aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mpc85xx: workaround 4.14 cross compile issueRyan Mounce2018-10-201-0/+10
| | | | | | | | | | | Regression introduced with 4.10 by 43c9127d94d62a232ed33ed2eab8a08657ce5472 Build will fail if system 'ar' does not support deterministic builds. e.g. macOS with Xcode toolchain Appears to be fixed upstream in 4.18 by af3901cbbd3de182aafb8ee553c825c0074df6a2 Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* tools/pkg-config: pass arguments at the endArthur Skowronek2018-10-201-1/+1
| | | | | | | | | | | | | | | | | | Go for openwrt passes pkg-config arguments in the format of pkg-config --cflags -- pkg-name which in turn will be passed down to the real pkg-config as something like pkg-config.real --cflags -- pkg-name --define... and causes the real pkg-config implementation to missinterpret the given argument list. This also helps to fix https://github.com/golang/go/issues/27940 Signed-off-by: Arthur Skowronek <arthur.skowronek@tuta.io>
* mwlwifi: driver version to 10.3.8.0-20181008Yufei Miao2018-10-201-3/+3
| | | | Signed-off-by: Yufei Miao <myf@myf.cloud>
* kernel/modules: Aosong AM2315/AM2320 IIO kernel module support enabled.Roman Bazalevskiy2018-10-201-0/+13
| | | | Signed-off-by: Roman Bazalevskiy <rvb@rvb.name>
* kernel/modules: add kmod-fou6 packageDeng Qingfang2018-10-201-0/+21
| | | | | | IPv6 support for Foo-over-UDP tunnel Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* linux-firmware: Update linux-firmware to 2018-10-18Robert Marko2018-10-201-4/+4
| | | | | | | | | | | | | | | Kalles ath10k PR was finally merged so update linux-firmware to include those changes. This is needed since disabling ath10k-firmware a lot of custom BDF-s in board-2.bin-s are not available in previously outdated linux-firmware board-2.bin-s. This also includes support for boards currently using ipq-wifi and other WIP ones. Runtime tested on 8devices Jalapeno. Signed-off-by: Robert Marko <robimarko@gmail.com>
* apm821xx: add disk-activity triggers via DT.Christian Lamparter2018-10-203-5/+2
| | | | | | | | The WNDR4700 and the MBL have a dedicated HDD activity LED. This patch adds the default led triggers to the DTS and removes the entries in 01_leds. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: apm82181.dtsi overhaulChristian Lamparter2018-10-201-135/+139
| | | | | | | | | | | | | | | | | | | - order entries by mmio address where possible - switch to lower-case address values - comment on BSP u-boot behaviour in regards to what it edits and look for - annotate irq lines with the help of interrupt-names - remove deprecated "device_type" properties The pci and network device_type had to stay since they are required by the drivers and u-boot. the cpu and memory device_types will remain as well as they are still part of the DT Spec. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: force WNDR4700 console to 115200n8Christian Lamparter2018-10-201-1/+1
| | | | | | | | | | | | | | | | | | | With the upcoming 4.19 release, the serial console on the Netgear WNDR4700 would no longer work as it is never really set and always relied on the kernel's serial code not to change the baud rate. On the stock firmware, Netgear forced the console setting through a custom CONFIG_CMDLINE in their kernel to 115200. Normally, they should have done it in a different way and just passed the baudrate through a "console=..." kernel parameter via the bootargs in the "/chosen" dt node. But in their default u-boot bootcmd setting, they somehow forgot to add the "run addtty", so there's no easy way to pass the baudrate from u-boot to the kernel. So it has to be forced as otherwise it ends up as 9600 baud. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* apm821xx: set uart compatible to ns16750Christian Lamparter2018-10-201-6/+11
| | | | | | | The APM821XX/PPC460EX datasheet mentions: "Register compatibility with 16750 register set" Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* build: remove obsolete -rc kernel testing rewritesChristian Lamparter2018-10-201-2/+1
| | | | | | | | | The -rcX "testing" kernels are no longer hosted on cdn.kernel.org file servers directly in a "testing" directory. Therefore the logic that tested for "-rc" can be removed. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* gemini: Fix up image generationLinus Walleij2018-10-201-6/+10
| | | | | | | | | | | | | | | I noticed that the image generator for the Gemini generates some 10+ MB files for the second (application) partition. This is just wrong. The first 6144K partition named initramfs easily fits OpenWRTs squashfs,jffs2 overlayed partitions with nice headroom for storing configuration files. Generate a blank partition for the hddapp.tgz file and delete it after generating the firmware image - when performing updates manually you just want the "rd.z" file around anyways. Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
* gemini: Break out USB to packagesLinus Walleij2018-10-204-8/+17
| | | | | | | | | | | | This creates a new kernel package for the fotg210 host controller and uses that with the gemini to shrink the kernel. The SQ201 needs the USB2 PCI package as well. The build system required me to make kernel_oldconfig beofore it would build without errors so some minor unrelated Kconfig entries are changed. Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
* kernel: Add support for Winbond w25q128jv SPI NOR flashBaptiste Jonglez2018-10-206-9/+77
| | | | | | | | | | | | | | | | | Newer batches of several Mikrotik boards contain this yet-unsupported flash chip, for instance: - rb941-2nd (hAP lite) - rb952ui-5ac2nd (hAP ac lite) - RBM33G and probably other Mikrotik boards need this patch as well. The patch was submitted upstream by Robert Marko: https://patchwork.ozlabs.org/patch/934181/ Closes: FS#1715 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> Cc: Robert Marko <robimarko@gmail.com>
* toolchain/musl: Don't override optimization set by upstreamDaniel Engberg2018-10-201-2/+5
| | | | | | | | | | Don't override optimization set by upstream. Provides a speed increase for internal (library), malloc and string operations in musl. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [add : to PKG_RELEASE release variable for consistency] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: bump to v2.80Kevin Darbyshire-Bryant2018-10-191-4/+4
| | | | | | | | | | dnsmasq v2.80 release Change from rc1: 91421cb Fix compiler warning. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.14 to 4.14.77Koen Vandeputte2018-10-1923-30/+41
| | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch New symbol for arm targets: - HARDEN_BRANCH_PREDICTOR Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.134Koen Vandeputte2018-10-199-35/+35
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, layerscape Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* iproute2: install ip-tiny and ip-full in /usr/libexecHans Dedecker2018-10-181-7/+7
| | | | | | | Install the ip-tiny and ip-full variants in /usr/libexec as the suffixed ip variants are not meant to be called directly Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mt76: update to the latest versionFelix Fietkau2018-10-181-3/+3
| | | | | | | | | | | b51337a mt76: clean up unused leftover EXPORT_SYMBOLs 383b228 mt76x0: reduce duplication in setting rf bandwidth parameters a1a4528 mt76: mt76x0: handle chip specific initval differences f473340 mt76: usb: fix static tracepoints 3a975b4 mt76x0: antenna select corrections 37c1150 mt76x0: init: simplify mt76x0_init_mac_registers Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wireguard: bump to 0.0.20181018Jason A. Donenfeld2018-10-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | ba2ab5d version: bump snapshot 5f59c76 tools: wg-quick: wait for interface to disappear on freebsd ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent 8432585 main: get rid of unloaded debug message 139e57c tools: compile on gnu99 d65817c tools: use libc's endianness macro if no compiler macro f985de2 global: give if statements brackets and other cleanups b3a5d8a main: change module description 296d505 device: use textual error labels always 8bde328 allowedips: swap endianness early on a650d49 timers: avoid using control statements in macro db4dd93 allowedips: remove control statement from macro by rewriting 780a597 global: more nits 06b1236 global: rename struct wireguard_ to struct wg_ 205dd46 netlink: do not stuff index into nla type 2c6b57b qemu: kill after 20 minutes 6f2953d compat: look in Kbuild and Makefile since they differ based on arch a93d7e4 create-patch: blacklist instead of whitelist 8d53657 global: prefix functions used in callbacks with wg_ 123f85c compat: don't output for grep errors Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ar71xx/ath79: fix mtd corruptionFabio Bettoni2018-10-173-3/+131
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit fec8fe806963 ("kernel: bump 4.9 to 4.9.116") [1], the following patch for removed: - 403-mtd_fix_cfi_cmdset_0002_status_check.patch This patch contained fixes for both write and erase functions. While the chip-detects for erase got fixed upstream [2], some modifications are still required, even with the fixes applied. While at it, also apply the same fix for target ath79, which suffers the same issue. Not doing so results in following errors seen: Collected errors: * pkg_write_filelist: Failed to open //usr/lib/opkg/info/luci-lib-ip.list: I/O error. * opkg_install_pkg: Failed to extract data files for luci-lib-ip. Package debris may remain! * opkg_install_cmd: Cannot install package luci-ssl. * opkg_conf_write_status_files: Can't open status file //usr/lib/opkg/status: I/O error. [ 0.780920] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc. [ 8.406396] jffs2: notice: (415) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found. [ 8.423476] mount_root: switching to jffs2 overlay [ 270.902671] jffs2: Write of 1989 bytes at 0x005ce6f8 failed. returned -5, retlen 962 [ 270.931965] jffs2: Write of 1989 bytes at 0x005ceec0 failed. returned -5, retlen 0 [ 270.939631] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero [ 270.950397] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0 [ 270.957838] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero [ 270.968584] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0 [ 270.976027] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero [ 270.986735] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0 [ 270.994225] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero [1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=fec8fe806963c96a6506c2aebc3572d3a11f285f [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.9.133&id=a0239d83e1cb60de5e78452d4708c083b9e3dcbe Fixes: fec8fe806963 ("kernel: bump 4.9 to 4.9.116") Signed-off-by: Fabio Bettoni <fbettoni@gmail.com> Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: Move some targets to tinyKoen Vandeputte2018-10-174-3/+3
| | | | | | | | | | | | | | | | | | | Recent changes on ar71xx (switch to 4.14, memory compaction, ...) cause an increase in kernel size, making it too big for some devices. Move these devices to the tiny target, where kernel symbols and optimization for speed are disabled, reducing the kernel size. Devices: - EnGenius ENS202EXT - OCEDO Koala Compile-tested targets: - ar71xx->generic->default - ar71xx->smallFlash->Default Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* netifd: update to latest git HEADHans Dedecker2018-10-171-3/+3
| | | | | | | 841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels 125cbee system-linux: fix a typo in gre tunnel data parsing logic Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: make encaplimit support configurableHans Dedecker2018-10-172-2/+4
| | | | | | | | | | | Make inclusion of the destination option header containing the tunnel encapsulation limit configurable for IPv6 GRE packets. Setting the uci parameter encaplimit to ignore; allows to disable the insertion of the destination option header in the IPv6 GRE packets. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit uci parameter accordingly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tools/xz: Add PKG_CPE_ID for proper CVE trackingRosen Penev2018-10-161-0/+1
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: Add PKG_CPE_ID for proper CVE trackingRosen Penev2018-10-161-0/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* treewide: use wpad-basic for not small flash targetsMathias Kresin2018-10-1665-130/+144
| | | | | | | | | | | | Add out of the box support for 802.11r and 802.11w to all targets not suffering from small flash. Signed-off-by: Mathias Kresin <dev@kresin.me> Mathias did all the heavy lifting on this, but I'm the one who should get shouted at for committing. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: add basic variantKevin Darbyshire-Bryant2018-10-165-1/+1017
| | | | | | | | Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w and is intended to support 11r & 11w (subject to driver support) out of the box. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ppp: don't start ppp with IPv6 support if ipv6 is not supportedRosy Song2018-10-162-5/+8
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mt76: update to the latest version, add mt76x0 firmware, enable mt76x0eFelix Fietkau2018-10-161-3/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 96fa353 mt76: do not store aggregation sequence number for null-data frames c50dca8 mt76x0: print BBP version only for debug ddc9e05 mt76x0: correct RF access via RF_CSR register. 02d2385 mt76: allow to identify bus c438e67 mt76x0: correct RF reg pairs write for PCIe c83abb8 mt76x0: use bus helper to identify rf access method 9c272ff mt76x0: phy: fix bank check in mt76x0_rf_csr_{wr,rr} 1945d57 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mcu.c 214eab7 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_phy.c 29bc2ae mt76: use mt76x02_dev instead of mt76_dev in mt76x02_util.c 08ecb5f mt76: use mt76x02_dev instead of mt76_dev in mt76x02_usb_mcu.c fd9b2b0 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mac.c f37bd25 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_txrx.c 48950cb mt76: use mt76x02_dev instead of mt76_dev in mt76x02_eeprom.c 06276cc mt76x0: pci: report firmware version using ethtool 72546ed mt76x0: pci: add missing mac80211 callbacks 4de98cd mt76: disable ldpc coding for mt76x0 devices f0951c2 mt76x0: pci: add mt76x0_register_device in mt76x0e_register_device 4f3685e mt76: reserve enough room for USB tx skbs 5e6907f mt76x0: remove dma.h acfc5a9 mt76x0: pci: fix set external PA I/O current 2b79bb7 mt76: mt76x0e: another fix for the external PA current setting 8a0acfd mt76x0: phy: fix restore phase in mt76x0_phy_recalibrate_after_assoc e9e949b mt76x0: phy: remove channel parameter from mt76x0_phy_set_chan_bbp_params 1775717 mt76: move mt76x02_phy_set_bw in mt76x02-lib module f82134f mt76: move mt76x02_phy_set_band in mt76x02-lib module 3eaa34f mt76x0: pci: rename mt76x0_phy_calibrate 7269fb4 mt76x0: pci: introduce mt76x0_phy_calirate routine a514b75 mt76x0: phy: update set_channel for mt76x0e devices 62a1bc5 mt76x0: eeprom: introduce mt76x0_tssi_enabled routine a48481d mt76x0: phy: add phy/vco temperature compensation cc34ce9 mt76: move rssi_gain_thresh routines in mt76x02-lib module eaf9751 mt76: move mt76x02_phy_adjust_vga_gain in mt76/mt76x02_phy.c 2715e7c mt76: introduce mt76x02_init_agc_gain routine 87fcb31 mt76x0: phy: align channel gain logic to mt76x2 one 98f8ef7 mt76x0: phy: do not run calibration during channel switch cf859ad mt76x2: align mt76x2 and mt76x2u firmware 1f3f767 mt76x2u: align channel gain logic to mt76x2 one d1c1454 treewide: Replace more open-coded allocation size multiplications bcbecd2 mt76x0: phy: use proper name convention b6694e6 mt76x0: phy: simplify rf configuration routines da129c9 mt76x0: phy: improve code readability in initvals_phy.h eab7ab1 mt76x0: pci: add get_survey support 9e493f7 mt76: move mt76x02_mac_work routine in mt76x02-lib module ecec6ba mt76: move mt76x02_debugfs in mt76x02-lib module 4f3b608 mt76x0: use shared debugfs implementation 6aae25b mt76x0: use mt76x02_mac_work as stats handler b228a45 mt76x2u: introduce mac workqueue support 4671af4 mt76x0: phy: unify calibration between mt76x0u and mt76x0e 5ed28f3 mt76x0: do not perform MCU calibration for MT7630 9b844da add mt7610e firmware Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools: patch: Add missing CVE-2018-6951 fixRosen Penev2018-10-164-12/+33
| | | | | | | | | | uscan reports a new CVE now that PKG_CPE_ID was added. Reordered patches by date. Signed-off-by: Rosen Penev <rosenp@gmail.com> [re-title commit & refresh patches] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: fix MAC filter related log spamJo-Philipp Wich2018-10-164-11/+78
| | | | | | | | Backport two upstream fixes to address overly verbose logging of MAC ACL rejection messages. Fixes: FS#1468 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: fix dnsmasq failure to start when ujail'dChristian Lamparter2018-10-162-2/+2
| | | | | | | | | | | | | | This patch fixes jailed dnsmasq running into the following issue: |dnsmasq[1]: cannot read /usr/share/dnsmasq/dhcpbogushostname.conf: No such file or directory |dnsmasq[1]: FAILED to start up |procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash Fixes: a45f4f50e16 ("dnsmasq: add dhcp-ignore-names support - CERT VU#598349") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [bump package release] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* toolchain/glibc: update to 2.27+Hans Dedecker2018-10-162-4/+4
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: bump 4.14 to 4.14.76Koen Vandeputte2018-10-169-37/+37
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.133Koen Vandeputte2018-10-163-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, layerscape Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 3.18 to 3.18.124Koen Vandeputte2018-10-163-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested: adm5120 Runtime-tested: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: bump to v2.80rc1Kevin Darbyshire-Bryant2018-10-162-32/+4
| | | | | | | | | | | | 53792c9 fix typo df07182 Update German translation. Remove local patch 001-fix-typo which is a backport of the above 53792c9 There is no practical difference between our test8 release and this rc release, but this does at least say 'release candidate' Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: fix compile issueHans Dedecker2018-10-151-0/+28
| | | | | | Fix compile issue in case HAVE_BROKEN_RTC is enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: refresh mt7621 kernel configFelix Fietkau2018-10-151-5/+29
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add CONFIG_CC_OPTIMIZE_FOR_* to the default configFelix Fietkau2018-10-154-6/+2
| | | | | | | Avoid repeating them in the target config, they are overwritten by top-level menuconfig anyway Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-10-151-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mt76: move mt76x2e firmware to kmod-mt76x2-common and use it for mt76x2uFelix Fietkau2018-10-141-1/+7
| | | | | | USB and PCIe devices can run the same firmware Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools: patch: Fix build by not modifing Makefile.amHauke Mehrtens2018-10-143-73/+3
| | | | | | | | | | | | | | A new test case was adding in one of the patches fixing a problem, this also included a change in the test/Makefile.am to add this test case. The build system detected a change in the Makefile.am and wants to regenerate the Makefile.in, but this fails because automake-1.15 is not installed yet. As automake depends on patch being build first, make sure we do not modify the Makefile.am. This fixes build problem seen by the build bots. Fixes: 4797dddfde6 ("patch: apply upstream cve fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools: patch: make patch build depend on automakeHauke Mehrtens2018-10-141-0/+1
| | | | | | | | | | The Makefile.am changed and now patch wants to use automake to regenerate the Makefile.in. Make sure automake was build before we build patch. This fixes build problem seen by the build bots. Fixes: 4797dddfde6 ("patch: apply upstream cve fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* patch: apply upstream cve fixesRussell Senior2018-10-143-0/+241
| | | | | | | | | | | | | Apply two upstream patches to address two CVEs: * CVE-2018-1000156 * CVE-2018-6952 Add PKG_CPE_ID to Makefile. Build tested on apm821xx and ar71xx. Signed-off-by: Russell Senior <russell@personaltelco.net>
* hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)Hauke Mehrtens2018-10-143-5/+18
| | | | | | | | | | | | This adds support for the WPA3-Enterprise mode authentication. The settings for the WPA3-Enterpriese mode are defined in WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and guarantees at least 192 bit of security. This does not increase the ipkg size by a significant size. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Activate Opportunistic Wireless Encryption (OWE)Hauke Mehrtens2018-10-143-4/+21
| | | | | | | | | | | | | | | | | | OWE is defined in RFC 8110 and provides encryption and forward security for open networks. This is based on the requirements in the Wifi alliance document Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf The wifi alliance requires ieee80211w for the OWE mode. This also makes it possible to configure the OWE transission mode which allows it operate an open and an OWE BSSID in parallel and the client should only show one network. This increases the ipkg size by 5.800 Bytes. Old: 402.541 Bytes New: 408.341 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Activate Simultaneous Authentication of Equals (SAE)Hauke Mehrtens2018-10-143-9/+42
| | | | | | | | | | | | | | | | | | | | This build the full openssl and wolfssl versions with SAE support which is the main part of WPA3 PSK. This needs elliptic curve cryptography which is only provided by these two external cryptographic libraries and not by the internal implementation. The WPA3_Specification_v1.0.pdf file says that in SAE only mode Protected Management Frames (PMF) is required, in mixed mode with WPA2-PSK PMF should be required for clients using SAE, and optional for clients using WPA2-PSK. The defaults are set now accordingly. This increases the ipkg size by 8.515 Bytes. Old: 394.026 Bytes New: 402.541 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>