aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files: fix check for empty password warningMatthias Schiffer2016-09-261-2/+1
| | | | | | | | | | | | | Now that we know that the password is in /etc/shadow and not in /etc/passwd, we can properly fix the logic for the empty password check. Only 'root::' is an empty password, 'root:x:' and 'root:!:' allow no password login at all. This fixes the empty password warning still showing after the root password has been locked using 'passwd -l root' (e.g. to allow public-key auth only). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* config: enable shadow passwords unconditionallyMatthias Schiffer2016-09-261-1/+0
| | | | | | | | | | | | | Configurations without shadow passwords have been broken since the removal of telnet: as the default entry in /etc/passwd is not empty (but rather unset), there will be no way to log onto such a system by default. As disabling shadow passwords is not useful anyways, remove this configuration option. The config symbol is kept (for a while), as packages from feeds depend on it. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* mac80211: fix crash in mac80211_hwsimFelix Fietkau2016-09-261-0/+11
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: reset the 88E1512 PHY to make the wan port workJonas Gorski2016-09-261-0/+32
| | | | | Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: make hidden and be m for clearfog to fix IB failing to add itJonas Gorski2016-09-261-3/+5
| | | | | | | | | | | | | Uboot-mvebu isn't a real package, which will break the image builder when it tries to install it during the packing step. Instead of cleafog selecting it through its default packages, make it default to m if the clearfog profile is selected. This will ensure it is always build, but never added to the rootfs. This fixes creating images for clearfog with IB. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* uboot-mvebu: also install into KDIR to ensure it packaged in IBJonas Gorski2016-09-261-0/+3
| | | | | | | | The clearfog image requires u-boot, so package it into KDIR to make sure it is available in imageBuilder. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> Acked-by: Felix Fietkau <nbd@nbd.name>
* fstools: mark as nonshared and add missing PKG_CONFIG_DEPENDSMatthias Schiffer2016-09-251-0/+3
| | | | | | | The fstools build depends on the CONFIG_NAND_SUPPORT flag, which is target-specific. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* image: fix CONFIG_CLEAN_IPKG with CONFIG_TARGET_PER_DEVICE_ROOTFSMatthias Schiffer2016-09-251-1/+4
| | | | | | | | | | | Running prepare_rootfs on TARGET_DIR deletes the opkg state when CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install fail. To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run and use this as basis for per-device rootfs generation. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: remove duplicate br-netfilter file and Kconfig symbol from kmod-ebtablesMatthias Schiffer2016-09-241-5/+2
| | | | | | | br_netfilter.ko and the corresponding Kconfig symbol are already provided by kmod-br-netfilter, which is a dependency of kmod-ebtables. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* openssl: backport build fix when hardware support is usedHauke Mehrtens2016-09-242-0/+35
| | | | | | | This fix added to the openssl 1.0.2 branch. In addition add the header for the existing backport. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* treewide: remove bad local shell variable declarationsJo-Philipp Wich2016-09-242-3/+3
| | | | | | | Local variable declarations outside of functions are illegal since the Busybox update to v1.25.0, therfore remove them from the appropriate places. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* curl: update to version 7.50.3Hauke Mehrtens2016-09-242-3/+3
| | | | | | | | | | | | | | This fixes the following security problems: 7.50.1: CVE-2016-5419 TLS session resumption client cert bypass CVE-2016-5420 Re-using connections with wrong client cert CVE-2016-5421 use of connection struct after free 7.50.2: CVE-2016-7141 Incorrect reuse of client certificates 7.50.3: CVE-2016-7167 curl escape and unescape integer overflows Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2iMagnus Kroken2016-09-247-43/+19
| | | | | | | | | | | | | | | Drop 302-fix_no_cmac_build.patch, it has been applied upstream. Security fixes: * (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305) * 10 Low severity issues Security advisory: https://www.openssl.org/news/secadv/20160922.txt Changelog: https://www.openssl.org/news/cl102.txt Signed-off-by: Magnus Kroken <mkroken@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* linux-firmware: update to current Git headJo-Philipp Wich2016-09-231-3/+3
| | | | | | | | | | | | | | | | | | | Update the linux-firmware package in order to force the buildbots to fetch the proper mirrored version. Currently each builder has its own copy of the linux-firmware checkout staged in its own dl/, since the package was updated before the mirrored copy has been uploaded. The builders then subsequently uploaded their own copy instead, leading to md5sum mismatches since each clone produces different tarballs. By bumping the package to a new version and uploading the mirrored archive with the proper md5sum beforehand, the builders will fetch that instead and not upload their own copies. To properly solve that problem in the future we need to ensure that packed checkouts become reproducable. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: fix broken dependency of kmod-owl-loader on kmod-ath9kFelix Fietkau2016-09-221-1/+1
| | | | | | | It messes up the build order of package/kernel/linux vs package/kernel/mac80211 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* linux-firmware: update md5sumJo-Philipp Wich2016-09-221-1/+1
| | | | | | | | | | | | Since the md5sum of the mirrored Git clone archive has been set in the Makefile before that particular archive was uploaded to the source mirror, the buildbots uploaded their own, different copy instead invalidating the mirror md5sum for anyone else. In order to fix the mismatch, update the md5sum to reflect the archive being present on the download server. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: fix md5sumHauke Mehrtens2016-09-201-1/+1
| | | | | | | The md5sum was not updated in commit 06fa1c46fc3 "busybox: update to version 1.25.0" Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ltq-vdsl-app: update to version 4.17.18.6Hauke Mehrtens2016-09-203-28/+5
| | | | Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* ltq-vdsl: update to version 4.17.18.6Hauke Mehrtens2016-09-202-12/+38
| | | | Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* ltq-vdsl-mei: update mei driver to version 1.5.17.6Hauke Mehrtens2016-09-204-51/+87
| | | | Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* dsl-vrx200-firmware-xdsl: update to more recent versionsHauke Mehrtens2016-09-201-7/+7
| | | | | | | | | | The Annex A firmware will be updated to: 05.08.01.08.01.06_05.08.00.0B.01.01_osc The Annex B firmware will be updated to: 05.07.09.09.00.06_05.07.04.04.00.02_osc Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* busybox: update to version 1.25.0Hauke Mehrtens2016-09-2033-570/+482
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The following patches were removed: 010-networking-fix-uninitialized-memory-when-displaying-.patch https://git.busybox.net/busybox/commit/?id=f2c043acfcf9dad9fd3d65821b81f89986bbe54e 030-ip-fix-problem-on-mips64-n64-big-endian-musl-systems.patch https://git.busybox.net/busybox/commit/?id=4ab372d49a6e82b0bf097dedb96d26330c5f2d5f 204-udhcpc_src_ip_rebind.patch https://git.busybox.net/busybox/commit/?id=abe8f7515aded80889d78c2c1c8947997918cf90 230-ntpd_delayed_resolve.patch https://git.busybox.net/busybox/commit/?id=c8641962e4cbde48108ddfc1c105e3320778190d https://git.busybox.net/busybox/commit/?id=e4caf1dd9ce8569371a0eeb77ccf02a572dc0f11 260-arping_missing_includes.patch Not needed any more, still builds with musl for me. Add in 92fd6e6f1a "busybox: fix arping applet building on musl" The Kconfig files were updated with these commands: cd config ../convert_menuconfig.pl .../build_dir/target-*/busybox-1.25.0 cd .. ./convert_defaults.pl < .../build_dir/target-*/busybox-1.25.0/.config > Config-defaults.in Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: Allow subtargets to define base-files.mkFlorian Fainelli2016-09-191-0/+1
| | | | Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* kernel: owl-loader for delayed Atheros ath9k fixupChristian Lamparter2016-09-191-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway) need to be able to initialize the PCIe wifi device. Normally, this is done during the early stages of booting linux, because the necessary init code is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup. However,this isn't possible for devices which have the init code for the Atheros chip stored on NAND in an UBI volume. Hence, this module can be used to initialze the chip when the user-space is ready to extract the init code. Martin Blumenstingl made a few fixes and added support for lantiq: kernel: owl-loader: add support for OWL emulation PCI devices kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed kernel: owl-loader: use dev_* instead of pr_* logging functions kernel: owl-loader: auto-generate the eeprom filename as fallback kernel: owl-loader: add a debug message when swapping the eeprom data kernel: owl-loader: add missing newlines in log messages kernel: owl-loader: add support for the lantiq platform These patches have been integrated. Thanks! Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
* cyassl: remove duplicate submenu levelJohn Crispin2016-09-191-3/+2
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* cyassl: make CyaSSL/WolfSSL more configurableAndreas Schultz2016-09-192-4/+5
| | | | | | | | The default configuration might not be suitable for every use case. Add options to enable/disable additional options. Signed-off-by: Andreas Schultz <aschultz@tpip.net>
* dnsmasq: Add match section supportHans Dedecker2016-09-191-0/+17
| | | | | | | | | | | | | | | Match sections allow to set a tag specified by the option networkid if the client sends an option and optionally the option value specified by the match option. The force option will convert the dhcp-option to force-dhcp-option if set to 1 in the dnsmasq config if options are specified in the dhcp_option option. config match option networkid tag option match 12,myhost option force 1 list dhcp_option '3,192.168.1.1' Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: Bump to 2016-07-29Florian Fainelli2016-09-191-2/+2
| | | | Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* base-files: remind users to set root passwordJohn Crispin2016-09-191-0/+13
| | | | | | print a warning when a shell spawns, telling users to set a root password. Signed-off-by: John Crispin <john@phrozen.org>
* kernel: add nlmon kernel moduleHauke Mehrtens2016-09-161-0/+15
| | | | | | This driver allows to monitor netlink communication on the system. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* busybox: libnetlink: fix alignment of netlink messagesHauke Mehrtens2016-09-161-0/+100
| | | | | | | | | | | | A padding to align a message should not only be added between different attributes of a netlink message, but also at the end of the message to pad it to the correct size. Without this patch the following command does not work and returns an error code: ip link add type nlmon Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* base-files: reduce vm.min_free_kbytes for devices with 32M RAMFelix Fietkau2016-09-161-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* linux-firmware: update to the commit from 2016-09-15Rafał Miłecki2016-09-161-3/+3
| | | | | | This adds e.g. BCM43430 firmware (not packaged yet). Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rtl8xxxu: add support for rtl8188euÁlvaro Fernández Rojas2016-09-15105-0/+6333
| | | | | | | Patches by Jes Sorensen: https://git.kernel.org/cgit/linux/kernel/git/jes/linux.git/ Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* linux-firmware: rename r8188eu-firmware to rtl8188eu-firmwareÁlvaro Fernández Rojas2016-09-151-3/+3
| | | | | | This is consistent with the names used for other realtek firmwares. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* mac80211: stop brcmfmac from selecting all SDIO firmwaresÁlvaro Fernández Rojas2016-09-151-2/+1
| | | | | | | | | Now that we have firmwares separated and brcm2708 being the only target that actually selects SDIO support, avoid selecting all firmwares by default. sunxi should select the proper firmwares once SDIO support is enabled and tested. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* brcmfmac43430-firmware: rename to brcmfmac-firmware-43430-sdioÁlvaro Fernández Rojas2016-09-151-6/+6
| | | | | | This is consistent with the rest of brcmfmac firmwares. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* linux-firmware: separate packages for Broadcom FullMAC SDIO firmwaresÁlvaro Fernández Rojas2016-09-152-4/+11
| | | | | | | | | | | | Using few packages will allow saving some space by decreasing rootfs size. Moreover there are more firmware files that may require packaging and even more to come later. This can especially useful now, with per device rootfs. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* kernel: fix missing rename on usb gadget kmod cleanupFelix Fietkau2016-09-151-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: clean up usb gadget supportTim Harvey2016-09-151-12/+14
| | | | | | | | | | clean up usb gadget support: - rename gadget modules so that they appear together and are easier to identify as gadget modules - make usb-lib-composite and usb-gadget hidden as there is no point in selecting those without gadget drivers that require them as deps Signed-off-by: Tim Harvey <tharvey@gateworks.com>
* mac80211: stop brcmfmac from selecting all PCIe firmwaresRafał Miłecki2016-09-141-1/+0
| | | | | | | | | Now we have firmwares separated and bcm53xx selecting required ones make use of it to actually save that rootfs space. Other targets using brcmfmac (brcm2708 and sunxi) use SDIO interface and firmware so they don't won't be affected. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mountd: update to latest git HEADJohn Crispin2016-09-141-2/+2
| | | | | | fixes cleanup of mount points Signed-off-by: John Crispin <john@phrozen.org>
* hostapd: fix regression breaking brcmfmacRafał Miłecki2016-09-134-7/+46
| | | | | | The latest update of hostapd broke brcmfmac due to upstream regression. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* linux-firmware: separate packages for Broadcom FullMAC PCIe firmwaresRafał Miłecki2016-09-132-4/+10
| | | | | | | | | | | | | Using few packages will allow saving some space by decreasing rootfs size. Dropping 43602a1 firmware saves 316 580 B. Dropping 4366b1 saves 468 188 B. Moreover there are more firmware files that may require packaging and even more to come later (e.g. 4366c0). This can especially useful now, with per device rootfs. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: fix tx issue with CCMP PN generated in hardwareFelix Fietkau2016-09-121-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* brcm2708-gpu-fw: update to latest versionÁlvaro Fernández Rojas2016-09-101-6/+6
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* dnsmasq: make NO_ID optional in full variantKevin Darbyshire-Bryant2016-09-101-5/+10
| | | | | | | | | Permit users of the full variant to disable the NO_ID *.bind pseudo domain masking. Defaulted 'on' in all variants. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dropbear: hide dropbear versionKevin Darbyshire-Bryant2016-09-101-0/+4
| | | | | | | | | | | | As security precaution and to limit the attack surface based on the version reported by tools like nmap mask out the dropbear version so the version is not visible anymore by snooping on the wire. Version is still visible by 'dropbear -V' Based on a patch by Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
* fstools: update to the latest version, adds support for ext4/f2fs overlay ↵Felix Fietkau2016-09-101-2/+2
| | | | | | via loopback device Signed-off-by: Felix Fietkau <nbd@nbd.name>
* f2fs-tools: import from packages, clean up, and update to latestFelix Fietkau2016-09-084-0/+174
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>