aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* netifd: update to latest git HEADHans Dedecker2018-10-171-3/+3
| | | | | | | 841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels 125cbee system-linux: fix a typo in gre tunnel data parsing logic Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: make encaplimit support configurableHans Dedecker2018-10-172-2/+4
| | | | | | | | | | | Make inclusion of the destination option header containing the tunnel encapsulation limit configurable for IPv6 GRE packets. Setting the uci parameter encaplimit to ignore; allows to disable the insertion of the destination option header in the IPv6 GRE packets. Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255 by setting the encaplimit uci parameter accordingly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tools/xz: Add PKG_CPE_ID for proper CVE trackingRosen Penev2018-10-161-0/+1
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tools/libressl: Add PKG_CPE_ID for proper CVE trackingRosen Penev2018-10-161-0/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* treewide: use wpad-basic for not small flash targetsMathias Kresin2018-10-1665-130/+144
| | | | | | | | | | | | Add out of the box support for 802.11r and 802.11w to all targets not suffering from small flash. Signed-off-by: Mathias Kresin <dev@kresin.me> Mathias did all the heavy lifting on this, but I'm the one who should get shouted at for committing. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: add basic variantKevin Darbyshire-Bryant2018-10-165-1/+1017
| | | | | | | | Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w and is intended to support 11r & 11w (subject to driver support) out of the box. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ppp: don't start ppp with IPv6 support if ipv6 is not supportedRosy Song2018-10-162-5/+8
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mt76: update to the latest version, add mt76x0 firmware, enable mt76x0eFelix Fietkau2018-10-161-3/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 96fa353 mt76: do not store aggregation sequence number for null-data frames c50dca8 mt76x0: print BBP version only for debug ddc9e05 mt76x0: correct RF access via RF_CSR register. 02d2385 mt76: allow to identify bus c438e67 mt76x0: correct RF reg pairs write for PCIe c83abb8 mt76x0: use bus helper to identify rf access method 9c272ff mt76x0: phy: fix bank check in mt76x0_rf_csr_{wr,rr} 1945d57 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mcu.c 214eab7 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_phy.c 29bc2ae mt76: use mt76x02_dev instead of mt76_dev in mt76x02_util.c 08ecb5f mt76: use mt76x02_dev instead of mt76_dev in mt76x02_usb_mcu.c fd9b2b0 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mac.c f37bd25 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_txrx.c 48950cb mt76: use mt76x02_dev instead of mt76_dev in mt76x02_eeprom.c 06276cc mt76x0: pci: report firmware version using ethtool 72546ed mt76x0: pci: add missing mac80211 callbacks 4de98cd mt76: disable ldpc coding for mt76x0 devices f0951c2 mt76x0: pci: add mt76x0_register_device in mt76x0e_register_device 4f3685e mt76: reserve enough room for USB tx skbs 5e6907f mt76x0: remove dma.h acfc5a9 mt76x0: pci: fix set external PA I/O current 2b79bb7 mt76: mt76x0e: another fix for the external PA current setting 8a0acfd mt76x0: phy: fix restore phase in mt76x0_phy_recalibrate_after_assoc e9e949b mt76x0: phy: remove channel parameter from mt76x0_phy_set_chan_bbp_params 1775717 mt76: move mt76x02_phy_set_bw in mt76x02-lib module f82134f mt76: move mt76x02_phy_set_band in mt76x02-lib module 3eaa34f mt76x0: pci: rename mt76x0_phy_calibrate 7269fb4 mt76x0: pci: introduce mt76x0_phy_calirate routine a514b75 mt76x0: phy: update set_channel for mt76x0e devices 62a1bc5 mt76x0: eeprom: introduce mt76x0_tssi_enabled routine a48481d mt76x0: phy: add phy/vco temperature compensation cc34ce9 mt76: move rssi_gain_thresh routines in mt76x02-lib module eaf9751 mt76: move mt76x02_phy_adjust_vga_gain in mt76/mt76x02_phy.c 2715e7c mt76: introduce mt76x02_init_agc_gain routine 87fcb31 mt76x0: phy: align channel gain logic to mt76x2 one 98f8ef7 mt76x0: phy: do not run calibration during channel switch cf859ad mt76x2: align mt76x2 and mt76x2u firmware 1f3f767 mt76x2u: align channel gain logic to mt76x2 one d1c1454 treewide: Replace more open-coded allocation size multiplications bcbecd2 mt76x0: phy: use proper name convention b6694e6 mt76x0: phy: simplify rf configuration routines da129c9 mt76x0: phy: improve code readability in initvals_phy.h eab7ab1 mt76x0: pci: add get_survey support 9e493f7 mt76: move mt76x02_mac_work routine in mt76x02-lib module ecec6ba mt76: move mt76x02_debugfs in mt76x02-lib module 4f3b608 mt76x0: use shared debugfs implementation 6aae25b mt76x0: use mt76x02_mac_work as stats handler b228a45 mt76x2u: introduce mac workqueue support 4671af4 mt76x0: phy: unify calibration between mt76x0u and mt76x0e 5ed28f3 mt76x0: do not perform MCU calibration for MT7630 9b844da add mt7610e firmware Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools: patch: Add missing CVE-2018-6951 fixRosen Penev2018-10-164-12/+33
| | | | | | | | | | uscan reports a new CVE now that PKG_CPE_ID was added. Reordered patches by date. Signed-off-by: Rosen Penev <rosenp@gmail.com> [re-title commit & refresh patches] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* hostapd: fix MAC filter related log spamJo-Philipp Wich2018-10-164-11/+78
| | | | | | | | Backport two upstream fixes to address overly verbose logging of MAC ACL rejection messages. Fixes: FS#1468 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dnsmasq: fix dnsmasq failure to start when ujail'dChristian Lamparter2018-10-162-2/+2
| | | | | | | | | | | | | | This patch fixes jailed dnsmasq running into the following issue: |dnsmasq[1]: cannot read /usr/share/dnsmasq/dhcpbogushostname.conf: No such file or directory |dnsmasq[1]: FAILED to start up |procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash Fixes: a45f4f50e16 ("dnsmasq: add dhcp-ignore-names support - CERT VU#598349") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [bump package release] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* toolchain/glibc: update to 2.27+Hans Dedecker2018-10-162-4/+4
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: bump 4.14 to 4.14.76Koen Vandeputte2018-10-169-37/+37
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.133Koen Vandeputte2018-10-163-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, layerscape Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 3.18 to 3.18.124Koen Vandeputte2018-10-163-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested: adm5120 Runtime-tested: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: bump to v2.80rc1Kevin Darbyshire-Bryant2018-10-162-32/+4
| | | | | | | | | | | | 53792c9 fix typo df07182 Update German translation. Remove local patch 001-fix-typo which is a backport of the above 53792c9 There is no practical difference between our test8 release and this rc release, but this does at least say 'release candidate' Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: fix compile issueHans Dedecker2018-10-151-0/+28
| | | | | | Fix compile issue in case HAVE_BROKEN_RTC is enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: refresh mt7621 kernel configFelix Fietkau2018-10-151-5/+29
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add CONFIG_CC_OPTIMIZE_FOR_* to the default configFelix Fietkau2018-10-154-6/+2
| | | | | | | Avoid repeating them in the target config, they are overwritten by top-level menuconfig anyway Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-10-151-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mt76: move mt76x2e firmware to kmod-mt76x2-common and use it for mt76x2uFelix Fietkau2018-10-141-1/+7
| | | | | | USB and PCIe devices can run the same firmware Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools: patch: Fix build by not modifing Makefile.amHauke Mehrtens2018-10-143-73/+3
| | | | | | | | | | | | | | A new test case was adding in one of the patches fixing a problem, this also included a change in the test/Makefile.am to add this test case. The build system detected a change in the Makefile.am and wants to regenerate the Makefile.in, but this fails because automake-1.15 is not installed yet. As automake depends on patch being build first, make sure we do not modify the Makefile.am. This fixes build problem seen by the build bots. Fixes: 4797dddfde6 ("patch: apply upstream cve fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools: patch: make patch build depend on automakeHauke Mehrtens2018-10-141-0/+1
| | | | | | | | | | The Makefile.am changed and now patch wants to use automake to regenerate the Makefile.in. Make sure automake was build before we build patch. This fixes build problem seen by the build bots. Fixes: 4797dddfde6 ("patch: apply upstream cve fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* patch: apply upstream cve fixesRussell Senior2018-10-143-0/+241
| | | | | | | | | | | | | Apply two upstream patches to address two CVEs: * CVE-2018-1000156 * CVE-2018-6952 Add PKG_CPE_ID to Makefile. Build tested on apm821xx and ar71xx. Signed-off-by: Russell Senior <russell@personaltelco.net>
* hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)Hauke Mehrtens2018-10-143-5/+18
| | | | | | | | | | | | This adds support for the WPA3-Enterprise mode authentication. The settings for the WPA3-Enterpriese mode are defined in WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and guarantees at least 192 bit of security. This does not increase the ipkg size by a significant size. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Activate Opportunistic Wireless Encryption (OWE)Hauke Mehrtens2018-10-143-4/+21
| | | | | | | | | | | | | | | | | | OWE is defined in RFC 8110 and provides encryption and forward security for open networks. This is based on the requirements in the Wifi alliance document Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf The wifi alliance requires ieee80211w for the OWE mode. This also makes it possible to configure the OWE transission mode which allows it operate an open and an OWE BSSID in parallel and the client should only show one network. This increases the ipkg size by 5.800 Bytes. Old: 402.541 Bytes New: 408.341 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Activate Simultaneous Authentication of Equals (SAE)Hauke Mehrtens2018-10-143-9/+42
| | | | | | | | | | | | | | | | | | | | This build the full openssl and wolfssl versions with SAE support which is the main part of WPA3 PSK. This needs elliptic curve cryptography which is only provided by these two external cryptographic libraries and not by the internal implementation. The WPA3_Specification_v1.0.pdf file says that in SAE only mode Protected Management Frames (PMF) is required, in mixed mode with WPA2-PSK PMF should be required for clients using SAE, and optional for clients using WPA2-PSK. The defaults are set now accordingly. This increases the ipkg size by 8.515 Bytes. Old: 394.026 Bytes New: 402.541 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: SAE: Do not ignore option sae_require_mfpHauke Mehrtens2018-10-141-0/+26
| | | | | | This patch was send for integration into the hostapd project. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: backport build fix when OWE is activatedHauke Mehrtens2018-10-145-18/+35
| | | | | | This backports a compile fix form the hostapd project. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: sync config with default configurationHauke Mehrtens2018-10-145-35/+41
| | | | | | | | | This replaces the configuration files with the versions from the hostapd project and the adaptions done by OpenWrt. The resulting binaries should be the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netifd: update to latest git HEADHauke Mehrtens2018-10-141-2/+2
| | | | | | | | 22476ff wireless: Add Simultaneous Authentication of Equals (SAE) c6c3a0d wireless: Add Opportunistic Wireless Encryption (OWE) a117e41 wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uqmi: fix variable initilization for timeout handlingFlorian Eckert2018-10-121-0/+2
| | | | | | Also add logging output for SIM initilization. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* mac80211: fix A-MSDU packet handling with TCP retransmissionFelix Fietkau2018-10-112-1/+32
| | | | | | | Improves local TCP throughput and fixes use-after-free bugs that could lead to crashes. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm53xx: add pending pinctrl driverRafał Miłecki2018-10-112-0/+427
| | | | | | | It's required to support devices using adjustable SoC pins for some specific purpose (e.g. I2C, PWM, UART1). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ath10k-ct: Update to 29-09-2018Robert Marko2018-10-113-102/+4
| | | | | | | | | | | | | | | | | Update ath10k-ct to be able to drop 210-ath10k-fix-recent-bandwidth-conversion-bug.patch as its upstream. b9989fbd5d6e ath10k-ct: Add upstream patch to fix peer rate reporting. ac9224344dbf ath10k-ct: Support sending custom frames with no-ack flag. bc938bc2021e ath10k-ct: Support sending pkts with specific rate on 10.4 firmware. Runtime tested on: - GL-iNet GL-B1300 - Mikrotik RB912 + QCA9882 Signed-off-by: Robert Marko <robimarko@gmail.com> [Added list of all changes from previous version + add own test device] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: update PKG_RELEASE versionFlorian Eckert2018-10-111-1/+1
| | | | | | update PKG_RELEASE Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: stop proto handler if verify pin count is not 3Florian Eckert2018-10-111-0/+7
| | | | | | | | Check pin count value from pin status and stop verification the pin if the value is less then 3. This should prevent the proto-handler to lock the SIM. If SIM is locked then the PUK is needed. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: evaluate pin-status output in qmi_setup functionFlorian Eckert2018-10-111-7/+49
| | | | | | | | | | | | | | | | | | | | | | Load the json output from uqmi --get-pin-status command and evaluate the "pin1_status" value. The following uqmi "pin1_status" values are evaluated: - disabled Do not verify PIN because SIM verification is disabled on this SIM - blocked Stop qmi_setup because SIM is locked and a PUK is required - not_verified SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is specified - verified: Do not verify the PIN because this was already done before Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: do not block proto handler if SIM is uninitializedFlorian Eckert2018-10-111-1/+9
| | | | | | | | QMI proto setup-handler will wait forever if SIM does not get initialized. To fix this stop polling pin status and notify netifd. Netifd will generate then a "ifup-failed" ACTION. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: do not block proto handler if modem is unable to registrateFlorian Eckert2018-10-111-1/+10
| | | | | | | | QMI proto setup-handler will wait forever if it is unable to registrate to the mobile network. To fix this stop polling network registration status and notify netifd. Netifd will generate then a "ifup-failed" ACTION. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: add timeout option valueFlorian Eckert2018-10-111-2/+5
| | | | | | | | | | | This value will be used for now during following situations: * Ask the sim with the uqmi --get-pin-status command. * Wait for network registration with the uqmi --get-serving-system command. This two commands wait forever in a while loop. Add a timeout to stop waiting and so inform netifd. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: redirect uqmi commands output to /dev/nullFlorian Eckert2018-10-111-12/+12
| | | | | | | Move uqmi std and error output on commands without using them to /dev/null. This will remove useless outputs in the syslog. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: fix indentingFlorian Eckert2018-10-111-16/+16
| | | | | | fix indenting Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* bcm53xx: replace SPI revert with a fix sent upstreamRafał Miłecki2018-10-112-146/+42
| | | | | | | | | Instead of reverting whole commit it's enough to just revert a single line change. It seems the real problem with the regressing commit was a bump of read chunk size. Switching back to 256 B chunks is enough to fix the problem/regression. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to latest git HEADJohn Crispin2018-10-111-3/+3
| | | | | | 94944ab procd: Add cpu string to board detection Signed-off-by: John Crispin <john@phrozen.org>
* package/: fix $(PROJECT_GIT) usageJohn Crispin2018-10-114-4/+4
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* procd: Install hotplug files as 600Rosen Penev2018-10-111-3/+3
| | | | | | procd runs as root, so it only makes sense that its files are restricted. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* linux-atm: Install hotplug file as 600Rosen Penev2018-10-111-2/+2
| | | | | | The hotplug files is only used by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* comgt: Install hotplug and netifd files as 600Rosen Penev2018-10-111-3/+3
| | | | | | procd and netifd both run as root. These files are not used elsewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Install several config files as 600Rosen Penev2018-10-111-4/+4
| | | | | | | Hotplug is managed by procd, which runs as root. The other files are used by root as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>