aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* curl: update to version 7.52.1Hauke Mehrtens2017-01-022-4/+4
| | | | | | | | | | | This fixes the folowing security problems: CVE-2016-9586: printf floating point buffer overflow CVE-2016-9952: Win CE schannel cert wildcard matches too much CVE-2016-9953: Win CE schannel cert name out of buffer read CVE-2016-9594: unititialized random Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* oxnas: append metadata to sysupgrade imageDaniel Golle2017-01-011-1/+1
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* oxnas: backport upstream NAND driverDaniel Golle2017-01-0112-156/+5908
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* oxnas: drop support for kernel 4.1Daniel Golle2017-01-0116-1013/+0
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* oxnas: switch to kernel 4.4Daniel Golle2017-01-011-1/+1
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ustream-ssl: remove extra DEFAULT_VARIANT from libustream-polarsslHannu Nyman2016-12-301-2/+1
| | | | | | | | | Currently both libustream-polarssl and libustream-mbedtls variants define themselves as the DEFAULT_VARIANT Remove extra DEFAULT_VARIANT from libustream-polarssl. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* openvpn: update to 2.4.0Magnus Kroken2016-12-301-2/+2
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: enable DHE-RSA key exchangeMagnus Kroken2016-12-301-9/+0
| | | | | | | | | | | | Later OpenVPN 2.3-openssl versions only enable TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE cipher suites. ECDHE key exchange is not supported by OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE OpenVPN 2.4-mbedtls clients to connect to such servers. Signed-off-by: Magnus Kroken <mkroken@gmail.com> Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Reported-by: Lucian Cristian <luci@createc.ro>
* mbedtls: enable secp384r1 elliptic curve supportMagnus Kroken2016-12-301-2/+1
| | | | | | | | | Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to make OpenVPN-mbedtls clients able to perform ECDHE key exchange with remote OpenVPN 2.4-openssl servers that use the default OpenVPN curve. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* kirkwood: fix ubi partition nameFelix Fietkau2016-12-303-9/+10
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kirkwood: fix sysupgrade for non-dockstar NAND devicesFelix Fietkau2016-12-301-2/+7
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* brcm47xx: drop standalone Netgear WGT634U profileRafał Miłecki2016-12-301-17/+0
| | | | | | | We have profile for this device thanks to DEVICE_PACKAGES now. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Cc: Russell Senior <russell@personaltelco.net>
* brcm47xx: specify DEVICE_PACKAGES for Netgear WGT634URafał Miłecki2016-12-301-0/+3
| | | | | | | This allows using it nicely with PER_DEVICE_ROOTFS. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Cc: Russell Senior <russell@personaltelco.net>
* bcm53xx: drop unused source file of bcm53xxspiflashRafał Miłecki2016-12-291-228/+0
| | | | | | | We don't use this driver since commit 741715331aee ("bcm53xx: switch to m25p80 and drop bcm53xxspiflash"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* brcm47xx: mips74k: fix typo in Netgear WN3000RP model nameRafał Miłecki2016-12-291-8/+8
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ramips: fix NixcoreX1 profilesRafał Miłecki2016-12-281-2/+2
| | | | | | | There was a typo in Makefile that prevented using these profiles. Fixes: a75ce960ac1 ("ramips: use different board names for variants") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mbedtls: enable support for external private RSA keys to fix openvpn build issueFelix Fietkau2016-12-281-9/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* linux: correct deps for x86-xen-domu targetSven Roederer2016-12-281-1/+0
| | | | | | | | | | depending packages have been moved to kernel-config - kmod-xen-kbddev in 9fde361 - kmod-xen-fs, kmod-xen-evtchn, kmod-xen-netdev in 018807d this will also fix imagebuilder Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* libressl: disable shared libraries, fixes build issuesFelix Fietkau2016-12-281-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath9k: fix issues with external reset on AR913xFelix Fietkau2016-12-274-9/+10
| | | | | | | | An external reset patch for AR955x accidentally led to external reset being issued twice on AR913x, once before the RTC reset and once after. This may be causing some stability issues. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* relayd: fix expiry time handlingFelix Fietkau2016-12-271-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* relayd: fix reload / interface restart issuesFelix Fietkau2016-12-273-4/+2
| | | | | | | - replace the hotplug script with an interface trigger - add netdev params to procd to trigger restart Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kirkwood: enable initramfs images by defaultFelix Fietkau2016-12-271-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath5k: drop bogus warning on drv_set_key with unsupported cipher (FS#334)Felix Fietkau2016-12-271-0/+23
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath9k: remove old rx dma stop check optimizationFelix Fietkau2016-12-271-28/+0
| | | | | | | | | | This commit was added to improve reset time on old SoC devices that run into chip hangs more frequently. However with the more recent addition of full WMAC reset on these chips, it could be problematic. Drop this patch to ensure that DMA activity is really stopped before the chip reset is issued Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: bump to git HEADStijn Tintel2016-12-271-3/+3
| | | | | | | 8dc2a59 Revert "Respect interface "ignore" settings as documented." 93ab25b router: skip parse_routes when ra_default > 1 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* opkg: vfork external gzip command to uncompress dataJo-Philipp Wich2016-12-274-23/+746
| | | | | | | | | | | | | | | | | | Opkg's builtin decompression code is unsuitable to process nested archives as it uses a single shared state and relies on undefined seek behaviour for pipes. Rework the extraction logic to use the external gzip command as I/O filter for decompressing data and remove the builtin inflate code entirely. This shrinks the final opkg binary by about 4KB and results in less runtime memory consumption due to efficient use of vfork() and less copy-on-write operations in the forked child. Rework by Felix: create a thread that relays data to the gzip process instead of using a fragile poll loop Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Revert "opkg: vfork external gzip command to uncompress data"Stijn Tintel2016-12-274-746/+23
| | | | | | This reverts commit 0090adcd5c94adad2168cd9b338f45827533c81d. It breaks reading package list in /tmp/opkg-lists, making it impossible to install packages from feeds in snapshots.
* odhcpd: Use procd_send_signal in reload_serviceHans Dedecker2016-12-261-1/+1
| | | | | | | Replace killall HUP by procd_send_signal in reload_service to trigger an odhcpd config reload Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* opkg: add missing dependency on libpthreadFelix Fietkau2016-12-261-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mwlwifi: Update to latest sourceGabe Rodriguez2016-12-261-3/+3
| | | | | | | | -MAC register revisions for 8864 firmware Tested on WRT1900ACv1 (mvebu). No regressions Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
* package/Makefile & ipkg-make-index.sh: add full package data listAlberto Bursi2016-12-262-2/+3
| | | | | | | | | | | | | | | | | | | The external script used to generate the package lists for the LEDE wiki's table of packages [1] and package indexes [2] requires a "Source:" field in the package lists to find package makefiles. The package makefiles are used to read the package's Category and Submenu. The "Source:" field was removed in commit b4aa3c899cbf1f81cd8a1ea197481ac84a9d646e to reduce package list sizes and lessen opkg issues in low ram devices. Add a separate package list file with full data to be used by the wiki's script. It's called Packages.manifest and isn't compressed as it's not necessary. 1. https://lede-project.org/packages/start 2. https://lede-project.org/packages/index/start Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
* musl: refresh patchesKoen Vandeputte2016-12-261-1/+1
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* musl: backport various post-1.1.15 fixesKoen Vandeputte2016-12-2626-0/+1513
| | | | | | | | | | | Backport most important fixes up to latest HEAD - Taken post-commit reverts/fixes into account Compile tested Run-tested on cns3xxx & imx6 targets Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* musl: rename a custom backport patchKoen Vandeputte2016-12-261-0/+0
| | | | | | Ensure there is room in the numbering for next patches Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* opkg: vfork external gzip command to uncompress dataJo-Philipp Wich2016-12-264-23/+746
| | | | | | | | | | | | | | | | | | Opkg's builtin decompression code is unsuitable to process nested archives as it uses a single shared state and relies on undefined seek behaviour for pipes. Rework the extraction logic to use the external gzip command as I/O filter for decompressing data and remove the builtin inflate code entirely. This shrinks the final opkg binary by about 4KB and results in less runtime memory consumption due to efficient use of vfork() and less copy-on-write operations in the forked child. Rework by Felix: create a thread that relays data to the gzip process instead of using a fragile poll loop Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: split kmod-lib-zlib into two packages to keep it in sync with kernel ↵Felix Fietkau2016-12-263-13/+21
| | | | | | | | dependencies Fixes build error on default config + selecting kmod-fs-isofs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: Upstep to git HEAD versionHans Dedecker2016-12-251-3/+3
| | | | | | | | | 64a655d proto: allow configuring deprecated static IPv6 addresses c99182e remove obsolete /opt/local prefix on Mac OS X 0249d5f system-linux: Don't set gre tunnel ttl by default to 64 (#FS312) edc15ca ubus: Display the IPv6 prefix assigned address Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: Remove ttl default value assignment (FS#312)Hans Dedecker2016-12-252-2/+2
| | | | | | | Don't assign a default ttl of 64 for gre tunnels as netifd takes care of the default ttl assignment Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ltq-vmmc: mark VOICE_CPE_VMMC_PMC as brokenHauke Mehrtens2016-12-251-0/+1
| | | | | | | We do not have the needed platform support for VOICE_CPE_VMMC_PMC. The vmmc driver will not compile with this option activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ppc44x: fix build of crypto4xx_core.cHauke Mehrtens2016-12-251-0/+46
| | | | | | | | crypto4xx_probe() is in the __init section and referenced by code form other sections, which causes a build error. Backport a patch from mainline kernel to fix this. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kmod-sched-cake: do not build on kernel 3.18Hauke Mehrtens2016-12-251-1/+1
| | | | | | | kmod-sched-cake does not build on kernel 3.18, so add the dependency to not even try. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: fix falcon buildJohn Crispin2016-12-251-1/+1
| | | | | | | | | The following commit changed the build templates name but forgot to update the TARGET_DEVICES variable properly. commit f9226158bed52aeae408730 (lantiq: rename EASY98000 to EASY98000NOR) Signed-off-by: John Crispin <john@phrozen.org>
* lantiq: rename EASY98000 to EASY98000NORHauke Mehrtens2016-12-241-2/+1
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: add KERNEL_DEVMEM and KERNEL_DEVKMEMHauke Mehrtens2016-12-241-0/+14
| | | | | | | | | These options are needed to create /dev/mem or /dev/kmem . /dev/mem is needed by the io tool to access raw hardware memory, which is helpful when debugging and developing drivers. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: John Crispin <john@phrozen.org>
* brcmfmac: select 802.11ac supportFelix Fietkau2016-12-241-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rb532: remove linux 4.1 supportFelix Fietkau2016-12-244-224/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rb532: Switch to kernel 4.4Florian Fainelli2016-12-241-1/+1
| | | | Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rb532: Backport fix to resolve oops during korina_restartFlorian Fainelli2016-12-241-0/+56
| | | | Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* rb532: Add support for kernel 4.4Florian Fainelli2016-12-244-0/+225
| | | | Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>