aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files: upgrade: don't loop forever trying to kill processesMatthias Schiffer2017-07-201-1/+10
| | | | | | | | | | When processes don't die on SIGKILL (usually because of kernel bugs), it's better to give up instead of looping forever. upgraded will trigger a reboot in this case (and if this fails, a hardware watchdog will eventually time out and reset the system, if present). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* procd: update to latest versionMatthias Schiffer2017-07-201-4/+4
| | | | | | | | | | 17026f4 system: return ubus error when sysupgrade_exec_upgraded() has failed 13f252f upgraded: Check chroot() return value 85ccb95 init: Check chroot return value in sysupgrade_exec_upgraded() 76dcbee upgraded: improve error handling d749b2a upgraded: register stage2 process in uloop as intended Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* toolchain/arc: update to the most recent release arc-2017.03Evgeniy Didin2017-07-181-3/+3
| | | | | | | | | | arc-2017.03 is the most recent release toolchain for ARC cores and it is based on upstream Binutils 2.28 and GCC 6.3.0 Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com> Cc: Alexey Brodkin <abrodkin@synopsys.com> Cc: John Crispin <john@phrozen.org> Cc: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: backport remove ping check of configured dhcp addressHans Dedecker2017-07-182-1/+29
| | | | | | | Remove ping check in DHCPDISCOVER case as too many buggy clients leave an interface in configured state causing the ping check to fail. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fstools: update to latestDaniel Golle2017-07-161-4/+4
| | | | | | | 0dfe61a block: support /dev/xvd* nodes f038a61 libfstools: fix matching device name Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* treewide: use the generic board_name functionMathias Kresin2017-07-1510-24/+11
| | | | | | Use the generic function instead ot the target specific ones. Signed-off-by: Mathias Kresin <dev@kresin.me>
* treewide: populate boardname and model earlierMathias Kresin2017-07-151-0/+0
| | | | | | | | | | | | | For targets using the generic board detection and board specific settings in diag.sh, the board name is still unset at the time the set_state() provided by diag.sh is called by 10_indicate_preinit. Change the execution order to ensure the boardname is populated before required the first time. Do the target specific board detection as early as possible, directly followed by the generic one to allow a seamless switch to the generic function for populating /tmp/sysinfo/. Signed-off-by: Mathias Kresin <dev@kresin.me>
* kmod-sched-cake: drop maintainerKevin Darbyshire-Bryant2017-07-151-1/+0
| | | | | | Drop myself from maintainership of 'cake'. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* nftables: Update to 0.7Nick Brassel2017-07-152-3/+79
| | | | | | Updated nftables to latest. Signed-off-by: Nick Brassel <nick@tzarc.org>
* zlib: use default Build/Configure ruleStijn Tintel2017-07-141-11/+9
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* lzo: use default Build/Configure ruleStijn Tintel2017-07-141-6/+3
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* curl: bump to version 7.54.1Alif M. Ahmad2017-07-143-5/+5
| | | | | | Upgrade the curl package to latest version. Patches refreshed. Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
* opkg: bump to version 2017-07-11Yousong Zhou2017-07-121-3/+3
| | | | | | | | | Commits since last 2017-05-03 52fc006 pkg_alternatives: pass if the desired symlink already exists c668fce opkg: add --no-check-certificate argument Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-07-112-0/+32
| | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
* uci: update to the latest versionHans Dedecker2017-07-111-3/+3
| | | | | | | | | | | | | | c4df32b file: remove redundant NULL check on return value of uci_realloc() 5d08b7f build: fix BUILD_STATIC 49ec6ef Fix skipping directories in uci_list_config_files c203c2f Revert "mandatory anonymous section identifier" 0a1a2fc uci/lua: add explicit close() method 7daf942 uci/lua: add list_configs() function fe45f97 test: adjust for auto-naming anonymous sections 2eb9c09 cli: remove now-defunct UCI_FLAG_EXPORT_NAME support df72af4 mandatory anonymous section identifier Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: automatically handle paths and symlinks for RAMFS_COPY_BINMatthias Schiffer2017-07-113-39/+33
| | | | | | | | | | | | Depending on busybox applet selection, paths of basic utiilties may differ, and may not work as symlinks to busybox. Simply using whatever binary is found in PATH and detecting symlinks automatically is more robust and easier to maintain. The list of binaries is also slightly cleaned up and duplicates are removed. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* bcm53xx: upgrade: fix RAMFS_COPY_*Matthias Schiffer2017-07-111-1/+1
| | | | | Fixes: 30f61a34b4cf "base-files: always use staged sysupgrade" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: upgrade: correctly handle nand_do_upgrade argument passed from ↵Matthias Schiffer2017-07-112-2/+2
| | | | | | | preupgrade Fixes: 30f61a34b4cf "base-files: always use staged sysupgrade" Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: restore ability to include/exclude raw device namesJo-Philipp Wich2017-07-102-3/+3
| | | | | | | | | | | | | Commit 5cd88f4 "dnsmasq: remove use of uci state for getting network ifname" broke the ability to specify unmanaged network device names for inclusion and exclusion in the uci configuration. Restore support for raw device names by falling back to the input value when "network_get_device" yields no result. Fixes FS#876. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ncurses: add libnucrses-dev packageDaniel Golle2017-07-081-0/+20
| | | | | | It's needed to use the SDK and IB on an OpenWrt/LEDE host. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDSMatthias Schiffer2017-07-081-1/+1
| | | | | | PKG_BUILD_DEPENDS should always refer to source package names. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* acx-mac80211: remove cobalt referenceMathias Kresin2017-07-071-1/+1
| | | | | | The cobalt target was removed with 22b38f145da7. Signed-off-by: Mathias Kresin <dev@kresin.me>
* acx-mac80211: disable for kernel 4.9+Mathias Kresin2017-07-071-1/+1
| | | | | | | Due to changes in the PCI subsystem this driver doesn't compile with kernel 4.9. Signed-off-by: Mathias Kresin <dev@kresin.me>
* lantiq: set up DSL front-end GPIOs if they existThomas Nixon2017-07-071-0/+14
| | | | | | | This is necessary for devices using the PSB80108/VRX220LD front-end (currently only known on the Netgear DM200). Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
* odhcpd: update to the latest versionHans Dedecker2017-07-061-3/+3
| | | | | | | | | | | | f0d78e7 ndp: optimize check_addr6_updates code 94afe3b ndp: fix syslog tracing for netlink neigbor and address events 18df6cc treewide: rework logic to retrieve IPv6 interface addresses 803b83e router: use enum to specify order and index of iov struct 5dad295 treewide: rework code to get rid of fixed IPv6 address arrays 3e4c8ad config: rework code to get rid of IFNAMSIZ usage ab7813e treewide: use angle-brackets to include libubox header files Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mt76: update to the latest versionFelix Fietkau2017-07-051-3/+3
| | | | | | | | | | | | | Fixes mt7603 stablity and performance issues af32615 mt7603: change auto rate control register initialization 01fb9ba mt7603: fix control/status retries count estimation cf4ba12 mt7603: avoid tx rate sampling using no retransmissions 32eab50 mt7603: set wtbl entry vif index c4e3dea mt7603: use the real vif index in txwi header for normal tx. e90a81a mt7603: fix channel width fall back in TXWI Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bzip2: add symlink to binaryDaniel Golle2017-07-051-1/+3
| | | | | | | | Other distributions incl. the OpenWrt ImageBuilder and SDK expect to find the bzip2 executable in /bin. Create a symlink at that location for compatibility. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: dnsmasq --rev-server supportDUPONCHEEL Sébastien2017-07-032-1/+6
| | | | | | | | | | This is functionally the same as --server, but provides some syntactic sugar to make specifying address-to-name queries easier. For example --rev-server=1.2.3.0/24,192.168.0.1 is exactly equivalent to --server=/3.2.1.in-addr.arpa/192.168.0.1 Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
* uboot-envtools: add Arduino Yun supportCamille Bilodeau2017-06-291-0/+1
| | | | Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-06-281-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: add option to set max auth triesStijn Tintel2017-06-282-2/+4
| | | | | | | Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: server support option '-T' max auth triesKevin Darbyshire-Bryant2017-06-282-2/+132
| | | | | | | | | | | | Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: configure NAS ID regardless of encryptionYury Shvedov2017-06-281-3/+3
| | | | | | | | | | | RADIUS protocol could be used not only for authentication but for accounting too. Accounting could be configured for any type of networks. However there is no way to configure NAS Identifier for non-WPA networks without this patch. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add acct_interval optionYury Shvedov2017-06-281-2/+5
| | | | | | | | Make an ability to configure Accounting-Interim-Interval via UCI Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [add hostapd prefix, cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ath10k-firmware: add qca9888 firmwareJohn Crispin2017-06-271-0/+19
| | | | | | | | | ath10k-firmware: add qca9888 firmware the firmware files for qca9888 were previously not packaged. add the meta information for doing so. Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-06-262-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: support term_timeout parameterJo-Philipp Wich2017-06-262-2/+2
| | | | | | | | | Expose "term_timeout" parameter in procd.sh to allow init scripts to request a longer termination timeout. This is required to fix FS#859 in a later commit. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: assign /dev/tty* nodes to "tty" groupJo-Philipp Wich2017-06-262-1/+5
| | | | | | | | Adjust default permissions and ownership of /dev/tty* nodes from 0600/root:root to 0660/root:tty in order to support granting unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: add "tty" user groupJo-Philipp Wich2017-06-261-0/+1
| | | | | | | | This is needed for an upcoming change to the hotplug default rules which will cause /dev/tty* nodes to get assigned to the "tty" group in order to support unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* treewide: add license tagsFlorian Eckert2017-06-2410-0/+16
| | | | | | Add licence tags where missing. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fritz_tffs_read: get tffs size from input fileMathias Kresin2017-06-241-3/+7
| | | | | | | | | | Use the size of the input file as maximum tffs size instead of a fixed value. The tffs on a AVM Fritz 300E can be up to 512KByte for example. Fixes a read error for the AVM Fritz 3370 where the tffs partition size is 64Kbyte and smaller than the former default value of 256KByte. Signed-off-by: Mathias Kresin <dev@kresin.me>
* libreadline: add host-buildDaniel Golle2017-06-242-0/+2
| | | | | | Also make sure that the PKG_NAME and folder name are equal. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* valgrind: bump to 3.13.0Luiz Angelo Daros de Luca2017-06-243-49/+4
| | | | Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* ca-certificates: Update to version 20161130+nmu1Christian Schoenebeck2017-06-241-3/+3
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* busybox: ash/hush fix for read-builtin commandBastian Bittorf2017-06-241-0/+147
| | | | | | | | | | | this is a cherrypick from busybox-git HEAD: f5470419404d643070db99d058405b714695b817 and can be removed when upgrading to next busybox release. discussion here: http://lists.busybox.net/pipermail/busybox/2017-May/085439.html Signed-off-by: Bastian Bittorf <bb@npl.de>
* hostapd: add support for acs_chan_bias optionKevin Darbyshire-Bryant2017-06-242-2/+6
| | | | | | | | | | During auto channel selection we may wish to prefer certain channels over others. e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8 13:0.8' does that. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'Stefan Tomanek2017-06-241-0/+145
| | | | | | | | This is a backport from the busybox repository (192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the suppress_{prefixlength,ifgroup} flags for policy routing rules. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>