Commit graph

13451 commits

Author SHA1 Message Date
Tino Reichardt
5ca2033d33 lantiq: fix lantiq_mei.c and amazonse.dsti for adsl modem firmware
The ltq-adsl-mei package is used for 3 lantiq device types:
danube, amazon-se and ar9.

These different SoC's need also different definitions.

Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
[fix LTQ_USB_OC_INT for AR9 to match documentation]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-06-03 21:34:59 +02:00
Tino Reichardt
743be70d5b lantiq: fix ifxmips_atm_amazon_se.c
Remove 6 defines, which were defined already some lines above.

Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
2017-06-03 21:14:07 +02:00
Daniel Golle
aef39358e6 kernel: properly package 8250 serial PCI module
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-06-03 20:45:50 +02:00
Andrea Merello
860e053b29 Lantiq: make possible to tweak DSL SRN from UCI
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.

The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.

The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.

Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.

I have also a patch for LUCI about this, that I could submit.

Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
2017-06-03 17:48:57 +02:00
Jo-Philipp Wich
6db1d13084 umdns: remove superfluous include in init script
The umdns init script includes function/network.sh globally, outside of any
service procedure. This causes init script activation to fail in buildroot
and IB context if umdns is set to builtin.

Additionally, the network.sh helper is not actually used.

Drop the entire include in order to repair init script activation in build
host context. Fixes FS#658.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-06-02 01:29:32 +02:00
Kevin Darbyshire-Bryant
1fe41c4089 dnsmasq: bump to 2.77
Bump to the 2.77 release after quite a few test & release candidates.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-06-01 23:50:52 +02:00
Matthias Schiffer
5654a03768
mvebu: fix sysupgrade
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.

As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.

Config copying is moved to a function called by platform_copy_config, where
it belongs.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
2017-06-01 20:41:19 +02:00
Hans Dedecker
21f25bc4a3 ppp: propagate master firewall zone to dynamic slave interface
Assign the virtual DHCPv6 interface the firewall zone of the parent interface
so fw3 knows the zone to which the virtual DHCPv6 interface belongs.
This guarantees the firewall settings are applied correctly for the virtual
DHCPv6 interface and allows to query the zone to which the virtual DHCPv6
interface belongs via the fw3 network option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-31 16:49:59 +02:00
Julian Labus
b757de65b3 usbmode: remove devices with unsupported modes
remove files which include the following mode options
BlackberryMode OptionMode PantechMode QuantaMode

Signed-off-by: Julian Labus <julian@labus-online.de>
2017-05-31 09:55:08 +02:00
Christian Lamparter
7783f31359 base-files: nand: use CI_KERNPART whenever the kernel volume is needed
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch is in continuation of: commit 93aa860405
"procd: nand: make it possible to configure kernel and ubi partition"

The $CI_KERNPART variable should be used in place
of the fixed "kernel" partition name. This allows
targets to specifiy alternate names for the kernel
partition.

Cc: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2017-05-31 09:55:01 +02:00
Martin Schiller
d189fe62cd uboot-lantiq/spl: fixed uninitialized variable len in spl_uncompress_lzo
This fix is taken from uboot-lantiq v2014.07 (Daniel Schwierzeck)

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-05-31 08:41:31 +02:00
Martin Schiller
bbb27b1b22 uboot-lantiq: Support newer versions of the PEF7071 ethernet
This fix is taken from uboot-lantiq v2014.07 (Daniel Schwierzeck)

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-05-31 08:41:16 +02:00
Luiz Angelo Daros de Luca
b4f463d969 openvpn-easy-rsa: update to 3.0.1
easy-rsa v3 is now a single script. It expects a 'vars'
configuration file which path can be set using easy-rsa
options, environment variables or just looking in the
current directory.

The default usage would be:

 # cd /etc/easy-rsa
 # easy-rsa COMMAND [command-options]

Following upstream changes, /etc/easy-rsa/pki replaces
/etc/easy-rsa/keys directory.

The default /etc/easy-rsa/pki dir is marked to be kept during
upgrade (WARN: priv keys are saved in the system backup)
/etc/easy-rsa/openssl.1.0.cnf is now marked as config file while
index and serial got removed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-05-31 00:28:26 +02:00
Felix Fietkau
09c2f4a176 mt76: update mirror hash after tar portablity fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-30 15:40:51 +02:00
Marty Plummer
558d86923e ar71xx: add support for EnGenius ENS202EXT
EnGenius ENS202EXT is an outdoor wireless access point with
2-port 10/100 switch, detachable antennas and proprietery PoE.

The device is based on Qualcomm/Atheros AR9341 v1.

Specifications:
- 535/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM
- 16 MB of FLASH
- UART (J1) header on PCB (unpopulated)
- 2x 10/100 Mbps Ethernet
- 2.4 GHz, up to 26dBm
- 2x external, detachable antennas
- 7x LED, 1x button

Flash instructions:

You have three options:

- Use the vendor firmware upgrade page on the web interface and give
it the factory.img. This is the easiest way to go about it.

- If you have serial access during u-boot, interrupt the normal boot
(any key before timeout) and run 'run failsafe_boot'; this will bring
you to a minimal openwrt luci image on ip 192.168.1.1 useful if you've
bricked the normal firmware.

- Use the vendor's management cli, which can be accessed via telnet
with the same credentials as the web login (default admin:admin), then
issue the following commands:

*** Hi admin, welcome to use cli(V-1.6.7) ***
---========= Commands Help =========---
      stat -- Status
       sys -- System
    wless2 -- 2.4G-Wireless
      mgmt -- Management
      tree -- Tree
      help -- Help
    reboot -- Reboot
ens202ext>mgmt
  Management
---========= Commands Help =========---
     admin -- Administration
     mvlan -- Management VLAN settings
      snmp -- SNMP settings
    backup -- Backup/Restore settings
    autorb -- Auto reboot settings
   fwgrade -- Firmware upgrade
      time -- Time settings
   wifisch -- Wifi schedule
       log -- Log
      diag -- Diagnostics
      disc -- Device Discovery
    logout -- Logout
      help -- Help
      exit -- Exit
ens202ext/mgmt>fwgrade
  Management --> Firmware upgrade
---========= Commands Help =========---
      fwup -- Firmware upgrade
      help -- Help
      exit -- Exit
ens202ext/mgmt/fwgrade>fwup http://web.server/lede-ar71xx-generic-ens202ext-squashfs-factory.bin

Signed-off-by: Marty Plummer <ntzrmtthihu777@gmail.com>
2017-05-30 14:15:25 +02:00
Kevin Darbyshire-Bryant
a4198f8c8d iproute2: bump to 4.11
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-30 14:00:31 +02:00
Josua Mayer
e2814f6416 u-boot-mvebu: clearfog: enable setexpr command
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2017-05-30 14:00:30 +02:00
Josua Mayer
c4f9474059 u-boot-mvebu: clearfog: implement distro-boot
Add a patchfile that implements distro-boot and is meant to go upstream
Also make the other patches git-am'able for easier maintenance.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2017-05-30 14:00:30 +02:00
Josua Mayer
86c4144571 u-boot-mvebu: update to 2017.03
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2017-05-30 14:00:30 +02:00
Ansuel Smith
e783f588eb mwlwifi: update to the latest version
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-05-30 13:59:38 +02:00
Felix Fietkau
6773561748 mt76: update to the latest version, fixes a mt7603 beacon issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-30 08:52:00 +02:00
Matthias Schiffer
df5e80eb26
procd: update to latest git HEAD
e7bb2c8 upgraded: define __GNU_SOURCE

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-30 07:29:25 +02:00
Matthias Schiffer
a5428244d9
base-files: add support for staged sysupgrades from failsafe mode
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
b2adb9a7b5
base-files: sysupgrade cleanup
Some functions only used by stage2 are moved there from common.sh.

One piece that could still use more cleanup is platform_pre_upgrade: many
targets reference files from there are aren't available in the ramfs, so
we need to evaluate it before the switch; conversely, flash writes happen
in that function on some targets. Targets that do the latter should be
fixed eventually to use platform_do_upgrade for that purpose.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
218af1957e
fstools: snapshot: handle jffs2 conversion using upgraded
We can reuse the kill_remaining and run_ramfs facilities of the stage2 run
by upgraded.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
6bbb3a2b0a
fstools: clean up trailing whitespace in snapshot script
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:33 +02:00
Matthias Schiffer
30f61a34b4
base-files: always use staged sysupgrade
Support for the -d and -p options is dropped; it may be added again at some
point by adding these flags to the ubus sysupgrade call.

A downside of this is that we get a lot less information about the progress
of the upgrade: as soon as the actual upgrade starts, all shell sessions
are killed to allow unmounting the root filesystem.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:32 +02:00
Matthias Schiffer
393817df5d
procd: remove procd-nand package
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.

The procd-nand-firstboot package is removed for now, it may return later
as a separate package.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:50:32 +02:00
Matthias Schiffer
8008765f1f
procd: update to latest git HEAD
992b796 rcS: add missing fcntl.h include
63789e5 init: add support for sysupgrades triggered from preinit
5b1fb35 Remove code that has become unnecessary after sysupgrade changes
5918b6d upgraded: add support for passing a "command" argument to stage2
056d8dd upgraded: link dynamically, chroot during exec
7c6cf55 system: always support staged sysupgrade
d42b21e procd/rcS: Use /dev/null as stdin
e0098d4 service/instance: add an auto start option
1247db1 procd: Log initscript output prefixed with script name
8d720b2 procd: Don't use syslog before its initialization
2555474 procd: Add missing \n in debug message

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:49:50 +02:00
Matthias Schiffer
49328cecdf
procd: prepare NAND sysupgrade for making upgraded dynamically linked
Use install_bin to copy upgraded with all dependencies. The old name
/tmp/upgraded is temporarily retained as a symlink to avoid breaking
things.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:08:32 +02:00
Matthias Schiffer
25d1a24e58
procd: clean up trailing whitespace in nand.sh
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-29 23:08:22 +02:00
Felix Fietkau
aaeb42b3e2 mt76: update to the latest version, improves mt7603/7628 stability
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-29 14:42:49 +02:00
Jo-Philipp Wich
61eb18d3f7 firewall: fix stray continue statement
The previous commit introduced a faulty continue statement which might
lead to faulty rules not getting freed or reported.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-27 16:16:15 +02:00
Hans Dedecker
1422dab66e netifd: fix 6rd regression (FS#812)
08f1875 system-linux: fix 6rd regression

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-27 13:26:39 +02:00
Jo-Philipp Wich
6e46f6edc4 firewall: extend ubus support, exception handling, parse fixes
Update to latest Git HEAD in order to import a number of fixes and other
improvements:

3d2c18a options: improve handling of negations when parsing space separated values
0e5dd73 iptables: support -i, -o, -s and -d in option extra
4cb06c7 ubus: increase ubus network interface dump timeout
e5dfc82 iptables: add exception handling
f625954 firewall3: add check_snat() function
7d3d9dc firewall3: display the section type for UBUS rules
53ef9f1 firewall3: add UBUS support for include scripts
5cd4af4 firewall3: add UBUS support for ipset sections
02d6832 firewall3: add UBUS support for forwarding sections
0a7d36d firewall3: add UBUS support for redirect sections
d44f418 firewall3: add fw3_attr_parse_name_type() function
e264c8e firewall3: replace warn_rule() by warn_section()
6039c7f firewall3: check the return value of fw3_parse_options()

Fixes FS#548, FS#806, FS#811.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-27 12:19:48 +02:00
Jo-Philipp Wich
52e36cf80a samba: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the
fixed samba package does not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-27 12:17:40 +02:00
Filip Moc
43e4e1f4a5 Move enablemodem from ramips to new package adb-enablemodem and make it used also by TL-MR6400
Signed-off-by: Filip Moc <lede@moc6.cz>
2017-05-27 07:54:40 +02:00
Julian Labus
a9206ac26c usbmode: update usb-modeswitch-data to 20170205
add support for new hardware

Signed-off-by: Julian Labus <julian@labus-online.de>
2017-05-27 07:01:39 +02:00
Julian Labus
b09ee2dc01 usbmode: update to latest version
453da8e convert-modeswitch.pl: fix message indices

Signed-off-by: Julian Labus <julian@labus-online.de>
2017-05-27 07:01:39 +02:00
Florian Fainelli
484f768dfa elfutils: Pass -Wno-unused-result to silence warnings as errors
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:

dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
       strerror_r (error & 0xffff, s, sizeof(s));
                  ^
cc1: all warnings being treated as errors

Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-26 15:42:03 -07:00
Nick Brassel
b32689afd6 dnsmasq: add dhcp-script hook for other packages
Adds a script which acts as a hook for when dnsmasq creates/destroys a
lease, or completes a TFTP file transfer. The hook loops through scripts
in appropriate directories inside '/etc/hotplug.d', executing each one with
the same arguments supplied by dnsmasq.

In case dnsmasq is jailed by ujail the dhcp-script hook will not work as
expected as ujail does not yet support executing a script within a jail.

Signed-off-by: Nick Brassel <nick@tzarc.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-26 21:28:30 +02:00
Jo-Philipp Wich
361c8b4ee4 Revert "sysupgrade: run only one instance at a time."
This reverts commit e96a9a9af8.

The change breaks sysupgrade through LuCI and two-stage sysupgrade on
NAND targets. There is also a mismatch of file paths in lock and unlock
operations.

This commit was apparently neither properly tested, nor reviewed, so
drop it for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-26 14:49:08 +02:00
Felix Fietkau
c2dc7321d7 iptables: fix typos in 600-shared-libext.patch (FS#711)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:30:36 +02:00
Giuseppe Lippolis
4ba2f4dc63 DWR-512: adding wwan support for the dwr-512 3G modem
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-25 19:01:08 +02:00
Felix Fietkau
3c7a99ea90 xfsprogs: update to 4.11.0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau
e6d4235ae5 json-c: disable implicit fallthrough warning (gcc 7)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Felix Fietkau
60241e52db firewall: update to the latest version, fixes a gcc7 build error
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:01:07 +02:00
Yousong Zhou
a76cbc0d7e kernel: fix autoloading arch-specific modules
Fixes FS#745

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-25 22:52:07 +08:00
Yousong Zhou
e250acab26 backlight-pwm: fix module description
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-25 22:52:06 +08:00
Kenneth Johansson
e96a9a9af8 sysupgrade: run only one instance at a time.
Things do not work well if running multiple instances of
upgrade at the same time.

Signed-off-by: Kenneth Johansson <kenneth.johansson@inteno.se>
2017-05-25 09:22:43 +02:00
Roman Spychała
855f2ae4da kernel: add kmod-usb-net-pl package
Kernel support for Prolific PL-2301/2302/25A1 based cables

Signed-off-by: Roman Spychała <roed@onet.eu>
2017-05-25 09:22:42 +02:00
Stijn Tintel
423a7a6b75 lldpd: bump to 0.9.7
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-05-24 14:56:22 +02:00
Stijn Tintel
3f0d3d12da samba: fix CVE-2017-7494
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-05-24 14:44:03 +02:00
Hans Dedecker
43cc399871 dnsmasq: bump to 2.77rc5
Some small tweaks and improvements :

9828ab1 Fix compiler warning.
f77700a Fix compiler warning.
0fbd980 Fix compiler warning.
43cdf1c Remove automatic IDN support when building i18n.
ff19b1a Fix &/&& confusion.
2aaea18 Add .gitattributes to substitute VERSION on export.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-22 23:08:06 +02:00
Hans Dedecker
c0a9a73393 6rd: add 6rd specific settings as nested json object
Add 6rd specific settings prefix, relay-prefix as a nested data json object

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-22 21:40:19 +02:00
Hans Dedecker
5f2408dbc5 netifd: update to git HEAD version
7573880 system-linux: parse 6rd specific settings as nested json data object
a063705 system-linux: remove redundant check for strtoul() return value
e6ebe0b build: disable unknown warning option error in clang
08d8f47 interface: add new "ifup-failed" hotplug event
20a1bac bridge: reset primary only after marking the member not present
6b9c267 build: suppress format truncation warnings to avoid errors with gcc7

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-22 21:40:19 +02:00
Rafał Miłecki
aaabf47ede umdns: update to the version 2017-05-22
This includes following changes:
0e8b948 Support specifying instance name in JSON file
49fdb9f Support PTR queries for a specific service
26ce7dc Allow filtering with instance name in service_reply
920c62a Store instance name in the struct service
ff09d9a Rename service_name function to the service_instance_name
64f78f1 Rename mdns_hostname variable to the umdns_host_label

Previous package update pulled commit 70c66fbbcde86 ("Fix sending
replies to PTR questions") which introduced a regression which this
update fixes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-05-22 12:04:01 +02:00
Felix Fietkau
65a3dc277f fstools: update to the latest version
88d48d5 libfstools: silence mkfs.{ext4,f2fs}
a19f2b3 build: disable the format-truncation warning error to fix gcc 7 build errors
633a8d0 libfstools: fix multiple volume_identify usages with the same volume
c43ae11 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-22 11:12:36 +02:00
Yousong Zhou
5d48dc1146 libunwind: update to 1.2
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.

Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-22 11:07:40 +08:00
Kevin Darbyshire-Bryant
6e10fc74fd dropbear: bump to 2017.75
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user.  Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c

- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink.  Dropbear parsed authorized_keys as root, even if it were a
symlink.  The fix is to switch to user permissions when opening
authorized_keys

A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123

Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-21 23:56:17 +02:00
Hans Ulli Kroll
ce7681d328 mac80211: add support for rtl8821ae pcie adapter
Add support for Realtek RTL8821AE/RTL8812AE PCIe adapter.
This device supports 802.11ac and bluetooth

testet on PC Engines APU with AP and STA mode

Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
2017-05-21 23:51:21 +02:00
Hans Ulli Kroll
fd7b2559e2 linux-firmware: add firmware for rtl8821ae support
Add needed firmware to support rtl8821ae pcie adapter

Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
2017-05-21 23:51:08 +02:00
Alexandru Ardelean
c7ee30d53a base-files: fix default procd reload
Bug introduced with 6713694.

I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts

```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```

The service would be restarted regardless of any of those params.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-05-20 20:43:45 +02:00
Daniel Engberg
ec987e59c4 f2fs-tools: Switch to gz tarball
At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-18 14:23:26 +02:00
Daniel Golle
5e5499c612 mac80211: rt2x00: remove unneccessary code
Use chanreg and dccal helpers to reduce the size of ePA code.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed white-space so patch applies]
2017-05-18 13:51:28 +02:00
Alexandru Ardelean
ce8bfa9407 lldpd: drop specific respawn params [use system-wide]
I think I added these respawn params [a while back],
when I did the conversion to procd init script format.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-05-18 08:14:26 +02:00
Luiz Angelo Daros de Luca
ccc54b2935 elfutils: bump to 0.169
Removed patches (now upstream):
- 004-maybe-uninitialized.patch
- 007-fix_TEMP_FAILURE_RETRY.patch

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-05-18 07:59:56 +02:00
Ben Greear
e00cc98045 ath10k-ct-firmware: Add support for QCA9886/QCA9888 firmware.
This firmware shoul have the same general feature set as the
rest of the 10.4 CT firmware (9984, 9980, etc).  Build-tested
only in LEDE, but firmware has been tested with ath10k-ct driver
on other OSs, so likely works just fine.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-05-18 07:59:33 +02:00
Ben Greear
7a343dafbb ath10k-ct-firmware: Update to latest.
The 988x and 9887 firmwares include a bugfix for a case where blockack
did not work sometimes, and many fixes for compiler warnings detected
by newer gcc compilers.

The 9980 and 9984 firmware includes a large backport of upstream QCA
firmware changes to bring it up to date.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-05-18 07:59:31 +02:00
Ben Greear
1fc0a45558 ath10k-ct: Update to latest ath10k-ct driver.
Supports disabling firmware hex logging that many found too verbose.

Increase BMI timer so system works more often with 9888 Compex NIC
(and maybe others).

Allow configuring a specific board-file per NIC using fwcfg file.

Maybe fix a scan-busy problem when using CT firmware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-05-18 07:59:26 +02:00
Daniel Engberg
b295966f87 devel/trace-cmd: Update to 2.6.1
Update trace-cmd to version 2.6.1
Switch to tarball download

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-18 07:58:59 +02:00
Giuseppe Lippolis
db776c01e1 comgt-3g: enable modem before to setpin
some modems needs to be enabled with CFUN=1 before to set the pin

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-18 07:07:00 +02:00
Philip Prindeville
0dcc36fc7d kernel: add hwmon for W83627EHF and family
Remove support for NCT6775/6 from W83627EHF driver so the NCT6775
driver will still be used for those chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-05-17 00:06:52 +02:00
Arjen de Korte
070a46121d dnsmasq: add IPv6 nameserver configuration in server mode
When in ra server mode, configure nameservers passed in router
announcements from the dns value (which is already used by odhcpd).

This also fixes FS#677 by using the global IPv6 address of the router
instead of the link local address (if no nameservers are configured).

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-05-16 22:27:02 +02:00
Daniel Engberg
74395d97a9 libs/libnftnl: Update to 1.0.7
Update libnftnl to 1.0.7

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 17:22:58 +02:00
Daniel Engberg
89807b627f network/utils/curl: Update to 7.54.0
Update curl to 7.54.0
Update and fresh patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:15 +02:00
Daniel Engberg
4b0a2ca9a4 devel/strace: Update to 4.16
Update strace to 4.16
Refresh patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:11 +02:00
Daniel Engberg
ea2927e1ea network/utils/ipset: Update to 6.32
Update ipset to 6.32

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:07 +02:00
Ansuel Smith
324ec18615 uhttpd: Enable integrated Lua by default
We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-05-16 16:57:01 +02:00
Bjørn Mork
a131b892ea kernel: add Digi Edgeport USB serial driver package
Signed-off-by: Bjørn Mork <bjorn@mork.no>
2017-05-16 12:10:39 +02:00
Mantas Pucka
cd9d0f9e97 uboot-envtools: add support for 8devices Rambutan
Signed-off-by: Mantas Pucka <mantas@8devices.com>
2017-05-15 22:43:33 +02:00
Steffen Weinreich
04e91631e0 om-watchdog: add support for Teltonika RUT5xx (ramips)
Add rut5xx GPIO PIN selection to om-package startup script.

Testet on a RUT500 device, the timeout value of the hardware watchdog
is about 280 sec.

Signed-off-by: Steffen Weinreich <steve@weinreich.org>
[split into two commits, bump PKG_RELEASE]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-05-15 22:43:33 +02:00
Piotr Dymacz
08ab3fda01 om-watchdog: cosmetic code style fixes
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-05-15 22:43:33 +02:00
Piotr Dymacz
f7e84a4a2e om-watchdog: cleanup Makefile
Drop redundant Build/Prepare, empty lines and duplicated Build/Compile.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-05-15 22:43:33 +02:00
Hans Dedecker
6d7cb5337e odhcpd: update to git HEAD version
93abe6f config: fix invalid hoplimit in RA message
2ae08d1 config: fix invalid retranstime in RA message
0005cb4 config: fix invalid reachabletime in RA message
5683dd2 config: limit ra_mtu to 65535
f8d40a5 router: fix interface mtu read error
f8f4b87 config: limit ra_retranstime to 60000
a2d8bf6 dhcpv4: display two hex digits per octet in syslog
a9e9bc4 config: make RA retransTime configurable via uci
2cb6b48 config: make RA reachableTime configurable via uci
e4504db config: make RA curHopLimit configurable via uci
9dd5316 config: make RA mtu configurable via UCI
29cb2ff config: fix dhcpv4 server being started
0ef74ec ndp.c: add switch/case fallthrough comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-15 22:30:39 +02:00
Alberto Bursi
4242ddf8f2 base-files: add led functions to uci-defaults.sh
uci_set_leds_ataport() allows to set a led to show activity
on a specific (s)ata port, which is needed for devices that have
a Sata led for each sata port.
The led trigger is from the 834-ledtrig-libata.patch LEDE kernel patch.

uci_set_leds_usbhost() allows to set a led to show total usb activity.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-14 21:45:50 +02:00
Alberto Bursi
b06a286a48 base-files: cleanup led functions in uci-defaults.sh
create a function with code common to all led functions,
create another function with code common to functions setting
a simple led trigger, restore alphabetical order in function names.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[Jo-Philipp Wich: use a single underscore to denote private functions]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-14 21:45:50 +02:00
Jo-Philipp Wich
4a03347545 mac80211: gracefully handle preexisting VIF
Gracefully handle cases where the to-be-created wireless interface already
exists on the system which might commonly happen with non-multi-SSID capable
wireless drivers.

This fixes commit 8301e61365 which caused
previously ignored "Too many open files in system (-23)" errors to fail the
wireless setup procedure.

With the updated approach we'll still try recreating the vif after one
second if the first attempt to do so failed with ENFILE but we will now
consider the operation successfull if a second attempt still yields ENFILE
with the requested ifname already existing on the system.

Fixes FS#664, FS#704.

Suggested-by: Vittorio Gambaletta <openwrt@vittgam.net>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-14 21:43:11 +02:00
Marko Ratkaj
ee1cee2cac mvebu: add ClearFog Base support
Add support for SolidRun ClearFog Base board.

The base model is a smaller version of ClearFog Pro without
the DSA switch, replacing it with a second copper gigabit
port, and only one PCIe socket.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-05-14 00:34:03 +02:00
Marko Ratkaj
ec4a8c6dee mvebu: ClearFog renamed upstream to ClearFog Pro
The conventional model is now known as the "Clearfog Pro"

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-05-14 00:34:03 +02:00
Matthias Schiffer
1a16cb9c67
mac80211, hostapd: always explicitly set beacon interval
One of the latest mac80211 updates added sanity checks, requiring the
beacon intervals of all VIFs of the same radio to match. This often broke
AP+11s setups, as these modes use different default intervals, at least in
some configurations (observed on ath9k).

Instead of relying on driver or hostapd defaults, change the scripts to
always explicitly set the beacon interval, defaulting to 100. This also
applies the beacon interval to 11s interfaces, which had been forgotten
before. VIF-specific beacon_int setting is removed from hostapd.sh.

Fixes FS#619.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-13 17:12:54 +02:00
Matthias Schiffer
5e481881d7
hostapd: remove unused variable declarations in hostapd.sh
None of the variables in this "local" declaration are actually set in
wpa_supplicant_add_network().

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-05-13 16:27:22 +02:00
Kevin Darbyshire-Bryant
deef71375c dnsmasq: bump to 2.77rc3
Fix [FS#766] Intermittent SIGSEGV crash of dnsmasq-full

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-12 21:30:56 +02:00
Jo-Philipp Wich
e66f17ac1e openvpn: update to v2.4.2
Update to version 2.4.2 in order to address two potential Denial-of-Service
vectors in OpenVPN.

CVE-2017-7478 - Don't assert out on receiving too-large control packets
CVE-2017-7479 - Drop packets instead of assert out if packet id rolls over

Ref: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.2
Ref: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-05-12 11:54:48 +02:00
Florian Fainelli
c258bc781f toolchain: Package libgomp
Some external toolchains may be configured to enable OpenMP. Provide a
package for these libraries which can be used by other packages.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-11 13:42:55 -07:00
Florian Fainelli
83814856fe fritz-tools: Find zlib.h header file
Add the necessary changes to CMakeLists.txt to search zlib.h. Fixes
build issues with external toolchains that don't have STAGING_DIR in the
default search path.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-05-11 13:42:39 -07:00
Valentin Spreckels
6f01abf5de fritz_tffs_read: fix parsing of size argument
The parameter specification missed that -s takes an argument.

Signed-off-by: Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.DE>
2017-05-11 00:53:05 +02:00
Alexey Brodkin
5dc76a4258 perf: Disable perf for ARC770 only, enable for ARC HS38
Toolchain built for ARCv1 (read for ARC700 cores) by default has
disabled atomic ops (-mno-atomic). When we build Linux kernel for ARC770
which has LL/SC instructions and thus may handle normally atomic ops we
explicitly add "-matomic" in CFLAGS. But since user-space perf utility has
no way to extract CPU config options from Kconfig/defconfig it uses
compiler default settings.

In case of ARCv2 (read ARC HS38) atomics are enabled by default and so
perf builds perfectly fine thus reenabling perf for ARC HS38 (actually
for non-ARC700 targets).

Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
2017-05-11 00:53:05 +02:00
Arjen de Korte
44da45a881 dnsmasq: don't propagate DUID from one host to another
If no DUID is set for a host, it should be empty, not the last one set for a previous host.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
2017-05-11 00:53:05 +02:00
Hans Dedecker
54ea0f45c8 dnsmasq: use append_interface_name when using option --interface-name
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-05-09 10:01:07 +02:00