aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* ipq-wifi: fix missing define of PKG_NAMEChen Minqiang2017-09-201-0/+1
| | | | Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
* usbutils: avoid duplicating the git revisionPhilip Prindeville2017-09-201-1/+1
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* openvpn: add "extra-certs" optionSven Roederer2017-09-192-1/+2
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* sunxi: add Olimex A20-OlinuXino-LIME2Lucian Cristian2017-09-181-0/+7
| | | | Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
* hostapd: ft_over_ds supportLorenzo Santina2017-09-181-2/+4
| | | | | | Add support for ft_over_ds flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
* hostapd: ft_psk_generate_local supportLorenzo Santina2017-09-181-2/+4
| | | | | | | | Add support for ft_psk_generate_local flag in ieee80211r Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [original author] Signed-off-by: Sergio <mailbox@sergio.spb.ru>
* ath10k-firmware: use firmware from git instead of extra downloadHauke Mehrtens2017-09-181-28/+3
| | | | | | | | Instead of manually downloading the files again we can also take the same files directly from the ath10k-firmware git which was cloned before. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-sunxi: build A64 SoC and pine64 U-BootHauke Mehrtens2017-09-182-1/+22
| | | | | | This creates a U-Boot for the aarch64 SoC A64 on the pine64 board. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* arm-trusted-firmware-sunxi: add new packageHauke Mehrtens2017-09-181-0/+51
| | | | | | This is needed for the Boot loader of the A64 SoC. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* sunxi: split into cortex A8 and A7 subtargetHauke Mehrtens2017-09-181-0/+17
| | | | | | Now we can activate some compiler optimizations for the cortex A7. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-sunxi: revert the usage of binmanHauke Mehrtens2017-09-184-0/+221
| | | | | | This will avoid the usage of swig. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-sunxi: do not depend on dtc being install on hostHauke Mehrtens2017-09-181-0/+35
| | | | | | make mkimage check the DTC environment variable first. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-sunxi: update to version 2017.07Hauke Mehrtens2017-09-1819-9077/+29
| | | | | | | The deleted patches are already integrated in the upstream U-Boot version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: fix dhcp "ignore" option on wwan interfacesMarcin Jurkowski2017-09-182-3/+4
| | | | | | | | | | | | | | Init script won't append --no-dhcp-interface option if interface protocol is one of: ncm, directip, qmi, mbim. This is caused by IP address assigned to dynamically created netifd interfaces. As a result there's no netmask assigned to the main interface and dhcp_add() function returns prematurely. By moving network subnet check we can ensure that --no-dhcp-interface is properly generated for wwan interfaces. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
* base-files: fix wan6 interface config generation for pppoeHans Dedecker2017-09-182-6/+3
| | | | | | | | | | | | | | | | Setting ipv6 to auto in case of a pppoe interface will trigger the creation of a dynamic wan_6 interface meaning two IPv6 interfaces (wan6 and wan_6) will be active on top of the pppoe interface. This leads to unpredictable behavior in the network; therefore set ipv6 to 1 which will prevent the dynamic creation of the wan_6 interface. Further alias the wan6 interface on top of the wan interface for pppoe as the wan6 interface can only be started when the link local address is ready. In case of pppoe the link local address is negotiated during the Internet Protocol Control Protocol when the PPP link is setup meaning all the IP address info is only available when the wan interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mac80211: make iwlwifi select AC supportHauke Mehrtens2017-09-171-1/+1
| | | | | | Some NICs supported by this driver support ieee80211 AC. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* linux-firmware: pack Intel iwl FW separatelyHauke Mehrtens2017-09-172-158/+121
| | | | | | | | | | | | Do not create one big package with all the Intel firmware files supported by the iwlwifi driver, but use a separate package for each chip. This also updates some 7000 and 8000 series firmware files to more recent version. The older versions shipped are not supported by the current driver any more. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: add dev_coredumpm() functionHauke Mehrtens2017-09-171-0/+156
| | | | | | | | | | | | | | | | dev_coredumpm() was added with kernel 4.7, but it is used by iwlwifi. When the dev coredump framework form compat-wireless is used this is not a problem because it already contains this, but this is deactivated if the build system finds out that it is already included in the kernel we compile against. This option was now activated by the bluetooth driver btmrvl. Having dev coredump in the kernel adds about 400 bytes to the lzma compressed kernel for brcm47xx. This is copied from a more recent backports version to add the dev_coredumpm() function when the internal core devdump is not used. Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: kmod-btmrvl: Add kmod-mmc as dependencyDaniel Engberg2017-09-171-1/+1
| | | | | | | | | This fixes the build of this module and should fix the build bots. Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module") Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [removed mveub dependency and update commit comment] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: Pass TARGET_CPPFLAGS to MakefileFlorian Fainelli2017-09-161-1/+1
| | | | | | | | | With the introduction of the ubus notifications, we would now fail building dnsmasq with external toolchains that don't automatically search for headers. Pass TARGET_CPPFLAGS to the Makefile to resolve that. Fixes: 34a206bc1194 ("dnsmasq: add ubus notifications for new leases") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* kernel: bluetooth: add marvell sdio bluetooth moduleHenryk Heisig2017-09-171-0/+21
| | | | | | | | This commit add support for Marvell bluetooth with SDIO interface. Signed-off-by: Henryk Heisig <hyniu@o2.pl> [Fix KCONFIG and FILES option] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* linux-firmware: update to the commit from 2017-09-06Henryk Heisig2017-09-171-3/+3
| | | | | | | | update firmware mrvl/sd8887_uapsta.bin Signed-off-by: Henryk Heisig <hyniu@o2.pl> [update to version 2017-09-06] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* utils/e2fsprogs: Update to 1.43.6Daniel Engberg2017-09-171-9/+7
| | | | | | | | | | | | Update e2fsprogs to 1.43.6 Disable compilation of fuse2fs (we don't package it) Disable thread support (only affects fuse2fs) Enable linking with libblkid instead of using private (included) version. The libblkid is ~210KBytes in size, but with using the shared library the binaries are ~25KBytes smaller. This also brings it in sync with most other Linux distributions. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* kernel: add packaging for Xeon iTCO watchdog timerPhilip Prindeville2017-09-171-0/+17
| | | | Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* mwlwifi: update to version 10.3.4.0 / 2017-08-10Kabuli Chana2017-09-171-3/+3
| | | | | | Update mwlwifi Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* libs/wolfssl: bump to version 3.12.0 ; add myself as maintainerAlexandru Ardelean2017-09-171-3/+4
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: adjust symbol defaults against libwolfssl defaultsAlexandru Ardelean2017-09-171-7/+7
| | | | | | | | Some symbols have been renamed. Some are default enabled/disabled, so we need to adjust semantics against that. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: disable hardening check in `settings.h`Alexandru Ardelean2017-09-171-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This seems to cause a false-positive warning/error while building `libwebsockets-cyassl`. ``` make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1' [ 2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33, from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256, from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43: /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp] #warning "For timing resistance / side-channel attack prevention consider using harden options" ``` Hardening is enabled by default in libwolfssl at build-time. However, the `settings.h` header is exported (along with other headers) for build (via Build/InstallDev). This looks like a small bug/issue with wolfssl. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* cyassl,curl,libustream-ssl: rename every `cyassl` to `wolfssl`Alexandru Ardelean2017-09-176-44/+44
| | | | | | | | | | | | This is to eliminate any ambiguity about the cyassl/wolfssl lib. The rename happened some time ago (~3+ years). As time goes by, people will start to forget cyassl and start to get confused about the wolfSSL vs cyassl thing. It's a good idea to keep up with the times (moving forward). Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)Alexandru Ardelean2017-09-171-0/+1
| | | | | | | | Until other packages from feeds decide to rename the dependency of `+libcyassl` to `+libwolfssl`, this allows for a bit of backwards compatibility with those packages. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* wwan: json format in some modem definitionsAlexandru Ardelean2017-09-16268-349/+349
| | | | | | | | | | | | | | | | | | | | Method used: ``` cd package/network/utils/wwan/files/data sed -e 's/}}/}/g' -i * sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i * sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i * ``` Manually adjusted commas. Validated with ``` for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done ``` Thanks to @lynxis for pointing out the commas. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-09-162-4/+19
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: update to git HEAD versionHans Dedecker2017-09-131-3/+3
| | | | | | | | | | | | | | | | f0bce9c dhcpv4: fix memset compile issue 0ba3278 dhcpv4: rework assignment lookup e3b49f3 dhcpv4: cleanup dhcpv4_test usage 47fe122 dhcpv4: rework lease expire handling logic 028ab85 dhcpv4: force renew nonce authentication support a827fca dhcpv4: avoid segfault when there's no IPv4 prefix bea088b ndp: detect ifindex changes via interface netlink events f66103e ubus: display accept reconf status for DHCPv6 assignments f0e354b treewide: replace RELAYD prefix naming in macros 1a313f9 dhcpv4: fix possible segfault when lease is not created e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-139-10/+9
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* basefiles: allow suid coredumpsKevin Darbyshire-Bryant2017-09-122-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set sysctl fs.suid_dumpable = 2 This allows suid processes to dump core according to kernel.core_pattern setting. LEDE typically uses suid to drop root priviledge rather than gain it but without this setting any suid process would be unable to produce coredumps (e.g. dnsmasq) Processes still need to set a non zero core file process limit ('ulimit -c unlimited' or if procd used 'procd_set_param limits core="unlimited"') in order to produce a core. This setting removes an obscure stumbling block along the way. >From https://www.kernel.org/doc/Documentation/sysctl/fs.txt suid_dumpable: This value can be used to query and set the core dump mode for setuid or otherwise protected/tainted binaries. The modes are 0 - (default) - traditional behaviour. Any process which has changed privilege levels or is execute only will not be dumped. 1 - (debug) - all processes dump core when possible. The core dump is owned by the current user and no security is applied. This is intended for system debugging situations only. Ptrace is unchecked. This is insecure as it allows regular users to examine the memory contents of privileged processes. 2 - (suidsafe) - any binary which normally would not be dumped is dumped anyway, but only if the "core_pattern" kernel sysctl is set to either a pipe handler or a fully qualified path. (For more details on this limitation, see CVE-2006-2451.) This mode is appropriate when administrators are attempting to debug problems in a normal environment, and either have a core dump pipe handler that knows to treat privileged core dumps with care, or specific directory defined for catching core dumps. If a core dump happens without a pipe handler or fully qualifid path, a message will be emitted to syslog warning about the lack of a correct setting. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* ath10k: Re-enable intermediate softqueues for all devicesToke Høiland-Jørgensen2017-09-112-2/+29
| | | | | | | | | | | | The upstream ath10k driver disables the intermediate softqueues for some devices. This patch reverts that behaviour and always enables the softqueues (and associated bufferbloat fixes). We have had reports of people running this with good results: https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html This also refreshes mac80211 patches. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* strace: bump to 4.19Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-112-28/+28
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-112-37/+41
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lldpd: bump to 0.9.8Stijn Tintel2017-09-111-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* dnsmasq: backport arcount edns0 fixKevin Darbyshire-Bryant2017-09-082-1/+45
| | | | | | | | | Don't return arcount=1 if EDNS0 RR won't fit in the packet. Omitting the EDNS0 RR but setting arcount gives a malformed packet. Also, don't accept UDP packet size less than 512 in received EDNS0. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport official fix for CVE-2017-13704Kevin Darbyshire-Bryant2017-09-073-38/+95
| | | | | | | | | Remove LEDE partial fix for CVE-2017-13704. Backport official fix from upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* uclient: update to 2017-09-06Matthias Schiffer2017-09-061-3/+3
| | | | | | | 24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses 83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* odhcp6c: add workaround for broken extendprefix scenarioHans Dedecker2017-09-052-3/+20
| | | | | | | | | | | | Extendprefix is typically used to extend an IPv6 RA prefix from a mobile wan link to the LAN; such scenario requires correct RA prefix settings like the on link flag not being set. However some mobile manufacter set the RA prefix on link flag which breaks basic IPv6 routing. Work around this issue by filtering out the route being equal to the extended prefix. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: fix mt76x8 dependenciesJohn Crispin2017-09-051-1/+1
| | | | | | | The commit merging mt7628 and mt7688 failed to update some dependencies. Signed-off-by: John Crispin <john@phrozen.org>
* odhcp6c: add ra_holdoff config option and update to git HEAD version (FS#964)Hans Dedecker2017-09-032-6/+9
| | | | | | | | | 51733a6 ra: align RA update interval with RFC4861 (FS#964) Add ra_holdoff config option which allows to configure the RA minimum update interval which is by default 3 seconds as stated in RFC4861. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: add /etc/profile.d to conffilesStijn Tintel2017-09-031-0/+1
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: order conffiles alphabeticallyStijn Tintel2017-09-031-10/+10
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>