Commit graph

40103 commits

Author SHA1 Message Date
Hans Dedecker
b0b289ea45 curl: bump to 7.57.0 (3 CVEs)
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-30 09:44:17 +01:00
Yousong Zhou
b59b799cb1 ltq-ifxos: fix compilation against glibc
Fixes FS#1196

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-30 14:53:16 +08:00
Hans Dedecker
c7b052db73 target: replace odhcpd by odhcpd-ipv6only
Replace in router DEFAULT_PACKAGES odhcpd by odhcpd-ipv6only as
such there's no DHCPv4 server functionality overlap with dnsmasq

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-29 22:34:58 +01:00
Borja Salazar
759785c01a dnsmasq: add interface to ubus notification
Signed-off-by: Borja Salazar <borja.salazar@fon.com>
2017-11-29 22:03:39 +01:00
Felix Fietkau
e966ed236f mt76: update to the latest version, fixes encrypted mesh support and HT20 issues
fc28872 mac80211: add missing include
a4c82ca mt7603: add missing include required on newer kernels
792859b mt76x2: fix transmission of encrypted management frames
a51358e mt76x2: increase OFDM SIFS time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-29 17:50:46 +01:00
Felix Fietkau
111b499024 mac80211: tweak TSQ settings
Latencies can be much higher on wifi devices, especially with
aggregation. Tune the network stack setting introduced in the previous
commit to account for that.
This commit reintroduces the previously reverted one with a fix for the
crash issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-29 17:46:41 +01:00
INAGAKI Hiroshi
18cc8d520c ramips: add missing reset button for Nexx WT1520
This commit adds missing the GPIO key used as reset button.
Nexx WT1520 has a GPIO key for factory reset, but it's not defined in
WT1520.dtsi and cannot use it.

Drop the UART (full) from the device tree source file, it was never
used for this board. Adjust the kernel bootargs accordingly.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[add note about dropped UART (full) to the commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-28 20:59:02 +01:00
Jo-Philipp Wich
fcfd5cdb59 dnsmasq: fix dhcp-host entries with empty macs
Due to improper localization of helper variables, "config host" entries
without a given mac address may inherit the mac address of a preceeding,
leading to invalid generated netive configuration.

Fix the issue by marking the "macs" and "tags" helper variables in
dhcp_host_add() local, avoiding the need for explicitely resetting them
with each invocation.

Reported-by: Russell Senior <russell@personaltelco.net>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-28 18:11:25 +01:00
Felix Fietkau
47fa8654a1 Revert "mac80211: tweak TSQ settings"
This reverts commit 2dc485250d.
This patch needs some additional checks in order to avoid overwriting
unrelated fields for request sockets.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-28 14:23:43 +01:00
Kevin Darbyshire-Bryant
179125d334 wireguard: bump to snapshot 20171127
== Changes ==

 * compat: support timespec64 on old kernels
 * compat: support AVX512BW+VL by lying
 * compat: fix typo and ranges
 * compat: support 4.15's netlink and barrier changes
 * poly1305-avx512: requires AVX512F+VL+BW

 Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.

 * blake2s: AVX512F+VL implementation
 * blake2s: tweak avx512 code
 * blake2s: hmac space optimization

 Another terrific submission from Samuel Neves: we now have an implementation
 of Blake2s using AVX512, which is extremely fast.

 * allowedips: optimize
 * allowedips: simplify
 * chacha20: directly assign constant and initial state

 Small performance tweaks.

 * tools: fix removing preshared keys
 * qemu: use netfilter.org https site
 * qemu: take shared lock for untarring

 Small bug fixes.

Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.

Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-27 14:50:04 +01:00
Stijn Tintel
2f1c05bb80 lldpd: bump to 0.9.9
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-27 09:43:23 +01:00
Hans Dedecker
0b3087eebf nghttp2: bump to 1.28.0
939ad5dd Update manual pages
24d92b97 Add deprecation warning when spdylay support is enabled
4c92ff18 Bump up version number to 1.28.0, LT revision to 29:0:15
280db5c6 Update neverbleed
7fbcb2d0 Merge pull request #1074 from nghttp2/fix-doc
53aeb2c3 Fix doc
ff200bfc clang-format-5.0
fee3151f Switch to clang-format-5.0
99a85159 Update manual pages
2a981a3f Merge pull request #1066 from nghttp2/nghttpx-add-affinity-cookie-secure
0028275d nghttpx: Add affinity-cookie-secure parameter to backend option
ee8bfddf Merge pull request #1063 from nghttp2/error_callback2
194acb1f src: Use nghttp2_error_callback2
43a2a70a Add nghttp2_error_callback2
73344ae9 nghttpx: Use plain hex string format for client serial
c479f612 Merge pull request #1060 from nghttp2/nghttpx-add-client-serial
eca0a302 nghttpx: Add $tls_client_serial log variable
4720c5cb nghttpx: Make client serial available in mruby script
cd55ab28 nghttpx: Add function to get serial number from certificate
d402cfdf Merge pull request #1057 from nghttp2/nghttpx-add-tls-client-issuer-name
22502182 Add tls_client_issuer_name log variable and expose it to mruby
05e1fd5e Update manual pages
943d7923 Add Session Affinity section to nghttpx howto
568ecbfb doc: Add missing port
f5ddd7f4 nghttpx: Make initial_addr_idx_ unsigned
88abbce7 nghttpx: Fix compile error with gcc
16e90365 nghttpx: Fix affinity retry
fa7945c6 nghttpx: Refactor
daca43f0 nghttpx: Fix stalled backend connection on retry
16bc11e6 nghttpx: Remove duplicated util::make_socket_nodelay
6f7e94cd Merge pull request #1047 from PiotrSikora/go_vet
61efa15a integration: Fix issues reported by the `go vet` tool.
8c0ea56b Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
54905371 nghttpx: Refactor
6010d393 integration: Add tests
be5c39a1 src: Add tests
b8fda680 nghttpx: Cookie based session affinity
e29b9c12 Merge pull request #1045 from nghttp2/nghttpx-sha1-fingerprint
539e2781 nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
7008afd4 nghttpx: Refactor get_x509_fingerprint to accept hash function
77a41756 Merge pull request #1041 from nghttp2/fix-examples-client-server
b15045d6 Merge pull request #1040 from nghttp2/nghttpx-mruby-add-more-tls-vars
03084f75 examples: Make client and server work with libevent-2.1.8
60baca27 nghttpx: Add more TLS related attributes to mruby Env object
86990db2 Merge pull request #1038 from nghttp2/nghttpx-add-more-logging-vars
cb376bcd nghttpx: Add client fingerprint and subject name to accesslog
f2b8edd1 nghttpx: Fix memory leak
c4f8afcf nghttpx: Get TLS info only when it is necessary when writing accesslog
1a1a216d Merge pull request #1037 from nghttp2/nghttpx-mruby-tls-client-vars
9f80a82c nghttpx: Add client fingerprint and subject name to mruby env
c573c80b nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
3cd6817e Fix typos
d4a69658 Add another warning about mruby
8e06fe49 Fix typo
aaeeec8f Fix typos
66d5e246 Bump up version number to 1.28.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-27 10:12:03 +01:00
Justin Kilpatrick
8ee2d3f718 build: accept gcc/g++ without minor version
Build dependency: Please install the GNU C Compiler (gcc) 4.8 or later cc
  -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Build dependency: Please install the GNU C++ Compiler (g++) 4.8 or later
  g++ -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'

Prerequisite check failed. Use FORCE=1 to override.

On my Fedora 26 machine gcc and g++ -dumpversion returns a whole number
'7' failing the regex introduced in commit:

b78de6207f

This change makes minor versions optional in the build dependency regex
for gcc and g++ whenever any minor version would be accepted and the
whole number version is sufficient as a dependency check. For versions
4.* a minor version is still required.

Signed-off-by: Justin Kilpatrick <jkilpatr@redhat.com>
2017-11-26 13:33:51 +01:00
Daniel Engberg
b78de6207f toolchain: Test for supported versions of GCC
Only test for supported versions of GCC
The version bump requirement for GCC is because gdb doesn't build with older
versions.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-25 20:17:20 +01:00
Daniel Engberg
38cc071ed1 mwlwifi: Update to latest commit in upstream repo
Update to latest commit in upstream repo
Bumps 88W8964 firmware to 9.3.0.8

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-25 20:11:30 +01:00
Michael Heimpold
2cb75cd8b9 build: allow defining license information per binary package
At the moment, license information can only be specified on a
"per source package" level while other metadata fields (e.g. maintainer)
can be given for each binary package. Apply the same logic for license
fields as well. This can be used e.g. in cases where a library is
distributed under some license while related tools are distributed
under a different one.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2017-11-25 20:02:04 +01:00
Fushan Wen
40868e3bb6 kmod-sched-cake: update to latest git HEAD
dfb2f6c pkt_sched: make compile again
5ab7026 sch_cake: make compile again
6f28803 codel5: make more checkpatch compliant
bd426aa Fix build error on 4.12
e4a3628 Whitespace tidy up

Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
2017-11-25 19:53:37 +01:00
Rosen Penev
7a318bc1a1 kernel: Update kernel 4.4 to 4.4.100
Run-tested on ramips

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-25 19:48:39 +01:00
Hans Dedecker
f965827bfb odhcpd: update to latest git HEAD
92e205d dhcpv6: fix compile issues when CER-ID extension is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-25 18:17:43 +01:00
Hans Dedecker
99ea749d37 odhcpd: add a full and ipv6only variant (FS#1188)
Add an ipv6only variant providing server services for RA, stateful and stateless
DHCPv6, prefix delegation and relay support for DHCPv6, NDP and RA.

The full variant called odhcpd supports DHCPv4 server as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-25 18:17:43 +01:00
Stijn Tintel
9fe59abef8 kernel: bump 4.9 to 4.9.65
Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: ar71xx, octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-24 14:09:11 +02:00
Kevin Darbyshire-Bryant
088262ac7a wireguard: bump to 20171122
Bump to latest WireGuard snapshot release:

ed479fa (tag: 0.0.20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-24 12:55:38 +01:00
Hauke Mehrtens
332438be40 uboot-sunxi: fix build of HAOYU Electronics Marsboard A10
The uboot target is named MarsBoard_A10 and it was not build at all.
This fixes a build problem seen by the build bot.

Fixes: 6a3565985f ("sunxi: Added profile for HAOYU Electronics Marsboard A10")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-23 21:25:46 +01:00
Hauke Mehrtens
b5d52b2052 sunxi: remove support for kernel 4.4
Kernel 4.9 is working good on this target, remove support for kernel 4.4
now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-23 19:17:11 +01:00
Hauke Mehrtens
c048ca0ce0 sunxi: backport sunxi-mmc controller driver from 4.13
There are multiple problems on the A64 SoC with the older drivers which
are fixed in the upstream kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-23 19:16:42 +01:00
Hauke Mehrtens
4e93ec1ad6 kernel: i2c-piix4: fix dependency on TARGET_x86
Fix the target dependency to make it possible to select this module also
on x86 target and its subtargets.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:37:15 +01:00
Hauke Mehrtens
9cfcd49735 kernel: e100: take e100 firmware from linux-firmware repository
The firmware directory in the Linux kernel was removed in kernel 4.14,
take the e100 firmware files now from the linux-firmware repository
instead. To do so create the new package e100-firmware. This will also
work with older kernel versions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:37:05 +01:00
Marcin Jurkowski
06e1b90404 kernel: add NFS4 client support
Adds NFS4 client support:
 1. Package kmod-fs-nfs is split into kmod-fs-nfs (nfs.ko) and
    kmod-fs-nfs-v3 (nfsv3.ko).
 2. A new package kmod-fs-nfs-v4 (nfsv4.ko) is created.
 3. Package kmod-fs-nfs-common-v4 is renamed to kmod-fs-nfs-rpcsec
    and includes additional module rpcsec_gss_krb5.ko.
    CONFIG_NFS_V4 goes into kmod-fs-nfs-v4, CONFIG_NFSD_V4 (NFS4
    server) is removed. Missing kernel module oid_registry.ko
    needed by auth_rpcgss.ko is added to the package.

A new package kmod-crypto-cts needed by rpcsec_gss_krb5.ko is
also created.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
[add dependency to kmod-crypto-ecb in fs-nfs-common-rpcsec]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:36:21 +01:00
Lucian Cristian
9f13f98c8c kernel: Hyper-V PCI pass through
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-11-22 22:36:20 +01:00
Lucian Cristian
551de61ddc kernel: add 32bit x86 HYPER-V support
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[refresh config]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:36:02 +01:00
Martin Schiller
0c78de869d kernel: add kmod-i2c-i801
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Add i2c-smbus.ko and fix target dependency]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:34:56 +01:00
Martin Schiller
7ffeecd6ac kernel: add it87-wdt watchdog timer module
The module parameters "nogameport=1" and "nocir=1" are needed,
because this is not supported on recent chips and doesn't
really tell if the system is stable.

As this features will already be removed in linux-4.13 or newer,
this module parameters can be removed in the future.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-11-22 20:49:04 +01:00
Koen Vandeputte
62ede4f783 kernel: bump 4.9 to 4.9.63
Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-11-22 20:45:52 +01:00
Rosen Penev
9052dd6534 libusb-compat: Upgrade to 0.1.15
Compile tested on ramips (mt7621)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:28 +01:00
Rosen Penev
08cc9a2ca8 tools/e2fsprogs: Update to 1.43.7
Compile tested on Fedora 27.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:18 +01:00
Rosen Penev
fc4e7bdca7 usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:07 +01:00
Christian Lamparter
5e6792eab4 wireless-regdb: fix PKG_MIRROR_HASH
make check complains about PKG_MIRROR_HASH of the wireless-regdb package:

WARNING: PKG_MIRROR_HASH does not match wireless-regdb-2017-10-20-4343d359.tar.xz
hash 5f5b669f32ae36cb65b1d99efbbbfd42c2983cda32f6448346e3e54ffaba3889

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-11-22 13:07:48 +01:00
Mathias Kresin
298ade22a0 acx-mac80211: fix build on kernel 4.9
The DEFINE_PCI_DEVICE_TABLE macro was removed with upstream commit
7e9321599011 ("treewide: remove references to the now unnecessary
DEFINE_PCI_DEVICE_TABLE").

Use the pci_device_id struct to fix the acx-mac80211 build failure on
ramips.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:53 +01:00
Mathias Kresin
aa82141d9b ramips: use pinmux nodes from dtsi
Use the pinmux nodes from the included dtsi file instead of adding
duplicate nodes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:53 +01:00
Mathias Kresin
b69ceb0c3d ramips: add missing pinmuxes to SoC dtsi
Add pinmuxes defined by some board which are including the dtsi files
to the dtsi files itself. Allows to reduce duplication.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:52 +01:00
Mathias Kresin
e142173e8d ramips: backport MT7628 pinmux fixes
According to the datasheet the REFCLK pin is shared with GPIO#37 and
the PERST pin is shared with GPIO#36.

While at it fix a typo inside the pinmux setup code. The function is called
refclk and not reclk.

Update device tree source files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:52 +01:00
Mathias Kresin
2f9fe78e75 ramips: fix Planex CS-QR10 device packages
Add kmod-sound-core, it is a dependency of kmod-sound-mt7620 and will
not be autoselected.

Remove kmod-i2c-core, it will be autoselected by kmod-i2c-ralink.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:52 +01:00
Mathias Kresin
a783185e28 ramips: fix DCH-M225 support
Setting the pins of the UARTF group to GPIO+I2S at the time the I2C
driver loads is to late for the wps GPIO button.

The gpio-keys driver fails to load since the pin used by the wps button
is not yet set to GPIO. The wps button with the rfkill keycode is
essential for this wireless only board.

Add the missing sound and I2C kernel modules corresponding to the
device nodes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:52 +01:00
Hans Dedecker
6aa4b97a8a odhcpd: fix gcc7 build error
0573422 ndp: add switch/case fallthrough comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-21 15:15:20 +01:00
Leon M. George
63462910dd hostapd: remove unused local var declaration
Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-11-21 13:11:42 +01:00
Leon M. George
cc0847eda3 hostapd: don't set htmode for wpa_supplicant
no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-11-21 13:11:42 +01:00
Hans Dedecker
a28d1d5444 odhcpd: update to latest git HEAD (make dhcpv4 support optional)
fd80621 dhcpv4: make DHCPv4 support compiletime configurable
cf29925 treewide: rework handling of netlink events
24cdc1b treewide: add netlink file
5dfb716 treewide: align function naming

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-20 21:40:03 +01:00
Felix Fietkau
6a6dc94e0c mac80211: fix a race condition that could lead to a use-after-free on a timer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-20 20:05:19 +01:00
Felix Fietkau
9247864b6e mac80211: fix netlink family id for nl80211 messages
Fixes responses for nl80211 calls

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-20 17:52:51 +01:00
John Crispin
b9e700cd58 kernel: fix lzo and lz4 modules
both of these have been split up and require additional ko files.

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-20 13:10:57 +01:00