Commit graph

12623 commits

Author SHA1 Message Date
Felix Fietkau
970dd4dd58 kernel: netfilter: split out iptable_raw into a separate package
This will avoid loading it in the default configuration, which reduces
image size a bit, and (more importantly) improves performance by
avoiding some unnecessary netfilter hooks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-14 12:13:14 +01:00
Felix Fietkau
e82c8d6e20 swconfig: replace the shared library with a static one
Reduces binary size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-14 12:13:13 +01:00
Felix Fietkau
e175a4d4f1 ppp: use --gc-sections to save a tiny bit of space
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-14 12:13:13 +01:00
p-wassi
4297f4f901 libs/libpcap: update to 1.8.1
Update libpcap to upstream release 1.8.1
Change the name from libpcap.so.1.3 to libpcap.so.1
Remove parts of patch 201 which moved code among src files.
Import patch 204 from Debian to update the USB path.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix parallel build bug]
2016-12-14 12:13:13 +01:00
Felix Fietkau
28f6951600 ath10k: fix a soft-lockup on firmware restart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-14 12:13:13 +01:00
Felix Fietkau
7dcccacb98 ath10k: fix a bug on sending null-func frames
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-14 12:04:52 +01:00
Alberto Bursi
70011393a9 ath10k-firmware: removed broken submenu
this package references an undefined variable for its submenu.
Remove this NOP variable assignment.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-12-14 11:05:54 +01:00
Alberto Bursi
1e15d92de1 kernel: add a missing submenu
this kernel module currently does not set submenu.
Fix this by adding it to the "Others" submenu

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-12-14 11:05:41 +01:00
Matti Laakso
5bd3b9dfc0 comgt-ncm: Add support for specifying profile index
Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.

In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
2016-12-14 10:37:01 +01:00
Matti Laakso
2e2748b053 uqmi: Add support for specifying profile index
Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.

Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
2016-12-14 10:37:01 +01:00
Dario Ernst
866b7bad00 dropbear: clean up default PATH handling in makefile
Harmonise handling of DEFAULT_PATH by removing the patch introducing #ifndef
guards around the path, and only using one means to set the path in the
makefile.

Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
2016-12-14 10:37:01 +01:00
Jo-Philipp Wich
b22a20af45 procd: add support for service signals
Update procd to latest HEAD in order to introduce support for services signals:

- Adds a new service.signal ubus call to send a kill() signal to one or all
  running instances of a given service

- Adds a new "reload_signal" property which allows service init scripts to
  request procd to send a specific kill() signal on reload, instead of
  stopping and restarting running processes

Also fixes some potential memory leaks reported by cppcheck and an environment
variable corruption in the trace command.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-14 01:14:08 +01:00
Jo-Philipp Wich
e2f8d200f5 netfilter: drop proprietary xt_id match
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-14 01:05:06 +01:00
Jo-Philipp Wich
2daab45cae firewall3: drop support for automatic NOTRACK rules
Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.

The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-14 01:05:06 +01:00
Hauke Mehrtens
a6781ef4c1 kernel: kmod-hwmon-tmp102: add dependency to kmod-thermal
Depend on the kmod-thermal package when it is activated, this fixes
compile problems on some targets.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-14 00:15:33 +01:00
Hans Dedecker
a7c2310278 odhcpd: Fix dnsmasq re-reading hostfile
Depending on the dhcp uci config pidof dnsmasq can return
multiple pids. Fix re-reading of the hostfile by dnsmasq in
such case by sending SIGHUP signal to each of the returned
pids.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-12-13 23:32:57 +01:00
Hans Dedecker
942904f7b9 dnsmasq: Specify directory /tmp/hosts as argument for --addn-hosts
Let dnsmasq read all hosts files in /tmp/hosts directory by specifying
/tmp/hosts as argument of --addn-host

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-12-13 23:32:20 +01:00
Felix Fietkau
66482e179b ath10k: fix DMA allocation issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-13 12:44:57 +01:00
Felix Fietkau
57f7f91f0c mac80211: refresh all patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-13 12:34:13 +01:00
Felix Fietkau
4872c36c55 ath9k: add a RCU related bugfix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-13 12:34:12 +01:00
Kevin Darbyshire-Bryant
88f8c8d7eb iproute2: support latest cake & restore DSCP washing
Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-12-12 16:42:06 +01:00
Kevin Darbyshire-Bryant
1f0ff783f0 kmod-sched-cake: update & restore DSCP washing
Track upstream changes, incl changes in packet overhead accounting
(automatically taking care of linux' packet sizing knowledge),
improvements to triple isolated DRR handling (new flow dominance),
statistics tweak & allow more packet drops in stressed conditions.

Under tests this has significantly improved latency control under
'many flows to one' scenarious as is typical of bittorrent and MS
Windows update.

I also restored 'DSCP washing' functionality in my repo which follows
upstream closely (like a hawk!) with tc keywords 'wash/nowash'.  This
allows cake to limit/control packets in bands determined by a packet's
DSCP but to clear those DSCP bits on qdisc egress.  This functionality
was originally removed as part of an attempt to push cake into the
kernel, which hasn't actually happened as yet.

A matching commit is required to iproute2/tc to support the new overhead
handling, keyword changes as well as the 'wash/nowash' tweak.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-12-12 16:42:06 +01:00
Felix Fietkau
b305b8c386 mt76: update to the latest version, fixes dfs issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-12 10:54:47 +01:00
Felix Fietkau
b9ddf3098b tcpdump: reduce size of -mini by removing more infrequently used protocols
This removes:
- BGP
- CDP
- SCTP

MIPS binary .ipk size is reduced from ~150k to ~130k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-12 10:22:20 +01:00
p-wassi
a4a00d794f net/utils/tcpdump: update to 4.8.1
Update tcpdump to upstream release 4.8.1

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2016-12-12 10:22:19 +01:00
Felix Fietkau
64590f3c7e mbedtls: tune config to reduce size and improve performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-12 10:22:19 +01:00
Felix Fietkau
732c24a0ca mbedtls: sync with polarssl config
One of those changes is re-enabling blowfish support to make
openvpn-mbedtls compatible with common configurations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-12 10:22:19 +01:00
Magnus Kroken
a456dd96e7 openvpn: quote parameters to --push in openvpn config file
OpenVPN requires arguments to --push to be enclosed in double quotes.
One set of quotes is stripped when the UCI config is parsed.
Change append_params() of openvpn.init to enclose push parameters in
double quotes.

Unquoted push parameters do not cause errors in OpenVPN 2.3,
but OpenVPN 2.4 fails to start with unquoted push parameters.

Fixes: FS#290.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-12 10:22:19 +01:00
Magnus Kroken
4b8c69258e mbedtls: enable MBEDTLS_DHM_C
This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x.
DHM_C is also already enabled in the PolarSSL 1.3.x config.h.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-12-12 10:22:19 +01:00
Felix Fietkau
441ee62931 ar71xx: remove AP83 reference design board support
This board is very old and unlikely to still be relevant today. Support
for it contains a significant amount of device specific baggage which is
worth getting rid of.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-12 10:22:18 +01:00
Piotr Dymacz
c40477519e uboot-envtools: add support for YunCore SR3200 and XD3200
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2016-12-12 09:57:40 +01:00
Christian Schoenebeck
6ae71708c9 ca-certificates: update to version 20161130
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2016-12-12 09:57:40 +01:00
Yutang Jiang
ad907e1c03 layerscape: add 64b/32b target for ls1046ardb device
Add support for NXP layerscape ls1046ardb 64b/32b Dev board.

LS1046ARDB Specification:
-------------------------
Memory subsystem:
* 8GByte DDR4 SDRAM (64bit bus)
* 512 Mbyte NAND flash
* Two 64 Mbyte high-speed SPI flash
* SD connector to interface with the SD memory card
* On-board 4G eMMC
Ethernet:
* Two XFI 10G ports
* Two SGMII ports
* Two RGMII ports
PCIe:
* PCIe1 (SerDes2 Lane0) to miniPCIe slot
* PCIe2 (SerDes2 Lane1) to x2 PCIe slot
* PCIe3 (SerDes2 Lane2) to x4 PCIe slot

* USB 3.0: one super speed USB 3.0 type A port, one Micro-AB port
* UART: supports two UARTs up to 115200 bps for console

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
2016-12-12 09:57:40 +01:00
Yutang Jiang
76fa771a78 layerscape: fman-ucode: prefer github over git.freescale.com
In order to prevent the impact of the merger of the company and the potential
rebase of the SDK repositories, migrate the u-boot source to github.

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
2016-12-12 09:57:40 +01:00
Yutang Jiang
d5fc7430ca layerscape: uboot-layerscape: prefer github over git.freescale.com
In order to prevent the impact of the merger of the company and the potential
rebase of the SDK repositories, migrate the u-boot source to github.

Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
2016-12-12 09:57:40 +01:00
Julian Labus
b0ac825884 base-files: Changed UCI variable name for GPIO value from 'default' to 'value'
This changes the UCI variable for the GPIO value from system.$cfg.default back
to system.$cfg.value as it was before the change from uci-defaults [1] to board.d.
/etc/init.d/gpio_switch [2] still expects the value to be in system.$cfg.value.

[1] d65916047b/package/base-files/files/lib/functions/uci-defaults.sh (L197)
[2] https://github.com/lede-project/source/blob/master/package/base-files/files/etc/init.d/gpio_switch#L17

Signed-off-by: Julian Labus <julian@labus-online.de>
2016-12-12 09:57:40 +01:00
Hauke Mehrtens
4dbdba36f8 kernel: add TI tmp102 and tmp103 temperature sensors
This just adds the kmods for these kernel modules.
This is found on some Lantiq / Intel reference boards.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-10 16:06:40 +01:00
Jo-Philipp Wich
9791fb2ac2 build: support adding version code to file names (FS#323)
Now that the VERSION_NUMBER variable holds the human friendly name and not
the commit ID anymore, we need to support adding the revision ID as well.

Introduce a new config variable CONFIG_VERSION_CODE_FILENAMES which, if set,
causes the resulting file names to contain a commit ID designation as printed
by scripts/getver.sh.

Also sanitize the input variables to ensure that the resulting strings are
lowercased and no not contain spaces.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-09 17:16:43 +01:00
Arjen de Korte
4fbd3aa278 dnsmasq: Fix splitting hostid for DHCPv6 static leases
Correct splitting the 32-bit 'hostid' value to two 16-bit hexadecimal
values. Previously, the lower 16-bit value was truncated to an 8-bit
value, which would result in hostid values 100 and 200 both to be set
to [::0:0] instead of [::0:100] and [::0:200] respectively.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
2016-12-06 07:55:07 +01:00
Florian Eckert
854459a2f9 dnsmasq: reload config if host name is modified
If the hostname in /etc/config/system is modified the dnsmasq will not
reread the update host file under /tmp/hosts/dhcp.$cfg.

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-12-04 15:56:04 +01:00
Álvaro Fernández Rojas
4257f6548b brcm2708-gpu-fw: update to latest version
Also switches hases to SHA256

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-12-04 12:32:02 +01:00
Alexandru Ardelean
8cb476c853 libs: libnetfilter-queue: update to a newer version in git repo
Last release of libnetfilter-queue was in 2012.
There don't seem to be any release tarballs since then.

This updates it to a more recent version, pointing to the git repo.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2016-12-04 11:41:53 +01:00
Pierre Lebleu
898857f77a ppp: Split the ppp-up for the IPv6 part
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
2016-12-04 11:41:53 +01:00
Florian Fainelli
5763e438f6 kernel: add kernel package for the rs5c372a rtc module
This RTC is used on the Buffalo Terastation Pro II/Live devices.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2016-12-04 11:41:51 +01:00
Felix Fietkau
81b5e8e5d2 base-files: add a hint in sysupgrade that shows what to do when the image metadata check fails
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-04 11:41:49 +01:00
Hauke Mehrtens
abedd718aa cyassl: update to wolfssl version 3.9.10
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 21:35:35 +01:00
Hauke Mehrtens
7e6c53dac9 valgrind: update to 3.12.0
Support for MIPS toolchains without FPU support was added upstream,
so remove our patch.

patches/310-mips-link-tool.patch was a backport form this version of valgrind
src/abort.c is not referenced anywhere

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 21:03:56 +01:00
Hauke Mehrtens
4e07167eff curl: update to version 7.51.0
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:38:44 +01:00
Hauke Mehrtens
99ea26883b mbedtls: update to version 2.4.0
This fixes two minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:38:20 +01:00
Hauke Mehrtens
280fdac18f polarssl: update to version 1.3.18
This fixes two minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:36:34 +01:00