Commit Graph

11965 Commits (f98f4601de762251c4644047786affd34d5fb10c)

Author SHA1 Message Date
Jo-Philipp Wich f98f4601de openvpn: fix missing cipher list for polarssl in v2.3.11
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.

Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.

Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-28 10:47:22 +02:00
Daniel Dickinson 4a3b8e0596 lldpd: Use /etc/os-release instead of /etc/openwrt_*
With the addition of /etc/os-release patching lldpd to use
/etc/openwrt_release and to have the initscript use
/etc/openwrt_release and/or /etc/openwrt_version becomes
unnecessary.

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-27 15:16:01 +02:00
Alin Năstac 86a2702a00 libnetfilter_queue: fix checksum computation
There are 2 issues fixed by this patch:
  - UDP checksum is computed incorrectly, the used pseudo IP header
    contains transport protocol 6 iso 17
  - on big endian arches the UDP/TCP checksum is incorrectly
    computed when payload length is odd

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
2016-06-26 16:09:48 +02:00
Hauke Mehrtens 9493613e94 linux-firmware: fix md5sum
The copy on the mirror has a different md5sum as specified in this
package Makefile. The content of the file on the mirror is the same as
in the checkout so just update our md5sum.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-25 19:20:16 +02:00
Hauke Mehrtens 2ca4fa5feb rtl8192su-firmware: move firmware to own package
Instead of downloading the firmware from some website take it from
linux-firmware package and do not download it separately any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-25 19:20:16 +02:00
Hauke Mehrtens d2a372c4fc rtl8192se-firmware: fix package build
The package did not pack the firmware because of a problem which looks
like a copy and past error.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-25 19:20:16 +02:00
Jo-Philipp Wich cb7aa4b1fe ebtables: fix segmentation fault due to uninitialized extension data
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.

Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.

In order to fix the issue ...
 - remove the use of the -nostartfiles linker flag
 - rename the init procedures to a generic name without implicit semantics
 - explicitely annotate those init procedures as constructors

The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-24 15:59:36 +02:00
Kevin Darbyshire-Bryant d4ede1c118 base-files: sysfixtime no longer exclude dnsmasq.time
dnsmasq's dnssec time checking method now uses a ntp hotplug mechanism,
therefore dnsmasq.time is redudant and no longer needs to be explicitly
excluded from sysfixtime.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-24 13:56:30 +02:00
Kevin Darbyshire-Bryant 5acfe55d71 dnsmasq: dnssec time handling uses ntpd hotplug
Change dnsmasq's dnssec time check handling to use time validity
indicated by ntpd rather than maintaining a cross boot/upgrade
/etc/dnsmasq.time timestamp file.  This saves flash device wear.

If ntpd client is configured in uci and you're using dnssec, then
dnsmasq will not check dnssec timestamp validity until ntpd hotplug
indicates sync via a stratum change. The ntpd hotplug leaves a status
flag file to indicate to dnsmasq.init that time is valid and that it
should now start in 'check dnssec timestamp valid' mode.

If ntpd client is not configured and you're using dnssec, then it is
presumed you're using an alternate time sync mechanism and that time is
correct, thus dnsmasq checks dnssec timestamps are valid from 1st start.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

V2 - stratum & step ntp changes indicate time is valid
V3 - on initial flag file step signal dnsmasq with SIGHUP if running
V4 - only accept step ntp changes. Accepting both stratum & step could
result in unpleasant script race conditions
V5 - Actually only accepting stratum is the correct thing to do after
further testing
V6 - improve handling of non busybox ntpd
if sysntpd not executable
  dnsmasq checks dnssec timestamps
else
  sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file
  sysntp script enabled & uci ntp enabled  - look for timestamp file
  sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec
timestamps
fi
2016-06-24 13:53:39 +02:00
Daniel Dickinson f954f4337b base-files: Add standard os-release file
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE).  Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).

Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-06-24 13:52:53 +02:00
John Crispin 27493e82f9 mountd: update to latest git HEAD
adds HFS+ support

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-22 19:32:06 +02:00
Hauke Mehrtens 3f38356893 packages: prefer http over git for git protocol
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-06-22 19:32:06 +02:00
Mathias Kresin b32eb40210 uboot-lantiq: Add Arcadyan ARV7506PW11 support
Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-06-22 19:32:06 +02:00
Daniel Gimpelevich 7385f754b1 lantiq: Correct ADSL race condition
puts br2684ctl init after ADSL init instead of before, so that the ESI
is set at the right time, and for consistency with the PTM driver.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2016-06-22 19:32:06 +02:00
Ben Greear 040ebe2473 ath10k-ct: Update to latest 10.4.3 CT firmware for 9980 chipsets.
This works around regressions added in the 4.7 kernel.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2016-06-21 13:44:12 +02:00
Kevin Darbyshire-Bryant 5d60bedcb3 ath10k-firmware: fix board-2.bin download URL
Original URL got 303 redirect which then also dropped the commit id
leading to different file revision & MD5 mismatch.

Corrected URL & clarified commit ID use in Makefile

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2016-06-21 12:00:10 +02:00
John Crispin 163cc22643 procd: properly set /dev/snd permission and group
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-20 11:48:02 +02:00
Xotic750 e2d2b136b3 e2fsprogs: Bump to v1.43.1
Signed-off-by: Graham Fairweather <xotic750@gmail.com>
2016-06-20 11:45:45 +02:00
Mathias Kresin ac1cc30cdf lantiq: ltq-atm: fix xrx200 depends
This one was missed by abc346db0e.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2016-06-20 11:45:44 +02:00
John Crispin e4bad7953b fstools: fix missing dependency
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-18 17:07:44 +02:00
Rafał Miłecki 7e08f2ccbd mtd: support -c (datasize) option for fixseama command
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-20 08:01:31 +02:00
Daniel Golle fac7ba1abc uboot-envtools: add support for ZBT-WG2626
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2016-06-19 16:22:23 +02:00
Felix Fietkau 240137a744 mt76: update to the latest version, fixes a SMPS handling issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-17 14:51:11 +02:00
John Crispin 16e04fd1b4 procd: update to latest git head
fixes !root perms of /var/{run,lock,state}

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
John Crispin 87eb8fad13 base-files: remove fstab symlink
the symlink no longer gets used since we switched to the block-mount tool.

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
John Crispin ea828eb3af mountd: update to latest git HEAD
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-17 04:13:07 +02:00
Felix Fietkau 4bab4dee84 ath10k: merge some more pending upstream fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-17 14:12:44 +02:00
Felix Fietkau 475e94b1d2 uhttpd: update to the latest version, adds some extensions to handler script support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-16 19:00:16 +02:00
Rafał Miłecki 952beca4aa uclient: update to the latest version with better help and DELETE
This slightly improves output of help messages and supports sending
message body for DELETE.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-06-16 14:54:25 +02:00
Felix Fietkau 4e0a533f60 hostapd: fix breakage with non-nl80211 drivers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 19:28:55 +02:00
Jo-Philipp Wich e2a9c638e7 hostapd: fix compilation error in wext backend
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-06-15 19:10:32 +02:00
Felix Fietkau 70bb22037a hostap-driver: mark as broken, it causes extra bloat in hostapd and is probably not used anymore
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 18:27:44 +02:00
Felix Fietkau c2ec43733a mt76: update to latest version, adds survey support for mt76x2
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:50:51 +02:00
Felix Fietkau ef74d5cbf8 hostapd: implement fallback for incomplete survey data
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:31:48 +02:00
Felix Fietkau 13b44abcff hostapd: update to version 2016-06-15
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:11:43 +02:00
Michal Hrusecky b67af71181 hostapd: Update to version 2016-05-05
Fixes CVE-2016-4476 and few possible memory leaks.

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-06-15 17:11:18 +02:00
Felix Fietkau a3cde627f8 libubox: update to the latest version, fixes an uloop signal handling race condition
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 17:01:15 +02:00
Felix Fietkau 8e70655f35 mt76: update to the latest version, fixes a monitor mode injection crash
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-06-15 15:00:14 +02:00
John Crispin abc346db0e package/lantiq: make lantiq kernel modules work with xway_legacy
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
John Crispin 6ccf400be1 fstools: split snapshot-tool into its own package
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
John Crispin fd7e15d493 fstools: remove bogus warning in the fstab script
/etc/init.d/fstab had some warnings in it to let users know that they
should call "block mount" directly. these ended up in the bootlog.
fix this by splitting the code into boot() and start(). this way the system
will boot without warning but manually starting the script will lead to the
message.

fixes FS#3

Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:43 +02:00
Magnus Kroken 4260d11e8b openvpn: update to 2.3.11
Security fixes:
* Fixed port-share bug with DoS potential
* Fix buffer overflow by user supplied data

Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.11

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-06-13 22:51:43 +02:00
Yousong Zhou 8bd02b1381 strace: add option for enabling stack trace support
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2016-06-13 22:51:43 +02:00
Yousong Zhou 987f14ab23 libunwind: initial version 1.1
The package Makefile was based on work at link [1] with the following
changes

 1. Disable minidebuginfo support thus no dependency on liblzma
 2. Add 2 patches for building against musl-libc and building with
    mips16 enabled
 3. Add LICENSE and DEPENDS info, etc.

[1] https://github.com/rpi-openwrt/rpi-packages/tree/master/libs/libunwind

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2016-06-13 22:51:43 +02:00
John Crispin 9ba0dc602f ubox: update to latest git HEAD
this adds the new getrandom wrapper tool

Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:42 +02:00
Alexey Brodkin 1f0a9715d2 package/devel/gdb-arc: Add target GDB for ARC
ARC port of GDB is not yet upstream so we need to use
sources from Synopsys GitHub repo.

Given Synopys' commitment to upstream ARC support in GDB
in the nearest future it might be simpler to add a separate
package for ARC GDB instead of patching generic GDB package.
This way once ARC GDB stuff gets uptreamed we'll only need
to remove that new "gdb-arc" package.

Note 1 very minor change in generic gdb package was done -
it now depends on !arc (while "gdb-arc" depends on "arc").

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
2016-06-13 22:51:42 +02:00
John Crispin 928163bad2 uboot-envtools: add ipq806x support
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
2016-06-13 22:51:41 +02:00
Adrian Panella 2177a2a8cb mtd: add linksys_bootcount for ipq806x
Reset bc is needed for Linksys EA8500's dual boot.

Signed-off-by: Adrian Panella <ianchi74@outlook.com>
2016-06-13 22:51:41 +02:00
Adrian Panella c354591d1b mac80211: ath10k fix otp check patch
Fix patch to match new updated package version

Signed-off-by: Adrian Panella <ianchi74@outlook.com>
2016-06-13 22:51:41 +02:00
John Crispin 62dc9831d3 package/*: update git urls for project repos
Signed-off-by: John Crispin <john@phrozen.org>
2016-06-13 22:51:41 +02:00