aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 3.18 to 3.18.124Koen Vandeputte2018-10-163-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested: adm5120 Runtime-tested: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: bump to v2.80rc1Kevin Darbyshire-Bryant2018-10-162-32/+4
| | | | | | | | | | | | 53792c9 fix typo df07182 Update German translation. Remove local patch 001-fix-typo which is a backport of the above 53792c9 There is no practical difference between our test8 release and this rc release, but this does at least say 'release candidate' Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: fix compile issueHans Dedecker2018-10-151-0/+28
| | | | | | Fix compile issue in case HAVE_BROKEN_RTC is enabled Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: refresh mt7621 kernel configFelix Fietkau2018-10-151-5/+29
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: add CONFIG_CC_OPTIMIZE_FOR_* to the default configFelix Fietkau2018-10-154-6/+2
| | | | | | | Avoid repeating them in the target config, they are overwritten by top-level menuconfig anyway Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-10-151-3/+3
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mt76: move mt76x2e firmware to kmod-mt76x2-common and use it for mt76x2uFelix Fietkau2018-10-141-1/+7
| | | | | | USB and PCIe devices can run the same firmware Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools: patch: Fix build by not modifing Makefile.amHauke Mehrtens2018-10-143-73/+3
| | | | | | | | | | | | | | A new test case was adding in one of the patches fixing a problem, this also included a change in the test/Makefile.am to add this test case. The build system detected a change in the Makefile.am and wants to regenerate the Makefile.in, but this fails because automake-1.15 is not installed yet. As automake depends on patch being build first, make sure we do not modify the Makefile.am. This fixes build problem seen by the build bots. Fixes: 4797dddfde6 ("patch: apply upstream cve fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools: patch: make patch build depend on automakeHauke Mehrtens2018-10-141-0/+1
| | | | | | | | | | The Makefile.am changed and now patch wants to use automake to regenerate the Makefile.in. Make sure automake was build before we build patch. This fixes build problem seen by the build bots. Fixes: 4797dddfde6 ("patch: apply upstream cve fixes") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* patch: apply upstream cve fixesRussell Senior2018-10-143-0/+241
| | | | | | | | | | | | | Apply two upstream patches to address two CVEs: * CVE-2018-1000156 * CVE-2018-6952 Add PKG_CPE_ID to Makefile. Build tested on apm821xx and ar71xx. Signed-off-by: Russell Senior <russell@personaltelco.net>
* hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)Hauke Mehrtens2018-10-143-5/+18
| | | | | | | | | | | | This adds support for the WPA3-Enterprise mode authentication. The settings for the WPA3-Enterpriese mode are defined in WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and guarantees at least 192 bit of security. This does not increase the ipkg size by a significant size. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Activate Opportunistic Wireless Encryption (OWE)Hauke Mehrtens2018-10-143-4/+21
| | | | | | | | | | | | | | | | | | OWE is defined in RFC 8110 and provides encryption and forward security for open networks. This is based on the requirements in the Wifi alliance document Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf The wifi alliance requires ieee80211w for the OWE mode. This also makes it possible to configure the OWE transission mode which allows it operate an open and an OWE BSSID in parallel and the client should only show one network. This increases the ipkg size by 5.800 Bytes. Old: 402.541 Bytes New: 408.341 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Activate Simultaneous Authentication of Equals (SAE)Hauke Mehrtens2018-10-143-9/+42
| | | | | | | | | | | | | | | | | | | | This build the full openssl and wolfssl versions with SAE support which is the main part of WPA3 PSK. This needs elliptic curve cryptography which is only provided by these two external cryptographic libraries and not by the internal implementation. The WPA3_Specification_v1.0.pdf file says that in SAE only mode Protected Management Frames (PMF) is required, in mixed mode with WPA2-PSK PMF should be required for clients using SAE, and optional for clients using WPA2-PSK. The defaults are set now accordingly. This increases the ipkg size by 8.515 Bytes. Old: 394.026 Bytes New: 402.541 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: SAE: Do not ignore option sae_require_mfpHauke Mehrtens2018-10-141-0/+26
| | | | | | This patch was send for integration into the hostapd project. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: backport build fix when OWE is activatedHauke Mehrtens2018-10-145-18/+35
| | | | | | This backports a compile fix form the hostapd project. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: sync config with default configurationHauke Mehrtens2018-10-145-35/+41
| | | | | | | | | This replaces the configuration files with the versions from the hostapd project and the adaptions done by OpenWrt. The resulting binaries should be the same. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netifd: update to latest git HEADHauke Mehrtens2018-10-141-2/+2
| | | | | | | | 22476ff wireless: Add Simultaneous Authentication of Equals (SAE) c6c3a0d wireless: Add Opportunistic Wireless Encryption (OWE) a117e41 wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uqmi: fix variable initilization for timeout handlingFlorian Eckert2018-10-121-0/+2
| | | | | | Also add logging output for SIM initilization. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* mac80211: fix A-MSDU packet handling with TCP retransmissionFelix Fietkau2018-10-112-1/+32
| | | | | | | Improves local TCP throughput and fixes use-after-free bugs that could lead to crashes. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm53xx: add pending pinctrl driverRafał Miłecki2018-10-112-0/+427
| | | | | | | It's required to support devices using adjustable SoC pins for some specific purpose (e.g. I2C, PWM, UART1). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ath10k-ct: Update to 29-09-2018Robert Marko2018-10-113-102/+4
| | | | | | | | | | | | | | | | | Update ath10k-ct to be able to drop 210-ath10k-fix-recent-bandwidth-conversion-bug.patch as its upstream. b9989fbd5d6e ath10k-ct: Add upstream patch to fix peer rate reporting. ac9224344dbf ath10k-ct: Support sending custom frames with no-ack flag. bc938bc2021e ath10k-ct: Support sending pkts with specific rate on 10.4 firmware. Runtime tested on: - GL-iNet GL-B1300 - Mikrotik RB912 + QCA9882 Signed-off-by: Robert Marko <robimarko@gmail.com> [Added list of all changes from previous version + add own test device] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: update PKG_RELEASE versionFlorian Eckert2018-10-111-1/+1
| | | | | | update PKG_RELEASE Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: stop proto handler if verify pin count is not 3Florian Eckert2018-10-111-0/+7
| | | | | | | | Check pin count value from pin status and stop verification the pin if the value is less then 3. This should prevent the proto-handler to lock the SIM. If SIM is locked then the PUK is needed. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: evaluate pin-status output in qmi_setup functionFlorian Eckert2018-10-111-7/+49
| | | | | | | | | | | | | | | | | | | | | | Load the json output from uqmi --get-pin-status command and evaluate the "pin1_status" value. The following uqmi "pin1_status" values are evaluated: - disabled Do not verify PIN because SIM verification is disabled on this SIM - blocked Stop qmi_setup because SIM is locked and a PUK is required - not_verified SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is specified - verified: Do not verify the PIN because this was already done before Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: do not block proto handler if SIM is uninitializedFlorian Eckert2018-10-111-1/+9
| | | | | | | | QMI proto setup-handler will wait forever if SIM does not get initialized. To fix this stop polling pin status and notify netifd. Netifd will generate then a "ifup-failed" ACTION. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: do not block proto handler if modem is unable to registrateFlorian Eckert2018-10-111-1/+10
| | | | | | | | QMI proto setup-handler will wait forever if it is unable to registrate to the mobile network. To fix this stop polling network registration status and notify netifd. Netifd will generate then a "ifup-failed" ACTION. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: add timeout option valueFlorian Eckert2018-10-111-2/+5
| | | | | | | | | | | This value will be used for now during following situations: * Ask the sim with the uqmi --get-pin-status command. * Wait for network registration with the uqmi --get-serving-system command. This two commands wait forever in a while loop. Add a timeout to stop waiting and so inform netifd. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: redirect uqmi commands output to /dev/nullFlorian Eckert2018-10-111-12/+12
| | | | | | | Move uqmi std and error output on commands without using them to /dev/null. This will remove useless outputs in the syslog. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* uqmi: fix indentingFlorian Eckert2018-10-111-16/+16
| | | | | | fix indenting Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* bcm53xx: replace SPI revert with a fix sent upstreamRafał Miłecki2018-10-112-146/+42
| | | | | | | | | Instead of reverting whole commit it's enough to just revert a single line change. It seems the real problem with the regressing commit was a bump of read chunk size. Switching back to 256 B chunks is enough to fix the problem/regression. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to latest git HEADJohn Crispin2018-10-111-3/+3
| | | | | | 94944ab procd: Add cpu string to board detection Signed-off-by: John Crispin <john@phrozen.org>
* package/: fix $(PROJECT_GIT) usageJohn Crispin2018-10-114-4/+4
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* procd: Install hotplug files as 600Rosen Penev2018-10-111-3/+3
| | | | | | procd runs as root, so it only makes sense that its files are restricted. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* linux-atm: Install hotplug file as 600Rosen Penev2018-10-111-2/+2
| | | | | | The hotplug files is only used by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* comgt: Install hotplug and netifd files as 600Rosen Penev2018-10-111-3/+3
| | | | | | procd and netifd both run as root. These files are not used elsewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Install several config files as 600Rosen Penev2018-10-111-4/+4
| | | | | | | Hotplug is managed by procd, which runs as root. The other files are used by root as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* soloscli: Install hotplug file as 600Rosen Penev2018-10-111-2/+2
| | | | | | Hotplug is managed by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firewall: Install config files as 600Rosen Penev2018-10-111-6/+6
| | | | | | None of the files in firewall are used by non-root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mpc85xx: remove kernel 4.9 supportMagnus Kroken2018-10-115-516/+0
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mpc85xx: switch to kernel 4.14Magnus Kroken2018-10-111-1/+1
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mpc85xx: add kernel 4.14 supportMagnus Kroken2018-10-115-0/+521
| | | | | | | | | Based on patches previously submitted by Achim Gottinger: http://lists.infradead.org/pipermail/openwrt-devel/2018-June/012719.html Tested on TP-Link TL-WDR4900 v1. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* netfilter: add missing dependency for kernel 4.14Koen Vandeputte2018-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since kernel 4.14.75 commit ("netfilter: xt_cluster: add dependency on conntrack module") a dependency is required on kmod-nf-conntrack. It seems this was already present for kmod-ipt-clusterip but not yet for kmod-ipt-cluster Add it fixing a build error when including kmod-ipt-cluster: Package kmod-ipt-cluster is missing dependencies for the following libraries: nf_conntrack.ko modules/netfilter.mk:665: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk' failed make[3]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk] Error 1 make[3]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt/package/kernel/linux' Command exited with non-zero status 2 time: package/kernel/linux/compile#1.80#0.05#2.07 package/Makefile:107: recipe for target 'package/kernel/linux/compile' failed make[2]: *** [package/kernel/linux/compile] Error 2 make[2]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt' package/Makefile:103: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile' failed make[1]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile] Error 2 make[1]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt' /mnt/ramdisk/koen/firmware/builds/openwrt/include/toplevel.mk:216: recipe for target 'world' failed make: *** [world] Error 2 Fixes: f983956a8b72 ("kernel: bump 4.14 to 4.14.75") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.75&id=b969656b46626a674232c0eadf92a394b89df07c
* ar71xx: remove linux 4.9 supportKoen Vandeputte2018-10-1092-8105/+0
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: switch to kernel 4.14Koen Vandeputte2018-10-101-1/+1
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.75Koen Vandeputte2018-10-1023-101/+101
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.132Koen Vandeputte2018-10-102-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: enable memory compactionFelix Fietkau2018-10-0915-12/+6
| | | | | | | | | | | Compaction is the only memory management component to form high order (larger physically contiguous) memory blocks reliably. The page allocator relies on compaction heavily and the lack of the feature can lead to unexpected OOM killer invocations for high order memory requests. You shouldn't disable this option unless there really is a strong reason for it. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
* mt76: fix typo in kmod-mt76x0u package descriptionFelix Fietkau2018-10-091-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: support gcc-optimized inlining on all architecturesFelix Fietkau2018-10-095-1/+142
| | | | | | | | Optimized inlining was disabled by default when gcc 4 was still relatively new. By now, all gcc versions handle this well and there seems to be no real reason to keep it x86-only. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add dhcp-ignore-names support - CERT VU#598349Kevin Darbyshire-Bryant2018-10-093-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for specific hostnames. Clients claiming certain hostnames and thus claiming DNS namespace represent a potential security risk. e.g. a malicious host could claim 'wpad' for itself and redirect other web client requests to it for nefarious purpose. See CERT VU#598349 for more details. Some Samsung TVs are claiming the hostname 'localhost', it is believed not (yet) for nefarious purposes. /usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames in correct syntax to be excluded. e.g. dhcp-name-match=set:dhcp_bogus_hostname,localhost Inclusion of this file is controlled by uci option dhcpbogushostname which is enabled by default. To be absolutely clear, DHCP leases to these requesting hosts are still permitted, but they do NOT get to claim ownership of the hostname itself and hence put into DNS for other hosts to be confused/manipulate by. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>