Commit Graph

13114 Commits (12a0da6315e66045be68270b6e564316c14a3347)

Author SHA1 Message Date
Jo-Philipp Wich c6e79980b8 build: fix triggering opkg/host compilation
Commit 131db36 "build: remove separate /install step for host builds" dropped
the package/*/host/install targets in favor to performing the install steps
within the compile target instead.

Adjust package/Makefile accordingly in order to prevent a missing
staging_dir/host/bin/opkg when staging package archives into the rootfs.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-09 15:42:20 +02:00
Felix Fietkau 5866ff8be8 libubox: fix host build on macOS
Use the defaults instead of a custom non-portable Host/Install section

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-08 14:49:05 +02:00
Jo-Philipp Wich 293c54c567 libubox: add host build
Our opkg fork requires libubox to build, so add a host build for it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-08 14:48:55 +02:00
Jo-Philipp Wich 5aa97e35de opkg: switch to LEDE fork (#120, #551, #571)
Cherry-pick the following commits from master to bump opkg in LEDE 17.01:

b65dc04712 opkg: switch to own fork to improve memory usage
55ffc38004 opkg: re-enable usign support
19720a6f03 opkg: fix handling conffiles in status lists
9e4555f58d opkg: fix stray printf() (#551)
ebf846b005 opkg: mark as essential (FS#571)
aedd5d5cb0 opkg: fix several package installation bugs
48ae44d033 opkg: gracefully handle missing $PATH, fix build warnings
1449b52f02 opkg: backport upstream fixes, code cleanups

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-04-08 14:31:27 +02:00
Felix Fietkau 7099bb19b5 mt76: ensure that the metapackage gets built as .ipk
Fixes errors during the image builder run

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-05 23:39:23 +02:00
Felix Fietkau 47bf110cbb mac80211: backport an upstream fix for queue start/stop handling
Fixes issues with 802.11s

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-04-03 15:12:50 +02:00
Piotr Dymacz a49503bbc7 sysntpd: restore support for peer-less (standalone) mode
ntpd from Busybox supports peer-less (standalone) mode when it's started
with option -l and without any peer provided with option -p. In this
mode ntpd uses local time as reference and acts as stratum 1 server.

This mode can be used in isolated networks, where Internet access and/or
other NTP server/s are not available, but the device has some other way
of getting correct time, like e.g. GPS (ugps supports setting local time
by default).

Support for this mode was incorrectly disabled/removed in:
1527f96ca6

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2017-04-02 15:09:09 +02:00
Piotr Dymacz 0cb669b469 ugps: fix and improve init script
The ugps tool expects device path in last argument. If it's provided
before other options, they won't be processed at all.

Additionally, make it possible to use absolute path for gps character
device in related uci configuration.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2017-04-02 15:09:09 +02:00
Hauke Mehrtens 1adc6db036 ubox: fix sha256 mirror hash
Commit 5c20a4fec9 ("ubox: turn logd into a separate package") changed
the PKG_SOURCE_DATE which is also included in the tar file. This change
resulted in a new tar with a different hash, but the sha256 hash was not
updated. Fix the sha256 hash value in this commit to match what would be
created from git and what is already on the mirror.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-03-30 22:34:49 +02:00
Hauke Mehrtens 298c40fd34 odhcpd: fix sha256 sum
The sha256sum added in commit b8567cb44e ("odhcpd: update to git HEAD
version (FS#396)") does not match the sha256sum of the file on the mirror or
when I clone it. Update the sha256 sum to the correct value.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2017-03-30 22:00:48 +02:00
Yousong Zhou 910a9430a0 firewall: document rules for IPSec ESP/ISAKMP with 'name' option
These are recommended practices by REC-22 and REC-24 of RFC6092:
"Recommended Simple Security Capabilities in Customer Premises Equipment
(CPE) for Providing Residential IPv6 Internet Service"

Fixes FS#640

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-28 17:46:30 +08:00
Matthias Schiffer 1b94737824
iw: enable MESH ID in scan output
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.

Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-03-25 14:55:10 +01:00
Yousong Zhou 0d304d4228 busybox: vi: backporting patches to fix ZZ and :x command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-25 13:23:58 +08:00
Rafał Miłecki 474c31a20d umdns: update to the version 2017-03-21
This includes following changes:
480d7bc Fix sending unicast questions on cache expire
a0403cd Keep source sockaddr for every cached DNS record
1478293 Fix code freeing cached non-A(AAA) records too early
9f1cc22 Fix replying to "QU" questions received on unicast interface
943bedb Fix reading port of incoming packets
c725494 Use MCAST_PORT define for port 5353
ce7e9e9 Use one define for DNS-Based Service Discovery service name
e1bacef Drop entries cached for interface we're going to delete
496aeba Fix comment typo in cache_gc_timer
f89986b Fix refreshing cached A(AAA) records that expire

Previous updates made umdns work as expected on startup but there were
still many bugs. They were mostly related to runtime - cache management
and requests + responses. E.g. umdns was never able to send question on
DNS record expire. It was also ignoring all incoming unicast questions.

Since these issues are quite serious it makes sense to backport this
update to the stable branch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-24 06:51:45 +01:00
Rafał Miłecki ba076ebbc5 umdns: update to the version 2017-03-14
This includes 3 cleanups:
fd5a160 Don't cache hosts as services
80dd246 Refresh DNS records A and AAAA directly
6515101 Access cached records (instead of services) to read list of hosts

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-24 06:51:44 +01:00
Yousong Zhou 0f23e80c27 iproute2: fix ip monitor can't work when NET_NS is not enabled
The bug appeared in v4.1.0 and was fixed since v4.8.0

Fixes FS#620

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-03-19 12:42:16 +08:00
Hauke Mehrtens 111cf1b9f3 curl: fix CVE-2017-2629 SSL_VERIFYSTATUS ignored
This fixes the following security problem:
https://curl.haxx.se/docs/adv_20170222.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 22:51:20 +01:00
Hauke Mehrtens c4ed92ae7d mbedtls: update to version 2.4.2
This fixes the following security problems:
* CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
* SLOTH vulnerability
* Denial of Service through Certificate Revocation List

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-03-13 22:35:48 +01:00
Álvaro Fernández Rojas 7d70ad66ac mac80211: mwifiex-sdio: select DRIVER_11AC_SUPPORT
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-11 20:34:52 +01:00
Álvaro Fernández Rojas 7ae68124a4 mac80211: mwifiex-pcie: select DRIVER_11AC_SUPPORT
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-11 20:34:52 +01:00
Henryk Heisig c03083339a mac80211: add support for Marvell 802.11n/802.11ac SDIO Wireless cards
This adds option to build kernel module and firmware packages
for a Marvell 8887 SDIO Wireless device

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-11 20:34:03 +01:00
Rafał Miłecki 0eed4a61b9 umdns: update to the 2017-03-10 version
This fixes crash in interface_start caused by freeing interface in
interface_free without stopping a timeout.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-03-10 13:09:54 +01:00
Álvaro Fernández Rojas b3ba3764d0 brcm2708-gpu-fw: update to latest version
This is needed in order to add support for the new RPi Zero W

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-03-08 09:28:19 +01:00
Jo-Philipp Wich 20a2db83de ppp: propagate master peerdns setting to dynamic slave interface
Honour the parent interfaces peerdns option when spawning a virtual DHCPv6
interface in order to avoid pulling in IPv6 DNS servers when the user opted
to inhibit peer DNS servers in the configuration.

Fixes #597.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-03-07 11:27:27 +01:00
Hsing-Wang Liao 21903d056e wireless-tools: Change download url to github
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-03-01 20:37:37 +01:00
Alif M. Ahmad f0e8470aa9 grub2: update to 2.02~rc1
Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
2017-03-01 20:37:37 +01:00
Kevin Darbyshire-Bryant 1b2a54b5cd iftop: bump to latest upstream
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-03-01 20:37:37 +01:00
Ben Kelly 3d52251df4 swconfig: Bugfix switch_port uci option parsing
When not defining 'device' or 'vlan' in relevant switch_port uci
sections, behaviour is inconsistent due to *devn, *port and *vlan
pointers not being zero initialized.

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-03-01 20:37:37 +01:00
Felix Fietkau df041b6520 netifd: fix stopping netifd + interfaces
stop() is overwritten by rc.common, so implement stop_service instead.
While at it, remove the now unnecessary restart() override

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:37 +01:00
Martin Schiller 87e021e6e3 libpcap: add optional netfilter support
This is needed to use the nflog interface with tcpdump

Signed-off-by: Martin Schiller <mschiller@tdt.de>
2017-03-01 20:37:37 +01:00
Felix Fietkau 0f2757dce4 px5g: replace px5g-standalone with a statically linked variant of px5g-mbedtls
px5g-standalone only supports SHA1 for certificates, which is strongly
deprecated. The new px5g-standalone is about 27k bigger (compressed),
and has identical behavior to px5g-mbedtls (it uses SHA256).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:37 +01:00
Felix Fietkau 2e8545333a mbedtls: add --function-sections and --data-sections to CFLAGS
This allows binaries that links these libraries statically to be reduced
by using --gc-sections on link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:37 +01:00
Hsing-Wang Liao b036a22fcc kernel: add Chinese codepages
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
2017-03-01 20:37:36 +01:00
Felix Fietkau db7f80c587 libpcap: remove feature dependencies on kmod-* packages
USB support could be built into the kernel as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:36 +01:00
Ansuel Smith 00e4f6fd36 ebtables: update to last commit
Refreshed patches

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2017-03-01 20:37:36 +01:00
Daniel Albers 8aa92deaf6 hostapd: mv netifd.sh hostapd.sh
same name for the file on the host and target

Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
2017-03-01 20:37:36 +01:00
Pavel Kubelun 2856c7e320 ath10k-firmware: update qca9984 firmware
Bump qca9984 firmware.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-03-01 20:37:36 +01:00
Ulrich Weber 3983b4ad0f ppp: honor ip6table for IPv6 PPP interfaces
as we do for IPv4 PPP interfaces. When we create the
dynamic IPv6 interface we should inherit ip6table from
main interface.

Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
2017-03-01 20:37:36 +01:00
Florian Eckert 352f92fe08 ppp: add pppoe-discovery to an independent package
pppoe-discovery performs the same discovery process as pppoe, but does
not initiate a session

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-03-01 20:37:36 +01:00
David Pinilla Caparrós 31c2461e3f base-files: Added a deprecation notice on wifi detect
When running wifi detect, the user will be told on error output that
wifi detect is deprecated, that wifi config must be used instead. Also
the commit that changes it is referenced for further info.

Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
2017-03-01 20:37:36 +01:00
David Pinilla Caparrós 8bb839e85a base-files: Add wifi config to wifi command usage
Since commit 5f8f8a3661 wifi detect does
not longer work and wifi config it's used to configure not yet
configured wireless devices.

This commit changes command usage to reflect that change.

Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
2017-03-01 20:37:36 +01:00
Ben Kelly e1e9d27655 uclibc++: patch bugfix erase() on derived __base_associative
When calling erase() on a containers derived from __base_associative
(e.g. multimap) and providing a pair of iterators a segfault will
occur.

Example code to reproduce:

	typedef std::multimap<int, int> testmap;
	testmap t;
	t.insert(std::pair<int, int>(1, 1));
	t.insert(std::pair<int, int>(2, 1));
	t.insert(std::pair<int, int>(3, 1));
	t.erase(t.begin(), t.end());

Signed-off-by: Ben Kelly <ben@benjii.net>
2017-03-01 20:37:36 +01:00
Felix Fietkau 37b0d547db ath10k-firmware: revert faulty PKG_SOURCE_DATE change from 7cb27b46
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-03-01 20:37:35 +01:00
Pavel Kubelun e591831430 ath10k-firmware: update qca9984 firmware and board data
Fixes firmware crash in rare cases and a bug
ath10k_pci 0001:01:00.0: received unexpected tx_fetch_ind event: in
push mode
for those who kept experiencing it after previous firmware update.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
2017-03-01 20:37:35 +01:00
Ben Greear 8a3ac15a47 ath10k-ct: Support ath10k CT firmware for 9887 chipsets.
And, update support for 9880 chipsets.  The new firmware
fixes a regression with EAPOL 4/4 packets added in
a recent commit.

It also fixes a case where the firmware would improperly try
to use STBC when configured for 1x1 (as 9887 always is).

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-03-01 20:37:35 +01:00
Chris Blake 9451cd7c5b leds-apu2: Add PC Engines APU2 LED driver
This adds support for the PCB LEDs and Reset Button found on the PC
Engines APU2/APU3 embedded boards.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-03-01 20:37:35 +01:00
Koen Vandeputte 65b05463d7 netfilter: re-enable TEE support for kernel 4.4
It got disabled in commit 4454a3fb63
but works nicely these days.

Tested on cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-03-01 20:37:35 +01:00
Chris Blake 2b122a6750 gpio-nct5104d: Add nct5104d driver package
This adds support for the SuperIO chip nct5104d found on the PC Engines
APU boards, which allows for a handful of additional ports, such as 2x
additional UART pinouts, enabling an external watchdog (no driver for
this functionality yet), and 16 GPIO pins. More info can be found at
https://pcengines.ch/ht_gpio.htm

Thanks to @feckert for helping package this.

Cc: Florian Eckert <Eckert.Florian@googlemail.com>

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2017-03-01 20:37:35 +01:00
Mathias Kresin c5d8d8fd64 x86: drop ep80579-drivers
The subtarget on which the driver still depends was removed with
dee8986b95 because it was unmaintained
for a long time.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-03-01 20:37:35 +01:00
Daniel Golle 83d3e393bf 6in4: add missing colon when setting default ca_path
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-03-01 20:37:35 +01:00
John Crispin ee1cd31d2b procd: update to latest git HEAD
5f91241 procd: add cancel_timeout on rc scripts when a runtime_timeout is specified
961dc69 procd: stop service using SIGKILL if SIGTERM failed to do so

Fixes FS#516.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 946d1dfb87)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-03-01 12:10:06 +01:00
Felix Fietkau bc61c1328d procd: update to the latest version
Fixes compatibility issues with glibc 2.25

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2ffb80bc9f)
2017-03-01 12:10:06 +01:00
Jo-Philipp Wich 709c326461 hostapd: fix feature indication
- Fix eap test to work with standalone hostapd builds
 - Fix 11n test to check the correct define
 - Add 11ac, 11r and 11w tests

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-03-01 01:18:58 +01:00
Yousong Zhou ef5cb964b1 relayd: fix making incomplete instance json data
Defer procd_open_instance only after validity check passed.

Fixes FS#541

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:25 +08:00
Yousong Zhou 77fb98ee41 relayd: remove old start-stop-service related code
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:24 +08:00
Yousong Zhou b24273fe71 ppp: ppp6-up: add executable permission bit
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:24 +08:00
Yousong Zhou 5f5fae27b5 mac80211: hwsim: select DRIVER_11AC_SUPPORT and DRIVER_11W_SUPPORT
This is required for default wireless configuration of malta target to
work out of the box again.  Fixes "77ece30e: hostapd: Add ability to
specify that that wireless driver supports 802.11ac"

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:38:24 +08:00
Brandon Koepke 2b22e1d5c3 openvpn: adding key_direction to append_params.
key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me.

Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
[Fixes FS#537]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-26 14:36:16 +08:00
Felix Fietkau 6cb46adbc9 ubus: update to the latest version
c09e4f0 ubusd: fix incomplete copy of shared buf during queue-ing
453b87f cli: add support for subscribing to objects
6eb3c96 cli: do not use default timeout for listen
dfe3383 libubus: reset ctx->sock.error when doing ubus reconnect
34c6e81 cli: fix listen_timeout compile issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:15:46 +01:00
Felix Fietkau fdc22b616c ubus: update to the latest version
Adds the following fixes:

91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:11:24 +01:00
Ted Hess 4c9b45966e libubox: Update to latest version
9d6305a utils: Change calloc_a() to return size_t aligned pointers

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-02-25 11:10:41 +01:00
Felix Fietkau 67c2a176ce libubox: update to the latest version
Adds the following changes:

de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-25 11:10:35 +01:00
Felix Fietkau bf53a8327f acx-mac80211: fix scan API error that could lead to a crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 15:03:48 +01:00
Felix Fietkau f1336d2a70 iw: sync nl80211.h with mac80211 package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau 703515f889 mac80211: sync with master branch as of 9edff13abd
Includes the following changes:
9edff13abd mac80211: disable potentially harmful PS software retry for A-MPDU sessions
75216a76b0 mac80211: backport upstream fix for CSA in IBSS mode
368cc8ef47 mac80211: update brcmfmac backporting brcmf_err cleanups
66a63d25c4 mac80211: fix build on linux 3.18
9eacb9d7fc rt2x00: mt7620: lots of improvements
fd94fa61a7 mac80211: brcmfmac: update Raspberry Pi patches for linux 4.9
649e766a64 mac80211: update to wireless-testing 2017-01-31
47540afa5d ath9k: add a warning to the tx99 config option
b367eef21d mac80211: rt2x00: add support for external LNA on MT7620
9200e168f2 mac80211: move (& update) upstream accepted brcmfmac patches

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau d27dd6298b ath10k-ct: depend on kmod-hwmon-core, it gets used when CONFIG_THERMAL is set
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:29 +01:00
Felix Fietkau 0ce2d5b6bf ath10k-ct: fix kernel api compatibility issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-24 12:22:28 +01:00
Ben Greear 09620c0825 ath10k-ct: Fix performance of 2x2 hardware running 3x3 firmware.
The driver had a bug when calculating the rateset.  This resolves
that and allows full VHT mcs rates on 2x2 hardware.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-02-24 12:22:28 +01:00
Joseph C. Lehner 0a3088cb4b mt76: split kmod package
This patch splits `kmod-mt76` into three separate packages:
`kmod-mt76-core`, `kmod-mt76x2` and `kmod-mt7603`. By making
`kmod-mt76` a metapackage containing these new packages,
the previous behaviour of including all drivers and firmware
is left unchanged, unless explicitly unselected in
`DEVICE_PACKAGES`.

This splitting is especially beneficial for devices with
small flash chips, since the `kmod-mt76` package currently
requires ~160K on squashfs (after compression).

Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
2017-02-23 17:34:14 +01:00
Baptiste Jonglez 59508e309e dnsmasq: Add upstream patch fixing SERVFAIL issues with multiple servers
This fixes FS#391 for lede-17.01

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-02-20 18:13:44 +01:00
Stijn Tintel 5612114090 Revert "px5g-standalone: provide px5g via PROVIDES"
This reverts commit cc66f819b4.

This commit causes opkg to install px5g-standalone instead of px5g when
installing luci-ssl. As luci-ssl depends on mbedtls, using
px5g-standalone makes no sense. Next to that, it creates deprecated SHA1
certificates. Revert the commit to avoid pxg5-standalone to be
installed by accident.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ca8aee0c57)
2017-02-20 15:17:20 +01:00
Alberto Bursi 4d1ab84f1e uboot-kirkwood: fix goflexhome/net bootcommand
Goflexhome/net use uImage, and to boot an uImage the u-boot
must use bootm command, not bootz.

Fixes the "i cannot boot LEDE with this u-boot" issue that I
found out myself with my goflexnet.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2017-02-19 21:00:19 +01:00
Felix Fietkau c835c9ebe5 uhttpd: use sha256 when generating certificates with openssl (FS#512)
Patch from attachment to FS#512

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-17 14:43:11 +01:00
Stijn Tintel 6ebb8723a6 dropbear: bump PKG_RELEASE
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 27040dbf89)
2017-02-17 12:31:52 +01:00
Joseph C. Sible f527436364 dropbear: enable SHA256 HMACs
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.

Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
(cherry picked from commit 0bf85ef048)
2017-02-17 12:31:39 +01:00
Cezary Jackiewicz 44aec27112 ugps: fix typo
Removing redundant spaces from the name of the option. Without fix:

root@LEDE:~# opkg install ugps
Installing ugps (2016-10-24-32a6b2b7-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01-SNAPSHOT/packages/mips_24kc/base/ugps_2016-10-24-32a6b2b7-1_mips_24kc.ipk
Configuring ugps.
uci: Parse error (invalid character in name field) at line 3, byte 23
uci: Parse error (invalid character in name field) at line 3, byte 23
sh: out of range
root@LEDE:~# uci show gps
uci: Parse error (invalid character in name field) at line 3, byte 23

With this fix:

root@LEDE:~# uci show gps
gps.@gps[0]=gps
gps.@gps[0].tty='ttyACM0'
gps.@gps[0].adjust_time='1'

Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
2017-02-16 09:54:14 +01:00
Felix Fietkau dbb8e04472 qos-scripts: fix module load commands (FS#438)
fq_codel is built-in, and xt_CONNMARK is provided by the xt_connmark
module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 14:02:04 +01:00
Rafał Miłecki df49e49bc7 mdns: update and rename package to the umdns
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).

This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-15 13:07:21 +01:00
Felix Fietkau b8c9ded999 build: add buildbot specific config option for setting defaults
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-15 11:37:13 +01:00
Sven Eckelmann d6d9f256ff package/uboot-envtools: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:54 +01:00
Sven Eckelmann e6057ed207 package/om-watchdog: add OpenMesh A40 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:53 +01:00
Sven Eckelmann 8785ebc471 package/uboot-envtools: add OpenMesh a60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:49 +01:00
Sven Eckelmann eb383710e2 package/om-watchdog: add OpenMesh A60 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:48 +01:00
Sven Eckelmann a3061e57e8 package/uboot-envtools: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:45 +01:00
Sven Eckelmann 8a35c489ad package/om-watchdog: add OpenMesh OM2Pv4/-HSv4 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2017-02-15 09:35:44 +01:00
Denis Osvald cbd69f7e4e procd: fix default timeout for reload trigger actions
Default trigger action timeout was added to procd.sh in commit f88e3a4c0
(procd: add default timeout for reload trigger actions)
However, the timeout value was not placed under the correct JSON-script
array nesting level and thus did not apply.

To fix this and make the timeout actually apply to the reload triggers,
we place it in the correct scope, that is the per-trigger array.

Fixes: f88e3a4c0a
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-02-15 09:35:12 +01:00
Felix Fietkau e967f4dd27 ath9k: fix various issues in the airtime-fairness implementation
Effects of the bugs could include memory corruption, tx hangs, kernel
crahes, possibly other things as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-12 14:27:21 +01:00
Hans Dedecker b8567cb44e odhcpd: update to git HEAD version (FS#396)
8df4253 ndp: harden netlink event socket error handling
b02f3e6 ndp: close proc file descriptor also during error handling
8a615ad npd: rework IPv6 relay logic (FS#396)
0129f79 config: restore interface defaults when cleaning interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:42:48 +01:00
Hans Dedecker 03ff2d7359 odhcpd: update to git HEAD version (FS#388)
3317c86 dhcpv6-ia: apply lease delete based on assignment bound state
df50429 odhcpd: properly handle netlink messages (FS#388)
83d72cf odhcpd: fix coding style

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-09 21:42:00 +01:00
John Crispin bd64568d27 procd: update to latest git HEAD
cdc3dab ujail: fix signal forwarding

Signed-off-by: John Crispin <john@phrozen.org>
2017-02-08 15:03:16 +01:00
Álvaro Fernández Rojas 86bd886697 brcmfmac: improve Raspberry Pi 3 stability
- Really disable power management (wrong config flags).
- Disable internal roaming engine.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2017-02-07 18:00:16 +01:00
Hauke Mehrtens 2ad4383b74 tcpdump: update to version 4.9.0
This fixes the following 41 security problems:
 + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
 + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
 + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
 + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
 + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
 + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
 + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
 + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
 + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
 + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
 + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
 + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
 + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
 + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
 + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
 + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
 + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
 + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
 + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
 + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
 + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
 + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
 + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
 + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
 + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
 + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
 + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
 + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
 + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
 + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
 + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
 + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
 + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
 + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
 + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
 + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
 + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
 + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
 + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().

The size of the package is only incread very little:
new size:
306430 tcpdump_4.9.0-1_mips_24kc.ipk
130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk

old size:
302782 tcpdump_4.8.1-1_mips_24kc.ipk
129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-02-06 22:34:28 +01:00
Rafał Miłecki 5c4b2eb3dd mac80211: brcmfmac: backport wowlan netdetect fixes
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect

It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.

One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki 52add1988c mac80211: brcmfmac: backport PSM watchdog improvements
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki c578da6198 mac80211: brcmfmac: backport minor code cleanups
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki 4b9bdb48d9 mac80211: brcmfmac: backport 4.10 fixes & typo fix
This includes memory leak fix in initialization path.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki 85d128f145 mac80211: brcmfmac: backport scheduled scan cleanup and chip support
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:49 +01:00
Rafał Miłecki e48b1c2c07 mac80211: brcmfmac: backport some old patches from 2016
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki e8f42223be mac80211: rename brcmfmac patches to use higher prefix
There are more patches to backport that should go before these.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-06 00:10:48 +01:00
Rafał Miłecki 36288db2fd mac80211: start hostapd with logging wpa_printf messages to syslog
Some debugging/error messages are printed using wpa_printf and this
change allows finally reading them out of the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:33:05 +01:00
Rafał Miłecki bc49d7902c hostapd: enable support for logging wpa_printf messages to syslog
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:31:02 +01:00
Rafał Miłecki a0bc62fe08 hostapd: backport support for sending debug messages to the syslog
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.

We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.

Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-02-05 22:29:56 +01:00
Hannu Nyman 1b51a49a9d ccache, samba36: fix samba.org addresses to use https
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.

Modernise links at the same time.

Also convert samba.org URL fields to have https.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-02 00:26:05 +01:00
Wilco Baan Hofman f8d8b60f1b Fix dependency for hostapd
Signed-off-by: Wilco Baan Hofman <wilco@baanhofman.nl>
2017-02-01 16:06:58 +01:00
Kevin Darbyshire-Bryant 4cd9625dd4 iproute2: cake: update cake support
Updated cake's tc patch to match the official cake repository
formatting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Kevin Darbyshire-Bryant 4f5ff0041a kmod-sched-cake: Bump to latest version
wash, mpu & some memory optimisation have now made it to the official
cake repository.

Point LEDE to the official repository.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 16:06:24 +01:00
Jo-Philipp Wich d1d970e235 libtool: don't clobber host libtool infrastructure
The libtool target package stages its files into the host staging directory
and moves the libltdl library parts from there into the target staging
directory afterwards.

By doing so, the package essentially renders the host libtool infrastructure
unusable, leading to the below error in subsequent package builds:

    libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool`

Prevent this problem by using a dedicated libltdl install prefix in order to
avoid overwriting and moving away preexisting files belonging to tools/libtool.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-02-01 16:05:52 +01:00
Hans Dedecker 786160cd76 odhcp6c: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 16:00:01 +01:00
Hans Dedecker 4d9106afa6 odhcp6c: update to git HEAD version
c13b6a0 dhcpv6: fix white space error
e9d80cc dhcpv6: trigger restart of DHCPv6 state machine when not
		receiving statefull options
c7122ec update README
419fb63 dhcpv6: server unicast option support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker 02d511818f odhcpd: use LEDE_GIT in package source url
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker 036cf93edf odhcpd: update to git HEAD version
c4f9ace odhcpd: decrease default log level to LOG_INFO
a6eadd7 odhcpd: rework IPv6 interface address dump
44965f1 odhcpd: extra syslog tracing

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:21 +01:00
Hans Dedecker cd99f3c744 odhcpd: update to git HEAD version
e447ff9 router: fix compile issue on 64 bit systems

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker ef170bff32 odhcpd: update to git HEAD version
237f1f4 router: convert syslog lifetime traces into LOG_INFO prio
da660c7 treewide: rework prio of syslog messages
0485580 ndp: code cleanup
c5040fe router: add syslog debug tracing for trouble shooting
df023ad treewide: use RELAYD_MAX_ADDRS as address array size
c8ac572 ndp: don't scan netlink attributes in case of netlink route
event

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker fe253bcb99 netifd: update to git HEAD version
650758b interface-ip: route proto config support (FS#170)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Hans Dedecker 718c201b82 base-files: add /etc/iproute2/rt_protos
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-02-01 15:53:20 +01:00
Yousong Zhou 754f474568 base-files: uppercase default hostname: LEDE
The name will appear in shell prompt and LuCI page title.  Uppercase
letters seem to be more vigorous

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-02-01 15:40:20 +01:00
Bastian Bittorf be7480cb5a procd: update procd.sh to disallow signal-numbers, enforce signal-names
A given signal-name is now converted to the corresonding number. In general
it's good style to use names (readability) and it's more portable: signal
numbers can be architecture-dependent, so we are more safe giving names.

A real world example is signal 10, which is BUS on ramips and USR1 on PPC.

All users of 'procd_send_signal' must change their code to reflect this.

Signed-off-by: Bastian Bittorf <bb@npl.de>
2017-02-01 15:40:20 +01:00
Sven Roederer 7c5bc827b7 openvpn: ssl-enabled variants also provide a virtual openvpn-crypto package
When relying on x.509 certs for auth and / or encryption of traffic you can't
use package openvpn-nossl.
Just have your package depend on openvpn-crypto to have SSL-encryption and
X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use
virtual packge openvpn, which is provided by all OpenVPN-variants.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2017-02-01 15:40:20 +01:00
Kevin Darbyshire-Bryant acebb4a990 iproute2: cake: add 'mpu' minimum packet length support
Add 'mpu' minimum length packet size parameter for scheduling/bandwidth
accounting.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 15:40:20 +01:00
Kevin Darbyshire-Bryant 06fca0c48b kmod-sched-cake: add 'mpu' minimum packet length support
Add 'mpu' minimum packet length for scheduling/bandwidth accounting
purposes.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-02-01 15:40:20 +01:00
Steven Honson ff813588fd hostapd: default to wps_independent 1
Signed-off-by: Steven Honson <steven@honson.id.au>
2017-02-01 15:40:20 +01:00
Steven Honson 2f9568ac2a hostapd: expose wps_independent and ap_setup_locked as uci options
ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other
wps related uci options.

Signed-off-by: Steven Honson <steven@honson.id.au>
2017-02-01 15:40:20 +01:00
Gabe Rodriguez f9519636f5 mwlwifi: Fixes rewritten history hash and latest version
The author of the upstream mwlwifi edited the history of the previous commit.
This commit not only fixes the updated hash but also sends in the latest
commits he made to the code which are mainly testing.

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2017-02-01 15:40:20 +01:00
Hannu Nyman d7cae5f0b4 opkg: clarify messages and errors related to downloads
Clarify opkg's messages related to downloads:

* more visible error message for package list download failure
* separate error message for signature file download error
* if wget returns 4, signal the network error more clearly
* remove '.' from end of filenames and URLs

* try signature check only if the package list was downloaded ok.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2017-02-01 15:40:20 +01:00
Felix Fietkau b2cd9b80ef ubus: update to the latest version
Adds uloop related libubus fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 15:40:20 +01:00
Felix Fietkau 977eb2c019 ubus: update to the latest version
- Adds support for passing file descriptors in ubus invoke requests
- Fixes clearing pending timers on ubus_shutdown()
- Fixes checking the amount of written data in ubusd
- Fixes an ubusd crash when trying to subscribe to system objects

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-02-01 15:40:19 +01:00
Mathias Kresin b2437a02a4 base-files: don't overwrite model name set by target
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.

Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-02-01 07:40:09 +01:00
Felix Fietkau f4162bf3ca mt76: update to the latest version
Fixes DFS detection false positive issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 21:29:33 +01:00
Felix Fietkau 5f2a1ac59a ath9k: remove the deaf rx path state check patch
This needs to be refined and reworked before we can safely leave it
enabled by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 11:45:23 +01:00
Felix Fietkau 406f85a328 mdns: update to the latest version
- fixes unaligned acccesses, causing DNS parsing issues on ARMv5
- fixes service timeout handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-31 11:25:22 +01:00
Toke Høiland-Jørgensen b8fcbbf31d kmod-sched-core: Add HTB and TBF traffic shapers
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.

This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-01-29 15:13:21 +01:00
Magnus Kroken 69f773daa3 openvpn: add support for various new 2.4 configuration options
Updates to openvpn.init were included in early OpenVPN 2.4 patch
series, but got lost along the way and were never merged.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-01-28 20:20:02 +01:00
Hauke Mehrtens f5ab082243 openssl: update to version 1.0.2k
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-28 13:33:22 +01:00
Felix Fietkau 36db143690 ath9k: fix up a refcount imbalance error in the IRQ related fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-27 15:46:07 +01:00
Matthias Schiffer ecc362ed04
procd: update to latest git HEAD
0f58977 init: fix /tmp permissions on zram

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:12 +01:00
Matthias Schiffer a1f918cd92
base-files: fix user creation on sysupgrade with few opkg control files
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.

Add -s to suppress an error message when no control files exist.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-01-27 10:10:02 +01:00
Felix Fietkau f9022964cf ath9k: add stability fixes for long standing hang issues (FS#13, #34, #373, #383)
The radio would stop communicating completely. This issue was easiest to
trigger on AR913x devices, e.g. the TP-Link TL-WR1043ND, but other
hardware was occasionally affected as well.

The most critical issue was a race condition in disabling/enabling IRQs
between the IRQ handler and the IRQ processing tasklet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:17 +01:00
Felix Fietkau acd1795a60 mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:13 +01:00
Felix Fietkau a6f3ea5e84 Add back the commit "ath9k: Add airtime fairness scheduler"
This reverts commit c296ba834d.
According to several reports, the issues with the airtime fairness
changes are gone in current versions.
It's time to re-apply the patch now.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-25 17:28:10 +01:00
Rafał Miłecki e9d2173921 mac80211: brcmfmac: don't use uninitialize mem for country codes
There was a bug in brcmfmac patch that could result in treating random
memory as source of country codes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:46 +01:00
Rafał Miłecki 81f2196bb1 mac80211: move (& update) upstream accepted brcmfmac patches
These 3 patches are now in wireless-drivers-next tree.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-01-24 23:01:34 +01:00
Mathias Kresin 806d3cc2c3 packages: mark packages depending on a target as nonshared
The packages can't be build as shared packages due to the unmet
dependencies.

Fixes FS#418.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-01-24 19:59:55 +01:00
Jo-Philipp Wich b850218584 hostapd: fix stray "out of range" shell errors in hostapd.sh
The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized
$ieee80211r and $ieee80211w variables in a numerical comparisation, leading
to stray "netifd: radio0 (0000): sh: out of range" errors in logread when
WPA-PSK security is enabled.

Ensure that those variables are substituted with a default value in order to
avoid emitting this (harmless) shell error.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-23 14:56:20 +01:00
Jo-Philipp Wich ef08595c3f openvpn: let all openvpn variants provide a virtual openvpn package
Add PROVIDES:=openvpn to the default recipe in order to let all build variants
provide a virtual openvpn package.

The advantage of this approach is that downstream packages can depend on just
"openvpn" without having to require a specific flavor.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-21 23:05:54 +01:00
Kevin Darbyshire-Bryant 3a9926e40f kmod-sched-cake: fix parameter passing kernel/user space
The last two parameters passed between user space tc and kernel space
sched-cake were transposed due to a merge mistake in a parameter header
file.

As such, using a packet overhead figure was likely to set cake to wash
packet DSCP values.  Similarly, the DSCP wash flag was used as an offset
to the displayed packet overhead value.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-01-21 14:27:37 +01:00
Daniel Engberg 12392e5600 zlib: Update to 1.2.11
Update to 1.2.11 as suggested by upstream
Also add SF as primary source and main site as fallback

Note: SF doesn't carry the 1.2.11 update yet.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-01-21 14:27:23 +01:00
Jo-Philipp Wich cfb3ef3a97 lede-keyring: bundle latest usign certificates
Includes the public usign certificates used by the 17.01.* release builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-20 10:11:15 +01:00
Hans Dedecker c71e13a81a netifd: update to git HEAD version
a057f6e device: fix DEV_OPT_SENDREDIRECTS definition

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-01-17 14:07:47 +01:00
Stijn Segers 2ac776ac76 curl: fix HTTPS network timeouts with OpenSSL
Backport an upstream change to fix HTTPS timeouts with OpenSSL.
Upstream curl bug #1174.

Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
[Jo-Philipp Wich: reword commit message, rename patch to 001-*]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 19:41:08 +01:00
Jo-Philipp Wich 1e1e3ef2fb LEDE v17.01: set branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-01-16 18:56:07 +01:00