Commit Graph

13026 Commits (760185972f9aace293ee4b1863bf1c858d4bf5aa)

Author SHA1 Message Date
Alberto Bursi 760185972f uboot-envtools: add nsa325 envs
adding nsa325 envs for consistency with other kirkwoods

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-11 21:16:28 +01:00
Felix Fietkau 9827c3e9b9 gdb: update to version 7.12.1, fix glibc 2.25 build issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 20:34:33 +01:00
Felix Fietkau dc4844b18b pppd: fix compile issues with glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 19:33:35 +01:00
Felix Fietkau 412e0bbf25 perf: avoid picking up a dependency on libunwind
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:37 +01:00
Felix Fietkau 9859a1d953 ugps: update to the latest version, fixes build error with glibc
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:32 +01:00
Felix Fietkau c22255e50e tcpdump: fix tcpdump-mini build on glibc 2.25
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:24 +01:00
Felix Fietkau de07a99447 fstools: update to the latest version
Fixes compatibility issues with glibc 2.25

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:18 +01:00
Felix Fietkau 2ffb80bc9f procd: update to the latest version
Fixes compatibility issues with glibc 2.25

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 18:07:11 +01:00
Alexey Brodkin a3408a5271 toolchain/uclibc: Bump version to 1.0.22
Important change was made in 1.0.18: all sub-libs were merged
in one and only libc similarly to musl.

See [1] for more details.

To support that we had to remove refences to those sub-libs like
libpthread, libcrypt, libdl, libm, libutil etc.

[1] http://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=29ff9055c80efe77a7130767a9fcb3ab8c67e8ce

Signed-off-by: Alexey Brodkin <Alexey.Brodkin@synopsys.com>
2017-02-11 15:38:39 +01:00
Tim Harvey 092f2c14bd imx6: move to Linux 4.9 kernel
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-11 15:38:11 +01:00
Joseph C. Sible 0bf85ef048 dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
2017-02-10 11:05:57 +01:00
Rafał Miłecki 368cc8ef47 mac80211: update brcmfmac backporting brcmf_err cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-10 00:40:49 +01:00
Hans Dedecker be4842f5de odhcpd: update to git HEAD version (FS#396)
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:20:44 +01:00
Felix Fietkau 7096ed58fd kernel: remove kmod packages for bridge, stp, llc and 8021q
Remove CONFIG_VLAN_8021Q overrides for two targets
These features are built into the kernel image for all targets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-09 14:49:34 +01:00
Felix Fietkau 66a63d25c4 mac80211: fix build on linux 3.18
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-09 14:22:26 +01:00
Felix Fietkau d826af2cbb build: make <subdir>/install opt-in, use it for target/ only
Fixes buildbot errors on running make target/install or
toolchain/install

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-09 13:51:35 +01:00
Ben Kelly da0b9110fc uclibc++: patch bugfix erase() on derived __base_associative
When calling erase() on a containers derived from __base_associative
(e.g. multimap) and providing a pair of iterators a segfault will
occur.

Example code to reproduce:

	typedef std::multimap<int, int> testmap;
	testmap t;
	t.insert(std::pair<int, int>(1, 1));
	t.insert(std::pair<int, int>(2, 1));
	t.insert(std::pair<int, int>(3, 1));
	t.erase(t.begin(), t.end());

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-02-09 12:26:55 +01:00
Alberto Bursi a9d347c11c uboot-kirkwood: fix goflexhome/net bootcommand
Goflexhome/net use uImage, and to boot an uImage the u-boot
must use bootm command, not bootz.

Fixes the "i cannot boot LEDE with this u-boot" issue that I
found out myself with my goflexnet.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-09 12:26:48 +01:00
Alberto Bursi a6ef5933f8 uboot-kirkwood: remove obsolete patches
all patches for CONFIG_SYS_GENERIC_BOARD are obsolete for
uboot 2016 sources.

Run-tested with the uboot of goflexnet, also the md5sum of
all other uboots is the same with or without these patches.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-09 12:26:42 +01:00
Daniel Engberg 2faa1edd91 iperf3: Update to 3.1.6
Update to 3.1.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-02-09 12:26:36 +01:00
Daniel Engberg 0af460b38c utils/e2fsprogs: Update to 1.43.4
* Update to 1.43.4
* Use xz tarball which saves about 2Mbyte in size

Changelog: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [use @KERNEL instead of hardcoded URL]
2017-02-09 12:26:25 +01:00
John Crispin 1f3de99547 procd: update to latest git HEAD
cdc3dab ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-09 09:14:45 +01:00
Daniel Golle 9eacb9d7fc rt2x00: mt7620: lots of improvements
This commit combines all the changes I've made on my staging tree
into a single commit fixing many issues with our patch for MT7620.

First of all, checkpatch.pl revealed numerous code style issues with
the patch, so fix all the white-space and commets. Also use
usleep_range instead of legacy timing and relax timing for VCO
calibration just like the vendor driver does.

Several line programming registers were commented out in the patch.
Originally this came from the features present but disabled by default
in the vendor's driver (RTMP_TEMPERATURE_CALIBRATION and
ADJUST_POWER_CONSUMPTION_SUPPORT). Remove the dead code for now, it can
easily be re-added if we actually intend to support those features.

Move values from mt7620_freqconfig type into the existing rf_channel
struct, this shouldn't be a new typedef and it is possible to use the
existing struct because rf_channel got 4 32-bit fields, so two of the
8-bit values from mt7620_freqconfig can easily be stored in the same
32-bit field.

Map values such that
Rdiv -> rf1
N    -> rf2
K    -> rf3[0:7]
D    -> rf3[8:15]
Ksd  -> rf4

This makes the channel switching logic already look a bit more like
what we are used to in rt2x00... Probably many of the read-modify-write
calls could still be replaced by macros intended for that.

iq calibration seems to be identical to RT5592, so just enable it.
Test shows that this improves things quite a lot, datarates went up
by a couple of megabits when running iperf, signal quality seems jumpy
in the first few seconds once a station connencts, the stabelizes on a
value significantly better than what it was before.

Add description to the patch and reference the original OpenWrt commit
by which it was added.

The patch now passes checkpatch.pl and can thus be discussed with the
upstream authors of the rt2x00 driver.

Funded-by: https://www.kickstarter.com/projects/1327597961/better-support-for-mt7620a-n-in-openwrt-lede/

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-02-08 22:21:26 +01:00
Hans Dedecker b516b38f2f odhcp6c: update to GIT head version
cfd986c odhcp6c: fix possible stack corruption when parsing proc if_inet6

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-08 11:12:39 +01:00
Álvaro Fernández Rojas fd94fa61a7 mac80211: brcmfmac: update Raspberry Pi patches for linux 4.9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 23:16:26 +01:00
Álvaro Fernández Rojas 6b5c3fd055 kernel: of-mdio: add missing dependency for linux 4.9
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 23:00:13 +01:00
Álvaro Fernández Rojas deb15cb23c brcmfmac: improve Raspberry Pi 3 stability
- Really disable power management (wrong config flags).
- Disable internal roaming engine.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 15:17:44 +01:00
Felix Fietkau 2a4d2e4519 mac80211: fix ath9k kernel crash with linux 4.9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-07 11:38:54 +01:00
Hauke Mehrtens 985c90d102 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:33:58 +01:00
Álvaro Fernández Rojas 196509b489 brcm2708-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-06 22:24:57 +01:00
Felix Fietkau 649e766a64 mac80211: update to wireless-testing 2017-01-31
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-06 12:27:12 +01:00
Kevin Darbyshire-Bryant 3bef96ef18 dnsmasq: update to dnsmasq 2.77test1
Bump to dnsmasq 2.77test1 - this includes a number of fixes since 2.76
and allows dropping of 2 LEDE carried patches.

Notable fix in rrfilter code when talking to Nominum's DNS servers
especially with DNSSEC.

A patch to switch dnsmasq back to 'soft fail' for SERVFAIL responses
from dns servers is also included.  This mean dnsmasq tries all
configured servers before giving up.

A 'localise queries' enhancement has also been backported (it will
appear in test2/rc'n') this is especially important if using the
recently imported to LEDE 'use dnsmasq standalone' feature 9525743c

I have been following dnsmasq HEAD ever since 2.76 release.
Compile & Run tested: ar71xx, Archer C7 v2

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 22:26:23 +01:00
Eric Luehrsen f9f6a21c81 dnsmasq: fix instances in dhcp_add()
ref commit 9525743c07
dnsmasq: make DHCPv6 viable for standalone dnsmasq install
Above commit broke instancing by missing filter_dnsmasq()
as part of the dhcp_add() execution.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
2017-02-05 22:26:22 +01:00
Arjen de Korte 07d5fc7ada dnsmasq: honor quietdhcp option for DHCPv6
Do not spam the syslog with DHCPv6 lease info if quietdhcp option
is selected. This already works for DHCPv4, make it work in the same
way for DHCPv6.

Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
[Originally written by Arjen de Korte on GitHub but had issues providing
a SoB in correct format.]
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-05 20:57:39 +01:00
Felix Fietkau 785f2a70da ubus: update to the latest version
Adds the following fixes:

91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:42:30 +01:00
Felix Fietkau da93c15fd2 libubox: update to the latest version
Adds the following changes:

de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:19:15 +01:00
Felix Fietkau a5990b1a39 mt76: update to the latest version, fixes a MAC address handling regression
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-04 10:17:42 +01:00
Felix Fietkau eccb2e5e59 acx-mac80211: fix scan API error that could lead to a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-03 12:35:44 +01:00
Brandon Koepke 9df777d181 openvpn: adding key_direction to append_params.
key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me.

Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
2017-02-03 05:10:09 +01:00
Jo-Philipp Wich c26ff034fc ubox: support quiet modprobe, support millisecond log timestamp accuracy
Update ubox to latest Git HEAD in order to import the following fixes:

ac2d43e kmodloader: support '-q' quiet option
f8d3d16 ubox: Add an option for more accurate timestamps in log

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-02 18:37:53 +01:00
Felix Fietkau 47540afa5d ath9k: add a warning to the tx99 config option
Lots of users try random stuff when they encounter any kind of
difficulty. I've had to debug a number of cases where people had enabled
this option for no reason. Hopefully this warning will reduce the number
of useless support cases.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-02 12:44:38 +01:00
Rafał Miłecki b622f40249 mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 11:35:46 +01:00
Rafał Miłecki 99d3774a3c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 10:04:57 +01:00
Rafał Miłecki 4491979dc9 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:59:23 +01:00
Rafał Miłecki 2a1d8c1f79 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:51:34 +01:00
Rafał Miłecki 863a06b0a4 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:49:35 +01:00
Rafał Miłecki 4e611ac5df mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:45:59 +01:00
Rafał Miłecki 52be05e190 mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-02 09:39:31 +01:00
Hannu Nyman eaf3fef946 ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:14:03 +01:00
Eric Luehrsen 9525743c07 dnsmasq: make DHCPv6 viable for standalone dnsmasq install
dnsmasq has sufficient services to meet the needs of DHCP
and RA with IP6 for single router router users. This is
the most common use for consumer routers. Its reenforced
as most ISP tend to only DHCP-PD /64. dnsmasq has year
over year demonstrated great flexibility in its option
set, and support for off-standard DHCP clients.

odhcpd has enhanced capabilities focused on IP6 such
as DHCP/RA relay and NDP proxy. However, it is not as
flexible in its option set. odhcpd is not as forgiving
with off-standard DHCP clients. Some points may represent
a long term TODO list, but it is the state currently.

These changes make any such combination possible. Already
odhcpd can be set as the main dhcp server. Now odhcpd
can be removed or disabled and dnsmasq will take over
if DHCPv6 compiled in. The existing DHCPv6 and RA UCI
are translated into dnsmasq.conf. The changes focus on
'--dhcp-range', '--dhcp-host', and '--dhcp-options'.

DHCP host ID is least 16 bits [::1000-::FFFF], but
leaves low range for typical infrastructure assignments.
dnsmasq accepts DHCPv6 options in the tranditional
'--dhcp-option' put they must be prefixed 'option6:'.
dnsmasq will also discover SLAAC DNS entries from DHCPv4
clients MAC, and confirm with a ping at least renew.

Long term TODO include improving use of dnsmasq relay
options for DHCPv4 and DHCPv6 in parallel. It would also
be possible to preconfigure DHCP-PD in host-with-options
records for fixed infrastructure.

Signed-off-by: Eric Luehrsen <ericluehrsen@hotmail.com>
[Jo-Philipp Wich: emit proper IPv6 hostid format in dhcp-host directive]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-02 00:13:49 +01:00