonas Gorski
c4823622d8 uboot-mvebu: reset the 88E1512 PHY to make the wan port work
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 13:03:18 +02:00
Jonas Gorski
d8075b15d0 uboot-mvebu: make hidden and be m for clearfog to fix IB failing to add it
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.

This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 12:48:18 +02:00
Jonas Gorski
bc1f006b4e uboot-mvebu: also install into KDIR to ensure it packaged in IB
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
2016-09-26 12:47:36 +02:00
Matthias Schiffer
b3dd642584
fstools: mark as nonshared and add missing PKG_CONFIG_DEPENDS
The fstools build depends on the CONFIG_NAND_SUPPORT flag, which is
target-specific.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-25 23:26:25 +02:00
Matthias Schiffer
663145e419
image: fix CONFIG_CLEAN_IPKG with CONFIG_TARGET_PER_DEVICE_ROOTFS
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.

To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-25 09:30:55 +02:00
Matthias Schiffer
ce89535bce
kernel: remove duplicate br-netfilter file and Kconfig symbol from kmod-ebtables
br_netfilter.ko and the corresponding Kconfig symbol are already provided
by kmod-br-netfilter, which is a dependency of kmod-ebtables.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2016-09-24 23:37:54 +02:00
Hauke Mehrtens
ea288126db openssl: backport build fix when hardware support is used
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 19:53:00 +02:00
Jo-Philipp Wich
1c09849f6c treewide: remove bad local shell variable declarations
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-24 14:38:20 +02:00
Hauke Mehrtens
df9efc9497 curl: update to version 7.50.3
This fixes the following security problems:
7.50.1:
 CVE-2016-5419 TLS session resumption client cert bypass
 CVE-2016-5420 Re-using connections with wrong client cert
 CVE-2016-5421 use of connection struct after free
7.50.2:
 CVE-2016-7141 Incorrect reuse of client certificates
7.50.3:
 CVE-2016-7167 curl escape and unescape integer overflows

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:48:05 +02:00
Magnus Kroken
6926325829 openssl: update to 1.0.2i
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:28:59 +02:00
Jo-Philipp Wich
4f272dd032 linux-firmware: update to current Git head
Update the linux-firmware package in order to force the buildbots to fetch the
proper mirrored version.

Currently each builder has its own copy of the linux-firmware checkout staged
in its own dl/, since the package was updated before the mirrored copy has
been uploaded. The builders then subsequently uploaded their own copy instead,
leading to md5sum mismatches since each clone produces different tarballs.

By bumping the package to a new version and uploading the mirrored archive
with the proper md5sum beforehand, the builders will fetch that instead and
not upload their own copies.

To properly solve that problem in the future we need to ensure that packed
checkouts become reproducable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-23 12:11:06 +02:00
Felix Fietkau
175237e7df kernel: fix broken dependency of kmod-owl-loader on kmod-ath9k
It messes up the build order of package/kernel/linux vs
package/kernel/mac80211

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-09-22 20:09:20 +02:00
Jo-Philipp Wich
a84d51c85d linux-firmware: update md5sum
Since the md5sum of the mirrored Git clone archive has been set in the Makefile
before that particular archive was uploaded to the source mirror, the buildbots
uploaded their own, different copy instead invalidating the mirror md5sum for
anyone else.

In order to fix the mismatch, update the md5sum to reflect the archive being
present on the download server.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-09-22 10:47:57 +02:00
Hauke Mehrtens
7b472f7c21 busybox: fix md5sum
The md5sum was not updated in commit 06fa1c46fc "busybox: update
to version 1.25.0"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-20 22:56:47 +02:00
Hauke Mehrtens
e59bbb6fe2 ltq-vdsl-app: update to version 4.17.18.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
7ecbc27951 ltq-vdsl: update to version 4.17.18.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
3a4db8548f ltq-vdsl-mei: update mei driver to version 1.5.17.6
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00
Hauke Mehrtens
909ed82b10 dsl-vrx200-firmware-xdsl: update to more recent versions
The Annex A firmware will be updated to:
05.08.01.08.01.06_05.08.00.0B.01.01_osc

The Annex B firmware will be updated to:
05.07.09.09.00.06_05.07.04.04.00.02_osc

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2016-09-20 22:43:43 +02:00