Commit graph

590 commits

Author SHA1 Message Date
Hauke Mehrtens
4336efe14b kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:11:33 +01:00
Philip Prindeville
a30791242b nftables: update to 0.8.1
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Jo-Philipp Wich
5bbcd80e3f xtables-addons: remove from base
The package has been moved to the package feed repository to allow for
non-base dependencies such as Perl.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 19:40:29 +01:00
Jo-Philipp Wich
190c1c3cc8 iwinfo: update to latest git HEAD
5a5e21b nl80211: skip event notifications in wpa_supplicant scan result reply

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 14:10:52 +01:00
Koen Vandeputte
7488be7010 uqmi: fix raw-ip mode for newer lte modems
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.

In this case, the driver must be informed that it should handle all
packets in raw mode. [1]

This commit fixes connectivity issues for these devices.

Before:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

After:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225

[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html

Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-15 15:30:53 +01:00
Matthias Schiffer
f73f1aee76
ebtables: update to latest git 2017-10-24
6a82659 Use flock() for --concurrent option
73c2371 ebtables: extensions: Constify option struct

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:50:50 +01:00
Jo-Philipp Wich
fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Martin Schiller
1b1388f640 linux-atm: add br2684ctl option to specify the netdev name
Add the uci option nameprefix to specifc a target netdev name. Patch the
br2684ctl code to accept and set a netdev name via commandline parameters.

It allows to use the same netdev name for ATM and PTM lines on lantiq
xdsl hardware.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathis Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Hauke Mehrtens
9f626501cb nftables: fix sha256sum
The mirror was delivering a file with a different hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-31 18:46:13 +01:00
rektide de la faye
0f72690a2d iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-29 18:06:25 +01:00
Hauke Mehrtens
dda2229c52 layerscape: fix package download
The git hash was changed for multiple layerscape packages without
changing the version number. The LEDE build system will not download the
packages again if the old version is already there and so some people
and the build bots are using wrong version of some packages. Use
PKG_SOURCE_DATE instead of PKG_VERSION to generate packages with the
date and the first charterers of the git hash. This will change the file
name and make the build system download them again, also if in future
the git hash is changed the file name will change and trigger a new
download.

This should fix a problem spotted by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-21 10:02:16 +01:00
Hauke Mehrtens
436fe56485 xtables-addons: fix compile with kernel 4.14
This fixes a compile problems seen with kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:49 +01:00
Hauke Mehrtens
c0160f01ae xtables-addons: update to version 2.14
This includes a compile fix needed for kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:10:21 +01:00
Kevin Darbyshire-Bryant
a9940ca2d7 iproute2: cake: support new operating modes
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 23:54:51 +01:00
Zoltan HERPAI
23f774f727 merge: packages: update branding in core packages
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Hans Dedecker
79a19e5d27 iproute2: align ip help text for tiny variant
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 22:30:54 +01:00
Russell Senior
c3c1185d56 iproute2: update to v4.14.1
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2017-12-06 22:30:00 +01:00
Hans Dedecker
b0b289ea45 curl: bump to 7.57.0 (3 CVEs)
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-30 09:44:17 +01:00
Fushan Wen
40868e3bb6 kmod-sched-cake: update to latest git HEAD
dfb2f6c pkt_sched: make compile again
5ab7026 sch_cake: make compile again
6f28803 codel5: make more checkpatch compliant
bd426aa Fix build error on 4.12
e4a3628 Whitespace tidy up

Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
2017-11-25 19:53:37 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Yangbo Lu
23c1504059 layerscape: add restool package
restool is a user space application providing the
ability to dynamically create and manage Layerscape
DPAA2 containers and objects from Linux.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Denis Osvald
ee791fa4ab netfilter, iptables: add optional CHECKSUM module
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-11-06 16:39:41 +01:00
Arjun AK
63d7c45886 iwinfo: add "PKG_MIRROR_HASH" to the Makefile
Defining it will let the build tool download the tarball file from
a buildbot server, avoiding a clone of the source repo.

Signed-off-by: Arjun AK <lede@arjunak.com>
2017-11-06 16:39:41 +01:00
Philip Prindeville
e03dcf494e iperf3: update to 3.3 and refresh patches
Taking the same patchset I've submitted upstream for inclusion.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-10-31 14:19:51 -06:00
Koen Vandeputte
06d5d01e8a uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:22 +02:00
Koen Vandeputte
09582d6b4d uqmi: also try newer pin verification
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.

Fixes PIN issues with modems like the Sierra Wireless MC7455

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:21 +02:00
Hans Dedecker
b00cf0e58e curl: bump to 7.56.1
Refresh patches
Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as
integrated upstream

See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and
7.56.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:07:43 +01:00
Karl Vogel
76378c6b9f build: use KERNEL_MAKE_FLAGS for kernel file compilations
The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS.
Make use of this variable for kernel makefiles.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
2017-10-29 16:17:05 +01:00
Martin Wetterwald
378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Yunhui Fu
0f061af98e wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.

Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
2017-10-15 00:24:22 +02:00
Hans Dedecker
db18cee2d7 iproute2: bump to 4.13
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-13 21:48:44 +02:00
Alexandru Ardelean
a5d016f361 net: uqmi: fix blocking in endless loops when unplugging device
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-10-09 16:07:42 +02:00
Stijn Tintel
f8595a51d9 conntrack-tools: switch to git
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.

7e7748d src/main: refresh help message
fe32043 conntrackd.8: refresh file
47a4dda conntrackd.8: add reference to systemd
0cfe7ff doc/manual: include some bits about init systems
74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
d833bed conntrackd: cthelper: ftp: Fix debug print
dd4b5a1 conntrackd: cthelper: Add new mdns helper
498d698 Link nfct and helper modules with `-z lazy`
9e94e85 sync-mode: print errno message on failure
ab81c35 log: print messages to stdout/sderr if running in console mode
631d92b log: introduce a mechanism to know if log was initialized
ccb1c8b conntrackd: replace error reporting in the config parser with dlog()
bee121e conntrackd: replace fprintf calls with dlog()
5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address
abb9984 helper: remove copy and paste from uapi kernel header
a91a004 src: add log message when resync is requested by other node
c2d8be1 systemd: fix missing log.h include
f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options
8b83771 conntrack: send mark filter to kernel iff set
1ba5e76 conntrackd: cthelper: Don't leak nat_tuple
832166d conntrackd: cthelper: Free pktb after use
ff843bc conntrackd: config: Do not strdup() tokens
b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing
8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option
39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On
29b390a conntrack: Support IPv6 NAT
381827a conntrackd: factorice tx_queue functions
131df89 conntrackd: factorize resync operations
d31bacc conntrackd: consolidate more code to use resync_send()
3d98496 conntrackd: request resync at startup
ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6
9d38445 conntrackd: evaluate configuration earlier
6feded7 conntrackd: cleanup if failed forking
dbfdea7 conntrackd: deprecate unix backlog configuration
210f542 conntrackd: make the daemon run in RT mode by default
37cc7f0 conntrackd: remove warning for -S
d2849d1 conntrack: Show multiple CPUs stats from proc
bc0b49a conntrackd: cthelper: ssdp: fix build with musl
0c77a25 tests: don't fail on modprobe since the driver might be built-in
eefe649 conntrack.8: refresh manpage

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:15:14 +03:00
Stijn Tintel
9e9696afc8 treewide: switch git.netfilter.org to HTTPS
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 21:10:36 +03:00
Hans Dedecker
778970735b curl: add nghttp2 support
Add config option support for nghttp2

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Hauke Mehrtens
a8f63a0717 mac80211: update to backports-4.14-rc2
This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.

To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1

Then run this:
./gentree.py --git-revision v4.14-rc2 --clean  <path to linux repo> ../backports-4.14-rc2-1

This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 12:49:11 +02:00
Stijn Tintel
c317af777b iw: fix build on musl host
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found

Adding a shebang line in version.sh seems to solve it.

Fixes FS#977.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 14:59:06 +03:00
Hans Dedecker
754659ddb5 curl: fix disable threaded resolver
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-27 17:33:48 +02:00
Stijn Tintel
456de21297 ipset: replace patch that was reverted upstream
Use the correct prefix for backports while at it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-26 18:18:44 +03:00
Stijn Tintel
7e58392bcb ipset: bump to 6.34
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 22:52:46 +03:00
Stijn Tintel
d9beae9b9e curl: bump to 7.55.1
Update 200-no_docs_tests.patch.
Refresh patches.

Fixes the following CVEs:
- CVE-2017-1000099
- CVE-2017-1000100
- CVE-2017-1000101

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Stijn Tintel
2ad649d134 iperf: bump to 2.0.10
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Stijn Tintel
2375e279a7 tcpdump: noop commit to refer CVEs fixed in 4.9.2
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.

The following CVEs were fixed in 21014d9708:

CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-18 01:33:40 +03:00
Alexandru Ardelean
d03c23c8d4 cyassl,curl,libustream-ssl: rename every cyassl to wolfssl
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
ad510c4d62 wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```

Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```

Thanks to @lynxis for pointing out the commas.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-16 23:04:46 +02:00
Lorenzo Santina
fd84ecda7d treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
2017-09-13 08:07:54 +02:00
Stijn Tintel
21014d9708 tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Koen Vandeputte
f47c41cff9 xtables-addons: update to version 2.13
Changes:

89d1b80 xt_condition: namespace support #2
c839e87 xt_geoip: check for allocation overflow
a587f95 compat_xtables: use more accurate printf format for NIPQUAD
1874fcd xt_DNETMAP: fix a buffer overflow
21ea7b7 xt_LOGMARK: resolve new gcc7 warnings
ee8da2b build: support for Linux 4.12
19a4359 xt_condition: add support for namespaces
1b37966 xt_psd: resolve compiler warning

Tested on cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-08-24 08:38:39 +02:00
John Crispin
d99c52765d Revert "iputils: switch to new upstream"
This reverts commit 77d3ac8e3e.
This reverts commit e665b3df2a.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-24 08:09:14 +02:00
Philip Prindeville
fc48aebdc1 iperf3: add SSL variant for iperf_auth feature
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 20:35:16 +02:00
Philip Prindeville
d55fff4ae7 iperf3: update to 3.2
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-23 20:35:16 +02:00
John Crispin
e665b3df2a iputils: update sha256sum
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 19:34:24 +02:00
John Crispin
77d3ac8e3e iputils: switch to new upstream
Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 16:31:35 +02:00
Rafał Miłecki
8de57c9746 iwinfo: update to the latest git HEAD
c1a03e8 nl80211: request split information about frequencies
5638567 nl80211: store info about freq being not available for some bandwidths
ce51cb8 Allow storing more info about each frequency
5c10efa nl80211: support receiving split frequencies
335967c nl80211: improve error handling
ab089dd nl80211: propagate netlink errors to callers
7bba117 nl80211: handle netlink errors in nl80211_wait()
d22c64c iwinfo: add device id for Ubiquiti NanoStation Loco M2

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-08-23 11:19:28 +02:00
John Crispin
4cac13f8e2 Revert "xtables-addons: fix nathelper-rtsp dependencies"
This reverts commit e2ef80130e.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-23 09:54:53 +02:00
Philip Prindeville
e2ef80130e xtables-addons: fix nathelper-rtsp dependencies
Both nf_conntrack and nf_nat need to be called out.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-08-22 21:31:39 +02:00
Hauke Mehrtens
779227d5ee nftables: remove date from version
We are using the normal 0.7 version of nftables, do not add an
additional date to the version number.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-08-09 23:20:56 +02:00
Daniel Engberg
911331ad0f tcpdump: Update to 4.9.1
Update tcpdump to 4.9.1

Fixes:
 * CVE-2017-11108: Fix bounds checking for STP.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-07-28 23:07:00 +02:00
Alexandru Ardelean
d9f7ae6cdb ipset: split libipset as a subpackage
Intent is to link against it, and have the option to
not install the ipset utility (if needed).

One example/use-case is keepalived (from package)
feeds, where it would be nice to just depend on a
`libipset` (sub)package.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-07-21 15:12:48 +02:00
Nick Brassel
eaf6f1532d nftables: Update to 0.7
Updated nftables to latest.

Signed-off-by: Nick Brassel <nick@tzarc.org>
2017-07-15 00:17:49 +02:00
Alif M. Ahmad
683e73735e
curl: bump to version 7.54.1
Upgrade the curl package to latest version. Patches refreshed.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-07-14 03:10:38 +02:00
Alin Nastac
d8748e537f netfilter: add iptables-mod-rpfilter package
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2017-07-11 22:09:57 +02:00
Kevin Darbyshire-Bryant
a4198f8c8d iproute2: bump to 4.11
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-05-30 14:00:31 +02:00
Filip Moc
43e4e1f4a5 Move enablemodem from ramips to new package adb-enablemodem and make it used also by TL-MR6400
Signed-off-by: Filip Moc <lede@moc6.cz>
2017-05-27 07:54:40 +02:00
Felix Fietkau
c2dc7321d7 iptables: fix typos in 600-shared-libext.patch (FS#711)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-05-25 19:30:36 +02:00
Giuseppe Lippolis
4ba2f4dc63 DWR-512: adding wwan support for the dwr-512 3G modem
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-25 19:01:08 +02:00
Giuseppe Lippolis
db776c01e1 comgt-3g: enable modem before to setpin
some modems needs to be enabled with CFUN=1 before to set the pin

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2017-05-18 07:07:00 +02:00
Daniel Engberg
89807b627f network/utils/curl: Update to 7.54.0
Update curl to 7.54.0
Update and fresh patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:15 +02:00
Daniel Engberg
ea2927e1ea network/utils/ipset: Update to 6.32
Update ipset to 6.32

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-05-16 16:58:07 +02:00
Yousong Zhou
9b4c41524f iproute2: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:45:42 +08:00
Yousong Zhou
cfa5865187 iproute2: add ip-tiny, ip-full as alternatives of /sbin/ip
They will not be in conflict anymore ;)

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-05-02 22:42:36 +08:00
Ansuel Smith
e80a041348 iptables: fix wrong depends for nftables support (FS#707)
The dep for the nftables support was wrong, if someone actually enable
that option gain a compilation error. This fix this problem.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-04-22 21:33:46 +02:00
Felix Fietkau
5e2d15b4a6 iptables: set ABI_VERSION to force rebuild of dependent packages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-12 10:51:36 +02:00
Ansuel Smith
98e43b13a7 iptables: bump to 1.6.1
Switch to git repo
Removed musl patch
Refreshed existing patch

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2017-04-12 10:51:29 +02:00
Hans Dedecker
fc859fb44b iproute2: add libgenl.h and ll_map.h to InstallDev section
Commit f4e312ddf8 adds libnetlink to
staging dir but did not add the header files libgenl.h and ll_map.h
which define functions belonging to libnetlink lib

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-04-08 20:53:44 +02:00
Matthias Schiffer
ea1855949b
iw: enable MESH ID in scan output
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.

Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-03-25 13:46:21 +01:00
Daniel Engberg
fd95397ee3 utils/tcpdump: Rework URLs
Add actual mirror and use main site as last resport
Source: http://www.tcpdump.org/mirrors.html

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-22 09:16:23 +01:00
Daniel Engberg
17987b9fa4 iperf3: Update to 3.1.7
Update iperf3 to 3.1.7

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-20 08:25:33 +01:00
Yousong Zhou
312b9dcd65 iproute2: fix ip monitor can't work when NET_NS is not enabled
The bug appeared in v4.1.0 and was fixed since v4.8.0

Fixes FS#620

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-19 12:41:13 +08:00
Daniel Engberg
902590e175 curl: Adjust URLs
Update mirror list, add main site as last resort
Source: https://github.com/curl/curl-www/blob/master/latest.pl

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-03-15 22:49:09 +01:00
Felix Fietkau
2f09a1e3c9 iwcap: fix handling kill signal during dump
Do not run another loop iteration before checking the stop flag

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-14 13:29:03 +01:00
Hauke Mehrtens
c481774298 curl: update to version 7.53.1
This fixes the following security problem:
* CVE-2017-2629 SSL_VERIFYSTATUS ignored

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 21:03:07 +01:00
Felix Fietkau
055e9dfb58 xtables-addons: fix build error on ARC
The kernel unconditionally pulls in a header file that defines
'current', which conflicts with the lua extension code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-12 15:06:50 +01:00
Florian Fainelli
30159b3886 rssileds: Fix build with external toolchains
Pass down TARGET_CPPFLAGS for path to header files, and append the
libraries we depend on in TARGET_LDFLAGS. Put TARGET_LDFLAGS at the end
of the command line as is required by modern GCC/binutils.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-03-01 17:19:52 -08:00
Hsing-Wang Liao
a29163faab wireless-tools: Change download url to github
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-02-28 20:22:10 +01:00
Kevin Darbyshire-Bryant
c8ac9c09f9 iftop: bump to latest upstream
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-26 08:41:08 +01:00
Felix Fietkau
3e41afda56 iw: sync nl80211.h with mac80211 package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:17:45 +01:00
Ansuel Smith
d1a75c5161 ebtables: update to last commit
Refreshed patches

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-02-15 11:28:57 +01:00
Felix Fietkau
c22255e50e tcpdump: fix tcpdump-mini build on glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:24 +01:00
Daniel Engberg
2faa1edd91 iperf3: Update to 3.1.6
Update to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-02-09 12:26:36 +01:00
Hauke Mehrtens
985c90d102 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:33:58 +01:00
Felix Fietkau
a112786acb xtables-addons: update to version 2.12
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 17:49:53 +01:00
Kevin Darbyshire-Bryant
bdd1fad9e3 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-30 16:30:41 +01:00
Kevin Darbyshire-Bryant
a40f3f90d6 iproute2: cake: add 'mpu' minimum packet length support
Add 'mpu' minimum length packet size parameter for scheduling/bandwidth
accounting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-26 15:46:01 +01:00
Stijn Segers
b65572fee9 curl: fix HTTPS network timeouts with OpenSSL
Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:39:42 +01:00
Felix Fietkau
f44663c673 uqmi: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:09 +01:00
Felix Fietkau
185b06f04a umbim: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
1ca31b0931 comgt: mark as nonshared because of the usb dependencies
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-13 12:08:08 +01:00
Felix Fietkau
1ad30be982 Revert the recent dependency and metadata scanning rework
This reverts the following commits:
fbe522d120
278ad007ee
863888e44f
96daf6352f
cfd83555fc

This seems to trigger some mconf bugs when built with all feeds
packages, so I will try to find a less intrusive solution before the
release.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-11 19:48:09 +01:00