aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* openvpn-easy-rsa: update to 3.0.4Luiz Angelo Daros de Luca2018-12-182-6/+29
| | | | | | | | | | | | | | | | | Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf. However, pkg kept using openssl-1.0.cnf. Upstream easyrsa searchs for vars, openssl-*, x509-types in the same directory as easyrsa script. This was patched to revert back to static /etc/easy-rsa/ directory (as does OpenSUSE). EASYRSA_PKI still depends on $PWD. Move easyrsa from /usr/sbin to /usr/bin as root is not needed. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (backported from f1bef0596fd2a983386c778a94486782bd272e27) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: package x86-optimized crypto-misc modulesDaniel Gimpelevich2018-12-181-2/+50
| | | | | | | | | | | | | Some of the modules in the crypto-misc package have alternate implementations optimized for different x86 instruction set extensions, but only one of these was built for this package until now: twofish-i586.ko Tested with insmod, on both x86 and x86_64. The modules now have an autoload, which they previous didn't, loading the dependencies in the correct order. Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us> (backported from c762817c9211f439c5da6ea30b6ed828c9861c4f)
* base-files: do not add relevant sections & options except when ipv6 is ↵Rosy Song2018-12-181-16/+26
| | | | | | | support in kernel Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 2b637e5ab8ae24ff4176930f259dce195983d7ea)
* base-files: sysupgrade: abort if config backup failsAndreas Ziegler2018-12-182-1/+6
| | | | | | | | Sysupgrade shouldn't proceed, if the backup of the configuration fails because tar (or gzip) exit with a non-zero code. Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de> (backported from 72489ebeb65fd1e1d77e8d9fbe105827a98dbf03)
* base-files: fix HOME_URL replaceChen Minqiang2018-12-181-1/+1
| | | | | Signed-off-by: Chen Minqiang <ptpt52@gmail.com> (backported from 33bce21bb0f3def5a2516384a8ae16f88b9b193e)
* include: add netdev family support for nftablesRosy Song2018-12-181-0/+20
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from b4d4e4ceb56825033dd4c8e401e9250ae5042a99)
* ncurses: install lib on host buildAndy Walsh2018-12-181-0/+2
| | | | | Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com> (backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)
* igmpproxy: drop SSDP packetsDmitry Tunin2018-12-182-1/+13
| | | | | | | | It is insecure to let this type of packets inside They can e.g. open ports on some other routers with UPnP, etc Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> (backported from c128371124ce4d197a5fbc00e42b58e9d82c571e)
* include/verbose.mk: Add sc to failure messageDaniel Engberg2018-12-181-1/+1
| | | | | | | Add sc to build error message Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from 0aaa65075508035bdf6c8fc8fa9a79b94dc5eadc)
* igmpproxy: add a silent logging optionDmitry Tunin2018-12-183-5/+6
| | | | | | | | | [0-3](none, minimal[default], more, maximum) It is not 100% backward compatible, because now 0 disables logging Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> (backported from 7a6b2badfa56cfd833d64f113398198f71fd896e)
* bcm53xx: exit if writing kernel during sysupgrade failsRafał Miłecki2018-12-181-2/+2
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (backported from 93cc44c433fed754bd76f8016a1660a6b932361e)
* brcm2708: Update brcm2708-gpu-fw packageChristo Nedev2018-12-181-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images! How Raspberry Pi boots Actualy? When Raspberry is switched on GPU is activated. 1. GPU execute First stage bootloader from ROM. First stage bootloader mount the FAT boot partition on the SD card and execute second stage bootloader (bootcode.bin). 2. Second stage bootloader (bootcode.bin) activate SDRAM. Load the GPU firmware (start.elf). 3. GPU firmware (start.elf) a) display Rainbow splash. b) read firmware configuration file config.txt and split the RAM using fixup.dat. c) loads a cmdline.txt d) enables the CPU. e) loads the kernel image configurable via config.txt In your target/linux/brcm2708/image/config.txt 493 ## kernel (string) 494 ## Alternative name to use when loading kernel. 495 ## 496 #kernel="" it is not configured! But in your target/linux/brcm2708/image/Makefile 75 KERNEL_IMG := kernel8.img 76 DEVICE_TITLE := Raspberry Pi 3B/3B+ you have kernel8.img GPU Firmware search order by default for a PI 3 is: kernel8.img if found boot in 64 bit mode kernel8-32.img if found boot in 32 bit mode kernel7.img if found boot in 32 bit mode kernel.img if found boot in 32 bit mode But a PI 2 will start the search from kernel7.img and a PI 1 only looks for kernel.img. Оbviously the kernel has been found. But something goes wrong and the device is restarted. In your package/kernel/brcm2708-gpu-fw/Makefile 11 PKG_NAME:=brcm2708-gpu-fw 12 PKG_VERSION:=2017-08-08 13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b boot loader is 10 monts old. In conclusion, the best way to solve the problem is to update the boot loader! Fixup_cd.dat and start_cd.elf files are not necessary. These are used when GPU memory is set to 16 MB, which disables some GPU features. I did not remove them just in case! cheers Signed-off-by: Christo Nedev <christo.nedev@gmail.com> (backported from c335649629e641209a3539209defffeea090ad8f)
* kernel: don't auto attach ubi on read errorMathias Kresin2018-12-182-10/+20
| | | | | | | | | | | | | | | With a10a204aab26cc ("kernel: make ubi auto-attach check for a tar file magic") the check for the magic was added without considering a failing mtd_read(). If the read fails, no check is done and the mount code is called straight away. Failing with an error message for such cases seems to me the cleaner way, as it would allow to spot hidden/workaround issues. Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from 3716b5e4e6374883c80e61021923733b14cdb011) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: handle bad blocks in ubi auto attach codeMathias Kresin2018-12-182-8/+36
| | | | | | | | | | | | | The first block(s) of the ubi mtd device might be bad. We need to take care on our own to skip the bad block(s) and read the next one(s). Don't treat recoverable read errors as fatal and check for the UBI magic if the data of a block could be recovered using ECC or similar. Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from 0ac91d82ed4d077150db902eb12d383c2be44fb2) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: improve ubi auto attach code readabilityMathias Kresin2018-12-182-52/+62
| | | | | | | | | | | | | | | | | Move the put_mtd_device() called on multiple error conditions to a goto label to use it later for more error conditions. The early return on failed open of the mtd device and mismatching mtd type allows to get rid of one level of indentation. By jumping to the cleanup code, a refcount bug is fixed for the wrong flash type condition. While at it, make clear that we only check for the UBI magic if the read from flash was successful. Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from fdf6760cda15b2710287c66c9969a3ed527793d8) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: do not override CCACHE_DIR when ccache is disabledJo-Philipp Wich2018-12-182-2/+2
| | | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from 991c7a4f69976f72bcee3f76d6917b224da45ea1)
* build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocationJo-Philipp Wich2018-12-181-2/+2
| | | | | | | | A missing comma caused the first command option to be considered part of the error message. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from a6f4c7bce8c62d2dded5c8c12f7f118e2a6c9ee5)
* hostapd: remove unused struct hostapd_ubus_ifaceFelix Fietkau2018-12-182-16/+1
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (backported from f0ac9afe695ed297caf093f02144b2adf04bca87)
* base-files: fix wrong sysctl parameter orderLuiz Angelo Daros de Luca2018-12-181-1/+1
| | | | | | | | | | | | Restarting service sysctl echos multiple errors like: sysctl: -e: No such file or directory After the first filename, all remaining arguments are treated as files. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (backported from 4c4288728611d334efb777b74e737e1f98e0dc1b)
* hostapd: fix conflicts hellMathias Kresin2018-12-181-95/+47
| | | | | | | | | | | | | | Add each variant to the matching PROVIDERS variables after evaluating the respective hostapd*, wpad* and wpa* variant. Each package providing the same feature will automatically conflict with all prior packages providing the same feature. This way we can handle the conflicts automatically without introducing recursive dependencies. Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from 3838b16943c6021e3ff06d5733df890408ad7158)
* hostapd: cleanup package definitionMathias Kresin2018-12-181-46/+48
| | | | | | | | | | | | | Move common variables and/or values to the package (variant) default. Add additional values in variant packages if necessary. Remove further duplicates by introducing new templates. Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the same as the variables without the any prefix. No need to maintain both variables. Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from 8af8ceb1c8558a6f25c50cb68b87a3a3425f3417)
* openvpn: increase procd termination timeout to 15sJo-Philipp Wich2018-12-182-1/+2
| | | | | | | | | | Increase the termination timeout to 15s to let OpenVPN properly tear down its connections, especially when weak links or complex down scripts are involved. Fixes FS#859. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from 28d3a1b54b6726a0a93477d75d09a25f74ee361f)
* librpc: add host build to install h files needed for nfs-kernel-server to ↵Peter Wagner2018-12-181-0/+9
| | | | | | | get compiled Signed-off-by: Peter Wagner <tripolar@gmx.at> (backported from d8d2133c35c9c9b410e16cdebe878acd0da6382f)
* verbose.mk: quote SUBMAKE options李国2018-12-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but it fail when make menuconfig. so I have to give option HOSTCC='gcc -Wl,--copy-dt-needed-entries' to make. But it passed to sub make to HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc -Wl,--copy-dt-needed-entries. This patch fix this issue. make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1' make: Entering directory `/work/openwrt/openwrt/build' /opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld: lxdialog/checklist.o: undefined reference to symbol 'acs_map' //lib64/libtinfo.so.5: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status make[1]: *** [mconf] Error 1 make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build failed. Please re-run make with -j1 V=s to see what's going on make: *** [scripts/config/mconf] Error 1 make: Leaving directory `/work/openwrt/openwrt/build' Signed-off-by: 李国 <uxgood.org@gmail.com> (backported from 671999157d6cd0b629304f86beec7d71fc998b09)
* kernel: replace bridge port isolate hack with upstream patch backport on 4.14Felix Fietkau2018-12-184-82/+150
| | | | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (backported from 21ee8ce9b52f8ae4a6babf4032f71e2d4d56392b) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: adjust bridge port isolate patch to match upstream attribute namingFelix Fietkau2018-12-182-4/+4
| | | | | | | | | Newer kernels have a patch that implements compatible functionality directly. Adjust the attribute of our own patch in preparation for dropping it later Signed-off-by: Felix Fietkau <nbd@nbd.name> (backported from 41a1c1af4bbf18cb5f3a4dfd1fb988317da9aa2d)
* tools/ccache: update to 3.4.2Hannu Nyman2018-12-182-5/+5
| | | | | | | update version and refresh patch Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> (backported from 7ec931b7f01e8e9dc6463069237097950761996a)
* tools/cmake: update to 3.11.4Hannu Nyman2018-12-182-3/+3
| | | | | | | Update cmake and refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> (backported from 55fa8068c4eb1f6213ca115655067e635da3e637)
* fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhereYousong Zhou2018-12-181-1/+1
| | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (backported from eb6759cc786b9a5fe1425364fc54212a425ff0be)
* build: ASLR hardening use $(FPIC)Kevin Darbyshire-Bryant2018-12-181-1/+1
| | | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 89b59994eb44b5cd2fac594144c20c63fd05ef25)
* toolchain: gdb: enable TUIKevin Darbyshire-Bryant2018-12-181-1/+1
| | | | | | | | | | | | The GDB Text User Interface (TUI) is a terminal interface which uses the curses library to show the source file, the assembly output, the program registers and GDB commands in separate text windows. In other words it's a friendlier interface for idiots like me! Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 900d86766b2a2122ea435d98aa50dc72d5dadf93)
* ebtables: update to latest git 2018-06-27Hans Dedecker2018-12-183-5/+5
| | | | | | | | | | 48cff25 build: drop install -o/-g root 53d7e7a extensions: ebt_string: take action if snprintf discards data Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from afac2a2dd67502ef8bd9799f328fa2e3b39292b1) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ramips: fix wizfi630a swapped lan/wan portLev2018-12-181-1/+1
| | | | | | | | The order of the Ethernet ports were mixed up. This commit fixes the order to be aligned with the physical layout. Signed-off-by: Lev <leventelist@gmail.com> (backported from 3d6f57f3c6dabfe3911ffb1f1a2afbe3ff41c3fd)
* usbutils: Switch to Fedora usbutilsRosen Penev2018-12-181-5/+5
| | | | | | | | The Gentoo GitHub mirror went down. One benefit of Fedora's usb.ids file is that it's versioned. Signed-off-by: Rosen Penev <rosenp@gmail.com> (backported from f23271f3b4f54d1e5ddf7b85786f9a30f38409ad)
* samba36: Disable external libtdb and libteventRosen Penev2018-12-181-1/+3
| | | | | | | | This was causing issues recently as samba36 is not API compatible with the libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent. Signed-off-by: Rosen Penev <rosenp@gmail.com> (backported from 1f2612a4ddbb83af0c6daf3719ab74c3b7db6590)
* swconfig: swlib_map_settings(): change return type to voidAlexander Couzens2018-12-181-1/+1
| | | | | | | | | The return value of the function isn't used anywhere. Fixes missing return value, CID 1329717. Found-by: Coverity Signed-off-by: Alexander Couzens <lynxis@fe80.eu> (backported from b06c447c5f66fd13078327bda3d885d48e2c0e42)
* swconfig: fix un-initialized return valueAlexander Couzens2018-12-181-2/+3
| | | | | | | | Fix CID 1330844 Found-by: Coverity Signed-off-by: Alexander Couzens <lynxis@fe80.eu> (backported from e37ad4e5ca2e70387656da81704ee4d4589c6d70)
* build: include package directory in sha256sums when running on buildbotJo-Philipp Wich2018-12-182-2/+3
| | | | | | | | | | | In order to be able to better compare files to sync in the future, include all BIN_DIR subdirectories in the checksum calculation. To not break existing applications, restrict the recursive checksumming to CONFIG_BUILDBOT for now. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from 681e825f8fbf59a32c3b09810b2a3fef29880c63)
* base-files: add menuconfig option for HOME_URLMathias Kresin2018-12-183-1/+12
| | | | | | | | | | | Add a menuconfig option to set the HOME_URL exposed in /usr/lib/os-release independent from the LEDE_DEVICE_MANUFACTURER_URL. Fixes: FS#1123 Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from 52a9edb1bfaf51c250a33303beacba95dd1dbc05)
* netfilter: add bpf match supportAlin Nastac2018-12-183-0/+3
| | | | | | | | | | Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> (backported from ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4)
* dropbear: let opkg manage symlinks of ssh, scpYousong Zhou2018-12-181-3/+5
| | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (backported from c4aadbdaf69bad3fbb3ef54601a3629ba24a6e9b)
* busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fixHans Dedecker2018-12-181-1/+1
| | | | | | | | | Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix which removes the code which requires the server ID to be on local network Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from c6e50075f245b076b57f3f87b5401764a2e11b92)
* busybox: update to 1.28.4Magnus Kroken2018-12-181-3/+3
| | | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com> (backported from ccc728a0e2a7c9717d3d1bcc59f0462e9dbed01e)
* nftables: bump to version 0.9.0Rosy Song2018-12-181-2/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 1ee98fdef3d6d71c1b0b3b120a9e24ac4b93c94f)
* libnftnl: bump to version 1.1.1Rosy Song2018-12-181-2/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (backported from 9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)
* base-files: exit if mtd write command fails during sysupgradeRafał Miłecki2018-12-181-0/+1
| | | | | | | | | | | It avoids confusing situations like: > Could not get image magic > Image check failed. > Upgrade completed > Rebooting system... Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (backported from 5b2e20807d2b38de1cc4185d15bb4320b8bd743a)
* ramips: mt7621: fix mtu setting with kernel 4.14Mathias Kresin2018-12-181-11/+7
| | | | | | | | | | | Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which is [68, 1500] by default. It's necessary to set a max_mtu if a mtu > 1500 is supported. Signed-off-by: Mathias Kresin <dev@kresin.me> (backported from 5da2c68d001ee44b15a58639ed03a0ebb6f68020)
* kernel: avoid flow offload for connections with xfrm on the dst entry ↵Felix Fietkau2018-12-182-3/+6
| | | | | | | | | (should fix IPSec) Signed-off-by: Felix Fietkau <nbd@nbd.name> (backported from b560c1748a4edf0d02046e5a988cc0caf1f4f987) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* hostapd: make cli treat UNKNOWN COMMAND as failingDenton Gentry2018-12-181-0/+11
| | | | | | | | | | | | | | Avoid infinite loop at 100% CPU when running hostapd_cli if CONFIG_CTRL_IFACE_MIB is not defined. _newselect(4, [3], NULL, NULL, ...) recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16 sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24 Signed-off-by: Denton Gentry <denny@geekhold.com> (backported from a84962ea35e4e97f1c4a42f2eac0242cc2cbd879) (rebased patches) Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ramips: fix reboot with W25Q256 with 4-address-mode enabledDaniel Golle2018-12-181-0/+73
| | | | | | | | | | | | | | | | Some board vendors actually changed the loader to expect the chip to come up in 4-address-mode and flipped the ADP bit in the flash chip's configuration register which makes it come up in 4-address-mode. Hence it doesn't make sense to avoid switching to 4-address-mode on those boards but the opposite as otherwise reboot hangs eg. on the WrtNode2 boards. Fix this by checking the ADP register and only using SPI_NOR_4B_READ_OP on chips which have ADP==0 (come up in 3-byte mode). See also datasheet section 7.1.11 Power Up Address Mode (ADP) Fixes: 22d982ea0 ("ramips: add support for switching between 3-byte and 4-byte addressing on w25q256 flash") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from 8796680277f4b231386fbc6e8a1ccae91d9fcbe8)