Commit graph

654 commits

Author SHA1 Message Date
Russell Senior
e05a6018fc curl: fix interface with mbedtls_sha256
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code.  Use
the new function mbedtls_sha256_ret().

Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-17 12:29:23 +01:00
Hauke Mehrtens
95745516a2 nftables: update to version 0.8.2
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 23:31:23 +01:00
Hauke Mehrtens
e7c179326a iproute2: update to version 4.15.0
The musl compatibility patches are now included in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 23:31:23 +01:00
Daniel Golle
a3b9cbafc3 iwinfo: update to latest git HEAD
223e09b add support for expected throughput

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-02-15 04:57:38 +01:00
Koen Vandeputte
f21f8376e9 uqmi: bump package release
fixes: da8990e717 ("uqmi: use built-in command for data-link verification")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:25:30 +01:00
Koen Vandeputte
da8990e717 uqmi: use built-in command for data-link verification
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.

This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
3508f8abb4 uqmi: use correct value for connection checking
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.

This lead to a pass, even when the returned data was indicating an error.

Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.

On command execution success, value "pdh_" is a pure numeric value.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
3c5471032b uqmi: use general method for state cleaning
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.

Fixes several connectivity issues seen on specific modems.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Kristian Evensen
2d27ebbb93 iptables: Support building connlabel module
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2018-02-13 10:01:52 +01:00
Yangbo Lu
3a0fa1e7b8 layerscape: update restool to 2017-12-03
Updated restool to 2017-12-03 and removed patches
since the new version had involved them.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:49 +01:00
Matthias Schiffer
bbef76f1b1
nftables: remove dependency on kmod-nf-nat
For minimal firewall setups, NAT support may be unnecessary.

It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:32:40 +01:00
Hans Dedecker
1d9296dcdb curl: bump to 7.58.0
a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-28 21:03:46 +01:00
Yousong Zhou
e6de92cdcc iptables: make kmod-ipt-debug part of default ALL build
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug

Fixes FS#1219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 15:29:02 +08:00
Koen Vandeputte
5bdbc10b1b uqmi: silence error on pin verification
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-22 08:46:46 +01:00
Hauke Mehrtens
4336efe14b kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:11:33 +01:00
Philip Prindeville
a30791242b nftables: update to 0.8.1
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Jo-Philipp Wich
5bbcd80e3f xtables-addons: remove from base
The package has been moved to the package feed repository to allow for
non-base dependencies such as Perl.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 19:40:29 +01:00
Jo-Philipp Wich
190c1c3cc8 iwinfo: update to latest git HEAD
5a5e21b nl80211: skip event notifications in wpa_supplicant scan result reply

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 14:10:52 +01:00
Koen Vandeputte
7488be7010 uqmi: fix raw-ip mode for newer lte modems
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.

In this case, the driver must be informed that it should handle all
packets in raw mode. [1]

This commit fixes connectivity issues for these devices.

Before:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

After:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225

[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html

Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-15 15:30:53 +01:00
Matthias Schiffer
f73f1aee76
ebtables: update to latest git 2017-10-24
6a82659 Use flock() for --concurrent option
73c2371 ebtables: extensions: Constify option struct

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:50:50 +01:00
Jo-Philipp Wich
fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Martin Schiller
1b1388f640 linux-atm: add br2684ctl option to specify the netdev name
Add the uci option nameprefix to specifc a target netdev name. Patch the
br2684ctl code to accept and set a netdev name via commandline parameters.

It allows to use the same netdev name for ATM and PTM lines on lantiq
xdsl hardware.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathis Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Hauke Mehrtens
9f626501cb nftables: fix sha256sum
The mirror was delivering a file with a different hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-31 18:46:13 +01:00
rektide de la faye
0f72690a2d iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-29 18:06:25 +01:00
Hauke Mehrtens
dda2229c52 layerscape: fix package download
The git hash was changed for multiple layerscape packages without
changing the version number. The LEDE build system will not download the
packages again if the old version is already there and so some people
and the build bots are using wrong version of some packages. Use
PKG_SOURCE_DATE instead of PKG_VERSION to generate packages with the
date and the first charterers of the git hash. This will change the file
name and make the build system download them again, also if in future
the git hash is changed the file name will change and trigger a new
download.

This should fix a problem spotted by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-21 10:02:16 +01:00
Hauke Mehrtens
436fe56485 xtables-addons: fix compile with kernel 4.14
This fixes a compile problems seen with kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:49 +01:00
Hauke Mehrtens
c0160f01ae xtables-addons: update to version 2.14
This includes a compile fix needed for kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:10:21 +01:00
Kevin Darbyshire-Bryant
a9940ca2d7 iproute2: cake: support new operating modes
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 23:54:51 +01:00
Zoltan HERPAI
23f774f727 merge: packages: update branding in core packages
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Hans Dedecker
79a19e5d27 iproute2: align ip help text for tiny variant
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 22:30:54 +01:00
Russell Senior
c3c1185d56 iproute2: update to v4.14.1
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2017-12-06 22:30:00 +01:00
Hans Dedecker
b0b289ea45 curl: bump to 7.57.0 (3 CVEs)
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-30 09:44:17 +01:00
Fushan Wen
40868e3bb6 kmod-sched-cake: update to latest git HEAD
dfb2f6c pkt_sched: make compile again
5ab7026 sch_cake: make compile again
6f28803 codel5: make more checkpatch compliant
bd426aa Fix build error on 4.12
e4a3628 Whitespace tidy up

Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
2017-11-25 19:53:37 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Yangbo Lu
23c1504059 layerscape: add restool package
restool is a user space application providing the
ability to dynamically create and manage Layerscape
DPAA2 containers and objects from Linux.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Denis Osvald
ee791fa4ab netfilter, iptables: add optional CHECKSUM module
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-11-06 16:39:41 +01:00
Arjun AK
63d7c45886 iwinfo: add "PKG_MIRROR_HASH" to the Makefile
Defining it will let the build tool download the tarball file from
a buildbot server, avoiding a clone of the source repo.

Signed-off-by: Arjun AK <lede@arjunak.com>
2017-11-06 16:39:41 +01:00
Philip Prindeville
e03dcf494e iperf3: update to 3.3 and refresh patches
Taking the same patchset I've submitted upstream for inclusion.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-10-31 14:19:51 -06:00
Koen Vandeputte
06d5d01e8a uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:22 +02:00
Koen Vandeputte
09582d6b4d uqmi: also try newer pin verification
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.

Fixes PIN issues with modems like the Sierra Wireless MC7455

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:21 +02:00
Hans Dedecker
b00cf0e58e curl: bump to 7.56.1
Refresh patches
Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as
integrated upstream

See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and
7.56.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:07:43 +01:00
Karl Vogel
76378c6b9f build: use KERNEL_MAKE_FLAGS for kernel file compilations
The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS.
Make use of this variable for kernel makefiles.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
2017-10-29 16:17:05 +01:00
Martin Wetterwald
378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Yunhui Fu
0f061af98e wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.

Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
2017-10-15 00:24:22 +02:00
Hans Dedecker
db18cee2d7 iproute2: bump to 4.13
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-13 21:48:44 +02:00
Alexandru Ardelean
a5d016f361 net: uqmi: fix blocking in endless loops when unplugging device
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-10-09 16:07:42 +02:00
Stijn Tintel
f8595a51d9 conntrack-tools: switch to git
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.

7e7748d src/main: refresh help message
fe32043 conntrackd.8: refresh file
47a4dda conntrackd.8: add reference to systemd
0cfe7ff doc/manual: include some bits about init systems
74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
d833bed conntrackd: cthelper: ftp: Fix debug print
dd4b5a1 conntrackd: cthelper: Add new mdns helper
498d698 Link nfct and helper modules with `-z lazy`
9e94e85 sync-mode: print errno message on failure
ab81c35 log: print messages to stdout/sderr if running in console mode
631d92b log: introduce a mechanism to know if log was initialized
ccb1c8b conntrackd: replace error reporting in the config parser with dlog()
bee121e conntrackd: replace fprintf calls with dlog()
5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address
abb9984 helper: remove copy and paste from uapi kernel header
a91a004 src: add log message when resync is requested by other node
c2d8be1 systemd: fix missing log.h include
f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options
8b83771 conntrack: send mark filter to kernel iff set
1ba5e76 conntrackd: cthelper: Don't leak nat_tuple
832166d conntrackd: cthelper: Free pktb after use
ff843bc conntrackd: config: Do not strdup() tokens
b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing
8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option
39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On
29b390a conntrack: Support IPv6 NAT
381827a conntrackd: factorice tx_queue functions
131df89 conntrackd: factorize resync operations
d31bacc conntrackd: consolidate more code to use resync_send()
3d98496 conntrackd: request resync at startup
ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6
9d38445 conntrackd: evaluate configuration earlier
6feded7 conntrackd: cleanup if failed forking
dbfdea7 conntrackd: deprecate unix backlog configuration
210f542 conntrackd: make the daemon run in RT mode by default
37cc7f0 conntrackd: remove warning for -S
d2849d1 conntrack: Show multiple CPUs stats from proc
bc0b49a conntrackd: cthelper: ssdp: fix build with musl
0c77a25 tests: don't fail on modprobe since the driver might be built-in
eefe649 conntrack.8: refresh manpage

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:15:14 +03:00
Stijn Tintel
9e9696afc8 treewide: switch git.netfilter.org to HTTPS
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 21:10:36 +03:00
Hans Dedecker
778970735b curl: add nghttp2 support
Add config option support for nghttp2

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Hauke Mehrtens
a8f63a0717 mac80211: update to backports-4.14-rc2
This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.

To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1

Then run this:
./gentree.py --git-revision v4.14-rc2 --clean  <path to linux repo> ../backports-4.14-rc2-1

This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 12:49:11 +02:00
Stijn Tintel
c317af777b iw: fix build on musl host
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found

Adding a shebang line in version.sh seems to solve it.

Fixes FS#977.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 14:59:06 +03:00
Hans Dedecker
754659ddb5 curl: fix disable threaded resolver
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-27 17:33:48 +02:00
Stijn Tintel
456de21297 ipset: replace patch that was reverted upstream
Use the correct prefix for backports while at it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-26 18:18:44 +03:00
Stijn Tintel
7e58392bcb ipset: bump to 6.34
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 22:52:46 +03:00
Stijn Tintel
d9beae9b9e curl: bump to 7.55.1
Update 200-no_docs_tests.patch.
Refresh patches.

Fixes the following CVEs:
- CVE-2017-1000099
- CVE-2017-1000100
- CVE-2017-1000101

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Stijn Tintel
2ad649d134 iperf: bump to 2.0.10
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Stijn Tintel
2375e279a7 tcpdump: noop commit to refer CVEs fixed in 4.9.2
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.

The following CVEs were fixed in 21014d9708:

CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-18 01:33:40 +03:00
Alexandru Ardelean
d03c23c8d4 cyassl,curl,libustream-ssl: rename every cyassl to wolfssl
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
ad510c4d62 wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```

Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```

Thanks to @lynxis for pointing out the commas.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-16 23:04:46 +02:00
Lorenzo Santina
fd84ecda7d treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
2017-09-13 08:07:54 +02:00
Stijn Tintel
21014d9708 tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Koen Vandeputte
f47c41cff9 xtables-addons: update to version 2.13
Changes:

89d1b80 xt_condition: namespace support #2
c839e87 xt_geoip: check for allocation overflow
a587f95 compat_xtables: use more accurate printf format for NIPQUAD
1874fcd xt_DNETMAP: fix a buffer overflow
21ea7b7 xt_LOGMARK: resolve new gcc7 warnings
ee8da2b build: support for Linux 4.12
19a4359 xt_condition: add support for namespaces
1b37966 xt_psd: resolve compiler warning

Tested on cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-24 08:38:39 +02:00
John Crispin
d99c52765d Revert "iputils: switch to new upstream"
This reverts commit 77d3ac8e3e.
This reverts commit e665b3df2a.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-24 08:09:14 +02:00
Philip Prindeville
fc48aebdc1 iperf3: add SSL variant for iperf_auth feature
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 20:35:16 +02:00
Philip Prindeville
d55fff4ae7 iperf3: update to 3.2
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 20:35:16 +02:00
John Crispin
e665b3df2a iputils: update sha256sum
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 19:34:24 +02:00
John Crispin
77d3ac8e3e iputils: switch to new upstream
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 16:31:35 +02:00
Rafał Miłecki
8de57c9746 iwinfo: update to the latest git HEAD
c1a03e8 nl80211: request split information about frequencies
5638567 nl80211: store info about freq being not available for some bandwidths
ce51cb8 Allow storing more info about each frequency
5c10efa nl80211: support receiving split frequencies
335967c nl80211: improve error handling
ab089dd nl80211: propagate netlink errors to callers
7bba117 nl80211: handle netlink errors in nl80211_wait()
d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-23 11:19:28 +02:00
John Crispin
4cac13f8e2 Revert "xtables-addons: fix nathelper-rtsp dependencies"
This reverts commit e2ef80130e.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 09:54:53 +02:00
Philip Prindeville
e2ef80130e xtables-addons: fix nathelper-rtsp dependencies
Both nf_conntrack and nf_nat need to be called out.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-22 21:31:39 +02:00
Hauke Mehrtens
779227d5ee nftables: remove date from version
We are using the normal 0.7 version of nftables, do not add an
additional date to the version number.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-08-09 23:20:56 +02:00
Daniel Engberg
911331ad0f tcpdump: Update to 4.9.1
Update tcpdump to 4.9.1

Fixes:
 * CVE-2017-11108: Fix bounds checking for STP.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-07-28 23:07:00 +02:00
Alexandru Ardelean
d9f7ae6cdb ipset: split libipset as a subpackage
Intent is to link against it, and have the option to
not install the ipset utility (if needed).

One example/use-case is keepalived (from package)
feeds, where it would be nice to just depend on a
`libipset` (sub)package.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-07-21 15:12:48 +02:00
Nick Brassel
eaf6f1532d nftables: Update to 0.7
Updated nftables to latest.

Signed-off-by: Nick Brassel <nick@tzarc.org>
2017-07-15 00:17:49 +02:00
Alif M. Ahmad
683e73735e
curl: bump to version 7.54.1
Upgrade the curl package to latest version. Patches refreshed.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-07-14 03:10:38 +02:00
Alin Nastac
d8748e537f netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2017-07-11 22:09:57 +02:00
Kevin Darbyshire-Bryant
a4198f8c8d iproute2: bump to 4.11
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-30 14:00:31 +02:00
Filip Moc
43e4e1f4a5 Move enablemodem from ramips to new package adb-enablemodem and make it used also by TL-MR6400
Signed-off-by: Filip Moc <lede@moc6.cz>
2017-05-27 07:54:40 +02:00
Felix Fietkau
c2dc7321d7 iptables: fix typos in 600-shared-libext.patch (FS#711)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:30:36 +02:00
Giuseppe Lippolis
4ba2f4dc63 DWR-512: adding wwan support for the dwr-512 3G modem
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-25 19:01:08 +02:00
Giuseppe Lippolis
db776c01e1 comgt-3g: enable modem before to setpin
some modems needs to be enabled with CFUN=1 before to set the pin

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-18 07:07:00 +02:00
Daniel Engberg
89807b627f network/utils/curl: Update to 7.54.0
Update curl to 7.54.0
Update and fresh patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:15 +02:00
Daniel Engberg
ea2927e1ea network/utils/ipset: Update to 6.32
Update ipset to 6.32

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:07 +02:00
Yousong Zhou
9b4c41524f iproute2: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:45:42 +08:00
Yousong Zhou
cfa5865187 iproute2: add ip-tiny, ip-full as alternatives of /sbin/ip
They will not be in conflict anymore ;)

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:42:36 +08:00
Ansuel Smith
e80a041348 iptables: fix wrong depends for nftables support (FS#707)
The dep for the nftables support was wrong, if someone actually enable
that option gain a compilation error. This fix this problem.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-04-22 21:33:46 +02:00
Felix Fietkau
5e2d15b4a6 iptables: set ABI_VERSION to force rebuild of dependent packages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-12 10:51:36 +02:00
Ansuel Smith
98e43b13a7 iptables: bump to 1.6.1
Switch to git repo
Removed musl patch
Refreshed existing patch

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2017-04-12 10:51:29 +02:00
Hans Dedecker
fc859fb44b iproute2: add libgenl.h and ll_map.h to InstallDev section
Commit f4e312ddf8 adds libnetlink to
staging dir but did not add the header files libgenl.h and ll_map.h
which define functions belonging to libnetlink lib

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-04-08 20:53:44 +02:00
Matthias Schiffer
ea1855949b
iw: enable MESH ID in scan output
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.

Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-03-25 13:46:21 +01:00
Daniel Engberg
fd95397ee3 utils/tcpdump: Rework URLs
Add actual mirror and use main site as last resport
Source: http://www.tcpdump.org/mirrors.html

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-22 09:16:23 +01:00
Daniel Engberg
17987b9fa4 iperf3: Update to 3.1.7
Update iperf3 to 3.1.7

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-20 08:25:33 +01:00
Yousong Zhou
312b9dcd65 iproute2: fix ip monitor can't work when NET_NS is not enabled
The bug appeared in v4.1.0 and was fixed since v4.8.0

Fixes FS#620

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-19 12:41:13 +08:00
Daniel Engberg
902590e175 curl: Adjust URLs
Update mirror list, add main site as last resort
Source: https://github.com/curl/curl-www/blob/master/latest.pl

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-15 22:49:09 +01:00
Felix Fietkau
2f09a1e3c9 iwcap: fix handling kill signal during dump
Do not run another loop iteration before checking the stop flag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-14 13:29:03 +01:00
Hauke Mehrtens
c481774298 curl: update to version 7.53.1
This fixes the following security problem:
* CVE-2017-2629 SSL_VERIFYSTATUS ignored

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 21:03:07 +01:00
Felix Fietkau
055e9dfb58 xtables-addons: fix build error on ARC
The kernel unconditionally pulls in a header file that defines
'current', which conflicts with the lua extension code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-12 15:06:50 +01:00
Florian Fainelli
30159b3886 rssileds: Fix build with external toolchains
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:52 -08:00
Hsing-Wang Liao
a29163faab wireless-tools: Change download url to github
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-02-28 20:22:10 +01:00
Kevin Darbyshire-Bryant
c8ac9c09f9 iftop: bump to latest upstream
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-26 08:41:08 +01:00
Felix Fietkau
3e41afda56 iw: sync nl80211.h with mac80211 package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:17:45 +01:00
Ansuel Smith
d1a75c5161 ebtables: update to last commit
Refreshed patches

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-15 11:28:57 +01:00
Felix Fietkau
c22255e50e tcpdump: fix tcpdump-mini build on glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:24 +01:00
Daniel Engberg
2faa1edd91 iperf3: Update to 3.1.6
Update to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-02-09 12:26:36 +01:00
Hauke Mehrtens
985c90d102 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:33:58 +01:00
Felix Fietkau
a112786acb xtables-addons: update to version 2.12
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 17:49:53 +01:00
Kevin Darbyshire-Bryant
bdd1fad9e3 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-30 16:30:41 +01:00
Kevin Darbyshire-Bryant
a40f3f90d6 iproute2: cake: add 'mpu' minimum packet length support
Add 'mpu' minimum length packet size parameter for scheduling/bandwidth
accounting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-26 15:46:01 +01:00
Stijn Segers
b65572fee9 curl: fix HTTPS network timeouts with OpenSSL
Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:39:42 +01:00
Felix Fietkau
f44663c673 uqmi: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:09 +01:00
Felix Fietkau
185b06f04a umbim: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
1ca31b0931 comgt: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
1ad30be982 Revert the recent dependency and metadata scanning rework
This reverts the following commits:
fbe522d120
278ad007ee
863888e44f
96daf6352f
cfd83555fc

This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 19:48:09 +01:00
Felix Fietkau
fbe522d120 comgt: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
278ad007ee umbim: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Felix Fietkau
863888e44f uqmi: allow build without USB_SUPPORT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 18:24:40 +01:00
Stijn Tintel
c687a70fdf iwinfo: drop references to madwifi
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-01-10 13:01:26 +01:00
Felix Fietkau
84bd74057f build: use mkhash to replace various quirky md5sum/openssl calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-05 11:09:12 +01:00
Rosen Penev
558680012d curl: Remove PolarSSL and adjust default to mbedTLS
luci-ssl has already made the switch since mainline support for PolarSSL is
almost over (2016).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-01-03 14:26:41 +01:00
Hauke Mehrtens
1436e15488 curl: update to version 7.52.1
This fixes the folowing security problems:

CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-02 13:07:10 +01:00
Felix Fietkau
c7c1cf5618 treewide: clean up and unify PKG_VERSION for git based downloads
Also use default defintions for PKG_SOURCE_SUBDIR, PKG_SOURCE

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-22 16:42:21 +01:00
Florian Eckert
6c82f8a483 uqmi: add plmn set functionality for netifd proto handler
uqmi has the possibility to allow the modem to start a regsitration
process only to this specified plmn

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
2016-12-22 15:03:58 +01:00
Cezary Jackiewicz
83eca5d8b7 comgt-ncm: fix typo Fix typo in ncm.sh. Resolves:
Wed Dec 21 09:55:54 2016 daemon.notice netifd: wan (4455): ./ncm.sh: eval: line 1: =IP: not found

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2016-12-22 15:02:35 +01:00
Kevin Darbyshire-Bryant
197b11f325 iproute2: tc - update cake support
Update tc to track upstream cake changes:

diffserv3 - a simple 3 tin classifier

Also make diffserv3 and triple-isolate default

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-12-20 09:35:36 +01:00
Nickolay Ledovskikh
600d648a0d uqmi: Prevent 'POLICY MISMATH' error.
Add uqmi 'sync' command call to release stalled cid when preparing to
setup new connection. As a result it prevents 'POLICY MISMATCH' errors.

Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
2016-12-20 09:35:36 +01:00
John Crispin
4146047eaf uqmi: bump to latest git HEAD
8ceeab6 uqmi: Change returned value to QMI_CMD_REQUEST for 'sync' command.
1dc7be1 uqmi: Add sync command to release all cids.

Signed-off-by: John Crispin <john@phrozen.org>
2016-12-20 09:35:35 +01:00
Nickolay Ledovskikh
6439e39677 uqmi: add support of using device symlinks.
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.

Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
2016-12-20 09:35:35 +01:00
Nickolay Ledovskikh
13ab314b0b comgt: add support of using device symlinks.
It's useful when using multiple usb devices that should be bound to
certain usb ports. Symlinks are created by hotplug handlers.

Signed-off-by: Nickolay Ledovskikh <nledovskikh@gmail.com>
2016-12-20 09:35:35 +01:00
Felix Fietkau
720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Matti Laakso
5bd3b9dfc0 comgt-ncm: Add support for specifying profile index
Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.

In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
2016-12-14 10:37:01 +01:00
Matti Laakso
2e2748b053 uqmi: Add support for specifying profile index
Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.

Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.

Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
2016-12-14 10:37:01 +01:00
Jo-Philipp Wich
e2f8d200f5 netfilter: drop proprietary xt_id match
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-12-14 01:05:06 +01:00
Kevin Darbyshire-Bryant
88f8c8d7eb iproute2: support latest cake & restore DSCP washing
Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-12-12 16:42:06 +01:00
Felix Fietkau
b9ddf3098b tcpdump: reduce size of -mini by removing more infrequently used protocols
This removes:
- BGP
- CDP
- SCTP

MIPS binary .ipk size is reduced from ~150k to ~130k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-12 10:22:20 +01:00
p-wassi
a4a00d794f net/utils/tcpdump: update to 4.8.1
Update tcpdump to upstream release 4.8.1

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2016-12-12 10:22:19 +01:00
Hauke Mehrtens
4e07167eff curl: update to version 7.51.0
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-12-03 16:38:44 +01:00
Felix Fietkau
4d448cf720 xtables-addons: add CONFIG_NF_CONNTRACK_MARK=y to all kmod-* packages
Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-01 14:24:03 +01:00
Rafał Miłecki
e8fe83e1be iw: drop TX power patch that is part of upstream version now
Applying it again was resulting in duplicated TX info like:
Interface wlan0
        ifindex 6
        wdev 0x1
        addr 00:23:6a:a3:7d:00
        ssid LEDE2
        type AP
        wiphy 0
        channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
        txpower 31.00 dBm
        txpower 31.00 dBm

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-11-29 08:39:57 +01:00
Julian Kornberger
04a76da1ae ipset: Add InstallDev to provide libipset as library 2016-11-26 22:39:27 +01:00
Ralph Sennhauser
32cfd3bd50 arptables: bump to 2015-05-20
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:

  270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
  271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
  272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch

Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".

See also: https://git.netfilter.org/arptables/log/

Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
[Jo-Philipp Wich: add mirror SHA256 sum]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-11-14 13:14:30 +01:00
Jo-Philipp Wich
dc7c9f590a conntrack-tools: update to v1.4.4
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-11-14 13:03:53 +01:00
Rafał Miłecki
fc93494066 iw: fix build error caused by redeclaration of NL80211_ATTR_PAD
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fixes: 7aff00ab19 ("iw: update to version 4.9")
2016-11-12 16:30:06 +01:00
Rafał Miłecki
7aff00ab19 iw: update to version 4.9
This adds support for "channels" command which displays more details
about channels. It includes e.g. info about available widths.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-11-12 16:09:19 +01:00
Rafał Miłecki
7305b55588 iw: update to version 4.7
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-11-12 16:04:16 +01:00
Christian Lamparter
9c91335dc7 iperf3: update to version 3.1.4
"This release fixes a few minor bugs, including a
(non-security-impacting) buffer overflow fix ported
from upstream cjson."
<http://software.es.net/iperf/news.html#iperf-3-1-4-released>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2016-11-08 11:17:11 +01:00
Alberto Bursi
e4fef72244 comgt: move to WWAN submenu, fixed link
moving comgt and its modules to WWAN submenu to join uqmi as both are tools for WWAN modems.

I replaced the link with comgt's ubuntu manpage because the old link isn't working anymore.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-11-08 11:17:10 +01:00
Alberto Bursi
9abdeee0b7 uqmi: moved to WWAN submenu
Moving uqmi to WWAN submenu

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2016-11-08 11:17:10 +01:00
Cezary Jackiewicz
862e7fb7b3 gcom: Fix 'mode' option for ncm
For Huawei devices like E3372 proper command for set lte mode is:

AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,

Eval is required for proper quotation.

Without this fix:

Fri Nov  4 19:07:49 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov  4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> AT
Fri Nov  4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> ATZ
Fri Nov  4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATQ0
Fri Nov  4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATV1
Fri Nov  4 19:07:54 2016 daemon.notice netifd: wan (2060): sending -> ATE1
Fri Nov  4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> ATS0=0
Fri Nov  4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov  4 19:07:57 2016 daemon.notice netifd: wan (2060): sending -> AT^SYSCFGEX=\"03\",3fffffff,2,4,7fffffffffffffff,,
Fri Nov  4 19:07:58 2016 daemon.notice netifd: wan (2060): Error running AT-command
Fri Nov  4 19:07:58 2016 daemon.notice netifd: wan (2060): Failed to set operating mode
Fri Nov  4 19:07:58 2016 daemon.notice netifd: wan (2092): Stopping network
...

With this fix:

Fri Nov  4 19:10:59 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov  4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> AT
Fri Nov  4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> ATZ
Fri Nov  4 19:11:02 2016 daemon.notice netifd: wan (2539): sending -> ATQ0
Fri Nov  4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATV1
Fri Nov  4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATE1
Fri Nov  4 19:11:04 2016 daemon.notice netifd: wan (2539): sending -> ATS0=0
Fri Nov  4 19:11:05 2016 daemon.notice netifd: wan (2539): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov  4 19:11:06 2016 daemon.notice netifd: wan (2539): sending -> AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Fri Nov  4 19:11:07 2016 daemon.notice netifd: wan (2539): sending -> AT^NDISDUP=1,1,"internet"
Fri Nov  4 19:11:08 2016 daemon.notice netifd: wan (2539): Connected, starting DHCP on wwan0
Fri Nov  4 19:11:08 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Nov  4 19:11:08 2016 daemon.notice netifd: Network device 'wwan0' link is up
Fri Nov  4 19:11:08 2016 daemon.notice netifd: Network alias 'wwan0' link is up
Fri Nov  4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is enabled
Fri Nov  4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' has link connectivity
Fri Nov  4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is setting up now
...

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2016-11-08 05:49:58 +01:00
Jo-Philipp Wich
eb10b13f16 iproute2: rename ip to ip-tiny and let both ip-tiny and ip-full provide "ip"
Rename the "ip" package declaration to "ip-tiny" and let both "ip-tiny" and
"ip-full" provide the virtual "ip" package. This allows users to freely choose
the "ip" command variant while other packages can continue to depend on "ip"
without needing to enforce a specific variant.

Note that this commit does not add busybox as "ip" provider due to
the following reasons:

 - The builtin Busybox ip applet cannot be added or removed at runtime
 - Both "ip-tiny" and "ip-full" are able to install without file clashes even
   if the busybox applet is enabled
 - The system is preferring full "ip-tiny" and "ip-full" at runtime, even
   if Busybox ip is still present.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-11-02 02:33:30 +01:00