Commit Graph

14335 Commits (89b8ba96b404d2e412d5573e25348287255671dd)

Author SHA1 Message Date
Hans Dedecker 89b8ba96b4 openvpn: remove deprecated config options
Remove deprecated config options in 2.5 as described in [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-20 21:15:27 +01:00
Felix Fietkau e062bd8563 mac80211: avoid changing skb truesize in A-MSDU aggregation
Should fix recently reported data corruption issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-19 21:35:00 +01:00
Kevin Darbyshire-Bryant 745d0e7f4b iproute2: fix hidden uint to uin64_t promotion in json_print
print_int used 'int' type internally, whereas print_uint used 'uint64_t'

These helper functions eventually call vfprintf(fp, fmt, args) which is
a variable argument list function and is dependent upon 'fmt' containing
correct information about the length of the passed arguments.

Unfortunately print_int v print_uint offered no clue to the programmer
that internally passed ints to print_uint were being promoted to 64bits,
thus the format passed in 'fmt' string vs the actual passed integer
could be different lengths.  This is even more interesting on big endian
architectures where 'vfprintf' would be looking in the middle of an
int64 type.  Symptoms of this included tc qdisc showing bizarre values
for a variety of fields across a variety of qdiscs (e.g. refcnt, flows,
quantum)

print_u/int now stick with native int size.

A similar patch has been sent upstream.

Fixes FS#1425

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-19 11:40:01 +01:00
Kevin Darbyshire-Bryant b0b5d0aebb dnsmasq: bump to 2.79 release
94b6878 Tidy crypto.c of old library compat. Now need libnettle 3.
8b96552 Fix compiler warning.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-19 11:39:13 +01:00
Rosen Penev f4ea74abb6 curl: Update to 7.59
Compile tested on ar71xx.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-19 11:39:13 +01:00
Pawel Dembicki 5323477184 firmware: add JBOOT based devices config extractor
Adds tool to extract MAC and pre-calibration data required for JBOOT
based D-Link routers.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2018-03-18 22:22:38 +01:00
Hauke Mehrtens d11aa1d4af ltq-vdsl-mei: Fix section mismatch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-18 14:06:00 +01:00
Hauke Mehrtens 5587b8f451 ltq-deu: Fix section mismatches
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-18 14:06:00 +01:00
Jo-Philipp Wich becf58e080 e2fsprogs: fix InstallDev recipe
Create the correct bin directory before staging the host utilities.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-18 14:05:28 +01:00
Hauke Mehrtens e273860351 mtd: fix compile warnings
This callback should have one parameter less, this parameter is not used
so this was not a so big problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-18 00:59:18 +01:00
Hauke Mehrtens 5d3fbd5996 uboot-mxs: fix compile problems related to OpenSSL
Use the UBOOT_MAKE_FLAGS defined in include/u-boot.mk and do not
overwrite them to compile the host tools against the shipped LibreSSL.
In addition add a patch to fix a compile problem when compiling the
tools against LibreSSL caused by differences in the API between OpenSSL
1.1 and LibreSSL.

This should fix the compile problems seen in build bot from time to time
by not depending on the host libssl-dev package any more but using the
LibreSSL version from OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-17 23:22:40 +01:00
Hauke Mehrtens 8cc22fad6a uboot-mxs: refresh patches
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-17 23:21:58 +01:00
Gabe Rodriguez 12d3d87a91 mwlwifi: Updated to upstream stable release
mwlwifi was updated to a new stable. Included in this stable release are the
followin benefits:
- Fixed compiling for kernel 4.14
- Fixed crash on 88W8864 binary

Compiled and tested on: WRT3200ACM and WRT1900AC

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2018-03-17 22:15:38 +01:00
Christian Bayer 49f3286bde openvpn: add config param verify_client_cert
Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5.
Replaced by param --verify-client-cert none|optional|require in v2.4 see
https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required

Signed-off-by: Christian Bayer <cave@cavebeat.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_	RELEASE increase]
2018-03-17 14:56:39 +01:00
Mathias Kresin 35e01cf68a ipq-wifi: add board-2.bin for ASUS RT-AC58U
The existing file is 0 byte. Replace the ASUS RT-AC58U board-2.bin with
the correct file.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-15 21:00:39 +01:00
Chris Blake 4943afd781 ipq40xx: add Cisco Meraki MR33 Support
This patch adds support for Cisco Meraki MR33

hardware highlights:

SOC:	IPQ4029 Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:	256 MiB DDR3L-1600 @ 627 MHz Micron MT41K128M16JT-125IT
NAND:	128 MiB SLC NAND Spansion S34ML01G200TFV00 (106 MiB usable)
ETH:	Qualcomm Atheros AR8035 Gigabit PHY (1 x LAN/WAN) + PoE
WLAN1:	QCA9887 (168c:0050) PCIe 1x1:1 802.11abgn ac Dualband VHT80
WLAN2:	Qualcomm Atheros QCA4029 2.4GHz 802.11bgn 2:2x2
WLAN3:	Qualcomm Atheros QCA4029 5GHz 802.11a/n/ac 2:2x2 VHT80
LEDS:	1 x Programmable RGB+White Status LED (driven by Ti LP5562 on i2c-1)
	1 x Orange LED Fault Indicator (shared with LP5562)
	2 x LAN Activity / Speed LEDs (On the RJ45 Port)
BUTTON:	one Reset button
MISC:	Bluetooth LE Ti cc2650 PG2.3 4x4mm - BL_CONFIG at 0x0001FFD8
	AT24C64 8KiB EEPROM
	Kensington Lock

Serial:
	WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
	The Serial setting is 115200-8-N-1. The board has a populated
	1x4 0.1" header with half-height/low profile pins.
	The pinout is: VCC (little white arrow), RX, TX, GND.

Flashing needs a serial adaptor, as well as patched ubootwrite utility
(needs Little-Endian support). And a modified u-boot (enabled Ethernet).
Meraki's original u-boot source can be found in:
<https://github.com/riptidewave93/meraki-uboot/tree/mr33-20170427>

Add images to do an installation via bootloader:
 0. open up the MR33 and connect the serial console.

 1. start the 2nd stage bootloader transfer from client pc:

  # ubootwrite.py --write=mr33-uboot.bin
  (The ubootwrite tool will interrupt the boot-process and hence
   it needs to listen for cues. If the connection is bad (due to
   the low-profile pins), the tool can fail multiple times and in
   weird ways. If you are not sure, just use a terminal program
   and see what the device is doing there.

 2. power on the MR33 (with ethernet + serial cables attached)
    Warning: Make sure you do this in a private LAN that has
    no connection to the internet.

 - let it upload the u-boot this can take 250-300 seconds -

 3. use a tftp client (in binary mode!) on your PC to upload the sysupgrade.bin
    (the u-boot is listening on 192.168.1.1)
    # tftp 192.168.1.1
    binary
    put openwrt-ipq40xx-meraki_mr33-squashfs-sysupgrade.bin

 4. wait for it to reboot

 5. connect to your MR33 via ssh on 192.168.1.1

For more detailed instructions, please take a look at the:
"Flashing Instructions for the MR33" PDF. This can be found
on the wiki: <https://openwrt.org/toh/meraki/mr33>
(A link to the mr33-uboot.bin + the modified ubootwrite is
also there)

Thanks to Jerome C. for sending an MR33 to Chris.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:52 +01:00
Mathias Kresin 4f4fc993db base-files: add more name source to get_dt_led helper function
Not all LED driver are using the label devicetree property for the led
name. Add support for the TI/National Semiconductor LP55xx Led Drivers,
which are using the chan-name property for the led name, as fallback.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-14 19:04:52 +01:00
Mathias Kresin 64fef8f901 base-files: add function to get binary mac from file
Add a fucntion to get the a binary mac address from file. Use the new
function for mtd_get_mac_binary() to limit duplicate code.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-14 19:04:52 +01:00
Christian Lamparter 87c42101cf ipq40xx: add support for ASUS RT-AC58U/RT-ACRH13
This patch adds support for ASUS RT-AC58U/RT-ACRH13.

hardware highlights:

SOC:	IPQ4018 / QCA Dakota
CPU:	Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:	128 MiB DDR3L-1066 @ 537 MHz (1074?) NT5CC64M16GP-DI
NOR:	2 MiB Macronix MX25L1606E (for boot, QSEE)
NAND:   128 MiB Winbond W25NO1GVZE1G (cal + kernel + root, UBI)
ETH:    Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB:    1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:	one Reset and one WPS button
LEDS:	Status, WAN, WIFI1/2, USB and LAN (one blue LED for each)
Serial:
	WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
	The Serial setting is 115200-8-N-1. The board has an unpopulated
	1x4 0.1" header. The pinout (VDD, RX, GND, TX) is printed on the
	PCB right next to the connector.

U-Boot Note: The ethernet driver isn't always reliable and can sometime
time out... Don't worry, just retry.

Access via the serial console is required. As well as a working
TFTP-server setup and the initramfs image. (If not provided, it
has to be built from the OpenWrt source. Make sure to enable
LZMA as the compression for the INITRAMFS!)

To install the image permanently, you have to do the following
steps in the listed order.

1. Open up the router.
   There are four phillips screws hiding behind the four plastic
   feets on the underside.

2. Connect the serial cable (See notes above)

3. Connect your router via one of the four LAN-ports (yellow)
   to a PC which can set the IP-Address and ssh and scp from.

   If possible set your PC's IPv4 Address to 192.168.1.70
   (As this is the IP-Address the Router's bootloader expects
   for the tftp server)

4. power up the router and enter the u-boot
   choose option 1 to upload the initramfs image. And follow
   through the ipv4 setup.

Wait for your router's status LED to stop blinking rapidly and
glow just blue. (The LAN LED should also be glowing blue).

3. Connect to the OpenWrt running in RAM

   The default IPv4-Address of your router will be 192.168.1.1.

   1. Copy over the openwrt-sysupgrade.bin image to your router's
      temporary directory

   # scp openwrt-sysupgrade.bin root@192.168.1.1:/tmp

   2. ssh from your PC into your router as root.

   # ssh root@192.168.1.1

   The default OpenWrt-Image won't ask for a password. Simply hit the Enter-Key.

   Once connected...: run the following commands on your temporary installation

   3. delete the "jffs2" ubi partition to make room for your new root partition

   # ubirmvol /dev/ubi0 --name=jffs2

   4. install OpenWrt on the NAND Flash.

   # sysupgrade -v /tmp/openwrt-sysupgrade.bin

   - This will will automatically reboot the router -

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:51 +01:00
Christian Lamparter e713b5ba6f mac80211: ath10k: search all IEs for variant before falling back
This patch adds the patch that was posted to ath10k-devel ML:
<https://patchwork.kernel.org/patch/10233491/>
|From: Thomas Hebb <tommyhebb@gmail.com>
|Subject: [PATCH] ath10k: search all IEs for variant before falling back
|Date: Wed, 21 Feb 2018 11:43:39 -0500
|[...]
|This patch fixes the issue by first searching the entire file for the ID
|with variant, and searching for the fallback ID only if that search
|fails. It also includes some code cleanup in the area, as
|ath10k_core_fetch_board_data_api_n() no longer does its own string
|mangling to remove the variant from an ID, instead leaving that job to a
|new flag passed to ath10k_core_create_board_name().
|
|I've tested this patch on a QCA4019 and verified that the driver behaves
|correctly for 1) both fallback and variant BDFs present, 2) only fallback
|BDF present, and 3) no matching BDFs present.
|
|Fixes: 1657b8f84ed9 ("ath10k: search SMBIOS for OEM board file extension")
|Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>

Note: 937-ath10k-calibration-variant.patch has been reassigned a new 081
number, as it now ships with upstream.... But also because this patch
requires the change in ath10k_core_create_board_name().

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:51 +01:00
Mathias Kresin 1b906723eb ipq40xx/ipq806x: move qcom-dwc3 usb driver to generic
If the a kernel package exists within multiple targets an error/warning
is shown.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-14 19:04:51 +01:00
John Crispin 54b275c8ed ipq40xx: add target
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: John Crispin <john@phrozen.org>
2018-03-14 19:04:50 +01:00
Andy Walsh 20d63ebc94 e2fsprogs: break out libcomerr/libss, FS#1310
libext2fs breaks krb5 by always installing its own copies of libcom_err.so
and libss.so.

Move the libraries into separate libcomerr and libss packages respectively
and add a host build recipe to stage the required compile_et and mk_cmds
utilities for use by other packages.

This allows the krb5 package to be fixed to use the system wide libcomerr
and libss libraries.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[rename libcom_err to libcomerr, make compile_et and mk_cmds relocatable,
 cleanup makefile, add dependency on host build, reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-14 18:49:24 +01:00
Jo-Philipp Wich 093b75e106 jsonfilter: update to latest git HEAD
c7e938d implement POSIX regexp support
cd6629f lexer: fix encoding 7 bit escape sequences
8614470 main: implement array mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-14 18:48:23 +01:00
Hans Dedecker d88e928a44 dnsmasq: bump to 2.79rc2
ae29065 Fix debian/changelog syntax.
6b2b564 Enhance --synth-domain to allow names with sequential integers.
4f7bb57 Fix deletion of dhcp-options from inotify dynamic files.
56f0623 Allow trailing dot in CNAME.
f3223fb Fix nettle_hash() function to avoid ABI incompatibilities.
4c4f4c2 Debian dependency tweaking for new dnsmasq-base-lua package.
773af30 Man page typo fix.
4cc944b Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq
87e00fe Compiler warning fixes.
e7a4af8 Compiler warning fixes.
2d69d61 Add liblua-dev to Debian build-depends.
30e4a94 Debian package: add dnsmasq-base-lua binary package.
232a8f3 Merge messages for release.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-13 22:39:24 +01:00
Hauke Mehrtens 43f35ce971 uboot-imx6: fix build with GCC 7
Backport the compiler support patches from upstream u-boot to this older
version to make it compile with GCC 7.
This was found by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-13 22:28:59 +01:00
Jo-Philipp Wich e83bc5e3c7 6in4: support multiple additional user prefixes
Support configuration in the form...

    list ip6prefix 2001:db8:1234::/64
    list ip6prefix 2001:db8:5678::/64

... to allow specifying multiple routed IPv6 prefixes.

Implements feature request FS#1361.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-13 18:27:41 +01:00
Felix Fietkau 1cd76e2d85 netifd: update to the latest version (fixes FS#1358)
1f5a29c ip: do not add local routes for host dependencies
c06f842 device: add support for setting the isolate options for bridge ports
69aeaab interface-ip: fix route selection for host dependencies

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-13 13:35:05 +01:00
Felix Fietkau 092d75aa3e ppp: make ppp-multilink provide ppp
Fixes dependencies on ppp from other packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-12 20:02:29 +01:00
Felix Fietkau d85a7f1eb2 uboot-fritz4040: fix build with gcc7
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-12 19:31:50 +01:00
Matthias Schiffer b8d9a064f0
busybox: remove i386-specific build flags
busybox tries to be smart and passes a number of additional flags to the
compiler. Unfortunately, the i386-specific flags break ABI compatiblity
with libc.

Fixes busybox crashes observed on x86-generic with GCC 7.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-12 12:49:03 +01:00
Felix Fietkau 916277a033 mac80211: minstrel: make short preamble CCK available when not used at connect time
The BSS short preamble state can change without rate control
update notification.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-10 11:57:42 +01:00
Felix Fietkau 6011f7bcf0 mac80211: fix a tx queue memory accounting error
Fixes rare hard to trigger tx hangs after some time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-10 10:20:45 +01:00
Hauke Mehrtens be3da900cd mvebu: Add subtarget for Cortex A9 build
This is in preparation for adding a subtarget for the Cortex A53 later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-10 01:15:21 +01:00
Ryan Mounce 9f3f61a0d9 mvebu: add support for Turris Omnia
Adds support for the Turris Omnia and builds an eMMC sysupgrade image in
the same format as the SolidRun ClearFog.

An initramfs image in the simple yet Omnia-specific 'medkit' image format
is also built in order to ease the initial flashing process.

Notable hardware support omissions are support for switching between SFP
cage and copper PHY, and RGB LED control.

Due to a current limitation of DSA, only 1/2 CPU switch uplinks are used.

Specifications:
- Marvell Armada 385 1.6GHz dual-core ARMv7 CPU
- 1GB DDR3 RAM
- 8GB eMMC Flash
- 5x Gigabit LAN via Marvell 88E6176 Switch (2x RGMII CPU ports)
- 1x switchable RJ45 (88E1514 PHY) / SFP SGMII WAN
- 2x USB 3.0
- 12x dimmable RGB LEDs controlled by independent MCU
- 3x Mini PCIe slots
- Optional Compex WLE200N2 Mini PCIe AR9287 2x2 802.11b/g/n (2.4GHz)
- Optional Compex WLE900VX Mini PCIe QCA9880 3x3 802.11ac (2.4 / 5GHz)
- Optional Quectel EC20 Mini PCIe LTE modem

Flash instructions:
If the U-Boot environment has been modified previously (likely manually via
serial console), first use serial to reset the default environment.
=> env default -a
=> saveenv

Method 1 - USB 'medkit' image w/o serial
- Copy openwrt-mvebu-turris-omnia-sysupgrade.img.gz and
omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz to the root of a
USB flash drive formatted with FAT32 / ext2/3/4 / btrfs / XFS.
Note that the medkit MUST be named omnia-medkit*.tar.gz
- Disconnect other USB devices from the Omnia and connect the flash drive
to either USB port.
- Power on the Omnia and hold down the rear reset button until 4 LEDs are
illuminated, then release.
- Wait approximately 2 minutes for the Turris Omnia to flash itself with
the temporary image, during which LEDs will change multiple times.
- Connect a computer to a LAN port of the Turris Omnia with a DHCP client
- (if necessary) ssh-keygen -R 192.168.1.1
- ssh root@192.168.1.1
$ mount /dev/sda1 /mnt
$ sysupgrade /mnt/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself and you can remove the flash drive.

Method 2 - TFTP w/ serial
- Extract omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz and copy
dtb + zImage to your TFTP server (rename if desired)
- Connect Turris Omnia WAN port to DHCP-enabled network with TFTP server
- Connect serial console and interrupt U-Boot
=> dhcp
=> setenv serverip <tftp_server_ip_here>
=> tftpboot 0x01000000 zImage
=> tftpboot 0x02000000 dtb
=> bootz 0x01000000 - 0x02000000
- OpenWrt will now boot from ramdisk
- Download openwrt-mvebu-turris-omnia-sysupgrade.img.gz to /tmp/
$ sysupgrade /tmp/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself.

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2018-03-10 01:15:21 +01:00
Henryk Heisig 21486911ac firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.5.3-00053
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9984.

The update fixes "ath10k_pci 0001:01:00.0: Invalid VHT mcs 15 peer
stats" spamming the kernel ring buffer at very high frequencies, but
introduces the new "ath10k_pci 0001:01:00.0: Unknown eventid: 36925".
This new warning doesn't appear to cause problems in practice and is
only emitted relatively rarely, not causing dmesg to overflow within
minutes.

Tested on the ZyXEL NBG6817; early feedback also suggests this firmware
to work well (with the same fixes and caveats) on the Netgear r7800 as
well.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2018-03-09 22:15:02 +01:00
Henryk Heisig 11b476f925 firmware: ath10k-firmware: update to 2018-02-09
This patch updates ath10k-firmware to last commit and use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9888.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2018-03-09 22:15:01 +01:00
Toni Uhlig 57468c7142 util-linux: added unshare and nsenter executables
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2018-03-09 22:15:01 +01:00
Philip Prindeville 61e0af06d9 iperf3: update to 3.5
Get rid of patches which are already upstream.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-03-09 22:13:22 +01:00
Magnus Kroken ffbe51b294 openvpn: update to 2.4.5
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-09 22:13:21 +01:00
Stijn Segers dc7f2fdd52 linux-firmware: bump firmware for Intel Wireless 8260AC to version 31
Bump the firmware for 8260AC and related hardware to version 31.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-09 22:13:21 +01:00
Hans Dedecker 332b736a3e ebtables: update to latest git 2018-01-17
068ba95 Fix locking if LOCKDIR does not exist

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-08 21:16:24 +01:00
Stijn Tintel 7cc9914aae firewall: bump to git HEAD
392811a ubus: let fw3_ubus_address() return the number of resolved addresses
359adcf options: emit an empty address item when resolving networks fails
503db4a zones: disable masq when resolving of all masq_src or masq_dest items failed
f50a524 helpers: implement explicit CT helper assignment support
a3ef503 zones: allow per-table log control
8ef12cb iptables: fix possible NULL pointer access on constructing rule masks

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-03-08 02:40:30 +02:00
Matthias Schiffer 057369ae1f
base-files: tune fragment queue thresholds for available system memory
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 19:14:22 +01:00
Matthias Schiffer 2fbf669730
imagebuilder: reuse rootfs preparation from rootfs.mk
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.

We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:08 +01:00
Matthias Schiffer cf1c7c0f17
include/rootfs.mk: pass additional files dir to prepare_rootfs as an argument
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:07 +01:00
Matthias Schiffer 6ed389da85
base-files: sysupgrade: do not rely on opkg to list changed conffiles
Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 08:49:39 +01:00
Mathias Kresin cde4f9008a lantiq: ltq-adsl: deactivate ASLR support
The package still leaks some user space linker options into the kernel
space. This breaks the build when ASLR is activated, deactivate it for
now.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-06 19:49:06 +01:00
Jason A. Donenfeld b562c0c91b wireguard: bump to 20180304
7c0d711 version: bump snapshot
b6a5cc0 contrib: add extract-handshakes kprobe example
37dc953 wg-quick: if resolvconf/run/iface exists, use it
1f9be19 wg-quick: if resolvconf/interface-order exists, use it
4d2d395 noise: align static_identity keys
14395d2 compat: use correct -include path
38c6d8f noise: fix function prototype
302d0c0 global: in gnu code, use un-underscored asm
ff4e06b messages: MESSAGE_TOTAL is unused
ea81962 crypto: read only after init
e35f409 Kconfig: require DST_CACHE explicitly
9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript"
6e09a46 contrib: keygen-html: rewrite in pure javascript
e0af0f4 compat: workaround netlink refcount bug
ec65415 contrib: embedded-wg-library: add key generation functions
06099b8 allowedips: fix comment style
ce04251 contrib: embedded-wg-library: add ability to add and del interfaces
7403191 queueing: skb_reset: mark as xnet

Changes:

* queueing: skb_reset: mark as xnet

This allows cgroups to classify packets.

* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions

The embeddable library gains a few extra tricks, for people implementing
plugins for various network managers.

* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype

Small cleanups.

* compat: workaround netlink refcount bug

An upstream refcounting bug meant that in certain situations it became
impossible to unload the module. So, we work around it in the compat code. The
problem has been fixed in 4.16.

* contrib: keygen-html: rewrite in pure javascript
* Revert "contrib: keygen-html: rewrite in pure javascript"

We nearly moved away from emscripten'ing the fiat32 code, but the resultant
floating point javascript was just too terrifying.

* Kconfig: require DST_CACHE explicitly

Required for certain frankenkernels.

* compat: use correct -include path

Fixes certain out-of-tree build systems.

* noise: align static_identity keys

Gives us better alignment of private keys.

* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it

Better compatibility with Debian's resolvconf.

* contrib: add extract-handshakes kprobe example

Small utility for extracting ephemeral key data from the kernel's memory.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
2018-03-06 08:52:13 +01:00
Hans Dedecker 5cbd22bb0f nghttp2: bump to 1.31.0
6e744662 Update bash_completion
478eac09 Update manual pages
88e2029e Bump up version number to 1.31.0, LT revision to 30:0:16
45d76cf5 nghttpx: Close listening socket on graceful shutdown
54573f28 Merge pull request #1137 from nghttp2/session-set-user-data
17793e99 Add nghttp2_session_set_user_data() public API function
5eac3c90 Update manual pages
e70195ae nghttpx: Update doc
fe51e7fa Merge pull request #1130 from nghttp2/avoid-inet_pton-macro
eb951c2c src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
39f0ce7c Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
65157811 Merge pull request #1123 from nghttp2/mruby-client-cert-not-before-after
e8af7afc nghttpx: Add an option to accept expired client certificate
38abfd18 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
ff3edc09 nghttpx: Fix potential memory leak
0bb15406 Bump up version number to 1.31.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-05 10:44:20 +01:00