Commit graph

11740 commits

Author SHA1 Message Date
Michal Hrusecky
f6adbdf3cd openssl: Update to version 1.0.2h
Bump to the latest version, fixes several security issues:
 * CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-05-04 13:00:31 +01:00
Jo-Philipp Wich
4076d863bd firewall3: fix mark rules for local traffic, fix race condition
Update to latest HEAD in order to fix MARK rule generation for local traffic,
also fix a possible race condition during firewall start.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-05-02 18:46:30 +01:00
Gergely Kiss
a2b555189b libiconv: add all ASCII aliases
This patch adds missing ASCII aliases to the libiconv stub in order to avoid conversion errors like https://github.com/openwrt/packages/issues/2373

Signed-off-by: Gergely Kiss <mail.gery@gmail.com>
2016-05-02 18:35:35 +01:00
Hans Dedecker
6a06cd8331 xtables-addons: Avoid redefinition of SHRT_MAX in lua packet script
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-05-02 18:28:01 +01:00
Jo-Philipp Wich
a6f76bffd8 signing: remove unatteded build key and use current keyring instead
Remove the public unatteded buildkey from the opkg package to avoid
having hardcoded keys in tree. Use the external keyring package instead
which can be easily updated by users.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-30 20:39:23 +02:00
John Crispin
33de8c77e2 fstools: fix snapshot support
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:46 +02:00
John Crispin
0fae7270cf fstools: update to latest git HEAD
fixes snapshot support

Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
4a8e960c62 base-files: fix group/user settings after sysupgrade
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
ed07ef1601 base-files: split user/group addition code into a function
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
c9e3cd798d fstools: update to latest git HEAD
this adds the remount command to the block tool

Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
d72e538e89 base-files: add new public key used by unattended builds
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
a13f47760c base-files: add a conditional dependency to lede-keyring
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
John Crispin
d2e4caf343 lede-keyring: add the developer public keyring
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-29 04:15:34 +02:00
Hans Dedecker
ec9f6fe04d ppp: Add ppp-mod-passwordfd subpackage to ppp
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:50:41 +02:00
Hans Dedecker
ce9e5e16ff dnsmasq: Add conntrack support in the full variant
Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:50:20 +02:00
Hans Dedecker
16122117a5 dropbear: Add procd interface triggers when interface config is specified
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:49:37 +02:00
Hans Dedecker
b3f6c4b3ac iproute2: Add package for nstat utility
Add support for the command line utility nstat displaying network statistics

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:49:17 +02:00
Hans Dedecker
7545c1d96b dropbear: Make utmp and putuline support configurable via seperate config options
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:47:48 +02:00
Hans Dedecker
a83f049b5b netifd: Add configurable DHCP release behavior
Make sending a DHCP release configurable when the client exits allowing to clean up
IP/mac state info in intermediate devices.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-04-28 13:44:47 +02:00
Hans Dedecker
312cb987f9 xtables-addons: Fix Lua packet script implementation
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
2016-04-28 11:45:43 +02:00
Jo-Philipp Wich
07bdd30906 package: remove duplicate lines from otrx and nvram makefiles
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-26 23:28:17 +02:00
Jo-Philipp Wich
b04a25491f package: flag further target specific packages as nonshared
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-26 23:26:43 +02:00
Jo-Philipp Wich
69ccef03f9 package: mark nvram and otrx nonshared as they're target specific
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-26 23:09:12 +02:00
Álvaro Fernández Rojas
0ab31bfced brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-24 13:00:11 +02:00
Jo-Philipp Wich
4c60a6f803 opkg: fix use-after-free with duplicate packages on the command line
When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-23 14:03:50 +02:00
Jo-Philipp Wich
9531e0fce5 package: fix toolchain ipk flags
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-22 12:20:47 +02:00
Jo-Philipp Wich
37de17c379 linux: kmod-e100: use preconverted firmware files
Instead of converting the firmware files ourselves, use the files
generated during the normal kernel build process. This fixes packaging
kmod-e100 in the SDK environment.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-21 16:39:59 +02:00
John Crispin
528ffec3cd base-files: remove ununsed login.sh
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-19 20:42:34 +02:00
John Crispin
b4e33a1c08 base-files: Allow to disable failsafe mode
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
2016-04-19 10:07:35 +02:00
John Crispin
dc92917409 image / basefiles: make console password configurable
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Signed-off-by: John Crispin <john@phrozen.org>
2016-04-18 21:53:07 +02:00
John Crispin
5e85ae9e4c base-files: fix error message during boot
preinit spews out this message

"cat: can't open '/proc/device-tree/model': No such file or directory"

Signed-off-by: John Crispin <john@phrozen.org>
2016-04-11 11:58:57 +02:00
Álvaro Fernández Rojas
9dee77795d brcm2708-gpu-fw: improve package version and release
Use git revision as package release and date for package version.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-16 11:27:56 +02:00
Álvaro Fernández Rojas
2cd1f5a0db brcmfmac43430-firmware: improve package version and release
Use git revision as package release and date for package version.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-16 11:25:56 +02:00
Jo-Philipp Wich
abc828b085 openssl: fix wrong build target strings
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-15 07:40:31 +02:00
Jo-Philipp Wich
addfc0efdd uclibc++: add hack to fix failing patch
One of the patched files, include/unwind-cxx.h, contains windows newlines
which lead to the following failure:

  Applying ./patches/006-eabi_fix.patch using plaintext:
  patching file include/typeinfo
  patching file include/unwind-cxx.h
  Hunk #1 FAILED at 173 (different line endings).
  Hunk #2 FAILED at 181 (different line endings).

Add a fixup command to the prepare phase which normalizes the line endings
before applying source patches.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-14 18:27:12 +02:00
Jo-Philipp Wich
9e04019024 package: flag essential components as nonshared
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-06 22:38:47 +02:00
Jo-Philipp Wich
32a0b8c104 include/version.mk: rework repository url handling
- Add %A placeholder for substituting the package architecture
- Change %U placeholder to refer to the toplevel repository URL
- Construct package feed URLs relative to the toplevel one to match new layout

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-13 00:31:15 +02:00
Jo-Philipp Wich
5170393f8c include: choose package output directory based on repository info
Use the new repository metadata field to choose the output directory of the
final package archives.

Non-sharable packages will be placed in the per-target package directory
while the rest will be placed in a per-repository sub directory within the
$OUTPUT_DIR/packages/$CPU_TYPE/ prefix.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-06 21:55:44 +02:00
Álvaro Fernández Rojas
59e0e88c22 brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-07 21:25:01 +02:00
Álvaro Fernández Rojas
f233664faa brcm2708-gpu-fw: update to latest version
This update also adds individual download of firmware files instead of fetching
every file on the repository (10-MiB vs 100+MiB).
Also copy Linux license from kernel directory instead of using the rpi-firmware
one.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-01 13:37:33 +02:00
Álvaro Fernández Rojas
8d5160bf5d brcmfmac43430-firmware: use @GITHUB download alias
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2016-04-03 22:05:55 +02:00
Jo-Philipp Wich
5a7c064bdb busybox: fix setting the kernel timezone
The settimeofday() syscall wrapper provided by musl filters out the timezone
argument, breaking the ability to set the kernel timezone through the function.

Adjust busybox patch to issue the syscall directly in order to circumvent the
problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-03-31 15:26:42 +02:00
Hans Dedecker
81a5f1ac9e netifd: Send DHCP release when client exits
Let DHCP client send a release when it exists so the DHCP server is
informed the IP address is released and allowing to clean up IP/mac
state info in intermediate devices.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2016-03-31 12:18:29 +02:00
Jo-Philipp Wich
3df4eaf22b uci: commit through symlinks
Update to latest HEAD in order to not clobber symlinks in /etc/config on
uci commit.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-03-31 02:09:53 +02:00
Jo-Philipp Wich
564330e013 netifd: fix default ip rules
Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading
to unexpected policy rule precedence.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-03-31 00:05:02 +02:00
John Crispin
fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
John Crispin
be1985471e zynq: Add Zybo device support
Signed-off-by: Jason Wu <jason.wu.misc@gmail.com>

SVN-Revision: 49257
2016-04-26 11:44:29 +00:00
John Crispin
869d3adc37 Zynq: Add Zedboard device support
Tested-by: Joe Zhang <jz21082@gmail.com>
Signed-off-by: Jason Wu <jason.wu.misc@gmail.com>

SVN-Revision: 49256
2016-04-26 11:44:26 +00:00
John Crispin
3481d0d793 dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

SVN-Revision: 49252
2016-04-26 11:44:10 +00:00
John Crispin
1a1bb3aaff mac80211: ath9k: add GPIO support for AR9280 chip
Enable access to GPIO on Atheros wireless chip AR9280.
Support for 9280 is added to existing 9285/9287 subsystem
because these 3 chips differ only in number of GPIO pins.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>

SVN-Revision: 49251
2016-04-26 11:44:07 +00:00