aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* uboot-envtools: add Arduino Yun supportCamille Bilodeau2017-06-291-0/+1
| | | | Signed-off-by: Camille Bilodeau <camille.bilodeau@protonmail.com>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-06-281-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: add option to set max auth triesStijn Tintel2017-06-282-2/+4
| | | | | | | Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: server support option '-T' max auth triesKevin Darbyshire-Bryant2017-06-282-2/+132
| | | | | | | | | | | | Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* hostapd: configure NAS ID regardless of encryptionYury Shvedov2017-06-281-3/+3
| | | | | | | | | | | RADIUS protocol could be used not only for authentication but for accounting too. Accounting could be configured for any type of networks. However there is no way to configure NAS Identifier for non-WPA networks without this patch. Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* hostapd: add acct_interval optionYury Shvedov2017-06-281-2/+5
| | | | | | | | Make an ability to configure Accounting-Interim-Interval via UCI Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com> [add hostapd prefix, cleanup commit message] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ath10k-firmware: add qca9888 firmwareJohn Crispin2017-06-271-0/+19
| | | | | | | | | ath10k-firmware: add qca9888 firmware the firmware files for qca9888 were previously not packaged. add the meta information for doing so. Signed-off-by: John Crispin <john@phrozen.org>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-06-262-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: support term_timeout parameterJo-Philipp Wich2017-06-262-2/+2
| | | | | | | | | Expose "term_timeout" parameter in procd.sh to allow init scripts to request a longer termination timeout. This is required to fix FS#859 in a later commit. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: assign /dev/tty* nodes to "tty" groupJo-Philipp Wich2017-06-262-1/+5
| | | | | | | | Adjust default permissions and ownership of /dev/tty* nodes from 0600/root:root to 0660/root:tty in order to support granting unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: add "tty" user groupJo-Philipp Wich2017-06-261-0/+1
| | | | | | | | This is needed for an upcoming change to the hotplug default rules which will cause /dev/tty* nodes to get assigned to the "tty" group in order to support unprivileged user access when needed. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* treewide: add license tagsFlorian Eckert2017-06-2410-0/+16
| | | | | | Add licence tags where missing. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* fritz_tffs_read: get tffs size from input fileMathias Kresin2017-06-241-3/+7
| | | | | | | | | | Use the size of the input file as maximum tffs size instead of a fixed value. The tffs on a AVM Fritz 300E can be up to 512KByte for example. Fixes a read error for the AVM Fritz 3370 where the tffs partition size is 64Kbyte and smaller than the former default value of 256KByte. Signed-off-by: Mathias Kresin <dev@kresin.me>
* libreadline: add host-buildDaniel Golle2017-06-242-0/+2
| | | | | | Also make sure that the PKG_NAME and folder name are equal. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* valgrind: bump to 3.13.0Luiz Angelo Daros de Luca2017-06-243-49/+4
| | | | Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* ca-certificates: Update to version 20161130+nmu1Christian Schoenebeck2017-06-241-3/+3
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* busybox: ash/hush fix for read-builtin commandBastian Bittorf2017-06-241-0/+147
| | | | | | | | | | | this is a cherrypick from busybox-git HEAD: f5470419404d643070db99d058405b714695b817 and can be removed when upgrading to next busybox release. discussion here: http://lists.busybox.net/pipermail/busybox/2017-May/085439.html Signed-off-by: Bastian Bittorf <bb@npl.de>
* hostapd: add support for acs_chan_bias optionKevin Darbyshire-Bryant2017-06-242-2/+6
| | | | | | | | | | During auto channel selection we may wish to prefer certain channels over others. e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8 13:0.8' does that. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'Stefan Tomanek2017-06-241-0/+145
| | | | | | | | This is a backport from the busybox repository (192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the suppress_{prefixlength,ifgroup} flags for policy routing rules. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* procd: update to latest versionHans Dedecker2017-06-231-3/+3
| | | | | | e5e99c4 watchdog: add support for starting/stopping kernel watchdog Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: fix PKG_CONFIG_DEPENDS to include version.mk entriesRafał Miłecki2017-06-221-1/+2
| | | | | | | | Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for VERSION_SED command. We should keep these configs to make sure package gets refreshed when needed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: add dhcp-range tags configurationGrégoire Delattre2017-06-202-2/+9
| | | | | | | | | | | | | | | | | | | dnsmasq can match tags in its dhcp-range configuration, this commit adds the option to configure it in the dhcp section uci configuration: config dhcp 'lan' option interface 'lan' list tag 'blue' list tag '!red' option start '10' option limit '150' option leasetime '12h' generated dnsmasq configuration: dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
* procd: update to latest git HEADDaniel Golle2017-06-191-3/+3
| | | | | | | | | | | 453116e system: introduce new attribute board_name e5b963a preinit: define _GNU_SOURCE e5ff8ca upgraded: cmake: Find and include uloop.h f367ec6 hotplug: fix a memory leak in handle_button_complete() 796ba3b service/service_stopped(): fix a use-after-free 79bbe6d system: return legacy board name Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libunwind: update to version 1.2.1Yousong Zhou2017-06-192-48/+2
| | | | | | | | | | Changes since 1.2 a77b0cd Bump version to v1.2.1 5f354cb mips/tilegx: Add missing unwind_i.h header file 620d1c3 Add aarch64 getcontext functionality. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: update to the latest versionHans Dedecker2017-06-181-3/+3
| | | | | | | | ef5f7a0 ubus: remove superfluous error check in netifd_add_dynamic 5a68693 iprule: coding style line up 90e2e2c iprule: Add option to suppress unspecific routing lookups Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: allocate uid/gid starting from 65536Yousong Zhou2017-06-182-5/+5
| | | | | | | | | | | There already exist static assignment of uid/gid 65533 in packages feed and we have nobody/nogroup taking 65534 as their ids. Let's change the pid of dynamic assignment to start from 65536 so that the two assignment scheme will not collide with each other While at it, fix the scan command checking existence of uid/gid Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* base-files: make ucidef_set_led_rssi offset and factor optionalMathias Kresin2017-06-171-2/+2
| | | | | | | | | | The offset and factor are only related for LEDs which can have different brightness values. But binary LEDs are more common and don't require any further configuation than setting the factor to 1. Use offset = 0 and factor = 1 in case nothing else is specified. Signed-off-by: Mathias Kresin <dev@kresin.me>
* mt76: update to the latest version, fixes rate control issuesFelix Fietkau2017-06-171-3/+3
| | | | | | Should improve performance considerably in many cases Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest version, fixes a runqueue use-after-free bugFelix Fietkau2017-06-171-3/+3
| | | | | | | | | | | 7237302 md5: add "const" qualifier to the "file" argument fa9937c json_script: enable custom expr handler callback 368fd26 uloop: allow specifying a timeout for uloop_run() 6a7fb7d runqueue: fix use-after-free bug 4bc3dec uloop: fix a regression in timeout handling fd57eea uloop: allow passing 0 as timeout to uloop_run Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patchesFelix Fietkau2017-06-1744-323/+144
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ipq806x: qca99xx: fix wifi calibrationPavel Kubelun2017-06-171-6/+0
| | | | | | | | | | As of now OTP is being correctly parsed and the driver requires to parse pre-caldata to follow corresponding routine. Rename cal file into pre-calfile so the board initialized correctly with API 2 board data (board-2.bin). Also remove the now unneeded for qca9984 board.bin symlink to 5GHz calfile. Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
* ath10k: increase bmi timeout to fix OTP on qca99xx boards and add bmi ↵Pavel Kubelun2017-06-177-11/+196
| | | | | | | | | identification through pre-cal file Backporting upstream patches. Signed-off-by: Pavel Kubelun <be.dissent@gmail.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh, rename patches]
* dropbear: fix service trigger syntax errorKevin Darbyshire-Bryant2017-06-162-2/+2
| | | | | | The classic single '&' when double '&&' conditional was meant. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* Revert "dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53"Hans Dedecker2017-06-142-36/+26
| | | | | | This reverts commit a53f8ba6771de64c9c82a2e6867791226f3003cb. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: manage resolv.conf if when listening on 127.0.0.1#53Paul Oranje2017-06-122-26/+36
| | | | | | | | | | With this patch the dnsmasq init script manages resolv.conf if and only if when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance). Also, resolvfile is now set irrespective of the value of noresolv. Fixes (partially) FS#785 Signed-off-by: Paul Oranje <por@xs4all.nl>
* dnsmasq: make bind-dynamic 'non-wildcard' interfaces defaultKevin Darbyshire-Bryant2017-06-113-4/+6
| | | | | | | | | | | | | | | 'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode. This binds to interfaces rather than wildcard addresses *and* keeps track of interface comings/goings via a unique Linux api. Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep up with changes in interface config) ... On linux, there's actually no sane reason not to use --bind-dynamic, and it's only not the default for historical reasons." Let's change history, well on LEDE at least, and change the default! Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* base-files: board.json's switch reset means existence, not argumentJonas Gorski2017-06-111-1/+4
| | | | | | | Don't pass the value unconditionally to swconfig as a parameter but instead only call reset if it is 1. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
* kexec-tools: bump version and add support for crashdump kernelDaniel Golle2017-06-095-24/+265
| | | | | | | | | | | | | | | | | | | | | | | split kexec-tools into two packages, kexec and kdump. * kexec to simply execute a new kernel * kdump is for loading and collecting debris of a crashed kernel with support for kdump forensics. In order to properly support booting into a crashkernel, an init script as well as UCI configuration has been added. As modifying the kernel cmdline is required for this to work in x86 platforms use an uci-defaults script to modify /boot/grub/grub.cfg. To test collecting crash information, use the 'c' sysrq-trigger, ie. echo c > /proc/sysrq-trigger This should result in the crash kernel being executed and (depending on the configution) dmesg and/or vmcore getting saved. To check if the crash kernel was loaded properly, use the 'status' command of the kdump init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: add dhcp-script hook conditionallyHans Dedecker2017-06-092-2/+14
| | | | | | | | | | | | Commit b32689afd6a661339861086c669e15c936293cf8 added support for dhcp-script hook. Adding dhcp-script config option results into two instances of dnsmasq being run which triggered oom issues on platforms having low memory. The dnsmasq dhcp-script config option will now only be added if at least one of the dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci config option is specified. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: network.sh: fix a number of IPv6 logic flawsJo-Philipp Wich2017-06-081-17/+48
| | | | | | | | | | | | | | | | | | | | | | * Change network_get_subnet6() to sensibly guess a suitable prefix Attempt to return the first non-linklocal, non-ula range, then attempt to return the first non-linklocal range and finally fall back to the previous behaviour of simply returning the first found item. * Fix network_get_ipaddrs_all() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6() to build a single list of all interface addresses. * Fix network_get_subnets6() Instead of replicating the flawed logic appending a fixed ":1" suffix to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address field to figure out the proper network address. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mwlwifi: update to version 10.3.4.0 / 2017-06-06Jo-Philipp Wich2017-06-081-3/+3
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* base-files: network.sh: properly report local IPv6 addressesJo-Philipp Wich2017-06-082-18/+14
| | | | | | | | | | Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to fetch the effective local IPv6 address of delegated prefix from the "local-address" field instead of naively hardcoding ":1" as static suffix. Fixes FS#829. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* gdb: disable simulator ; it's broken on ppcAlexandru Ardelean2017-06-071-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Error is: ``` ompile-loc2c.o compile-c-support.o inflow.o init.o \ ../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a -lncurses -lm ../libiberty/libiberty.a build-gnulib/import/libgnu.a -ldl -Wl,--dynamic-list=./proc-service.list ../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event': idecode.c:(.text+0x170): undefined reference to `error' ../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick': idecode.c:(.text+0x1cc): undefined reference to `error' idecode.c:(.text+0x28c): undefined reference to `error' idecode.c:(.text+0x318): undefined reference to `error' ../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6': idecode.c:(.text+0x398): undefined reference to `error' ../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow collect2: error: ld returned 1 exit status Makefile:1420: recipe for target 'gdb' failed make[5]: *** [gdb] Error 1 ``` Seems others are running into this as well. The problem seems to be that some code may be built as C++ and not C, which may explain the linker error. On this thread reply: https://sourceware.org/ml/gdb/2016-11/msg00045.html it mentions that the simulator should not call GDB's "error" function directly, but rather use the "host_callback" struct. I have no idea about the use of the GDB simulator within the OpenWrt/LEDE community. So, I took the easier route, which is to disable the simulator. (Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html ) If needed, I can make an effort to fix the simulator for PPC. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* gdb: remove Build/Compile rule ; default one worksAlexandru Ardelean2017-06-071-7/+0
| | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
* package/grub2: update to 2.02Alif M. Ahmad2017-06-071-6/+3
| | | | | | Update to version 2.02 Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
* mac80211: use KERNEL_MAKEOPTSFelix Fietkau2017-06-072-6/+12
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: add KERNEL_MAKE and KERNEL_MAKE_FLAGS variables and move to kernel.mkFelix Fietkau2017-06-072-2/+2
| | | | | | | | This allows packages to use kernel make options without the forced -C $(LINUX_DIR). It also makes it more clear that it to be called from kernel module packages directly. Signed-off-by: Felix Fietkau <nbd@nbd.name>